Score:0

How web browsers and WebCrypto API protects secrets

cn flag

I tried to search and take a look at a way to securely generate or import secret keys on client-side. First I tried to see if it is possible to take advantage of TPM in Windows but as far as I understood it is not possible to use it. So as far as I got the correct way to deal with encryption keys was using Web Crypto API. I figured out that it uses IndexedDB to store the keys. I truly want to know how these keys are being protected from getting extracted if imported. I know that you need to set extractable property of the Key to false but does it take advantage of TPM or any hardware module to protect keys or just software based protection? BTW I read how KeyStore protects keys so I wonder if for web applications we have such an alternative.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.