3G/ Storing Crypto Credentials

From IIW

Storing Crypto Credentials in the browser


Wednesday 3G

Convener: Francisco Corella

Notes-taker(s): Francisco Corella


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


We discussed methods for storing cryptographic credentials in persistent browser stotage, taking advantage of web technologies that have emerged over the last few years: the Service Worker API in conjunction with HTML5 local storage as specified by the Web Storage API, or in conjunction with the IndexedDB API and the Web Cryptography API. The security posture of each method was compared to the security provided by storing keys in smart cards, in tamper resistant hardware such as a secure element or a Trusted Platform Module (TPM), or in a Trusted Execution Environment (TEE).


Slides can be found at

https://pomcor.com/documents/KeysInBrowser.pdf