Migrating from node-webcrypto-ossl about webcrypto HOT 12 OPEN

The current known issues are here: https://github.com/PeculiarVentures/webcrypto/issues?q=is%3Aissue+is%3Aopen+label%3A%22blocking+deprecation+of+node-webcrypto-ossl%22

We have done benchmarking and in all cases, if I recall correctly the performance between node-webcrypto-ossl was essentially the same or marginally faster. I suspect that there will be no issue but we should create a bug to test for this.

The desire to deprecate the native c module is based on:

• Some people have no C experience and when they encounter issues building they move on to using all JS solutions that are very insecure.
• Maintaining the C version is more costly.

The downsides of doing the switch are (so far):

• People have to switch.
• We get blocked by the node team for support for different algorthms.
• When node deprecates an algorithm we will have to also.

Were open to different approaches here, we just are trying to help the internet with this library.

from webcrypto.

webcrypto is based on NodeJS crypto API. The minimum version of NodeJS must be v10. But electron doesn't implement all NodeJS crypto API (etc. generateKeys). This is why I use node-webcrypto-ossl for my Fortify project

from webcrypto.

@microshine are you able to build node-webcrypto-ossl for electron on windows?

from webcrypto.

@microshine i saw your fortify project and added
openssl_1_0_2 = 1 to my .npmrc seems like build succeeded.
Thank you

from webcrypto.

@yalamber You must put libeay32.dll near nodessl.node (node-webcrypto-oss/build/Release) or electron.exe

from webcrypto.

@yalamber you can take prebuild openssl here https://github.com/PeculiarVentures/fortify/releases

from webcrypto.

@microshine Thank you so much. I rebuilt using old version of openssl and it went fine.

from webcrypto.

Will this eventually replace node-crypto-ossl?

from webcrypto.

Yes, our current thinking is that once all the blocking issues are addressed (assuming that can be done) we will make that switch.

Right now some algorithms can't be implemented because of issues in node.crypto and there is an issue with running inside Electron applications. We are not aware of any other issues at this time.

from webcrypto.

Are all the blocking issues listed somewhere?

Also I'm concerned about whether the crypto API will be truely async across all the platforms. See the concerns listed on this package: https://www.npmjs.com/package/@ronomon/crypto-async

from webcrypto.

Reopening this issue so people can use it to discuss the topic.

from webcrypto.

Now that nodejs has a webcrypto object crypto.webcrypto. Does this library use any routines directly from crypto.webcrypto?

It seems to rely only on node's crypto library and just reimplements the same interface.

I was using @pecular/x509 and there was an example on the README.md that showed the ability to fill in the crypto provider:

It seemed like this was sufficient:

import { webcrypto } from 'crypto';
import * as x509 from '@peculiar/x509';

x509.cryptoProvider.set(webcrypto as Crypto);

In that case, is there still a reason to use this library if the node version is 16.17+?

from webcrypto.