javascript - Web Crypto API without ssl

Question

I wrote a little webapp for secure message transfer to learn more about encryption, and wanted to show it to my friends and let them play with it a little, so I hosted it on my little server, and was shocked to find that the Web Crypto API (which I worked my ass off to get to work because it is not very specific in its error messages) REQUIRES SSL ( kinda defeats the purpouse of implementing your own encryption scheme in browsers)!

I already have another API running on that server with SSL, but instead of merging them I wanted to ask: Is there a way to circumvent the secure socket requirement of Web Crypto API, or is there another library out there which allows me to use the same or similar functions in a non-secure context?

Answer 1

The WebCrypto API specification(https://www.w3.org/TR/WebCryptoAPI/ ) does not restrict to SSL, but browser implementations require a "secure origin"

For example, Chrome requires https , wss, localhost or an extension. See https://stackoverflow.com/a/46671627/6371459

You would need to set up a SSL connection in order to use webcrypto. If you want to use another library (forge, pki.js, etc.) you will not have this restriction, although it is advisable to use SSL / TLS when using cryptography.