How to use this library as a typescript module?

[jeremyVignelles]

I'd like to use your library in a typescript module, always using the javascript implementation because webcrypto should not be available to insecure locations, according to the W3C.

Is there a way to do this kind of things?

import crypto from "webcrypto-liner";

crypto.subtle....

[microshine]

There is another WebCrypto module in npm - node-webcrypto-ossl. It has native implementation and works faster than JS.

import * as WebCrypto from "node-webcrypto-ossl";
const crypto = new WebCrypto();

[jeremyVignelles]

Thanks, I didn't know it was for the browser too ! (the name is a bit misleading)

I will give it a try

[microshine]

There is one more npm module which based on node-webcrypto-ossl https://www.npmjs.com/package/node-webcrypto-shim

[jeremyVignelles]

I think I misunderstood something here: node-webcrypto-ossl and node-webcrypto-shim are both node.js cryptography libraries based on openssl and exposing a WebCrypto-like API, right? I see they can fallback to webcrypto in the browser, but that's not what I want.

I'm trying to find a browser-side cryptographic API that plays nice with typescript modules and webpack. Having it looking like WebCrypto is a little plus, but not really necessary. Here's the story: I tried to implement a script based on WebCrypto. It worked well until I realized it wouldn't work on my production server which is HTTP and not HTTPS.

I had some success by downloading webcrypto-liner and hacking manually with the typescript files (hence the pull request), but it's far from ideal.

I think I will try to use asmcrypto.js directly and see.

[rmhrisk]

node-webcrypto-ossl does not fall back to webcrypto, it is a node only (no browser) library, as stated it uses OpenSSL for its crypto algorithms.

node-webcrypto-shim uses node-webcrypto-ossl to provide a browser/node solution in one module. Probably what you want based on your description?

webcrypto-liner is an interop library designed to make WebCrypto work uniformly across all browsers.

You should not support HTTP and sensitive operations like crypto, especially with JS crypto; see https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/ for some of the issues related to this.

Your better off adopting Lets Encrypt to automate your SSL deployment.

Good luck.

[jeremyVignelles]

@rmhrisk : Thanks for your answer. Unfortunately, using HTTPS is not an option when you want to deploy a distributed service in an internal network.

[rmhrisk]

@jeremyVignelles it is possible to deploy the test boulder instance (or other CAs such as the MSFT CA) and get SSL certificates for your internal network via ACME or other protocols.