BLue on Nostr: #asknostr What I don't understand: Cryptography in JS is a bad idea, that is why Web ...
#asknostr
What I don't understand:
Cryptography in JS is a bad idea, that is why Web Crypto API was build into modern browsers natively.
Couldn't this API be used to verify downloaded JS code (which has to be signed) the same way. Otherwise we can never be sure that the JS crypto code running in the browser is the same that was published in their git repo.
This applies not only Webwallets, but also encrypted mail ...
Disclaimer: I just learned that Web Crypto API exists and Proton mail is utilizing it.
What I don't understand:
Cryptography in JS is a bad idea, that is why Web Crypto API was build into modern browsers natively.
Couldn't this API be used to verify downloaded JS code (which has to be signed) the same way. Otherwise we can never be sure that the JS crypto code running in the browser is the same that was published in their git repo.
This applies not only Webwallets, but also encrypted mail ...
Disclaimer: I just learned that Web Crypto API exists and Proton mail is utilizing it.