Web Crypto API using Microsoft Edge (38.14393.0.0)
I have been using the Web Crypto API ( https://www.w3.org/TR/WebCryptoAPI/ ) successfully in Chrome (since the first Crypto support), Firefox (since the first Web Crypto support) and even on Safari TP (10.2) since WebCrypto Liner support - pollyfill for WebCrypto API ( https://github.com/PeculiarVentures/webcrypto-liner ).
Now I want to test our code using Microsoft Edge. But encryption and decryption of the ArrayBuffer pattern no longer succeeds. Here's the code:
var crypto = window.crypto;
if (crypto.subtle) {
var aesGcmKey = null;
// always create a new, random iv in production systems!!!
var tempIv = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]);
// needed for edge, if additional data missing decrypting is failing
var tempAdditionalData = new Uint8Array(0);
var dataToEncrypt = new Uint8Array([1, 2, 3, 4, 5]);
// 1.) generate key
var generateKeyPromise = crypto.subtle.generateKey(
{name: "AES-GCM", length: 256}, true, ["encrypt", "decrypt"]
);
generateKeyPromise.then(function (tempKey) {
aesGcmKey = tempKey;
// 2.) start encryption with this key
var encryptedDataPromise = crypto.subtle.encrypt(
{name: "AES-GCM", iv: tempIv, additionalData: tempAdditionalData, tagLength: 128},
aesGcmKey,
dataToEncrypt
);
encryptedDataPromise.then(function (encryptedData) {
// 3.) decrypt using same key
var decryptedDataPromise = crypto.subtle.decrypt(
{name: "AES-GCM", iv: tempIv, additionalData: tempAdditionalData, tagLength: 128},
aesGcmKey,
encryptedData
);
decryptedDataPromise.then(function (decryptedData) {
// 4.) compare decrypted array buffer and inital data
console.log('data decrypted!');
console.log(decryptedData);
});
decryptedDataPromise.catch(function (error) {
console.log('decrypting sample data failed');
console.log(error);
});
});
// if 2.) is failing
encryptedDataPromise.catch(function (error) {
console.log('encrypting sample data failed');
console.log(error);
});
});
// if 1.) is failing
generateKeyPromise.catch(function (error) {
console.log('creating aec gcm key failed');
console.log(error);
});
}
This code does not work in the decryption phase (step 3.in code) on Edge, while it works fine in Chrome, Firefox and even Safari. The wired part is that the decryptedDataPromise is rejected with an exception, but the returned data doesn't look like an exception at all:
[object Object] {additionalData: Uint8Array {...}, iv: Uint8Array {...}, name: "AES-GCM", tagLength: 128}
Does anyone know why this fails on Microsoft Edge?
source to share
As pointed out in the comments, changing the IV to size 12 instead of 16 and the extra data 1
instead 0
fixes the issue in Edge
var tempIv = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]);
var tempAdditionalData = new Uint8Array(1);
Your comment about extra data "// is needed for the edge, if extra data missing in decryption, failure" is really not needed. additionalData
may be invalid
I've looked on MSDN about encrypt but haven't documented this behavior. So I think the WebCrypto implementation is not mature enough and there are still small bugs
source to share