Hacker News new | past | comments | ask | show | jobs | submit login

You don't normally encrypt with ECC. You use it to establish a symmetric key, and encrypt with that. Look for WebCrypto examples for ECDH.

In fact, the ability to encrypt directly with RSA is probably a bug, not a feature. There are too many ways to do it catastrophically wrong, and it almost guarantees cryptosystems without forward secrecy.

(WebCrypto isn't great and I'd avoid it, but this isn't why).

Thanks, this is very clarifying.

Do you have a link to a discussion on why WebCrypto isn't great? More specifically, are you saying there is no real good way to do encryption with WebCrypto, or is it that it is too easy to do it wrong?

It doesn't address the core problem with browser encryption, which is that trust is inevitably rooted in the servers that deliver your content; WebCrypto bakes more of the "guts" of crypto primitives into the browser, where they don't have to be remotely programmed through Javascript, but the "joinery" is still content-controlled Javascript and is more than flexible enough to allow a malicious server to (very) surreptitiously exfiltrate secrets.

It can make some sense in extensions, or in situations where client-side cryptography is more an interoperability or offloading concern than an end-to-end security concern. But ultimately, it's misused more than it's used well.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact