About cryptography in the browser – uses and challenges
Throughout all the previous chapters of this book, we've learned about using common cryptographic operations in JavaScript in the context of a Node.js application – so, for code that (for the most part) runs on a server.
However, an increasing number of JavaScript applications that use cryptography are now running on the client side, inside a web browser. Not only are these growing in number, but also in terms of their capabilities and relevance.
The main advantage of performing cryptography inside clients is that it enables scenarios that are not possible otherwise for web applications, including the use of E2EE. This allows data to never leave the client in an unencrypted state and makes it impossible for a web server, and conversely for a service provider, to read the contents of encrypted messages – although note that metadata may still be exposed (for a refresher, see the description of the...
