crypto.subtle

  • Web 端详见: SubtleCrypto
  • In addition, in the process of investigation, it was also found that in fact, Node 15.x version added crypto. Webcrypto

Specific usage (take RSA-PSS as an example)

(async function() {
  const rsaKey = await subtle.generateKey({
    name: 'RSA-PSS'.modulusLength: 4096.publicExponent: new Uint8Array([1.0.1]),
    hash:  { name: 'SHA-256'}},true['sign'.'verify'])

  const jwk = await subtle.exportKey(
    'jwk',
    rsaKey.privateKey
  )

  const privateCryptoKey = await subtle.importKey(
    'jwk',
    jwk,
    {
        name: 'RSA-PSS'.hash: {name: 'SHA-256'}},false['sign'])const data = 'hello world'
  const signature = await subtle.sign(
    {
        name: 'RSA-PSS'.saltLength: 128,
    },
    privateCryptoKey,
    data
  )

  const verified = await subtle.verify(
    {
        name: 'RSA-PSS'.saltLength: 128,
    },
    rsaKey.publicKey,
    signature,
    data
  )

  console.log('verified', verified)
})();

Copy the code

Reference source: webcrypto-examples

This repository contains examples of all the intrinsnized supported algorithms, including AES, HMAC, SHA, PBKDF2, and so on, and is very useful.

arweave-js

From the above, Node v15.0.0 added webcrypto API (temporarily unstable), through the Web end.

Currently, Arweave-js implements a Nod-driver on the Node side

Using the crypto-Browserify and pemTojwk and the like, it is not necessary to use the Node webcrypto retrofit.

It can also reduce external module dependencies and improve security.

In addition, there are several questions:

  • SaltLength in Arweave, sign is dead saltLength 32 (webcrypto-driver.ts#L56(saltLength = 32 and saltLength = 0);arweave-jsIs still too casual
  • I have mentioned several issues, which have not been followed up for several months. It is not as good as arConnect iteration (although it is also a few careless scribblings).

arConnect

  • As for arConnect, there are also many problems. First of all, the documentation is not clear
  • Add thesignature,encrypt,decryptMethod, in principle, can be usedarweave-jsTo do, equivalent to arConnect just do a wallet management, signature, encryption, etcarweave-js. butarweave-jsThe implementation itself looks like a bird, so you can’t expect much elegance from arConnect. , such as:crypto.subtleThe format (for example, 4096 length Rsa-pss keys) is specified at importKey. If the format of the key is RSA-PSS SHA-256, it is not validHMAC,ECDSAWait for the other signatures. But arConnect still puts those parameters outThe signature parameter is also completely invisible, so you have to look at the source code yourself
  • Error handling not available
  • Signature, small AR transfer, users do not need to click the button to confirm
  • When the AR is transferred, a separate transfer is made to the PST Token holder of their own project
  • etc.