Comments (8)
Interesting concept webview-crypto. IIUC, this simply replaces crypto-browserify with something else (the actual browser engine which is good, particularly in the context of cryptography).
But before trying this, I wanted to work harder (I sound like George Orwell here... ) and dive very deep. I still did not find the problem yet but it is in the bn.js module. For unknown reason, the call to redPoW (from crt, which is called by privateDecrypt) is much longer in standalone than with the debugger context.
I am guessing bn stands for big number since the function in there are math operation (sqr, mul, shift, etc.)
Need to dive deeper....
from crypto-browserify.
window.crypto isn’t this package, that’s web crypto. Your problem doesn’t sound related to this package.
from crypto-browserify.
I understand that crypto-browserify is not using window.crypto but I suspect that something is polyfilling the environment in some way that helps crypto-browserify. My comment about window.crypto.subtle is just a minor symptom.
In any case, the call that is slow is definitely crypto-browserify.privateDecrypt(xxx). (And other crypto related things).
BTW, I just tested a on a real device and the phenomenon is identical.
from crypto-browserify.
crypto-browserify is meant to be a polyfill for node's crypto
module, not for web crypto, so i don't see how it could be relevant. Can you elaborate on what exact code you're invoking that's slow?
from crypto-browserify.
This is my function that initiates a decryption
import Crypto from 'crypto-browserify';
export async function decryptRSA(data, key, hash) {
try {
let option = {
key: key,
padding: Crypto.constants.RSA_PKCS1_OAEP_PADDING,
oaepHash: 'sha1'
};
if (hash === 'sha256') {
option.oaepHash = 'sha256';
}
//log('Before Crypto.privateDecrypt');
let result = await Crypto.privateDecrypt(option, Buffer.from(b64ToUint8(data)))
return result;
} catch(error) {
log ('Failed to decrypt using RSA (crypto-browserify)- ' + error.message)
throw error;
}
}
It takes 15sec on the simulator and 45sec on my Pixel 3a to return (and just 345msec with the debugger).
For info (from package.json):
"crypto-browserify": "^3.12.0",
There is the call to b64ToUint8 from a private library that uses atob but I would be surprise that it is the culprit.
from crypto-browserify.
Thanks, that's helpful.
It would make sense that decryption would be much slower when there's no native crypto available - however, I'm not sure why it would be available when debugging and not otherwise.
https://github.com/webview-crypto/react-native-webview-crypto may be relevant?
from crypto-browserify.
Well, my final conclusion, but correct me if I am wrong, is that the crypto-browserify uses Javascript code to handle the actual encryption / decryption (math operation) and therefore is too slow for real life utilization. 45seconds to decrypt an RSA message (with a key size of 4096 bits) is simply too long.
The better solution, so far, is https://github.com/webview-crypto/react-native-webview-crypto
I did try other solutions, such as react-native-fast-rsa but it is incompatible with openSSL (at least when using the RSA-OAEP padding scheme); in other words, it is probably bugger when it comes to setup the
parameters.
from crypto-browserify.
Makes sense. It's likely that it's fast enough in general, but not inside a react native webview.
from crypto-browserify.
Related Issues (20)
- [Security] update browserify-sign to the latest HOT 3
- the argument to define auth tag length in crypto.createDecipheriv cannot work HOT 1
- generateKeyPair (Sync) missing HOT 3
- Special characters in encryption key - different output
- Add a quickstart guide to documentation HOT 1
- Add support for SHA3
- Usage without polyfills HOT 6
- Missing crypto.randomUUID HOT 1
- Missing crypto.getRandomValues
- typescript support HOT 5
- Module not found error while building react app on Ubuntu HOT 8
- Crypto Module not found
- Is there a reason crypto.subtle is missing in most polyfills including this one? HOT 1
- when using pbkdf2Sync with rollup getting createhmac is not a function
- Is this package safe to use in 2023? HOT 1
- feat: crypto.randomInt([min, ]max[, callback])
- Homepage in package.json is wrong (error 404) HOT 1
- Status of this project HOT 1
- randomBytes is required from randombytes which requires from crypto HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-browserify.