Reputation: 3338
Where does the WebCrypto API store keys?
I am using the webcrypto API with some success to encrypt messages between server and client (lets assume I need to do this manually).
My problem is that I need to check if a keypair for the user and server already exists instead of generating a new keypair all the time. Is there a way to check if it exists and retrieve it for decryption of server messages?
To clarify, my privateKey is on the browser and publicKey is sent to server.
I have a nodejs server and plain JS front end.
Thanks in advance.
Upvotes: 11
Views: 9717
Answers (3)
Reputation: 59
You should Use indexed DB to store Keys on the client side. The benefit of using Indexed DB is that you will be able to store keys as they are (mostly in CryptoKey form) and use them after retrieving from Indexed DB.
You won't have to export keys and then transform in some way like base64 encode or JSON encode as in case of other storage options like LocalStorage.
To make indexedDB usage easier, there is a promise based library available which is very often used by the tutorials and posts that cover indexed DB usage
Upvotes: 0
Reputation: 3338
SOLVED:
You can use IndexedDB for storing CryptoKey objects.
I tried plain old local storage and it does not work.
For more info, see:
- https://pomcor.com/2017/06/02/keys-in-browser/
- https://www.w3.org/TR/WebCryptoAPI/
- https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
- https://www.w3.org/TR/IndexedDB/
- https://www.boxcryptor.com/en/blog/post/building-an-app-with-webcrypto-in-2016/
- https://gist.github.com/saulshanabrook/b74984677bccd08b028b30d9968623f5
- https://blog.engelke.com/2014/09/19/saving-cryptographic-keys-in-the-browser/
Upvotes: 5
Reputation: 39261
CryptoKeys are not persistent by default. You need to store the keys in the IndexedDB to make them available to the next browser execution.
IndexedDB is a secure storage, keys can be stored, recovered and used without exposing the key material
See https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage
5.2. Key Storage
This specification does not explicitly provide any new storage mechanisms for CryptoKey objects. Instead, by allowing the CryptoKey to be used with the structured clone algorithm, any existing or future web storage mechanisms that support storing structured clonable objects can be used to store CryptoKey objects.
In practice, it is expected that most authors will make use of the Indexed Database API, which allows associative storage of key/value pairs, where the key is some string identifier meaningful to the application, and the value is a CryptoKey object. This allows the storage and retrieval of key material, without ever exposing that key material to the application or the JavaScript environment
Here you have a full example https://blog.engelke.com/2014/09/19/saving-cryptographic-keys-in-the-browser/
Upvotes: 18
Related Questions
- When using client-side encryption in a web application, where should keys be stored?
- web crypto api - how to export key pair?
- Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)
- JavaScript WebCrypto API unwrapKey
- Does WebCryptoAPI run on the browser or remote server
- How do I import my key using the WebCrypto interface?
- how to view the actual generated keypair generated in webcrypto API
- Is there a way to get the components of an RSA key in the WebCrypto API?
- Access keys from browser store using webcrypto api
- where are encryption key's stored?