End-to-end File Encryption in the Web Browser, A Case Study
Ever thought that encrypting uploaded files in the web browser before it hits the server? Most web browsers nowadays offer encryption modules via the Web Crypto API for the encryption itself, but we’ll soon see that this isn’t enough. What about the correct cipher modes? How can we ensure confidentiality, integrity and authenticity? What about big files and limited memory availability?
In this talk, we’ll cover the following topics:
- Issues you’ll face when implementing end-to-end file encryption in the browser
- The crypto basics behind file and metadata encryption
- The Web Crypto API
- The FileReader API for chunked uploads
- The ReadableStream API for chunked downloads
- Service Workers and how they’ll help us
- Browser compatibility of the mentioned APIs
- What we can do to support older browsers
- The hardest part: key distribution
Speaker:
Thomas Konrad, SBA Research
Talk language: English
About the Speaker:
Thomas Konrad is Principal Security Consultant at SBA Research and has been part of software security team since 2010. He focuses on secure software development, web application security, penetration testing, secure software design, architecture, and process, and trains software development teams in those areas.
|