NativeScript 8.8 continues WinterTC compliance with crypto, btoa, and atob
As summarized nicely by Chicago-based software architect & web enthusiast, Niecky Allen in The Web Cryptography API in Action
Cryptography is at the core of many applications and security practices that we take for granted. Whether someone is wiring money to a bank account or signing up for a website, it’s needed in different forms to keep information, money, and even people safe.
Services like banking and healthcare rely heavily on encryption to keep data safe and secret. There could be dire consequences if a system that manages your health or financial records does not practice good key storage, generation, and rotation practices. Encrypting on the client, browser or otherwise, could be beneficial to help protect a cache of sensitive data or ensure network requests are masked even if the traffic is sniffed.
The getRandomValues() method lets you get cryptographically strong random values. The array given as the parameter is filled with random numbers (random in its cryptographic meaning).
const array = new Uint32Array(10);
crypto.getRandomValues(array);
console.log("Your lucky numbers:");
for (const num of array) {
console.log(num);
}
The randomUUID() method is used to generate a v4 UUID using a cryptographically secure random number generator.
let uuid = crypto.randomUUID();
console.log(uuid); // for example "41c0df6d-1477-4d0a-b94b-d03d0fe3b8e4"
SubtleCrypto provides a number of low-level cryptographic functions.
The generateKey
method currenly supports the following algorithms HMAC
and RSA-OAEP
with more to be included in 8.9.
In the following example we generate a HMAC
key sign
and verify
const message = 'Hello World';
const enc = new TextEncoder();
const encoded = enc.encode(message);
const key = await crypto.subtle.generateKey(
{
name: 'HMAC',
hash: { name: 'SHA-512' },
},
true,
['sign', 'verify'],
);
const signature = await crypto.subtle.sign('HMAC', key, encoded);
const result = await crypto.subtle.verify('HMAC', key, signature, encoded);
console.log('is valid ? ', result);
The btoa() method creates a Base64-encoded ASCII string from a binary string
const encodedData = btoa("Hello, world"); // encode a string
The atob() method decodes a string of data which has been encoded using Base64 encoding.
const encodedData = btoa("Hello, world"); // encode a string
const decodedData = atob(encodedData); // decode the string
As a TSC member of NativeScript, we firmly believe and stand behind the goal on WinterTC:
WinterTC (TC55) is an Ecma International Technical Committee that aims to achieve some level of API interoperability across server-side JavaScript runtimes, especially for APIs that are common with the web.
Each NativeScript release to come will continue towards full compliance of those goals.