I'm making a Cordova app with backbone and my goal was to achieve socket authentification with a JSON Web Token (JWT).
To sign my JWT, I used webcrypto-jwt and it worked well when using the app in the browser.
Then I tried the app on my mobile and BBAAMM...
webcrypto-jwt uses the browser's window.crypto.subtle module.
var cryptoSubtle = (window.crypto && crypto.subtle) ||
(window.crypto && crypto.webkitSubtle) ||
(window.msCrypto && window.msCrypto.Subtle);
But no subtle on android web view!
So I used webcrypto-shim to add the crypto.subtle. But it doesn't work.
That's a screenshot of my cordova's window object. It does have a crypto key but with no subtle in it!
So I can't sign my JWT.
I'm making a Cordova app with backbone and my goal was to achieve socket authentification with a JSON Web Token (JWT).
To sign my JWT, I used webcrypto-jwt and it worked well when using the app in the browser.
Then I tried the app on my mobile and BBAAMM...
webcrypto-jwt uses the browser's window.crypto.subtle module.
var cryptoSubtle = (window.crypto && crypto.subtle) ||
(window.crypto && crypto.webkitSubtle) ||
(window.msCrypto && window.msCrypto.Subtle);
But no subtle on android web view!
So I used webcrypto-shim to add the crypto.subtle. But it doesn't work.
That's a screenshot of my cordova's window object. It does have a crypto key but with no subtle in it!
So I can't sign my JWT.
Share Improve this question edited Jan 18, 2017 at 4:08 Emile Bergeron 17.4k5 gold badges85 silver badges131 bronze badges asked Jan 18, 2017 at 3:59 DoctorDoctor 7,9965 gold badges43 silver badges61 bronze badges 1- Don't put the tags in the title unless it's really necessary (e.g. How to bine tech X with Y?) – Emile Bergeron Commented Jan 18, 2017 at 4:10
3 Answers
Reset to default 4https://github./PeculiarVentures/webcrypto-liner will provide you a working webcrypto on most platforms.
I have used it with https://github./square/js-jose just fine.
You can test your browsers support for WebCrypto with this - https://peculiarventures.github.io/pv-webcrypto-tests/
Ryan
WebCryptographyApi is not supported on Android WebView, and webcrypto-shim is not targeted to this ponent
The library is targeted to fix these browsers having prefixed and buggy webcrypto api implementations:
Internet Explorer 11, Mobile Internet Explorer 11, Safari 8+, iOS Safari 8+.
So you are getting the expected behaviour. I think window.crypto that is showing Cordova is the old implementation.
If you need key storage I suggest use the Android native keystore (or iOS if you build for it). If you are looking for cryptographic function, include a pure javascript library
After more research and tests I have found a pure js library that works on cordova.
jsrsasign
I used it to authentificate my JWT. It doesn't use the the crypto.subtle module.
// Header
var oHeader = { alg: 'HS256', typ: 'JWT' };
// Payload
var oPayload = {};
var tNow = KJUR.jws.IntDate.get('now');
var tEnd = KJUR.jws.IntDate.get('now + 1day');
oPayload.iss = "http://foobar.";
oPayload.sub = "mailto:[email protected]";
oPayload.iat = tNow;
oPayload.exp = tEnd;
oPayload.jti = "id123";
oPayload.aud = "http://someUrl";
oPayload.email = "userEmail";
oPayload.pwd = "userPassword";
oPayload.deviceId = "deviceId";
// Sign JWT.
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
//secret -> your secret that the server gave you.
var sJWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, secret);
console.log(sJWT);
So that's it. It solved my problem.
I know that the undefined crypto.subtle error still exists. I did not find any solutions to that problem.
I supose that one day the developers in charge of cordova will make the effort to support the cryto module that we can find in all other browser but for now the only solution is to used third party libraries.