是否可以从工作人员调用 SubtleCrypto 方法?
Is it possible to call SubtleCrypto methods from a worker?
我想从工人那里调用 SubtleCrypto 的方法。
通常,可以通过 window 上下文中可用的 Crypto.subtle 属性来实现:
例如:window.crypto.subtle.encrypt()
在 worker 中,window 不可用,但仍然可以通过这种方式访问加密货币:
self.crypto
然而 self.crypto.subtle 总是 return 未定义。
这是正常行为(例如:出于安全目的禁用)还是有可能从工作人员调用 SubtleCrypto 方法?
我创建了一个重现行为的 JSFiddle here。
我用 Chrome.
根据Deprecations and Removals in Chrome 60:
crypto.subtle now requires a secure origin
The Web Crypto API which has been supported since Chrome 37 has always worked on non-secure origins. Because of Chrome's long-standing policy of preferring secure origins for powerful features, crypto.subtle is now only visible on secure origins.
以下代码放在 HTTPS 服务器上时,具有 crypto.subtle 并且工作正常
<!DOCTYPE html>
<html>
<body>
<input id="start" type="button" value="Start">
<script>
function getWorkerJS() {
var js = `
onmessage = function(e) {
var jwkKey = {
kty: "oct",
k: "lckjnFLIEas7yf65ca6saksjhcajs554s5cajshgGGG"
};
crypto.subtle.importKey(
"jwk", jwkKey, {name: "AES-CBC"}, true,
['encrypt', 'decrypt', 'wrapKey', 'unwrapKey']
)
.then(
function (result) {
postMessage({ success: true});
},
function (error) {
postMessage({ message: error.message });
}
);
};
`;
var blob = new Blob([js], {"type": "text/plain"});
return URL.createObjectURL(blob);
}
var ww = new Worker(getWorkerJS());
ww.onmessage = function(msg) {
console.log(msg.data);
};
document.getElementById('start').addEventListener('click', start, false);
function start() {
ww.postMessage('start');
}
</script>
</body>
</html>
我想从工人那里调用 SubtleCrypto 的方法。 通常,可以通过 window 上下文中可用的 Crypto.subtle 属性来实现:
例如:window.crypto.subtle.encrypt()
在 worker 中,window 不可用,但仍然可以通过这种方式访问加密货币:
self.crypto
然而 self.crypto.subtle 总是 return 未定义。
这是正常行为(例如:出于安全目的禁用)还是有可能从工作人员调用 SubtleCrypto 方法?
我创建了一个重现行为的 JSFiddle here。 我用 Chrome.
根据Deprecations and Removals in Chrome 60:
crypto.subtle now requires a secure origin
The Web Crypto API which has been supported since Chrome 37 has always worked on non-secure origins. Because of Chrome's long-standing policy of preferring secure origins for powerful features,
crypto.subtleis now only visible on secure origins.
以下代码放在 HTTPS 服务器上时,具有 crypto.subtle 并且工作正常
<!DOCTYPE html>
<html>
<body>
<input id="start" type="button" value="Start">
<script>
function getWorkerJS() {
var js = `
onmessage = function(e) {
var jwkKey = {
kty: "oct",
k: "lckjnFLIEas7yf65ca6saksjhcajs554s5cajshgGGG"
};
crypto.subtle.importKey(
"jwk", jwkKey, {name: "AES-CBC"}, true,
['encrypt', 'decrypt', 'wrapKey', 'unwrapKey']
)
.then(
function (result) {
postMessage({ success: true});
},
function (error) {
postMessage({ message: error.message });
}
);
};
`;
var blob = new Blob([js], {"type": "text/plain"});
return URL.createObjectURL(blob);
}
var ww = new Worker(getWorkerJS());
ww.onmessage = function(msg) {
console.log(msg.data);
};
document.getElementById('start').addEventListener('click', start, false);
function start() {
ww.postMessage('start');
}
</script>
</body>
</html>