Back to Blog Home
← all posts

NativeScript 8.8 continues WinterCG compliance with crypto, btoa and atob

July 10, 2024 — by Osei Fortune

NativeScript 8.8 continues WinterCG compliance with crypto, btoa, and atob

Crypto

As summarized nicely by Chicago-based software architect & web enthusiast, Niecky Allen in The Web Cryptography API in Action

Cryptography is at the core of many applications and security practices that we take for granted. Whether someone is wiring money to a bank account or signing up for a website, it’s needed in different forms to keep information, money, and even people safe.

Services like banking and healthcare rely heavily on encryption to keep data safe and secret. There could be dire consequences if a system that manages your health or financial records does not practice good key storage, generation, and rotation practices. Encrypting on the client, browser or otherwise, could be beneficial to help protect a cache of sensitive data or ensure network requests are masked even if the traffic is sniffed.

The getRandomValues() method lets you get cryptographically strong random values. The array given as the parameter is filled with random numbers (random in its cryptographic meaning).

const array = new Uint32Array(10);
crypto.getRandomValues(array);

console.log("Your lucky numbers:");
for (const num of array) {
  console.log(num);
}

The randomUUID() method is used to generate a v4 UUID using a cryptographically secure random number generator.

let uuid = crypto.randomUUID();
console.log(uuid); // for example "41c0df6d-1477-4d0a-b94b-d03d0fe3b8e4"

SubtleCrypto

SubtleCrypto provides a number of low-level cryptographic functions.

The generateKey method currenly supports the following algorithms HMAC and RSA-OAEP with more to be included in 8.9.

In the following example we generate a HMAC key sign and verify

const message = 'Hello World';
const enc = new TextEncoder();
const encoded = enc.encode(message);

const key = await crypto.subtle.generateKey(
		{
			name: 'HMAC',
			hash: { name: 'SHA-512' },
		},
		true,
		['sign', 'verify'],
);

const signature = await crypto.subtle.sign('HMAC', key, encoded);

const result = await crypto.subtle.verify('HMAC', key, signature, encoded);

console.log('is valid ? ', result);

Need to encode or decode base64 strings?

btoa

The btoa() method creates a Base64-encoded ASCII string from a binary string

const encodedData = btoa("Hello, world"); // encode a string

atob

The atob() method decodes a string of data which has been encoded using Base64 encoding.

const encodedData = btoa("Hello, world"); // encode a string
const decodedData = atob(encodedData); // decode the string

Continuing towards full compliance

As a TSC member of NativeScript, we firmly believe and stand behind the goal on WinterCG:

The Web-interoperable Runtimes Community Group (wintercg) is intended to augment the work of other existing community and working groups focusing on the development of Web Platform features and APIs by focusing directly on the specific needs of non-Web Browser based implementations.

Each NativeScript release to come will continue towards full compliance of those goals.