Closed burgil closed 1 month ago
I feel like this page: https://developers.cloudflare.com/workers/runtime-apis/web-crypto/#decrypt Lacks a lot of code examples, People needs to know how important it is to use Web Crypto instead of Node Crypto (performance wise) and so I wrote examples for each function using the new AI.. I hope you guys can expand upon that and add some working examples please that will be very helpful to me.
Would also be good to document what permissions are needed in order to access web crypto when deploying to pages authenticated via token. I can't figure out what permission is needed, but I know that it works when I login via oAuth. There is also a bug with oauth, just returns error:. So can't login that way anymore.
Which Cloudflare product(s) does this pertain to?
Workers
Subject Matter
Code Examples
Content Location
https://developers.cloudflare.com/workers/runtime-apis/web-crypto/
Additional information
The Web Crypto API in Cloudflare Workers provides a range of low-level cryptographic functions for various purposes. Here's a summarized overview of its components and functions:
Background:
crypto.subtle
.Constructors:
crypto.DigestStream(algorithm)
: Generates a hash digest from streaming data.algorithm
(algorithm-specific format).// Get the final result const digest = await digestStream.digest; console.log(new Uint8Array(digest));
Methods:
crypto.randomUUID()
: Generates a new random UUID (version 4).crypto.getRandomValues(buffer)
: Fills an ArrayBufferView with cryptographically sound random values.buffer
(compatible ArrayBufferView types).SubtleCrypto Methods:
crypto.subtle
.Cryptographic Functions:
encrypt(algorithm, key, data)
: Encrypts data.decrypt(algorithm, key, data)
: Decrypts data.sign(algorithm, key, data)
: Generates a digital signature.verify(algorithm, key, signature, data)
: Verifies a digital signature.digest(algorithm, data)
: Generates a digest (hash) from data.generateKey(algorithm, extractable, keyUsages)
: Generates cryptographic keys.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)
: Derives a cryptographic key.deriveBits(algorithm, baseKey, length)
: Derives pseudo-random bits.importKey(format, keyData, algorithm, extractable, keyUsages)
: Imports an external key.exportKey(format, key)
: Exports a CryptoKey.wrapKey(format, key, wrappingKey, wrapAlgo)
: Wraps and encrypts a key.unwrapKey(format, key, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)
: Unwraps a key. Not shown as they involve key wrapping and unwrapping operations, which typically require more complex key management scenarios.timingSafeEqual(a, b)
: Compares two buffers in a timing-attack resistant way.Supported Algorithms:
Please note that Cloudflare Workers may have differences in supported algorithms compared to standard browsers. Additionally, MD5 is supported for compatibility with legacy systems, but it is considered weak and not recommended for security. The Web Crypto API is not the same as the Node.js Crypto API, but compatibility is available with the
nodejs_compat
flag.In summary, the Cloudflare Web Crypto API provides a comprehensive set of cryptographic functions for various purposes, including encryption, decryption, signing, verification, key generation, and more, with support for a range of cryptographic algorithms.