akashaorg / easy-web-crypto Goto Github PK
View Code? Open in Web Editor NEWWebcrypto API wrapper for applications that store encrypted data
License: MIT License
Webcrypto API wrapper for applications that store encrypted data
License: MIT License
Describe the bug
The project wouldn't install on arm64 platform.
To Reproduce
Steps to reproduce the behavior:
npm i
% npm i
npm WARN skipping integrity check for git dependency ssh://[email protected]/feross/buffer.git
npm WARN deprecated [email protected]: In 6.x, the babel package has been deprecated in favor of babel-cli. Check https://opencollective.com/babel to support the Babel maintainers
npm WARN deprecated [email protected]: < 18.1.0 is no longer supported
npm ERR! code 1
npm ERR! path /Users/is/work/github/easy-web-crypto/node_modules/puppeteer
npm ERR! command failed
npm ERR! command sh -c node install.js
npm ERR! The chromium binary is not available for arm64:
npm ERR! If you are on Ubuntu, you can install with:
npm ERR!
npm ERR! apt-get install chromium-browser
npm ERR!
npm ERR! /Users/is/work/github/easy-web-crypto/node_modules/puppeteer/lib/BrowserFetcher.js:112
npm ERR! throw new Error();
npm ERR! ^
npm ERR!
npm ERR! Error
npm ERR! at /Users/is/work/github/easy-web-crypto/node_modules/puppeteer/lib/BrowserFetcher.js:112:19
npm ERR! at FSReqCallback.oncomplete (node:fs:201:21)
npm ERR!
npm ERR! Node.js v20.11.1
Expected behavior
The project installs.
Environment:
Additional context
This is caused by outdated mocha-headless-chrome
. Bumping it to v4 makes the project install (I didn't run the tests though).
In the Chrome extension manifest v3, the window object is not accessible in background scripts. To address this issue, please replace "window" with "globalThis," which is functional in all instances.
Describe the bug
A clear and concise description of what the bug is.
Hi Team!
Please advise how to fix this problem. Thank you!!
await WebCrypto.hash("abc123")
return TypeError: Cannot read property 'hash' of undefined
Ref: https://www.npmjs.com/package/easy-web-crypto#hash
To Reproduce
Steps to reproduce the behavior:
Please run following code with Jest.
import WebCrypto from "easy-web-crypto";
it("should return hash", async () => {
const result = await WebCrypto.hash("abc123");
expect(result).toEqual(
"6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090"
);
});
Expected behavior
Return hashed value.
Version:
easy-web-crypto: v1.2.1
node: v12.18.3
ts-node: v8.10.2
typescript: v3.9.6
jest: v26.4.2
I believe the wording of the test is wrong. the test states that the method should prodouce an unextractble private key with default parameters:
easy-web-crypto/test/crypto.test.js
Line 134 in 7ede92c
but if you look at the call site you clearly see we do not use default parameters
easy-web-crypto/test/crypto.test.js
Line 138 in 7ede92c
Could it be that you were refering to namedCurve parameter being default? If so we should rename the test to specify this explicitly
Should generate a key pair with unextractable private key using default namedCurve parameter
If you agree, I am happy to create pull request, containing the change
The file I believe has been transformed to typescript but in npm, it shouldn't point to a typescript file either since it's supposed to be a valid esm file. This might require a build step to generate an esm file or just remove that entry from package.json for now.
Describe the bug
In web-crypto.js At 113 and 128 this call appears
Buffer.from(JSON.stringify(data)))
When the Arraybuffer is returned, you can see that the quotes from the string are included: ['34', ..., '34']
Since this is not the "data" that is meant to be signed by the signer on from a server using ECDSA, the signature will fail verification.
This could be a bug in Buffer.from but I wanted to submit the issue here first.
To Reproduce
Steps to reproduce the behavior:
Create a private/public key pair.
Add the private key to a server side implementation of ECDSA.
Sign some data on the server and sent it to a client running easy-web-crypto.
Attempt to verify the signature. It will not verify, because the server uses the data and does not include the quotes.
Expected behavior
The signature should be verified
Hi,
It would be great if this, and the secure-webstore project, would support TypeScript.
Rationale
For our Angular project we need a client side cache. But because of GDPR regulations, it must be encrypted. When searching for a simple secure layer around the client web store, I came across your awesome project 'secure-webstore', which has a nice simple interface.
But since we are going to use it in Angular, it immediately starts to complain it doesn't have TypeScript bindings, and there aren't any typings defined for it.
Possible solution
I would like to contribute to this project by TypeScriptifying the source. This also has benefits for the code-base itself because it will show possible errors in an earlier stage. In fact, I already saw a few errors when I did an early attempt to typescriptify it.
Would you accept such a contribution?
Alternatives
I tried to add TypeScript definitions locally but that didn't work... Also contributing to @typings could be an option. But then this has to be maintained separately. Better is to do it at the source.
Greetings
Johan
When using WebPack 5 (e.g. when using Angular 12), easy-web-crypto is not usable due to absence of the Buffer
api.
It will complain with: 'Buffer.from is not a function'
This is the cause of AKASHAorg/secure-webstore#17
This issue is for administrative purposes. A fix is underway...
Its just commonjs script for node, so its complaining about the fact that exports is not defined.
Describe the bug
github:feross/buffer
version is not pinned and updates on every occasion (causes undesired pnpm-lock.yaml
update on unrelated operations).
See:
Line 42 in 0660046
To Reproduce
Steps to reproduce the behavior:
pnpm add easy-web-crypto
.pnpm-lock.yaml
to some older github.com/feross/buffer commit: github.com/feross/buffer/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2:
resolution: {tarball: https://codeload.github.com/feross/buffer/tar.gz/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2}
name: buffer
version: 6.0.3
dependencies:
base64-js: 1.5.1
ieee754: 1.2.1
dev: false
pnpm add dotenv-cli
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -223,6 +223,9 @@ importers:
'@vitejs/plugin-vue':
specifier: ~5.0.4
version: 5.0.4([email protected])([email protected])
+ dotenv-cli:
+ specifier: ~7.3.0
+ version: 7.3.0
sass:
specifier: ~1.49.11
version: 1.49.11
@@ -3848,7 +3851,7 @@ packages:
/[email protected]:
resolution: {integrity: sha512-amZj0CYkLAr9GN40HscaGBgs8J3gX6zIBvN2MU6ZLLvKy3AHxEGPZDoNxvOYJR7ZT8P5bSRjUl/Jfb5KCh6q+A==}
dependencies:
- buffer: github.com/feross/buffer/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2
+ buffer: github.com/feross/buffer/5857e295f4d37e3ad02c3abcbf7e8e5ef51f3be6
dev: false
/[email protected]:
@@ -8167,8 +8170,8 @@ packages:
engines: {node: '>=12.20'}
dev: true
- github.com/feross/buffer/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2:
- resolution: {tarball: https://codeload.github.com/feross/buffer/tar.gz/5ac5ac465976d40de0cf3bc3afd9ec9ca04975f2}
+ github.com/feross/buffer/5857e295f4d37e3ad02c3abcbf7e8e5ef51f3be6:
+ resolution: {tarball: https://codeload.github.com/feross/buffer/tar.gz/5857e295f4d37e3ad02c3abcbf7e8e5ef51f3be6}
name: buffer
version: 6.0.3
dependencies:
Expected behavior
buffer
is pinned to some specific github commit (or simply to ^6.0.3), not latest
, and doesn't cause unrequested lockfile updates. This also prevents from sudden crashes due to breaking changes in buffer
.
Environment:
Additional context
To be honest I don't see why it's necessary to pull buffer
from github and not from npm. Granted, it hasn't been published for 3 years, but at least simple operations (genEncryptedMasterKey
, encrypt
, decrypt
) work fine with [email protected]
.
Following your example I get this error on decrypt
:
web-crypto.ts:354 Uncaught (in promise) Error: Unable to decrypt data
at web-crypto.ts:354:11
at Generator.next (<anonymous>)
at fulfilled (web-crypto.ts:6:24)
https://github.com/AKASHAorg/easy-web-crypto#full-example-for-encrypting--decrypting-data
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.