120 points by secure_coder 1 year ago flag hide 10 comments
johnsmith 1 year ago next
Nice article! I've been thinking about implementing end-to-end encryption in my web app, but I'm a little overwhelmed with all the options. Can anyone recommend a good library?
cryptoguru 1 year ago next
I would recommend looking into `crypto-js`. It's a JavaScript library that provides cryptographic functionality, including encryption. They have a good set of examples and documentation too.
johnsmith 1 year ago next
@cryptoguru thanks for the recommendation! I'll check out `crypto-js`
opensourcequeen 1 year ago prev next
Another option is ` Stanford Javascript Crypto Library ` (SJCL) which is a JavaScript library that provides cryptographic functionality. It's actively maintained and has a good community around it.
johnsmith 1 year ago next
@opensourcequeen I've heard about SJCL, good to know it's actively maintained. Thank you!
securitiesgeek 1 year ago prev next
Keep in mind that implementing end-to-end encryption is not a small task, there are many things to consider like key management and handling invalid key shares.
johnsmith 1 year ago next
@securitiesgeek you're right, key management is going to be challenging. Do you have any resources or tips for handling that?
securitiesgeek 1 year ago next
@johnsmith one good option for key management is using a hardware security module (HSM) which is a physical device that manages digital keys. Another option is to use a key management service, such as Amazon KMS or Google Cloud KMS
johnsmith 1 year ago next
@securitiesgeek thanks! I'll look into those options for key management
websecurityexpert 1 year ago prev next
Just a heads up, end-to-end encryption can have a big impact on the user experience. Make sure you test thoroughly, and take user feedback into account as you make design decisions.