How to use SubtleCrypto in chrome (window.crypto.subtle is undefined)

This is really embarassing

on virtually any site on the internet,

window.crypto.subtle

returns

SubtleCrypto {}
  __proto__: SubtleCrypto

in the chrome console (v61 (Official Build) (64-bit))

except for

my webpage, and blank.org

where

window.crypto.subtle

returns

undefined

according to https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle it's a read-only property that should always return a SubtleCrypto object.

what could I have done, or what has blank.org done that it could possibly not?

ps: in firefox it seems to work as intended on both my site and blank.org

Answers:

Answer

According to the spec (via Github issues) a la this Google page for WebCrypto:

crypto.subtle is supposed to be undefined in insecure contexts

Answer

check your URL's

if it is https://localhost:PORT or 0.0.0.0:port or 127.0.0.0:port

change it to proper hostname URL something like http://localhost:PORT

worked for me! Thanks @Zmart

Answer

It would appear you have to use sites with https://...... and not vanilla http://....

From the spec - easy to miss (and linked by Zmart, above):

Access to the WebCrypto API is restricted to secure origins (which is to say https:// pages).

Answer

You can use Forge which is a crypto library that has same functionality like window.crypto. It has all crypto algorithms for your needs.

You can use forge instead of window.crypto when you run your services over http.

Be aware that APIs are very different and you need to write different code for cryptography using forge than using window.crypto. You need to read forge docs to make specific cryptography method work for your use case. You CAN NOT use same code that works in window.crypto.subtle when using forge you need to find your own way how to use forge for encryption.




For your reference to see how forge vs window.crypto.subtle codes are different read below.

I have translated window.crypto.subtle based darkwire.io app to use forge.

  • original code with window.crypto.subtle: here

  • code translated to use forge, can run on http without TLS: here

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.