[Ndn-lib] NDN-JS support for crypto.subtle

Junxiao Shi shijunxiao at email.arizona.edu
Tue Feb 3 22:58:10 PST 2015

Hi Jeff

I think supporting crypto.subtle is a good way to improve the performance
and security of web apps.

Chrome requires HTTPS to use crypto.subtle. HTTPS page cannot connect to
non-TLS WebSocket.
Although operator can deploy TLS WebSocket easily, ndn.Face is hard-coded
to connect to 'ws:'+host+':'+port.

I suggest changing ndn.Face constructor to accept full WebSocket URI, such

var face = new ndn.Face({ wsuri:"wss://secure.example.net/NFD" });

Allowing "path" is useful, because operator may not want to open up a
separate port just for NFD.

Another related question is: how should web apps do key distribution?
Since the browser context is as secure as the server, previously I'm
thinking about generating a key pair on the server, and transfer it to the
client via AJAX over TLS. Client can then store keys in localStorage.

Given crypto.subtle has key generation functions, would this allow a better
way for key distribution?

Yours, Junxiao

On Mon, Feb 2, 2015 at 3:37 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>

>  Hello all,
>  NDN-JS now has preliminary support for crypto.subtle (the WebCrypto
> API). Crypto.subtle is an API so that JavaScript code in browsers can use
> fast native crypto. If NDN-JS detects that the browser has crypto.subtle,
> then it will use it. Otherwise it falls back to the (slow) pure JavaScript
> code. We have tested it in Chrome and Firefox. The speed up is substantial,
> increasing from 22 signatures per second to 1000 per second with
> crypto.subtle.
>  Currently there is support for signing and verifying. Crypto.subtle is
> asynchronous and returns its results in a callback. This was OK for verify
> because the NDN-JS call already uses callbacks for onVerified and
> onVerifyFailed. But for signing, we needed to add an optional callback to
> KeyChain.sign.  See the doc comment for the onComplete callback:
> https://github.com/named-data/ndn-js/blob/82eeee27eff7f94ab10af2112f65e54ce233e797/js/security/key-chain.js#L272
>  Many thanks to Ryan Bennett for submitting the code to support
> crypto.subtle.
>  - Jeff T
> _______________________________________________
> Ndn-lib mailing list
> Ndn-lib at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-lib
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-lib/attachments/20150203/bdf41b96/attachment.html>

More information about the Ndn-lib mailing list