Generate VUK with crypto.subtle #224
Conversation
leordev
requested review from
frankhinek,
csuwildcat and
mistermoe
as code owners
Codecov Report
@@ Coverage Diff @@
## main #224 +/- ##
==========================================
- Coverage 90.99% 90.99% -0.01%
==========================================
Files 67 68 +1
Lines 12645 12711 +66
Branches 1260 1268 +8
==========================================
+ Hits 11506 11566 +60
- Misses 1116 1122 +6
Partials 23 23
|
|
Hey @leordev I agree with making as much of our SDK use native functions as possible! One thing, many of our crypto libs first check for node crypto, and then if node crypto isn't available, they fallback to web crypto ( |
|
Adding our discord thread for more context on the PR here. Great suggestion. I found a few variations of how subtle is instantiated, and this was the closest one to our case: browserify/pbkdf2 lib - which hints this in their readme:
Check it out: https://github.com/browserify/pbkdf2/blob/master/lib/async.js#L113-L114 Which is exactly what we are trying to do here but falling back to noble, which is audited... I will add this change in my pr! -- Oh, I just noticed you suggested using node:crypto > webcrypto > 3rd party. It seems like multiformats (dependency from dwn-sdk-js) is doing that. Although IIUC, during bundling, exporting sha2.js or sha2-browser.js... Let me what it would look like for us. |
|
So as we aligned in our sync I'm checking for subtle crypto first and then falling back to noble here: I was going through the path of dynamically importing // node.js 18 and earlier, needs globalThis.crypto polyfill
import { webcrypto } from "node:crypto";
// @ts-ignore
if (!globalThis.crypto) globalThis.crypto = webcrypto;We will always have the subtle in node because of this polyfill... |
|
I think we still want node crypto as an option (non subtle). Could it be included here? |
|
What's the benefit of falling back to noble after node crypto and web crypto? Are there runtimes with no native crypto library at all? |
|
I've added the fallback to |
leordev
force-pushed
the
leordev/vuk-with-cryptosubtle
branch
from
13bbe03 to
f400157
Compare
|
Implemented as part of |
Problem
I'm experiencing a slow initialization of the
Web5.connect()fn, to the point where the browser freezes for ~4-5 seconds.It can be reproduced here: https://bucolic-cendol-324631.netlify.app/ -- just click in sign in and then press Use Browser In-App Agent. You will notice that the loading spinning animation even freezes while the connect is running. After being logged in you can also just refresh the page and you will notice how slow it takes to load the page, this is because if I recognize a session was initiated I just call
Web5.connect()before rendering the page.Fix
I was debugging the
connect()fn stepping each line and I narrowed it down to theAppDataVault#generateVaultUnlockKey().From the conversation (link below) it seems that
@noble/hashes/pbkdf2does not use the native browser crypto subtle which runs way faster. So I just did that.I tested in my web5-music app and it reduces from 5 seconds to less than 2 seconds and it's non blocking now (the browser does not freeze).
Reference
The whole context about this issue can be found in our Discord #web5 in this conversation