Web Crypto API: Checking authenticity with password

This page is not complete.

Checking the authenticity of the message can be performed using the Web Crypto API. In this article we will show how to create and control a signature creating using a hash function and a password.

A HMAC algorithm takes a key and then generated a digest using this key and the data to sign. Later, the same digest can be recalculated by anybody with the key to check if the data has been altered in anyway. Although, by requiring the knowledge of a secret, it allows to store the digest along with the data: an attacker will not be able to create a digest representing tampered data without knowing the key.

Note that this algorithm doesn't carry any information about the person owning the data, nor its unicity: the mere knowledge of the key is enough to alter the data.

Let's assume that the data is stored on the computer. To access it, both for writing and reading, we will use localforage.js a small library wrapping the different storages capabilities of a browser in the same interface. This library is not an essential component of this use case and is used here for convenience, to keep focused on what really matter, the cryptographic part.

The data we want to access is of the form:

where datais the information to guarantee the integrity and signature the information used to verify it.

Cryptographic keys can't be remembered by heart by human, and passwords, or passphrases, make bad, that is unsecure, cryptographic key. To solve this problem, cryptographers have designed algorithms generating cryptographically-sound keys from password. Knowing the password allowed to regenerate the same key and to use it.

We ask the user for a password, and we use it to generate the key:

With that key, we will be able to compute the mac of the data.

© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.