As title says,
I’ve generated primary key as:
<code> async function generateKey() {
const key = await window.crypto.subtle.generateKey(
{
name: "AES-GCM",
length: 256,
},
true,
["encrypt", "decrypt"]
);
return key;
}
</code>
<code> async function generateKey() {
const key = await window.crypto.subtle.generateKey(
{
name: "AES-GCM",
length: 256,
},
true,
["encrypt", "decrypt"]
);
return key;
}
</code>
async function generateKey() {
const key = await window.crypto.subtle.generateKey(
{
name: "AES-GCM",
length: 256,
},
true,
["encrypt", "decrypt"]
);
return key;
}
and encrypted this key using derived key as:
<code> async function encryptPrimaryKey(primaryKey: any, derivedKey: any, iv: any) {
const encryptedKey = await window.crypto.subtle.encrypt(
{ name: "AES-GCM", iv: iv },
derivedKey,
primaryKey
);
return encryptedKey;
}
</code>
<code> async function encryptPrimaryKey(primaryKey: any, derivedKey: any, iv: any) {
const encryptedKey = await window.crypto.subtle.encrypt(
{ name: "AES-GCM", iv: iv },
derivedKey,
primaryKey
);
return encryptedKey;
}
</code>
async function encryptPrimaryKey(primaryKey: any, derivedKey: any, iv: any) {
const encryptedKey = await window.crypto.subtle.encrypt(
{ name: "AES-GCM", iv: iv },
derivedKey,
primaryKey
);
return encryptedKey;
}
where derivedkey itself is generated using user’s password as:
<code> async function deriveKey(salt: any, passphrase: string = "password") {
const encoder = new TextEncoder();
const keyMaterial = await window.crypto.subtle.importKey(
"raw",
encoder.encode(passphrase),
{ name: "PBKDF2" },
false,
["deriveKey"]
);
const derivedKey = await window.crypto.subtle.deriveKey(
{
name: "PBKDF2",
salt: salt,
iterations: 100000,
hash: "SHA-256",
},
keyMaterial,
{ name: "AES-GCM", length: 256 },
false,
["encrypt", "decrypt"]
);
return { derivedKey, salt };
}
</code>
<code> async function deriveKey(salt: any, passphrase: string = "password") {
const encoder = new TextEncoder();
const keyMaterial = await window.crypto.subtle.importKey(
"raw",
encoder.encode(passphrase),
{ name: "PBKDF2" },
false,
["deriveKey"]
);
const derivedKey = await window.crypto.subtle.deriveKey(
{
name: "PBKDF2",
salt: salt,
iterations: 100000,
hash: "SHA-256",
},
keyMaterial,
{ name: "AES-GCM", length: 256 },
false,
["encrypt", "decrypt"]
);
return { derivedKey, salt };
}
</code>
async function deriveKey(salt: any, passphrase: string = "password") {
const encoder = new TextEncoder();
const keyMaterial = await window.crypto.subtle.importKey(
"raw",
encoder.encode(passphrase),
{ name: "PBKDF2" },
false,
["deriveKey"]
);
const derivedKey = await window.crypto.subtle.deriveKey(
{
name: "PBKDF2",
salt: salt,
iterations: 100000,
hash: "SHA-256",
},
keyMaterial,
{ name: "AES-GCM", length: 256 },
false,
["encrypt", "decrypt"]
);
return { derivedKey, salt };
}
This encrypted primary key is thus send to server for its storage. User will able to get primary key for encrypting their data in client side as long as they have their password. But if they forgot password, how will user get primary key as server only stores it in encypted form?
I’m struck at this moment.