1

I am using

window.crypto.subtle.importKey

on the localhost, It works fine. But when I put the code on the server, It is giving error Can not read property importKey of undefined. As I know, I am not using this in a secure https connection. Therefore it is showing the error. I checked this issue crypto.subtle for unsecure origins in Chrome How to enable crypto.subtle for unsecure origins in Chrome?

Is there any alternative for this to fix the issue?

Here is the code

        var contents = e.target.result;//Data from the PKCS#12 file input
        var pkcs12Der = arrayBufferToString(contents)
        var pkcs12B64 = forge.util.encode64(pkcs12Der);
        var pkcs12Der = forge.util.decode64(pkcs12B64);
        var pkcs12Asn1 = forge.asn1.fromDer(pkcs12Der);

        var pkcs12 = forge.pkcs12.pkcs12FromAsn1(pkcs12Asn1, false, password);
        var privateKey
        for (var sci = 0; sci < pkcs12.safeContents.length; ++sci) {
            var safeContents = pkcs12.safeContents[sci];
            for (var sbi = 0; sbi < safeContents.safeBags.length; ++sbi) {
                var safeBag = safeContents.safeBags[sbi];
                if (safeBag.type === forge.pki.oids.keyBag) {
                    privateKey = safeBag.key;
                } else if (safeBag.type === forge.pki.oids.pkcs8ShroudedKeyBag) {
                    privateKey = safeBag.key;
                } else if (safeBag.type === forge.pki.oids.certBag) { }
            }
        }
        var privateKeyInfoDerBuff = _privateKeyToPkcs8(privateKey);

        //Import the webcrypto key
        window.crypto.subtle.importKey('pkcs8', privateKeyInfoDerBuff,
            { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, true, ["sign"])
            .then(function (cryptoKey) {
                var digestToSignBuf = stringToArrayBuffer(message);
                crypto.subtle.sign({ name: "RSASSA-PKCS1-v1_5" }, cryptoKey, digestToSignBuf)
                    .then(function (signature) {
                       // Other code will come here
                    });
            })
Satya Dev Yadav
  • 143
  • 3
  • 13
  • 1
    You have already asked the same question: [What is the alternative for window.crypto.subtle.importKey in JavaScript](https://stackoverflow.com/questions/68466509/what-is-the-alternative-for-window-crypto-subtle-importkey-in-javascript). Why don't you edit the old question and add the code? – Topaco Jul 22 '21 at 06:13
  • @user9014097 I removed the old question. We can use https, I understand but in the current context we do not have that. In this use case security does not matters. The main issue is to run the application. Do you have any alternative suggestions for the implementation. – Satya Dev Yadav Jul 22 '21 at 06:39
  • I've already given my input on the old question and no idea how to disable the secure context requirement. Btw, the link to _crypto.subtle for unsecure origins in Chrome_ is missing here. – Topaco Jul 22 '21 at 06:46
  • @user9014097 Can we solve this by using forge library, because I checked this question also. https://stackoverflow.com/questions/59519988/web-crypto-api-without-ssl/59533745?noredirect=1#comment121010239_59533745 – Satya Dev Yadav Jul 22 '21 at 07:07
  • Of course you can use another JavaScript RSA library instead of _WebCrypto_, which does not require a secure context. _forge_ supports importing private keys in PKCS#8 format ([here](https://github.com/digitalbazaar/forge#pkcs8)) and signing, which defaults to PKCS#1 v1.5 ([here](https://github.com/digitalbazaar/forge#rsa)). – Topaco Jul 22 '21 at 07:29

1 Answers1

0

I tried and got the solution. You can simply use the private key. Here it is:

var sha256 = forge.md.sha256.create();
sha256.update(message, 'utf8');
var signature = privateKey.sign(sha256);

var md5 = forge.md.md5.create();
md5.update((signature));

var required_digest = md5.digest().toHex().toUpperCase()
Satya Dev Yadav
  • 143
  • 3
  • 13