Native Cryptography in the Browser, An Exploratory Approach

• Main Author: Wilson, Joseph A
• Format: Others
• Published: DigitalCommons@CalPoly 2016
• Online Access: https://digitalcommons.calpoly.edu/theses/1697; https://digitalcommons.calpoly.edu/cgi/viewcontent.cgi?article=2901&context=theses

As applications move from the desktop to the web browser, security needs to be taken into consideration. The new Web Crypto API provides native support for web applications to perform cryptographic operations and key management functions. Client side cryptographic support is a critical component in the future development of secure web based applications. This thesis presents an exploration of the Web Crypto API. The aim of this research was to determine the feasibility of developing complex cryptographic applications in the browser. This evaluation was performed by building an end to end encrypted messaging system that implements the off the record (OTR) messaging protocol. This thesis also proposes Joey’s Web Crypto Library (JWCL), a wrapper library around the native Web Crypto API that provides network portable output, secure default options, and a class based modern interface. In this thesis the Web Crypto API is shown to be capable of supporting the development of a functional, proof of concept, end to end encrypted secure messaging system in the browser. JWCL succeeds in providing a high level, simple yet elegant interface to the low level Web Crypto API.