Using the Web Cryptography API in PWAs/SPAs
With the advent of good support for implementing apps using web standards, we’re now in the position to deliver quality user experiences that work in the browser both on and offline. This inevitably leads to storing data locally in the browser, which means that we need to think about how to protect that data while it is stored offline.
This is where the Web Cryptography API comes in.
I’ll cover:
- what this API is capable of, along with levels of browser support
- why this API is a better approach than the various pure JavaScript encryption libraries available
- how to work with it to secure your data
- the thorny issue of key management
Session takeaways
- An appreciation of the challenges around protecting data in PWA/SPA
- An understanding of how to use the WebCryptoAPI
- Some strategies for managing key information
Bio
Jon has been working in software development for over 20 years. In that time he has worked in a number of industries including insurance, retail, and not-for-profit. He has always been fascinated by computers and this interest developed from an early age, starting with learning Basic for the ZX Spectrum.
Jon is co-organiser of the Exeter .NET meetup.