How should I encrypt large files using clientside JavaScript?

Question

I'm doing clientside encryption for a file transfer protocol (so even the server won't know what the file is.) My current method is to import the file into a browser filesystem, break up the file into 1 MB chunks, store each chunk in memory, encrypt each chunk with AES, then concatenate all the chunks and upload. This prevents the memory from getting overloaded, but it's rather inefficient. Is there a better method? A way to encrypt a whole file in a browser filesystem? Thanks!

Answer 1

The use of encryption or any other cryptographic primitive should not be made without first creating a credible threat model. What threat to your application do you plan on preventing by using JavaScript based encryption? If the threat is someone on the network, then we have amazing tools to prevent network based attacks - we call it HTTPS with TLS, and its free to use - and an alternative cannot be made in JavaScript..

Some experimental "end-to-end" (e2e) chat applications use JavaScript based encryption. But this "promise not to peak" encryption doesn't actually protect clients from the server - malicious JavaScript can access these keys and the server chooses not to read them - this isn't security.

Any local attacks (or RCE), or cross-domain attacks (XSS) would not be prevented by JavaScript based encryption - also HTTPS can't prevent these attacks. The lack of a creditable threat actor is why encryption is never done by the client - but rather is commonly performed by application server or backend database to encrypt sensitive fields at rest. This is because the backend can keep secrets safe from untrusted clients.

If you want to better understand how developers write secure applications consider reading the OWASP Top 10 ("JavaScript Encryption" is not featured.)