没有 ssl 的 Web 加密 API
我写了一个用于安全消息传输的小 Web 应用程序以了解有关加密的更多信息,并想将它展示给我的朋友并让他们玩一点,所以我将它托管在我的小服务器上,并震惊地发现Web Crypto API(我拼命工作,因为它的错误消息不是很具体)需要 SSL(有点违背在浏览器中实现自己的加密方案的目的)!
I wrote a little webapp for secure message transfer to learn more about encryption, and wanted to show it to my friends and let them play with it a little, so I hosted it on my little server, and was shocked to find that the Web Crypto API (which I worked my ass off to get to work because it is not very specific in its error messages) REQUIRES SSL ( kinda defeats the purpouse of implementing your own encryption scheme in browsers)!
我已经在该服务器上使用 SSL 运行了另一个 API,但我不想合并它们,而是想问:有没有办法绕过 Web Crypto API 的安全套接字要求,或者那里有另一个库可以让我在不安全的环境中使用相同或相似的功能?
I already have another API running on that server with SSL, but instead of merging them I wanted to ask: Is there a way to circumvent the secure socket requirement of Web Crypto API, or is there another library out there which allows me to use the same or similar functions in a non-secure context?
推荐答案
WebCrypto API 规范(https://www.w3.org/TR/WebCryptoAPI/ )不限于 SSL,但浏览器实现需要安全来源"
The WebCrypto API specification(https://www.w3.org/TR/WebCryptoAPI/ ) does not restrict to SSL, but browser implementations require a "secure origin"
例如,Chrome 需要 https
、wss
、localhost
或扩展程序.请参阅 https://stackoverflow.com/a/46671627/6371459
For example, Chrome requires https
, wss
, localhost
or an extension. See https://stackoverflow.com/a/46671627/6371459
您需要设置 SSL 连接才能使用 webcrypto.如果您想使用其他库(forge、pki.js 等),则不会有此限制,但建议在使用密码学时使用 SSL/TLS.
You would need to set up a SSL connection in order to use webcrypto. If you want to use another library (forge, pki.js, etc.) you will not have this restriction, although it is advisable to use SSL / TLS when using cryptography.
相关文章