Use Web Cryptography API if available

[jelhan]

Currently all encryption / decryption is done by Stanford JavaScript Crypto Library (sjcl). Since Web Cryptography API is now a recommendation and implemented by Firefox and Chrome we should investigate if we could use that one if it exists.

Using Web Cryptography API might be less performant than sjcl if these benchmarks are still valid.

[jelhan]

Investigated that one a little bit:

• Web Cryptography API is supported by all browsers we are targeting expect IE 11: canisue.com
• Current implementations of Web Cryptography API does not support AES-CCM, which is currently used. But SJCL could be configured to use AES-GCM, which is also supported via Web Cryptography API by all relevant browsers. Switching from CCM to GCM would also be an improvement.
• Croodle currently uses PBKDF2 with HMAC-SHA-256 to retrieve the key from passphrase. PBKDF2 is supported by all major browsers but HMAC-SHA-256 hash function is not. Only plain SHA-256 is supported. On the other hand SJCL does not support plain SHA-256 as hash function for PBKDF2. Also migrating from HMAC-SHA-256 to SHA-256 would be a decline.

[rugk]

all major browsers but HMAC-SHA-256 hash function is not

You likely just did not find it, because it's used in the .sign API, not the hash one.

Actually, it looks supported: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#HMAC

(That MDN doc has been updated some time ago. Thanks to the fact that someone™ complained. :wink: And Mozilla fixed it, of course… :hugs:)