Login/Register
Cannot read property 'importKey' of undefined, Web Crypto API without ssl
Asked Answered
Solved javascriptgoogle-chromecryptographywebcrypto-api
U

1

1

I am using

window.crypto.subtle.importKey

on the localhost, It works fine. But when I put the code on the server, It is giving error Can not read property importKey of undefined. As I know, I am not using this in a secure https connection. Therefore it is showing the error. I checked this issue crypto.subtle for unsecure origins in Chrome How to enable crypto.subtle for unsecure origins in Chrome?

Is there any alternative for this to fix the issue?

Here is the code

        var contents = e.target.result;//Data from the PKCS#12 file input
        var pkcs12Der = arrayBufferToString(contents)
        var pkcs12B64 = forge.util.encode64(pkcs12Der);
        var pkcs12Der = forge.util.decode64(pkcs12B64);
        var pkcs12Asn1 = forge.asn1.fromDer(pkcs12Der);

        var pkcs12 = forge.pkcs12.pkcs12FromAsn1(pkcs12Asn1, false, password);
        var privateKey
        for (var sci = 0; sci < pkcs12.safeContents.length; ++sci) {
            var safeContents = pkcs12.safeContents[sci];
            for (var sbi = 0; sbi < safeContents.safeBags.length; ++sbi) {
                var safeBag = safeContents.safeBags[sbi];
                if (safeBag.type === forge.pki.oids.keyBag) {
                    privateKey = safeBag.key;
                } else if (safeBag.type === forge.pki.oids.pkcs8ShroudedKeyBag) {
                    privateKey = safeBag.key;
                } else if (safeBag.type === forge.pki.oids.certBag) { }
            }
        }
        var privateKeyInfoDerBuff = _privateKeyToPkcs8(privateKey);

        //Import the webcrypto key
        window.crypto.subtle.importKey('pkcs8', privateKeyInfoDerBuff,
            { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, true, ["sign"])
            .then(function (cryptoKey) {
                var digestToSignBuf = stringToArrayBuffer(message);
                crypto.subtle.sign({ name: "RSASSA-PKCS1-v1_5" }, cryptoKey, digestToSignBuf)
                    .then(function (signature) {
                       // Other code will come here
                    });
            })
Undemonstrative answered 22/7, 2021 at 5:45 Comment(5)
You have already asked the same question: What is the alternative for window.crypto.subtle.importKey in JavaScript. Why don't you edit the old question and add the code?Amity
@user9014097 I removed the old question. We can use https, I understand but in the current context we do not have that. In this use case security does not matters. The main issue is to run the application. Do you have any alternative suggestions for the implementation.Undemonstrative
I've already given my input on the old question and no idea how to disable the secure context requirement. Btw, the link to crypto.subtle for unsecure origins in Chrome is missing here.Amity
@user9014097 Can we solve this by using forge library, because I checked this question also. https://mcmap.net/q/1084740/-web-crypto-api-without-ssl/…Undemonstrative
Of course you can use another JavaScript RSA library instead of WebCrypto, which does not require a secure context. forge supports importing private keys in PKCS#8 format (here) and signing, which defaults to PKCS#1 v1.5 (here).Amity
U
0

I tried and got the solution. You can simply use the private key. Here it is:

var sha256 = forge.md.sha256.create();
sha256.update(message, 'utf8');
var signature = privateKey.sign(sha256);

var md5 = forge.md.md5.create();
md5.update((signature));

var required_digest = md5.digest().toHex().toUpperCase()
Undemonstrative answered 22/7, 2021 at 10:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.