Open daviddias opened 7 years ago
wow webcrypto gets worse with every thing I learn about it. This is incredible..
I have some ideas on alternatives, will update here after some experiments
In the short term we should adding a warning in any case as the current releases all have this issue
I am making good progress with my experiments of using asmcrypto.js. Speedwise it looks pretty good and I believe it has everything we need.
@dignifiedquire - have you looked at Libsodium ? We've been using that in JS.
@mitra42 I haven't given it a thorough try yet as we need more than it provides, but I will recheck again what we can use from it, thanks for the reminder
libsodium is great but it exists in its own universe of crypto, the djb universe. We need to support what go-ipfs does and that means that libsodium isn't enough.
Yes, libsodium is an implementation of what NaCl established in this space so it won't be sufficient.
After seeing reports on js-ipfs:
I went to investigate to find this https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/DtOFo51WFMo
It seems that WebCrypto does require a secure context to run and that is not granted in non HTTPS loaded pages. It has an exception for localhost though.
We have a couple of options here:
I prefer option 2, although it will bloat the size of the bundle (again)..