{% trans "Your data are secure in an encrypted way, accessible solely by you. The data are purely encrypted and decrypted in the front-end. The back-end has no access to the encryption key, so there is no way for an intruder to decrypt your data." %}
+ +RSA-OAEP algorithm.
+ {% endblocktrans %}
+
+
+const operations = crypto.subtle
+
+async encrypt (data) {
+
+ return btoa(arrayBufferToString(await operations.encrypt(
+ { name: "RSA-OAEP" },
+ publicKey,
+ stringToArrayBuffer(data),
+ )))
+
+}
+
+const operations = crypto.subtle
+
+async decrypt (armored_data) {
+
+ return arrayBufferToString(await operations.decrypt(
+ { name: "RSA-OAEP" },
+ privateKey,
+ stringToArrayBuffer(atob(armored_data))
+ ))
+
+}
+ AES-GCM key derived from you password.
+ {% endblocktrans %}
+
+
+const operations = crypto.subtle
+
+async wrapKey (key, wrappingKey, iv) => {
+
+ return btoa(arrayBufferToString(await operations.wrapKey(
+ "jwk",
+ key,
+ wrappingKey,
+ {name: "AES-GCM", iv: stringToArrayBuffer(iv)}
+ )))
+
+}
+
+async unwrapKey (unwrappingKey, armored_jwk_data, iv, args) => {
+
+ return await operations.unwrapKey(
+ "jwk",
+ stringToArrayBuffer(atob(armored_jwk_data)),
+ unwrappingKey,
+ {name: "AES-GCM", iv: stringToArrayBuffer(iv)},
+ {
+ name: "RSA-OAEP",
+ hash: "SHA-256",
+ },
+ true,
+ args,
+ )
+}
+ AES-GCM key, derivated from your password.
+ A custom salt is used, unique per user, to generate your wrapping key.
+ {% endblocktrans %}
+
+
+
+const operations = crypto.subtle
+
+async deriveKeyFromPassphrase(passphrase, salt) => {
+
+ const encoder = new TextEncoder();
+ const keyFromPassword = await operations.importKey(
+ "raw",
+ encoder.encode(passphrase),
+ "PBKDF2",
+ false,
+ ["deriveKey"]
+ )
+
+ return await operations.deriveKey(
+ {
+ name: "PBKDF2",
+ salt: stringToArrayBuffer(salt),
+ iterations: pbkdf2_iterations,
+ hash: "SHA-256",
+ },
+ keyFromPassword,
+ {
+ name: "AES-GCM",
+ length: 256
+ },
+ true,
+ ["wrapKey", "unwrapKey"]
+ )
+}
+