File encryption with a browser.

I've been exploring the #WebCryptoAPI and I'm impressed!

When combined with the #FileSystemAPI, it offers a seemingly secure way to #encrypt and #store files directly on your device. Think #localstorage, but with #encryption!

I know #webapps can have #security vulnerabilities since the code is served over the web, so I've #OpenSourced my demo! You can check it out, and it should even work if #selfhosted on #GitHubPages.

Live Demo: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo

Demo Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js

Hook Code: https://github.com/positive-intentions/dim/blob/staging/src/hooks/useFS.js

IMPORTANT NOTES (PLEASE READ!):
* This is NOT a product. It's for #testing and #demonstration purposes only.
* It has NOT been reviewed or audited. Do NOT use for sensitive data.
* The "password encryption" currently uses a hardcoded password. This is for demonstration, not security.
* This is NOT meant to replace robust solutions like #VeraCrypt. It's just a #proofofconcept to show what's possible with #browser #APIs.

#Encryption #Cryptography #JavaScript #Frontend #Privacy #Security #WebDevelopment #Coding #Developer #Tech #FOSS #OpenSource #GitHub #MastodonDev #Programming #WebStandards #FileSystem #WebAPI #ProofOfConcept

@storybook/core - Storybook

Send files privately. No cloud. No trace.

https://glitr.io

I’m working towards something for #secure / #private / #simple #P2P #filetransfer. It isnt as “simple” as it could be, im still working on it, but ive got it down to:

Zero-installation as a #PWA

Zero-registration by using local-only storage

#P2P-authentication using #WebCryptoAPI

Fast #datatransfer using #WebRTC

It’s far from finished, but i think ive got it “usable” enough to ask for feedback on it.

When comparing this project to things like #wormhole, #onionshare, #localsend, #syncthing, #croc, #sphynctershare and countless others. the key difference in my approach is that its a #webapp thats ready to go without any "real" setup process. you just need a browser.

I’m aware there are things like #SFTP and several other established protocols and tools. I started doing this because I was learning about #WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.

(Note: I know you guys are typically interested in #opensource code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)

Let me know what you think about the app, features and experience you would expect from a tool like this.

---

SUPER IMPORTANT NOTES TO PREVENT MISLEADING:

These projects are not ready to replace any existing apps or services.

These projects are not peer-reviewed or security audited.

The chat-app is #opensource for transparency (as linked above)... but the file-app is not open souce at all (especially spicy when not reviewed or audited.).

All projects behind positive-intentions are provided for testing and demo purposes only.

Glitr | Glitr

Description will go into a meta tag in <head />

Native support for ed25519/x25519 in the browser would be a huge step forward for in-browser/client-side cryptography.

Looks like Google is holding up our ability to use it in production.

(Firefox and Safari both have support enabled by default.)

https://caniuse.com/mdn-api_subtlecrypto_sign_ed25519

#ed25519 #x25519 #cryptography #browsers #web #mozilla #apple #google #firefox #safari #chrome #privacy #security #WebCryptoAPI

SubtleCrypto API: sign: `Ed25519` algorithm | Can I use... Support tables for HTML5, CSS3, etc

Anyone tried to sign a text with #JS #WebCryptoApi and verify with #PHP openssl_verify()?
Tried alpine based PHP 7.4, 8.1, 8.2 (with error message) and 8.3 (without error message). Also tried centos / almalinux 8 with php 7.4 (with error message).

"error0909006CPEM routinesget_nameno start line"

But pub key as pem is fine (exportKey method as spki and base64 encoded).

Maybe someone tested it sucessfully and could tell me some details of the test setup like base os, php version, ... ?

@dietrich This is huge; thanks for sharing.

#SmallWeb #ed25519 #WebCryptoAPI

Why and How to Upgrade to Node.js From V18.x to V20.x - UpgradeJS.com | Node.js Upgrade Service

Node.js has always been an essential part of the tech stack for many companies and developers. And here at OmbuLabs and UpgradeJS we use it too, due to its efficiency, scalability, and the robust ecosystem it provides. Recently, the Node.js team released version 20, bringing with it a host of...

Why and How to Upgrade to Node.js from v18.x to v20.x by @Stan_Popovych
Hat schon jemand mit #webcryptoapi in #JavaScript gearbeitet / gespielt?
Ich habe mal in #simplecrypto (https://github.com/encryb/simplecrypto) und #opencrypto (https://github.com/safebash/opencrypto) geschaut. Während simplecrypto auch mit größeren Daten umgehen kann, bekomme ich hier bei opencrypto, was mir vom Ansatz her besser gefällt (pem <-> CryptoKey Konvertierung, openssl Kompatibilität soll vorhanden sein), eine DOMException beim Verschlüsseln.
encryb/simplecrypto

Simple wrapper around WebCrypto implementations. Contribute to encryb/simplecrypto development by creating an account on GitHub.

Why is the #WebCryptoAPI (JS) so badly documented?

It's just like:
* PBKDF2 with 100 iterations. "Do use this, never use more, you could lock out low-devices!"
* GCM? What's this, we just use CBC…
* …

https://discourse.mozilla.org/t/webcrpto-api-badly-documented/31451
/cc @aprilmpls @MozillaSecurity

WebCrpto API badly documented

It’s hard to understand, sometimes and misses information about intended usage/constraints/limitations/suggestions. E.g. the wrapKey method. It’s as it is intended in “unsecure environments”. So, what? It does not even mention taht it basically just encrypts the key, it does not mention whether and why you should/could not just use the encrypt() API (or could you?), and so on and so forth… The documentation is really minimal and that may easily lead to security problems. It does not give a...