I would like to build secure notes via javascript and webcrypto.
I have found the possibilities to generate strong key via PBKDF2
and encrypt data via AES
.
Here is a sample how to generate key via PBKDF2 in webcrypto, where is required salt:
function getKey(keyMaterial, salt) {
return window.crypto.subtle.deriveKey(
{
"name": "PBKDF2",
salt: salt,
"iterations": 100000,
"hash": "SHA-256"
},
keyMaterial,
{ "name": "AES-GCM", "length": 256},
true,
[ "encrypt", "decrypt" ]
);
}
https://github.com/mdn/dom-examples/blob/master/web-crypto/derive-key/pbkdf2.js#L37-L50
This key is use for encrypt data:
let keyMaterial = await getKeyMaterial();
salt = window.crypto.getRandomValues(new Uint8Array(16));
let key = await getKey(keyMaterial, salt);
iv = window.crypto.getRandomValues(new Uint8Array(12));
let encoded = getMessageEncoding();
ciphertext = await window.crypto.subtle.encrypt(
{
name: "AES-GCM",
iv: iv
},
key,
encoded
);
I will need this information for future decryption. I would like to export this data from browser and decrypt this data later with provided password.
I want to have following JSON format:
data: {
notes:[
{
encryptedNote: '..',
iv: '..',
}
]
salt: '..'
}
Now I am not sure how to store securely salt and initialization vector? Is it possible to store data like above?