Securing JavaScript applications with Web Cryptography API
- Pages
- 53-60
Abstract
With an increasing number of web applications, the need of ordinary users to have more secure web applications has increased and web developers are attempting to match those expectations. This article is devoted to consideration of the basic concepts of the Web Cryptography API since it defines cryptographic primitives to be deployed across browsers and JavaScript web applications. The purpose of the article is the theoretical justification for the application of Web Crypto API within native JavaScript environments in order to secure web applications. The article deals with the key definitions within the Web Crypto API; describes design and generic interfaces for using cryptographic algorithms; indicates possible limitations of the Web Crypto API; reviews its compatibility and implementations for Node.js cryptomodule, for instance, a WebCrypto prototype for Node.js has been developed. The results of study provide concrete evidence that web applications that use Web Crypto API become more secure as it enforces usage patterns of keys that correlate to known best practices in cryptography. The findings suggest that more emphasis should be placed on providing interoperability between the Web Cryptography API and the existing Node.js crypto module.