WebCrypto API存储密钥在哪里？

Question

我正在使用webcrypto API成功加密服务器和客户端之间的消息（假设我需要手动执行此操作）。

我的问题是我需要检查用户和服务器的密钥对是否已经存在，而不是始终生成新的密钥对。有没有办法检查它是否存在并检索它以解密服务器消息？

为了澄清，我的privateKey位于浏览器上，publicKey已发送到服务器。

我有一个nodejs服务器和普通的JS前端。

提前致谢。

Answer 1

CryptoKeys are not persistent by default. You need to store the keys in the IndexedDB to make them available to the next browser execution.

IndexedDB is a secure storage, keys can be stored, recovered and used without exposing the key material

See https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage

5.2. Key Storage

This specification does not explicitly provide any new storage mechanisms for CryptoKey objects. Instead, by allowing the CryptoKey to be used with the structured clone algorithm, any existing or future web storage mechanisms that support storing structured clonable objects can be used to store CryptoKey objects.

In practice, it is expected that most authors will make use of the Indexed Database API, which allows associative storage of key/value pairs, where the key is some string identifier meaningful to the application, and the value is a CryptoKey object. This allows the storage and retrieval of key material, without ever exposing that key material to the application or the JavaScript environment

Here you have a full example https://blog.engelke.com/2014/09/19/saving-cryptographic-keys-in-the-browser/

Answer 2

解决：

您可以使用IndexedDB存储CryptoKey个对象。

我尝试了普通的旧本地存储，但它不起作用。

有关详细信息，请参阅：

• https://pomcor.com/2017/06/02/keys-in-browser/
• https://www.w3.org/TR/WebCryptoAPI/
• https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
• https://www.w3.org/TR/IndexedDB/
• https://www.boxcryptor.com/en/blog/post/building-an-app-with-webcrypto-in-2016/
• https://gist.github.com/saulshanabrook/b74984677bccd08b028b30d9968623f5
• https://blog.engelke.com/2014/09/19/saving-cryptographic-keys-in-the-browser/