Closed joepio closed 2 years ago
paulmillr
commented
2 years ago Hey there.
You could replace hashing code with code from noble-crypto. It's an interesting problem, because even though hashes could be replaced, randomBytes cannot. randomBytes also cannot be re-implemented in JS, it needs low-level system entropy. ed25519 does not really use randomness in its flow, but secp256k1 schnorr sigs do.
We won't include fallback by default because we don't want any deps.
paulmillr
commented
2 years ago For now, you can edit your fork of noble-ed to replace sha512 with noble-hashes/sha512
paulmillr
commented
2 years ago Ah, crypto.getRandom does not require a secure context, so that's a good start.
paulmillr
commented
2 years ago Try this:
const { sha512 } = require('@noble/hashes/sha512');
ed25519.utils.sha512 = (msg) => Promise.resolve(sha512(msg))
joepio
commented
2 years ago Will do! I'll let you if it worked soon.
Thanks for the quick help btw 👍
joepio
commented
2 years ago Seems like I can't build @noble/hashes for some reason:
[20:12:16] [snowpack] rimrafSafe(): /Users/joep/dev/github/joepio/atomic-data-browser/node_modules/@noble/hashes/cryptoBrowser.js outside of buildOptions.out /Users/joep/dev/github/joepio/atomic-data-browser/data-browser/publish
[20:12:16] [snowpack] Error: rimrafSafe(): /Users/joep/dev/github/joepio/atomic-data-browser/node_modules/@noble/hashes/cryptoBrowser.js outside of buildOptions.out /Users/joep/dev/github/joepio/atomic-data-browser/data-browser/publish
at Object.deleteFromBuildSafe (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/util.js:75:15)
at Object.runBuiltInOptimize (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/build/optimize.js:419:24)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Object.optimize (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/build/process.js:299:9)
at async build (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/commands/build.js:18:5)
at async Object.command (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/commands/build.js:35:9)
at async cli (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/index.js:174:9)Report this to snowpack.
joepio
commented
2 years ago Seems to be this. Sorry, this blocks me from testing your fix at the moment.
joepio
commented
2 years ago I've found a workaround to build it, and I can confirm your fix works, @paulmillr !
Thanks for the help :)
Hi there! Thanks for creating this :)
After updating from
noble-ed25519 1.0.4to@noble/ed25519 1.33, I got this error in anhttpcontext:Na.web.subtle is undefined. I'm not entirely sure whether this error would have appeared before.It seems to appear only if I'm running my server on a local network system using HTTP, but not on localhost or in HTTPS in production.
The code seems to emerges from here.
After some googling I learned that the
cryptomodule is not available in non-localhost HTTP environments.So what does this mean for me as a user of this dependency? I feel like, in my usecase, it should be able to run in HTTP contexts, so I'd like some fallback. Should this library provide a fallback? Should I as a user of this library provide a fallback, or show some custom error? Would love to hear your thoughts on this.
Thanks!