window.crypto is not available over LAN HTTP

[joepio]

Hi there! Thanks for creating this :)

After updating from noble-ed25519 1.0.4 to @noble/ed25519 1.33, I got this error in an http context: Na.web.subtle is undefined. I'm not entirely sure whether this error would have appeared before.

It seems to appear only if I'm running my server on a local network system using HTTP, but not on localhost or in HTTPS in production.

The code seems to emerges from here.

After some googling I learned that the crypto module is not available in non-localhost HTTP environments.

So what does this mean for me as a user of this dependency? I feel like, in my usecase, it should be able to run in HTTP contexts, so I'd like some fallback. Should this library provide a fallback? Should I as a user of this library provide a fallback, or show some custom error? Would love to hear your thoughts on this.

Thanks!

[paulmillr]

Hey there.

You could replace hashing code with code from noble-crypto. It's an interesting problem, because even though hashes could be replaced, randomBytes cannot. randomBytes also cannot be re-implemented in JS, it needs low-level system entropy. ed25519 does not really use randomness in its flow, but secp256k1 schnorr sigs do.

We won't include fallback by default because we don't want any deps.

[paulmillr]

For now, you can edit your fork of noble-ed to replace sha512 with noble-hashes/sha512

[paulmillr]

Ah, crypto.getRandom does not require a secure context, so that's a good start.

[paulmillr]

Try this:

const { sha512 } = require('@noble/hashes/sha512');
ed25519.utils.sha512 = (msg) => Promise.resolve(sha512(msg))

[joepio]

Will do! I'll let you if it worked soon.

Thanks for the quick help btw 👍

[joepio]

Seems like I can't build @noble/hashes for some reason:

[20:12:16] [snowpack] rimrafSafe(): /Users/joep/dev/github/joepio/atomic-data-browser/node_modules/@noble/hashes/cryptoBrowser.js outside of buildOptions.out /Users/joep/dev/github/joepio/atomic-data-browser/data-browser/publish
[20:12:16] [snowpack] Error: rimrafSafe(): /Users/joep/dev/github/joepio/atomic-data-browser/node_modules/@noble/hashes/cryptoBrowser.js outside of buildOptions.out /Users/joep/dev/github/joepio/atomic-data-browser/data-browser/publish
    at Object.deleteFromBuildSafe (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/util.js:75:15)
    at Object.runBuiltInOptimize (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/build/optimize.js:419:24)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Object.optimize (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/build/process.js:299:9)
    at async build (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/commands/build.js:18:5)
    at async Object.command (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/commands/build.js:35:9)
    at async cli (/Users/joep/dev/github/joepio/atomic-data-browser/node_modules/snowpack/lib/cjs/index.js:174:9)

[paulmillr]

Report this to snowpack.

[joepio]

Seems to be this. Sorry, this blocks me from testing your fix at the moment.

[joepio]

I've found a workaround to build it, and I can confirm your fix works, @paulmillr !

Thanks for the help :)