I did some work with W3C Web Crypto and had a similar experience to the author.
It's messy. You can write compatible code, but you need good test suites and some wrappers. A method to probe for supported algorithms would be super useful. You're supposed to get a NotSupportedError DOMException if something is not supported, but actual error results vary wildly.
In terms of getting consistent behaviour, Safari needs an exception shim around its crypto methods because it throws immediately for many failures while other browsers (which conform to the spec) signal failures only via promise.
On the bright side, the IE11 implementation looks "more incompatible" than it really is - in fact you can promisify it fairly simply, and it works more or less like other browsers.
I was doing mostly signing, and found only RSASSA-PKCS1-v1_5 or HMAC were actually usable - all the other algorithms are unsupported in at least one browser (e.g. no RSA-PSS or ECDSA).
It's messy. You can write compatible code, but you need good test suites and some wrappers. A method to probe for supported algorithms would be super useful. You're supposed to get a NotSupportedError DOMException if something is not supported, but actual error results vary wildly.
In terms of getting consistent behaviour, Safari needs an exception shim around its crypto methods because it throws immediately for many failures while other browsers (which conform to the spec) signal failures only via promise.
On the bright side, the IE11 implementation looks "more incompatible" than it really is - in fact you can promisify it fairly simply, and it works more or less like other browsers.
I was doing mostly signing, and found only RSASSA-PKCS1-v1_5 or HMAC were actually usable - all the other algorithms are unsupported in at least one browser (e.g. no RSA-PSS or ECDSA).