Request for Component: Web Cryptography API

[ebekker]

I propose developing a component that will map to the Cryptographic functions found in browsers.

The Web Cryptography API is exposed through the Crypto.subtle property and enjoys a good bit of compatibility across browsers.

[galvesribeiro]

Hi @ebekker, thanks for reaching us.

Do you have any specific use-case for it?

Also, do you want us to implement it or do you plan to do it yourself or bring an existent codebase?

Thanks

[ebekker]

I would be willing to contribute or even startup the project, based on the patterns you have used in your other API mappings.

I'm exploring the use of crypto in the browser to develop a sample application that supports getting PKI certs from Let's Encrypt through the use of my ACMESharpCore client library.

Right now I'm playing around with a sample Blazor app that's actually using BouncyCastle primitives. So far working, but might be nice to later swap this out to call into the Browser's own crypto implementation from a performance context.

[galvesribeiro]

Nice! I'm in a really busy days recently so I can't commit now to implement it myself.

The next thing on line that should be out soon is the SignalR client.

Do you want me to create a repo for you in the Org so you can make PRs there?

[ebekker]

Let me see if I can throw something together on my side over the next few days before I commit to that. If I can at least start the ground work and get a few working APIs like hashing, then we can startup an official repo. Thanks!

[galvesribeiro]

Hello @ebekker

Any news on that?

Thanks!

[ebekker]

Hello @galvesribeiro, I've been sleeping on it... :-)

Actually, so sorry for the long nap, had to put this on the back-burner for along time, but I've actually started to work on this a bit as part of another another experiment.

I started to map the WebCrypto API into what I think is a usable form, but the approach to crypto is a bit different than the way it's available in the BCL, so working on how to make it user friendly.

[galvesribeiro]

Hey! No problem, was just following up...

So, I've briefly looked the crypto IDL and even thought it is big, it doesn't seems very complex.

The only problem with it, which was actually found on BE.SignalR and BE.WebUSB, is the lack of Uint8Array proper serializer on Mono/Blazor and that may cause perf issues on big byte[] marshalling.

We have a workaround on both packages that works, not ideal, but works.

Let me know if you need any help.

Thanks!

[ebekker]

I'll check out what you have there, what I've been doing is simply converting byte[] by constructing Uint8Array on the JS side for inputs of byte arrays, and converting from ArrayBuffer (Uint8Array) back out to byte arrays using Array.from(), but that may not be the most efficient as you say, for large data sets.

[ebekker]

Ah, I see that's the same thing you did in those cases as well. Oh well, I guess that's the best we can do for now.