akashaorg / easy-web-crypto Goto Github PK

Describe the bug
The project wouldn't install on arm64 platform.

To Reproduce
Steps to reproduce the behavior:

1. Clone the project
2. Run npm i
3. See error:

% npm i
npm WARN skipping integrity check for git dependency ssh://[email protected]/feross/buffer.git
npm WARN deprecated [email protected]: In 6.x, the babel package has been deprecated in favor of babel-cli. Check https://opencollective.com/babel to support the Babel maintainers
npm WARN deprecated [email protected]: < 18.1.0 is no longer supported
npm ERR! code 1
npm ERR! path /Users/is/work/github/easy-web-crypto/node_modules/puppeteer
npm ERR! command failed
npm ERR! command sh -c node install.js
npm ERR! The chromium binary is not available for arm64:
npm ERR! If you are on Ubuntu, you can install with:
npm ERR!
npm ERR!  apt-get install chromium-browser
npm ERR!
npm ERR! /Users/is/work/github/easy-web-crypto/node_modules/puppeteer/lib/BrowserFetcher.js:112
npm ERR!             throw new Error();
npm ERR!             ^
npm ERR!
npm ERR! Error
npm ERR!     at /Users/is/work/github/easy-web-crypto/node_modules/puppeteer/lib/BrowserFetcher.js:112:19
npm ERR!     at FSReqCallback.oncomplete (node:fs:201:21)
npm ERR!
npm ERR! Node.js v20.11.1

Expected behavior
The project installs.

Environment:

• OS: macOS 14.2.1
• Node: 20.11.1
• npm: 10.2.4

Additional context
This is caused by outdated mocha-headless-chrome. Bumping it to v4 makes the project install (I didn't run the tests though).

In the Chrome extension manifest v3, the window object is not accessible in background scripts. To address this issue, please replace "window" with "globalThis," which is functional in all instances.

Describe the bug
A clear and concise description of what the bug is.

Hi Team!
Please advise how to fix this problem. Thank you!!

await WebCrypto.hash("abc123") return TypeError: Cannot read property 'hash' of undefined
Ref: https://www.npmjs.com/package/easy-web-crypto#hash

To Reproduce
Steps to reproduce the behavior:
Please run following code with Jest.

import WebCrypto from "easy-web-crypto";

it("should return hash", async () => {
  const result = await WebCrypto.hash("abc123");
  expect(result).toEqual(
    "6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090"
  );
});

Expected behavior
Return hashed value.

Screenshots

Version:
easy-web-crypto: v1.2.1
node: v12.18.3
ts-node: v8.10.2
typescript: v3.9.6
jest: v26.4.2

I believe the wording of the test is wrong. the test states that the method should prodouce an unextractble private key with default parameters:

but if you look at the call site you clearly see we do not use default parameters

Could it be that you were refering to namedCurve parameter being default? If so we should rename the test to specify this explicitly

Should generate a key pair with unextractable private key using default namedCurve parameter

If you agree, I am happy to create pull request, containing the change

The file I believe has been transformed to typescript but in npm, it shouldn't point to a typescript file either since it's supposed to be a valid esm file. This might require a build step to generate an esm file or just remove that entry from package.json for now.

Describe the bug
In web-crypto.js At 113 and 128 this call appears
Buffer.from(JSON.stringify(data)))

When the Arraybuffer is returned, you can see that the quotes from the string are included: ['34', ..., '34']

Since this is not the "data" that is meant to be signed by the signer on from a server using ECDSA, the signature will fail verification.

This could be a bug in Buffer.from but I wanted to submit the issue here first.

To Reproduce
Steps to reproduce the behavior:
Create a private/public key pair.
Add the private key to a server side implementation of ECDSA.
Sign some data on the server and sent it to a client running easy-web-crypto.
Attempt to verify the signature. It will not verify, because the server uses the data and does not include the quotes.

Expected behavior
The signature should be verified

Hi,

It would be great if this, and the secure-webstore project, would support TypeScript.

Rationale
For our Angular project we need a client side cache. But because of GDPR regulations, it must be encrypted. When searching for a simple secure layer around the client web store, I came across your awesome project 'secure-webstore', which has a nice simple interface.
But since we are going to use it in Angular, it immediately starts to complain it doesn't have TypeScript bindings, and there aren't any typings defined for it.

Possible solution
I would like to contribute to this project by TypeScriptifying the source. This also has benefits for the code-base itself because it will show possible errors in an earlier stage. In fact, I already saw a few errors when I did an early attempt to typescriptify it.

Would you accept such a contribution?

Alternatives
I tried to add TypeScript definitions locally but that didn't work... Also contributing to @typings could be an option. But then this has to be maintained separately. Better is to do it at the source.

Greetings
Johan

When using WebPack 5 (e.g. when using Angular 12), easy-web-crypto is not usable due to absence of the Buffer api.
It will complain with: 'Buffer.from is not a function'

This is the cause of AKASHAorg/secure-webstore#17

This issue is for administrative purposes. A fix is underway...

Its just commonjs script for node, so its complaining about the fact that exports is not defined.

Describe the bug
github:feross/buffer version is not pinned and updates on every occasion (causes undesired pnpm-lock.yaml update on unrelated operations).

See:

To Reproduce
Steps to reproduce the behavior:

1. In a pnpm project, run: pnpm add easy-web-crypto.
2. Update pnpm-lock.yaml to some older github.com/feross/buffer commit:

  github.com/feross/buffer/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2:
    resolution: {tarball: https://codeload.github.com/feross/buffer/tar.gz/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2}
    name: buffer
    version: 6.0.3
    dependencies:
      base64-js: 1.5.1
      ieee754: 1.2.1
    dev: false

3. Install some unrelated dependency: pnpm add dotenv-cli
4. The lock file updates to include the new buffer commit:

--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -223,6 +223,9 @@ importers:
       '@vitejs/plugin-vue':
         specifier: ~5.0.4
         version: 5.0.4([email protected])([email protected])
+      dotenv-cli:
+        specifier: ~7.3.0
+        version: 7.3.0
       sass:
         specifier: ~1.49.11
         version: 1.49.11
@@ -3848,7 +3851,7 @@ packages:
   /[email protected]:
     resolution: {integrity: sha512-amZj0CYkLAr9GN40HscaGBgs8J3gX6zIBvN2MU6ZLLvKy3AHxEGPZDoNxvOYJR7ZT8P5bSRjUl/Jfb5KCh6q+A==}
     dependencies:
-      buffer: github.com/feross/buffer/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2
+      buffer: github.com/feross/buffer/5857e295f4d37e3ad02c3abcbf7e8e5ef51f3be6
     dev: false

   /[email protected]:
@@ -8167,8 +8170,8 @@ packages:
     engines: {node: '>=12.20'}
     dev: true

-  github.com/feross/buffer/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2:
-    resolution: {tarball: https://codeload.github.com/feross/buffer/tar.gz/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2}
+  github.com/feross/buffer/5857e295f4d37e3ad02c3abcbf7e8e5ef51f3be6:
+    resolution: {tarball: https://codeload.github.com/feross/buffer/tar.gz/5857e295f4d37e3ad02c3abcbf7e8e5ef51f3be6}
     name: buffer
     version: 6.0.3
     dependencies:

Expected behavior
buffer is pinned to some specific github commit (or simply to ^6.0.3), not latest, and doesn't cause unrequested lockfile updates. This also prevents from sudden crashes due to breaking changes in buffer.

Environment:

• OS: macOS
• Node: 20.11.1
• pnpm: 8.15.2

Additional context
To be honest I don't see why it's necessary to pull buffer from github and not from npm. Granted, it hasn't been published for 3 years, but at least simple operations (genEncryptedMasterKey, encrypt, decrypt) work fine with [email protected].

Following your example I get this error on decrypt:

web-crypto.ts:354 Uncaught (in promise) Error: Unable to decrypt data
    at web-crypto.ts:354:11
    at Generator.next (<anonymous>)
    at fulfilled (web-crypto.ts:6:24)

https://github.com/AKASHAorg/easy-web-crypto#full-example-for-encrypting--decrypting-data