JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 141442
  • Score
    100M100P100Q170224F
  • License MIT

webcrypto library for Node, React Native and IE11+

Package Exports

  • isomorphic-webcrypto
  • isomorphic-webcrypto/index.mjs
  • isomorphic-webcrypto/main.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (isomorphic-webcrypto) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

isomorphic-webcrypto NPM

webcrypto library for Node, React Native and IE11+

What?

There's a great Node polyfill for the Web Crypto API, but it's not isomorphic yet. This fills the gap until it is.

IE11 and versions of Safari < 11 use an older version of the spec, so the browser implementation includes a webcrypto-shim to iron out the differences. You'll still need to provide your own Promise polyfill.

There's currently no native crypto support in React Native, so the Microsoft Research library is exposed.

Install

npm install isomorphic-webcrypto

Usage

There's a simple example below, but there are many more here.

const crypto = require('isomorphic-webcrypto')
// or
import crypto from 'isomorphic-webcrypto'

crypto.subtle.digest(
  { name: 'SHA-256' },
  new Uint8Array([1,2,3]).buffer
)
.then(hash => {
  // do something with the hash buffer
})

Compatibility

  • IE11+
  • Safari 8+
  • Edge 12+
  • Chrome 43+
  • Opera 24+
  • Firefox 34+
  • Node 4+
  • React Native

Other Environments

If you need to support other environments (like older browsers), use the Microsoft Research library.

const crypto = require('msrcrypto')

/**
 * IMPORTANT: On platforms without crypto, the
 * js-only implementation needs another source 
 * of entropy for operations that require
 * random numbers (creating keys, encrypting,
 * wrapping keys) This should NOT be Math.random()
 */

crypto.initPrng(randomArrayOf48Bytes)

React Native

React Native support is implemented using the Microsoft Research library. The React Native environment only supports Math.random(), so react-native-securerandom is used to provide proper entropy. This is handled automatically, except for crypto.getRandomValues(), which requires you wait:

const crypto = require('isomorphic-webcrypto')

crypto.generateKey() // safe (all other methods are safe)
crypto.getRandomValues() // insecure!!!

// Only needed for crypto.getRandomValues
crypto.ensureSecure(err => {
  if (err) throw err
  crypto.getRandomValues() // safe

  // Only wait once, future calls are secure
  // No need to wrap every getRandomValues call
})

I just want to drop in a script tag

You should use the webcrypto-shim library directly:

<!-- Any Promise polyfill will do -->
<script src="https://unpkg.com/bluebird"></script>
<script src="https://unpkg.com/webcrypto-shim"></script>

License

MIT