Comments (15)
Any progress or solution for this?
from libsignal-protocol-javascript.
@jjzazuet Proxying calls to a WebView is clever! It definitely maximizes WebCrypto API compatibility.
As an alternative, mostly JS solution, I published isomorphic-webcrypto, which uses the Microsoft Research library for WebCrypto support in React Native. There are a few caveats for React Native:
- It can't generate RSA keys or ECDSA with SHA-512
- React Native doesn't expose a secure way to get entropy, so you'll have to wait for the
crypto.ensureSecure
callback to complete before callingcrypto.getRandomValues()
- I haven't tested the encryption flows, only the signing ones, so there may be issues I'm unaware of
This could be a place to start if someone wanted to build out a POC.
from libsignal-protocol-javascript.
It turns out there is already a way to surface the native webcrypto apis to JavaScriptCore using a bridge to the WebKit WebView https://github.com/saulshanabrook/react-native-webview-crypto
Perhaps give this a try and see if all api requirments are met.
from libsignal-protocol-javascript.
Using your ObjectiveC/Java libs for mobile would obviously also be an option, but since my business logic and UI are in JS, wrapping just the crypto primitives instead of the full protocol layer seems to make more sense.
from libsignal-protocol-javascript.
Neat. I have considered this, well, in part in that my hope was that I could add necessary algorithm support to - https://github.com/PeculiarVentures/node-webcrypto-liner which would enable building a signal implementation on it.
In native land, mabe https://github.com/PeculiarVentures/node-webcrypto-ossl could be of use?
from libsignal-protocol-javascript.
From looking at crypto.js
only a few apis would need to be shimmed:
crypto.getRandomValues
using react-native-randombytes- AES-CBC
- HMAC-SHA-256
- SHA-512
Since 2-4 are already async that should be pretty strait forward. Only 1. is currently a sync api and would have to be refactored, as calls through the react native bridge are all async.
Wrapping a native cipher suite e.g. openssl could work, but perhaps using iOS and Android platform apis would be cleaner.
from libsignal-protocol-javascript.
Any progress guys?
from libsignal-protocol-javascript.
Pinging back as well. I'm also trying to integrate with React Native. Thanks!
from libsignal-protocol-javascript.
+1
from libsignal-protocol-javascript.
@tanx the last time I tried that, I only got as far as exposing the crypto.subtle
object (and its corresponding methods) on iOS 11, since at the time (a couple months I think) Chrome on Android did not expose the WebCrypto API, thus getting undefined
.
The way I did it was by proxying WebCrypto API calls to a hidden WebView, passing arguments through the React Native Javascript bridge using the postMessage
function.
If this table is to be believed, both iOS and Android may now return implementation objects. Since this approach didn't work for me, I'm exploring the idea to replace the high level crypto calls with react-native-sodium instead.
Hope this helps.
from libsignal-protocol-javascript.
OK, think I might have found a way to support this (and a bunch of other cool stuff on RN) via NodeJS-Mobile. This runs node on a bg process on both Android and iOS via Chakra core. Seemingly supporting most / all node.
Thoughts?
from libsignal-protocol-javascript.
create react native plugins that shim WebCrypto using native crypto primitives.
@tanx Did you get around to making that change? I'm in a similar position.
from libsignal-protocol-javascript.
+1
from libsignal-protocol-javascript.
Two libraries we produced since this bug was opened:
https://www.npmjs.com/package/2key-ratchet
https://www.npmjs.com/package/@peculiar/webcrypto
Summary of how 2key-ratchet differs from the standard signal protocol is here https://github.com/PeculiarVentures/2key-ratchet/blob/master/DIFFERENCES.md
from libsignal-protocol-javascript.
I was able to get this thing working in React Native. This is what I did:
- Forked https://github.com/elsehow/signal-protocol/
- Changed
node_pollyfills.js
to use
var crypto = require('isomorphic-webcrypto');
module.exports = {
crypto: crypto,
};
- Changed
crypto.js
to use
var crypto = require('./node_polyfills.js').crypto;
- Changed
curve25519_concat.js
by removing all of the conditional environment set up and just having it use the web set up.
There were other miscellaneous changes I had to make but these were the most important ones.
https://github.com/AidenRourke/signal-protocol
from libsignal-protocol-javascript.
Related Issues (20)
- Ionic/Angular Support HOT 1
- Why is there no nodejs implementation? HOT 3
- Converse.js v4.2.0 unable send OMEMO message HOT 10
- Is this lib still maintained? HOT 1
- Error -1 previous counter HOT 1
- Documentation
- IS THIS REPO STILL MANAGED HOT 3
- Install time Error "KeyId" not defined HOT 3
- Babel import/require .etc HOT 1
- How should keys be exchanged? What should be exchanged? HOT 1
- SessionCipher::encrypt setting wrong registrationId? HOT 2
- Is there a more detailed document or a demo actually used? HOT 2
- Use ES6 arrow functions for cleaner code HOT 1
- expand readme HOT 3
- Encryption of Media Files HOT 4
- T
- Does not seem work in Node
- Keepalive? HOT 2
- Only checking against the SignalProtocolAddress name when calling isTrustedIdentity in SessionBuilder HOT 1
- Test fails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libsignal-protocol-javascript.