-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable non-extractable keys for Web Crypto #11481
Comments
The spec recommends use of IndexedDB for storing key material. https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage Also:
I'll assume storing key material in memory is fine with extractable=false |
The key language from that section I believe is in bold
That being said that whole section is marked as non-normative. |
https://www.w3.org/TR/WebCryptoAPI/#scope-out-of-scope
|
These sections are all non normative. We can't make a decision on this until we have more clarity about other vendor implementations. Also see w3c/webcrypto#269 |
@lucacasonato can you update the title to state non-extractable rather than extractable? |
Ok, this has been unblocked. Discussion here has resulted in the observation that all shipping implementations store key material in an unprivileged process, thus not being "spectre safe". We can thus do the same. |
I also reached out to Daniel Huigens (primary editor of the Web Cryptography Specification at the moment). Here is what he had to say:
For now we will take the "easy path" where we store key material in process, like existing implementations do. Once (and if) the security model is changed upstream in the spec to be made more strict, we can reconsider. |
Before some we can do this we need confirmation from spec authors for the following statements:
If either of these statements are not correct we do not have any technical way to implement non extractable keys securely.
Knowing more about how web crypto is implemented in browsers (Chrome, Safari, and Firefox) would help here:
The text was updated successfully, but these errors were encountered: