1

I use the script in web

But error in edge browser console

At const key = await .... expect “;” How to use this script correctly?

I have no chrome browser in another computer and only expect to use default browser edge in window 10

I use for password transit through USB storage

const encoder = new TextEncoder();

const toBase64 = buffer =>
  btoa(String.fromCharCode(...new Uint8Array(buffer)));

const PBKDF2 = async (
  password, salt, iterations,
  length, hash, algorithm =  'AES-CBC') => {

  keyMaterial = await window.crypto.subtle.importKey(
    'raw',
    encoder.encode(password),
    {name: 'PBKDF2'},
    false,
    ['deriveKey']
  );


  return await window.crypto.subtle.deriveKey(
      {
        name: 'PBKDF2',
        salt: encoder.encode(salt),
        iterations,
        hash
      },
      keyMaterial,
      { name: algorithm, length },
      false, // we don't need to export our key!!!
      ['encrypt', 'decrypt']
    );
}


const salt = window.crypto.getRandomValues(new Uint8Array(16));
const iv = window.crypto.getRandomValues(new Uint8Array(16));
const plain_text = encoder.encode("That is our super secret text");
const key = await PBKDF2('my password', salt, 100000, 256, 'SHA-256');

const encrypted = await window.crypto.subtle.encrypt(
  {name: "AES-CBC", iv },
  key,
  plain_text
);

console.log({
  salt: toBase64(salt),
  iv: toBase64(iv),
  encrypted: toBase64(encrypted),
  concatennated: toBase64([
    ...salt,
    ...iv,
    ...new Uint8Array(encrypted)
  ])
});
Ho Yeung Lee
  • 453
  • 1
  • 3
  • 14

1 Answers1

0

In the script, the keyword var is missing in the definition of keyMaterial. Edge then generates the error message Uncaught (in promise) ReferenceError: keyMaterial is not defined at PBKDF2... Apart from that the script is executed on my machine (Edge version 90.0.818.46).

Another problem may be an older Edge version. Edge (meanwhile Chromium-based) supports top-level-awaits as of version 89, in earlier versions the script has to be encapsulated in an asynchronous top-level function (see also here), e.g.

const main = async () => {
    const encoder = new TextEncoder();

    const toBase64 = buffer =>
        btoa(String.fromCharCode(...new Uint8Array(buffer)));

    const PBKDF2 = async (
          password, salt, iterations,
          length, hash, algorithm =  'AES-CBC') => {

        var keyMaterial = await window.crypto.subtle.importKey(
            'raw',
            encoder.encode(password),
            {name: 'PBKDF2'},
            false,
            ['deriveKey']
        );

        return await window.crypto.subtle.deriveKey(
            {
                name: 'PBKDF2',
                salt: encoder.encode(salt),
                iterations,
                hash
            },
            keyMaterial,
            { name: algorithm, length },
            false, // we don't need to export our key!!!
            ['encrypt', 'decrypt']
        );
    }

    const salt = window.crypto.getRandomValues(new Uint8Array(16));
    const iv = window.crypto.getRandomValues(new Uint8Array(16));
    const plain_text = encoder.encode("That is our super secret text");
    const key = await PBKDF2('my password', salt, 100000, 256, 'SHA-256');

    const encrypted = await window.crypto.subtle.encrypt(
        {name: "AES-CBC", iv },
        key,
        plain_text
    );

    console.log({
        salt: toBase64(salt),
        iv: toBase64(iv),
        encrypted: toBase64(encrypted),
        concatennated: toBase64([
            ...salt,
            ...iv,
            ...new Uint8Array(encrypted)
        ])
    }); 
}

(async () => {
    await main();
})();

Newer Edge versions are based on Chronium, under which the script also runs for earlier versions (tested for v85). I couldn't do a test for Edge versions before the Chromium switch, because I don't have a correspondingly old version. If you use one, you would have to test this in your environment.

Topaco
  • 40,594
  • 4
  • 35
  • 62