Merge pull request mdn#35 from wbamberg/add-webcrypto-derivekey

chrisdavidmills · web-flow · commit 2f4e902f39a3 · 2019-01-07T15:56:31.000Z
Added examples for deriveKey
diff --git a/web-crypto/derive-key/ecdh.js b/web-crypto/derive-key/ecdh.js
@@ -0,0 +1,144 @@
+(() => {
+
+  let iv;
+
+  /*
+  Fetch the contents of the "message" textbox, and encode it
+  in a form we can use for the encrypt operation.
+  */
+  function getMessageEncoding() {
+    let message = document.querySelector("#ecdh-message").value;
+    let enc = new TextEncoder();
+    return enc.encode(message);
+  }
+
+  /*
+  Encrypt the message using the secret key.
+  Update the "ciphertextValue" box with a representation of part of
+  the ciphertext.
+  */
+  async function encrypt(secretKey) {
+    const ciphertextValue = document.querySelector(".ecdh .ciphertext-value");
+    ciphertextValue.textContent = "";
+    const decryptedValue = document.querySelector(".ecdh .decrypted-value");
+    decryptedValue.textContent = "";
+
+    iv = window.crypto.getRandomValues(new Uint8Array(12));
+    let encoded = getMessageEncoding();
+
+    ciphertext = await window.crypto.subtle.encrypt(
+      {
+        name: "AES-GCM",
+        iv: iv
+      },
+      secretKey,
+      encoded
+    );
+
+    let buffer = new Uint8Array(ciphertext, 0, 5);
+    ciphertextValue.classList.add("fade-in");
+    ciphertextValue.addEventListener("animationend", () => {
+      ciphertextValue.classList.remove("fade-in");
+    });
+    ciphertextValue.textContent = `${buffer}...[${ciphertext.byteLength} bytes total]`;
+  }
+
+  /*
+  Decrypt the message using the secret key.
+  If the ciphertext was decrypted successfully,
+  update the "decryptedValue" box with the decrypted value.
+  If there was an error decrypting,
+  update the "decryptedValue" box with an error message.
+  */
+  async function decrypt(secretKey) {
+    const decryptedValue = document.querySelector(".ecdh .decrypted-value");
+    decryptedValue.textContent = "";
+    decryptedValue.classList.remove("error");
+
+    try {
+      let decrypted = await window.crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv: iv
+        },
+        secretKey,
+        ciphertext
+      );
+
+      let dec = new TextDecoder();
+      decryptedValue.classList.add("fade-in");
+      decryptedValue.addEventListener("animationend", () => {
+        decryptedValue.classList.remove("fade-in");
+      });
+      decryptedValue.textContent = dec.decode(decrypted);
+    } catch (e) {
+      decryptedValue.classList.add("error");
+      decryptedValue.textContent = "*** Decryption error ***";
+    }
+  }
+
+  /*
+  Derive an AES key, given:
+  - our ECDH private key
+  - their ECDH public key
+  */
+  function deriveSecretKey(privateKey, publicKey) {
+    return window.crypto.subtle.deriveKey(
+      {
+        name: "ECDH",
+        public: publicKey
+      },
+      privateKey,
+      {
+        name: "AES-GCM",
+        length: 256
+      },
+      false,
+      ["encrypt", "decrypt"]
+    );
+  }
+
+  async function agreeSharedSecretKey() {
+    // Generate 2 ECDH key pairs: one for Alice and one for Bob
+    // In more normal usage, they would generate their key pairs
+    // separately and exchange public keys securely
+    let alicesKeyPair = await window.crypto.subtle.generateKey(
+      {
+        name: "ECDH",
+        namedCurve: "P-384"
+      },
+      false,
+      ["deriveKey"]
+    );
+
+    let bobsKeyPair = await window.crypto.subtle.generateKey(
+      {
+        name: "ECDH",
+        namedCurve: "P-384"
+      },
+      false,
+      ["deriveKey"]
+    );
+
+    // Alice then generates a secret key using her private key and Bob's public key.
+    let alicesSecretKey = await deriveSecretKey(alicesKeyPair.privateKey, bobsKeyPair.publicKey);
+
+    // Bob generates the same secret key using his private key and Alice's public key.
+    let bobsSecretKey = await deriveSecretKey(bobsKeyPair.privateKey, alicesKeyPair.publicKey);
+
+    // Alice can then use her copy of the secret key to encrypt a message to Bob.
+    let encryptButton = document.querySelector(".ecdh .encrypt-button");
+    encryptButton.addEventListener("click", () => {
+      encrypt(alicesSecretKey);
+    });
+
+    // Bob can use his copy to decrypt the message.
+    let decryptButton = document.querySelector(".ecdh .decrypt-button");
+    decryptButton.addEventListener("click", () => {
+      decrypt(bobsSecretKey);
+    });
+  }
+
+  agreeSharedSecretKey();
+
+})();
diff --git a/web-crypto/derive-key/index.html b/web-crypto/derive-key/index.html
@@ -0,0 +1,81 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>Web Crypto API example</title>
+    <link rel="stylesheet" href="style.css">
+  </head>
+
+  <body>
+    <main>
+      <h1>Web Crypto: deriveKey</h1>
+
+      <section class="description">
+        <p>This page shows how to use the <code>deriveKey()</code> function of the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API">Web Crypto API</a>. It contains two separate examples, one for PBKDF2 and one for ECDH.</p>
+
+        <p>It's important to note that although both are defined in the API as key derivation functions, PBKDF2 and ECDH have very different use cases and characteristics.</p>
+
+        <hr/>
+        <h2>PBKDF2 example</h2>
+        <p>The PBKDF2 algorithm is used here to derive a secret key from a password.</p>
+
+        <p>When you click "Encrypt" the example prompts you for a password and then derives an AES key from the password using PBKDF2. It then uses that key to encrypt the message, and writes a representation of the ciphertext into the "Ciphertext" output.</p>
+
+        <p>When you click "Decrypt" the example prompts you for the password and derives an AES key from the password using PBKDF2. It then uses that key to decrypt the ciphertext, and writes a representation of the decrypted message into the "Decrypted" output.</p>
+
+        <p>If the "Decrypt" password doesn't match the original, decryption will fail and an error is shown.</p>
+
+        <hr/>
+        <h2>ECDH example</h2>
+        <p>The ECDH algorithm is more commonly called a "key agreement" algorithm. It enables two parties (conventionally called "Alice" and "Bob"), each of whom has a public/private key pair, to establish a shared secret key.</p>
+
+        <p>With this example we've created two key pairs, one for Alice and one for Bob. Alice derives an AES key using her private key and Bob's public key. Bob independently derives the same key using his private key and Alice's public key.</p>
+
+        <p>When you click "Encrypt" the example uses Alice's copy of the key to encrypt a message for Bob.</p>
+
+        <p>When you click "Decrypt" the example uses Bob's copy of the key to decrypt the message.</p>
+
+      </section>
+
+      <section class="examples">
+        <section class="derive-key pbkdf2">
+          <h2>PBKDF2</h2>
+          <section class="derive-key-controls">
+            <div class="message-control">
+              <label for="pbkdf2-message">Enter a message to encrypt:</label>
+              <input type="text" id="pbkdf2-message" name="message" size="25"
+                     value="The bunny hops at teatime">
+            </div>
+            <div class="ciphertext">Ciphertext:<span class="ciphertext-value"></span></div>
+            <div class="decrypted">Decrypted:<span class="decrypted-value"></span></div>
+
+            <input class="encrypt-button" type="button" value="Encrypt">
+            <input class="decrypt-button" type="button" value="Decrypt">
+
+          </section>
+        </section>
+
+        <section class="derive-key ecdh">
+          <h2>ECDH</h2>
+          <section class="derive-key-controls">
+            <div class="message-control">
+              <label for="ecdh-message">Enter a message to encrypt:</label>
+              <input type="text" id="ecdh-message" name="message" size="25"
+                     value="The bunny hops at teatime">
+            </div>
+            <div class="ciphertext">Ciphertext:<span class="ciphertext-value"></span></div>
+            <div class="decrypted">Decrypted:<span class="decrypted-value"></span></div>
+
+            <input class="encrypt-button" type="button" value="Encrypt">
+            <input class="decrypt-button" type="button" value="Decrypt">
+
+          </section>
+        </section>
+
+      </section>
+    </main>
+
+  </body>
+  <script src="ecdh.js"></script>
+  <script src="pbkdf2.js"></script>
+</html>
diff --git a/web-crypto/derive-key/pbkdf2.js b/web-crypto/derive-key/pbkdf2.js
@@ -0,0 +1,130 @@
+(() => {
+
+  let salt;
+  let ciphertext;
+  let iv;
+
+  /*
+  Fetch the contents of the "message" textbox, and encode it
+  in a form we can use for the encrypt operation.
+  */
+  function getMessageEncoding() {
+    let message = document.querySelector("#pbkdf2-message").value;
+    let enc = new TextEncoder();
+    return enc.encode(message);
+  }
+
+  /*
+  Get some key material to use as input to the deriveKey method.
+  The key material is a password supplied by the user.
+  */
+  function getKeyMaterial() {
+    let password = window.prompt("Enter your password");
+    let enc = new TextEncoder();
+    return window.crypto.subtle.importKey(
+      "raw", 
+      enc.encode(password), 
+      {name: "PBKDF2"}, 
+      false, 
+      ["deriveBits", "deriveKey"]
+    );
+  }
+
+  /*
+  Given some key material and some random salt
+  derive an AES-GCM key using PBKDF2.
+  */
+  function getKey(keyMaterial, salt) {
+    return window.crypto.subtle.deriveKey(
+      {
+        "name": "PBKDF2",
+        salt: salt, 
+        "iterations": 100000,
+        "hash": "SHA-256"
+      },
+      keyMaterial,
+      { "name": "AES-GCM", "length": 256},
+      true,
+      [ "encrypt", "decrypt" ]
+    );
+  }
+
+  /*
+  Derive a key from a password supplied by the user, and use the key
+  to encrypt the message.
+  Update the "ciphertextValue" box with a representation of part of
+  the ciphertext.
+  */
+  async function encrypt() {
+    const ciphertextValue = document.querySelector(".pbkdf2 .ciphertext-value");
+    ciphertextValue.textContent = "";
+    const decryptedValue = document.querySelector(".pbkdf2 .decrypted-value");
+    decryptedValue.textContent = "";
+
+    let keyMaterial = await getKeyMaterial();
+    salt = window.crypto.getRandomValues(new Uint8Array(16));
+    let key = await getKey(keyMaterial, salt);
+    iv = window.crypto.getRandomValues(new Uint8Array(12));
+    let encoded = getMessageEncoding();
+
+    ciphertext = await window.crypto.subtle.encrypt(
+      {
+        name: "AES-GCM",
+        iv: iv
+      },
+      key,
+      encoded
+    );
+
+    let buffer = new Uint8Array(ciphertext, 0, 5);
+    ciphertextValue.classList.add("fade-in");
+    ciphertextValue.addEventListener("animationend", () => {
+      ciphertextValue.classList.remove("fade-in");
+    });
+    ciphertextValue.textContent = `${buffer}...[${ciphertext.byteLength} bytes total]`;
+  }
+
+  /*
+  Derive a key from a password supplied by the user, and use the key
+  to decrypt the ciphertext.
+  If the ciphertext was decrypted successfully,
+  update the "decryptedValue" box with the decrypted value.
+  If there was an error decrypting,
+  update the "decryptedValue" box with an error message.
+  */
+  async function decrypt() {
+    const decryptedValue = document.querySelector(".pbkdf2 .decrypted-value");
+    decryptedValue.textContent = "";
+    decryptedValue.classList.remove("error");
+
+    let keyMaterial = await getKeyMaterial();
+    let key = await getKey(keyMaterial, salt);
+
+    try {
+      let decrypted = await window.crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv: iv
+        },
+        key,
+        ciphertext
+      );
+
+      let dec = new TextDecoder();
+      decryptedValue.classList.add("fade-in");
+      decryptedValue.addEventListener("animationend", () => {
+        decryptedValue.classList.remove("fade-in");
+      });
+      decryptedValue.textContent = dec.decode(decrypted);
+    } catch (e) {
+      decryptedValue.classList.add("error");
+      decryptedValue.textContent = "*** Decryption error ***";
+    }
+  }
+
+  const encryptButton = document.querySelector(".pbkdf2 .encrypt-button");
+  encryptButton.addEventListener("click", encrypt);
+
+  const decryptButton = document.querySelector(".pbkdf2 .decrypt-button");
+  decryptButton.addEventListener("click", decrypt);
+})();
diff --git a/web-crypto/derive-key/style.css b/web-crypto/derive-key/style.css
