Tag Archives: Cryptography

02Nov/15

How to generate keys with the Web Cryptography API

I have been playing around with the Web Cryptography API a lot lately.  My most recent post was about getRandomValues().  I wanted to take a moment to investigate two more methods: generateKey() and exportKey().  The generation of a good cryptographic key is fairly fundamental.  I wrote up a short demo app, to demonstrate how the two functions work.

The code outputs to the console, so make sure to have Firebug open when you run the app.  Also, keep in mind that the Web Cryptography API is not fully supported in every browser, so not all of the functions in this demo will work everywhere.  I added in a description box for the crypto algorithms, so you can see the details of each one.

Have any questions? Feel free to drop a comment, below.

19Oct/15

Generating random numbers with the Web Cryptography API

The W3C has been working on a Web Cryptography API for a while, now.  The current version (11 December 2014) is their “Candidate Recommendation”.  As such, I would not necessarily consider it fully ready for primetime but that does not mean that we can not play around with it a bit.  I figured that today, we should take a check out getRandomValues().

According to MDN, “To guarantee enough performance, implementations are not using a truly random number generator, but they are using a pseudo-random number generator seeded with a value with enough entropy.”  You do not want to use this method to generate encryption keys (especially since generateKey() is available within the same API).  I think that this method is more foundational than anything.  It is just meant to be part of the plumbing.

Like usual, you can find the code behind my example here or check out the final result here.

Have some thoughts? Drop a comment below.