1

I want to code a web app that allows 2 users to send encrypted messages to each other, and I want to maximize security, so I want to minimize the amount of trust I put in my cloud provider (both the database and the server where the app code is).

So I figured I'd try to learn how to do all of the encrypting/decrypting client-side (in javascript).

But I've read various articles such as from 2013, 2011, and 2017 strongly recommending that nobody ever code anything cryptography-related in JS.

If I assume that cryptography experts' warnings about JS are correct, I have these questions:

  1. From what I can tell, Libsodium seems to be a highly-respected cryptography library, so why would it offer a javascript version if JS is weak? (And so does Stanford, W3C, and Signal.)
  2. Is it at all possible to develop an app like I envisioned (end-to-end encryption from client to client) without me needing to learn to code Android or iOS? (If not, then what approach gets me closest to my goal?)

I also want convenience: I want the users to be able to log into the website from any device as long as they also can provide a multi-factor auth code from their phone.

(I.e. Using the app can't require localStorage specific to one device or require uploading files of keys that are too long to memorize; users need to be able to log in just by providing credentials they've memorized.)

I'm hoping someone kind will point me in the right direction instead of just dismissing my questions with the typical "If you have to ask about security, you should leave it to the pros." I want to learn. Thanks.

Ryan
  • 315
  • 4
  • 15
  • 1
    Math is Math, it doesn't matter how it's run, the numbers always add up. There is built-in crypto in browser JS now, no need to load large libraries. SSL, cert pinning, HSTS, CSPs take care of virtually all prior complaints, unless you care about touge extensions, but that's like saying PGP can't be used on windows becasue windows can get viruses; it's external to the scope of the concerns. you can code a complete E2E message service in JS, no IOS or droid code needed. I [did just that](https://nadachat.com/) as a free tool i use to send passwords and other sensitive info to friends. – dandavis Aug 11 '18 at 07:14
  • 1
    nowadays i would recommend using the built-in PBKDF to turn a user-known password into a strong encryption key. – dandavis Aug 11 '18 at 07:17
  • @dandavis Ahh I just found your related answer here: https://security.stackexchange.com/a/133288/34766 – Ryan Aug 11 '18 at 13:19

1 Answers1

3

The reason a javascript version is offered is because of nodejs, a server-side javascript interpreter.

It is not that javascript is not powerful enough to encrypt messages; it is that javascript (in the browser) is client-side. This means that XSS-injection or a web browser plugin could engineer your website to collect its data before the message is encrypted. The encryption itself would be useless, as the private-key would be displayed semi-publicly in the web-browser's source-code, meaning that if an individual stole this key once, they could continue to man-in-the-middle the user after the browser plug-in is uninstalled.

It is best to do all security related things on the server-side to mitigate XSS vulnerabilities, which used to be more prominent.

I think what you're looking for is an SSL certificate, which will encrypt the POST or GET data as it transfers to the server.

Ryan
  • 315
  • 4
  • 15
Belle 'Sandon' Ling
  • 91
  • 6