Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use crypto.webcrypto.* functions to be compliant with the Web Crypto spec #49

Open
MichaelDeBoey opened this issue Aug 21, 2023 · 6 comments
Open

Use crypto.webcrypto.* functions to be compliant with the Web Crypto spec #49

MichaelDeBoey opened this issue Aug 21, 2023 · 6 comments

Comments

@MichaelDeBoey
Copy link

MichaelDeBoey commented Aug 21, 2023
edited
Loading

https://nodejs.org/dist/latest-v20.x/docs/api/crypto.html#cryptosubtle

CC/ @natevw
@MichaelDeBoey MichaelDeBoey mentioned this issue Aug 21, 2023
Closed
@natevw
Copy link
Collaborator

natevw commented Aug 21, 2023

Put some notes on #50 (comment) as well, but as far as this feature request generally I think my question would be: what's the use case?

My understanding is that cookie-signature should be focused on that, signing cookies which would need to be done on the server-side where the engine is presumedly Node.js and no need for Web Crypto compatibility. Assuming node.js doesn't plan to deprecate their old crypto module any time soon, is that correct?

@MichaelDeBoey
Copy link
Author

MichaelDeBoey commented Aug 22, 2023
edited
Loading

@natevw My goal was to make this a first step towards full Web Crypto compliance (using the crypto global instead of the Crypto API), so that this package could be used on other runtimes like Bun, Cloudflare and/or Deno as well

@natevw
Copy link
Collaborator

natevw commented Aug 22, 2023
edited
Loading

Yeah, that does seem useful at least in some library. But the code here is basically two tiny functions that have worked ± the same for over a decade.

@dougwilson is the Express framework moving to support other runtimes besides Node.js? Otherwise I'm inclined to decline this work here, and leave improvements like this available to a new npm package that can have a fresh start in the modern JS era.

@MichaelDeBoey
Copy link
Author

MichaelDeBoey commented Aug 22, 2023
edited
Loading

@natevw The end-result of these changes will be exactly the same as it was without these change, it's only an internal change of using different APIs
But it has the added benefit of being usable with Bun, Cloudflare and Deno (and other runtimes that support the standardized Web API) as well

@nexdrew
Copy link

nexdrew commented Oct 21, 2023

If anyone's interested, I recently published a new package called cookie-signature-subtle that does exactly what @MichaelDeBoey is asking for - it's basically cookie-signature using the Web Crypto API (which is async) - because I had a similar desire to support other non-Node web-standard runtimes. (Apologies for the shameless plug, just trying to help!)

@natevw
Copy link
Collaborator

natevw commented Oct 23, 2023

@nexdrew No apologies needed, thanks for sharing! Seems to match exactly my hope that someone could make a fresh start without the backwards compatibility constraints. If more people end up needing this we could probably update the README as well (and perhaps there's other similar libraries in the space…).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: make lib Web Crypto compliant MichaelDeBoey/node-cookie-signature
3 participants
@natevw @nexdrew @MichaelDeBoey