https://github.com/cryptosense/w3c-crypto-inspector

Chromium extension to inspect W3C Web Cryptography API calls and keys.
https://github.com/cryptosense/w3c-crypto-inspector

Last synced: 7 months ago
JSON representation

Chromium extension to inspect W3C Web Cryptography API calls and keys.

• Host: GitHub
• URL: https://github.com/cryptosense/w3c-crypto-inspector
• Owner: cryptosense
• License: bsd-2-clause
• Created: 2014-08-04T13:23:44.000Z (almost 12 years ago)
• Default Branch: master
• Last Pushed: 2014-08-29T10:08:15.000Z (almost 12 years ago)
• Last Synced: 2025-03-24T13:21:19.073Z (about 1 year ago)
• Language: JavaScript
• Size: 180 KB
• Stars: 14
• Watchers: 3
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
#Cryptosense Key Inspector

(C) Cryptosense 2014, see LICENSE.md

A very simple chromium extension that traces calls to the W3C WebCrypto API. Both keys and calls can be exported in JSON format.

Send feedback, bugs, comments, questions to webcrypto@cryptosense.com

##Absence from Chrome Web Store

We're releasing this little extension in source code only to find out

if it corresponds to the expectations of the community.  We will

submit this extension to the Chrome Web store by ourselves when it is

ready. Please don't do it yourself.

Versions for other browsers will follow as their implementations of

the API become available.

##Usage

To install, go to "chrome://extensions" and choose

"Load unpacked extension...", then select the extension directory.

The extension will run on each page you visit. You can see the current

keys by clicking the extension icon. A green key icon indicates a key

using a secure algorithm (in the sense of "secure for future use" at

http://cryptosense.com/choice-of-algorithms-in-the-w3c-crypto-api/ ),

an orange key means an algorithm secure for the moment but not

approved for future use, and a red keys means an algorithm considered

insecure. Attention - this does not mean that the key value itself is

secure, or that the applications use of the algroithm is secure,

etc. etc.

You can download the JSON of current keys or the JSON of all function

calls by clicking the corresponding button.

##Extra notes and issues

This extension adds some data in the key to allow them to be more

easily identified (ID, usage and creation date).

It is possible that the overwrite of the standard W3C webcrypto API

functions breaks the promise mechanism somewhat.

Occasionally, if a script calls generate key immediately this

executes before the function has been redefined so it escapes tracing.

When viewing keys, the popup doesn't resize itself when extending a

node and reducing it afterwards. If you know how to do this, tell us,

or submit a patch!

##How it works

* popup.js : The page displayed when clicking the extension icon, it

manages the displaying and downloading of the differents required

datas.

* contentscript.js : Code that runs with each page but not in the same

environment.  It injects hooker.js on each page and receives the

messages from the popup.

* hooker.js : The code that polyfills the standard W3C WebCrypto API

functions.