JavaScriptを使って学ぶEnd-to-Endセキュリティ第2回

JavaScript End-to-End
2 AES
1),2)
1)
2)
January 26, 2020
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 02 January 26, 2020 1 / 50

( 1 )
End-to-End (E2E)
Web E2E JavaScript
(AES)
E2E
AES
App AES

AES
AES 1
( )2
AES
3
1
RFC8018 PBES2 https://tools.ietf.org/html/rfc8018 AES
2
.env Base64
3
RFC5869 HKDF https://tools.ietf.org/html/rfc5869 AES

4
4
php hash hkdf() (2018 )

:
Web Web
:
Bash, Git
Node.js, npm, yarn
Google Chrome and/or Firefox

( )
1 &JS
2 AES
3
4 MAC

AES

AES (Advanced Encryption Standard)
AES
NIST
3 : 128-bit, 192-bit, 256-bit
NESSIE CRYPTREC

AES
AES 3
1 AES
2 AES 5
3 AES
5
1 2

: AES
AES
AES
AES

1: AES
⇒
6
6

⇒ 1
1

⇒
7
7
PBKDF2 (RFC8018), HKDF (RFC5869)

2: AES
⇒

8
8 628
< 248
⇒ 48bits 1.5PB
⇒
48bits 8
8
2009 60 GPU
https://web.archive.org/web/20180412051235/http:
//www.lockdown.co.uk/?pg=combi&s=articles

(Salt ) AES
9
9
PBKDF2

Salt
1 1 AES

3: AES
⇒ AES API (’AES256-CBC’ )
AES
AES 1 16bytes

AES 2
(IV) 10
CTR CBC ECB
ECB ( )
10
API (Nonce)

ECB
⇒ 11
⇒
JavaScript
ECB
11
1 16Bytes

ECB CBC
16Bytes
16Bytes 16Bytes
CBC 16Bytes

AES :

REST API E2E
Amazon S3
bucket
Amazon S3
bucket
JavaScript
JavaScript

Node.js
1
12
2 AES-CBC 13
REST API
12
1,2
13
3

:
Node.js (> v10) yarn 14
Google Chrome ( )
Firefox
Visual Studio Code WebStorm
14
: npm i -g yarn

JavaScript
GitHub 15
Clone
$ git clone
https://github.com/junkurihara/slides-e2e-security-js.git
$ cd sample02
$ yarn install
$ yarn build
15
https://github.com/junkurihara/slides-e2e-security-js/

REST API
SSL
(https://e2e.zettant.com/)16
$ yarn start
localhost 3000 HTTP
16
2020/1/25

Node.js
AES
AES
jscu 17
API Code snippet
17
https://github.com/junkurihara/jscu

yarn execute post -r -p ‘ ’ ‘ ’
sample
$ yarn execute post -r -p ’my password’ ’my private data’ // -r
Register encrypted data to remote server
Data: my private data
Password: my password
Derived key and its related params: //
Derived key in Base64: fiP4flrlhd3Iwg5MOyln7zNNk4Au9If429n2uvfi43s=
PBKDF2 Param - Salt in Base64: zyD7/TGDq3dig3l4zJ5SRzFKVnIjw2KG26XUrMZFkkw=
PBKDF2 Param - Hash: SHA-256
PBKDF2 Param - Iteration: 2048
Registered id: 1 // id=1
S4lFVWrvLj4OjPfFRTgVJFfRUI+6LIlw1VooFzG2J5E=
my password

https://e2e.zettant.com/data
AES CBC IV
Salt, iteration Hash

yarn execute get -r -p ‘ ’ ‘id ’
$ yarn execute get -r -p ’my password’ 1 // -r
Retrieve encrypted data to remote server
Id: 1
Password: my password
Derived key in Base64: fiP4flrlhd3Iwg5MOyln7zNNk4Au9If429n2uvfi43s=
PBKDF2 Param - Salt in Base64: zyD7/TGDq3dig3l4zJ5SRzFKVnIjw2KG26XUrMZFkkw=
PBKDF2 Param - Hash: SHA-256
PBKDF2 Param - Iteration: 2048
Decrypted data: my private data //

( )
yarn execute post -r -m ‘ ’ ‘ ’ 18
sample
$ yarn execute gen-secret 32 // Base64
Generated master secret in Base64: mP95WFEv3G/iWsjQKC4mEuEmCkiS8dRK80Q6CpC1bc0=
$ yarn execute post -r -m ’mP95WFEv3G/iWsjQKC4mEuEmCkiS8dRK80Q6CpC1bc0=’ ’my
private data’
Register encrypted data to remote server
Data: my private data
Master secret: mP95WFEv3G/iWsjQKC4mEuEmCkiS8dRK80Q6CpC1bc0=
Derived key in Base64: 1vgTfxp3FEi3kpJiQ6h0vxtDCkdz+u5XQUF1tPm1VMY=
HKDF Param - Salt in Base64: 8SM9tyXJUX+JGwLswIUnnGyHPL+7hzkSHXaKY7z0AF0=
HKDF Param - Hash: SHA-256
Registered id: 2
18
Base64

AES CBC IV
Salt, Hash

yarn execute get -r -m ‘ ’ ‘id ’
$ yarn execute get -r -m ’mP95WFEv3G/iWsjQKC4mEuEmCkiS8dRK80Q6CpC1bc0=’ 2 // -r
Retrieve encrypted data to remote server
Id: 2
Master secret: mP95WFEv3G/iWsjQKC4mEuEmCkiS8dRK80Q6CpC1bc0=
Derived key in Base64: 1vgTfxp3FEi3kpJiQ6h0vxtDCkdz+u5XQUF1tPm1VMY=
HKDF Param - Salt in Base64: 8SM9tyXJUX+JGwLswIUnnGyHPL+7hzkSHXaKY7z0AF0=
HKDF Param - Hash: SHA-256
Decrypted data: my private data //

sample02/src/post-get-browser.html
( html )

ECB API
$ yarn execute aes-mode-compare ’0123456789ABCDEF0123456789ABCDEF’ 16bytes
random key (Base64): 4gfrl+/OMyFt2ALLEp24sIXyHsyjvlYZZxRj4lkJe9M=
data (Hex): 3031323334353637383941424344454630313233343536373839414243444546
AES-ECB (Hex): c871e345b92951236059676b0866c7af c871e345b92951236059676b0866c7af
...
AES-CBC (Hex): d34ad4cc8816edcf3ad1a56c355c9067 69c4f525903b607960e377649abef648
...
16bytes ECB
ECB
⇒

CBC
19
ECB WebCryptoAPI
20
ECB
CBC CTR
19
ECB
20
CBC ECB

AES :

PBKDF2 in JavaScript
AES
PBKDF2: Password-based Key Derivation Function
PKCS #5 v2.1 (RFC808121
) PBKDF1
PBKDF2 (AES) Password-based
Encryption Scheme 2 (PBES2)
BCrypt 22
21
https://tools.ietf.org/html/rfc8018
22

PBKDF2 WebCrypto API, Node.js Crypto
API jscu
sample/src/derive-key.js: deriveKeyFromPassword
const jscu = getJscu(); // jscu script require
if(!salt){ // salt Salt
salt = jscu.random.getRandomBytes(32); // Uint8Array
}
else {
salt = jseu.encoder.decodeBase64(salt); // Base64 Uint8Array
}
const key = await jscu.pbkdf.pbkdf2( // PBKDF2
password, //
salt, // ( )
iterationCount, // 1000 ( )
len, // ( )
hash // HMAC Hash ’SHA-256’ ( )
);

HKDF in JavaScript
AES
HKDF: HMAC-based Key Derivation Function
RFC808123
PBKDF2
23
https://tools.ietf.org/html/rfc5869

HKDF WebCrypto API
jscu
sample/src/derive-key.js: deriveKeyFromMasterSecret
if(!salt){ // salt Salt
salt = jscu.random.getRandomBytes(32); // Uint8Array
}
else {
salt = jseu.encoder.decodeBase64(salt); // Base64 Uint8Array
}
const keyObj = await jscu.hkdf.compute(
masterSecret, //
hash // HMAC Hash ’SHA-256’ ( )
len, // ( )
’’, // ’info’ field for RFC5869. This could be always blank.
salt // ( )
);

jscu CBC CTR CTR
GCM24
sample/src/encrypt.js: encrypt
const uint8iv = jscu.random.getRandomBytes(16); // IV CBC 16Bytes
const encrypted = await jscu.aes.encrypt( // AES
jseu.encoder.stringToArrayBuffer(data), // string data Uint8Array
key, // HKDF/PBKDF
{ // CBC
name: ’AES-CBC’,
iv: uint8iv
}
);
24
GCM(Galois/Counter Mode) CTR

sample/src/encrypt.js: decrypt
const decrypted = await jscu.aes.decrypt( // AES
jseu.encoder.decodeBase64(data), // Base64
key, // HKDF/PBKDF
{ // CBC
name: ’AES-CBC’,
iv: jseu.encoder.decodeBase64(iv) // Base64 IV
}
);

AES
Key
Derivation Function
( PBKDF2/HKDF 25
)
CBC CTR
JavaScript
25
e.g., JOSE Concat KDF with AESKW https://tools.ietf.org/html/rfc8037

:
RSA-OAEP
EDCH-Ephemeral + AES

: iTransfy by Zettant

:
: recruit@zettant.com
URL: https://www.zettant.com

JavaScriptを使って学ぶEnd-to-Endセキュリティ第2回

Recommended

Recommended

More Related Content

Similar to JavaScriptを使って学ぶEnd-to-Endセキュリティ第2回

Similar to JavaScriptを使って学ぶEnd-to-Endセキュリティ第2回 (20)

Recently uploaded

Recently uploaded (20)