如何区分JS不透明对象? [英] how can one distinguish JS Opaque Objects?
问题描述
WebCrypto API 引入了不可导出私钥的概念,可以将其导出到IndexDB,但不能导出到LocalStorage或通过Web导出.这在Charles Engleke的博客"保存中得到了很好的解释.浏览器中的加密密钥".
The WebCrypto API introduces the notion of non exportable private keys, which can be exported to IndexDB but not not LocalStorage or over the web. This is nicely explained in Charles Engleke's blog "Saving Cryptographic Keys in the Browser".
但是这些对象实际上是如何工作的?有没有办法从JS判断对象是否不透明?我在查找有关此信息方面遇到麻烦.
But how do these objects actually work? Is there a way to tell from JS if an object is opaque or not? I am having trouble finding any information on this.
推荐答案
任何地方都没有神奇的不透明标志".这里的不透明"仅表示对象中保存的数据对脚本来说是从不可见.您仍然可以对CryptoKey
实例执行某些操作-例如在这种情况下,请将其存储在索引数据库中,或通过postMessage()
发送到另一个上下文.
There isn't a magical "opaque flag" anywhere. "Opaque" here just means there is data held in the object that is never visible to script. You can still perform some operations with a CryptoKey
instance - e.g. in this case, store it in Indexed DB or send to another context via postMessage()
.
这与例如Blob
对象,其中可以通过对象上的属性直接检查所有的内容,也可以通过FileReader
间接检查对象的属性.
This is in contrast to e.g. a Blob
object where all of the held data can be inspected either directly via attributes on the object or indirectly via a FileReader
.
由于交叉来源获取,导致Response
对象是另一个不透明的示例操作,可以由服务工作者处理,但不能在正文所在的位置进行检查过.
Another opaque example would be a Response
object as a result of a cross-origin Fetch operation, which can be processed by a Service Worker but where the body can't be inspected.
所以有没有办法从JS判断对象是否不透明?" - 这取决于.如果对象是CryptoKey
的实例,则您知道存在隐藏数据,因此它是不透明的.如果对象是Blob
的实例,那么您知道有一种访问数据的方法,即使您需要其他API来访问它,也不是不透明的.如果对象是Response
的实例,则它可能是不透明的,具体取决于源.
So "is there a way to tell from JS if an object is opaque?" - it depends. If an object is an instance of CryptoKey
then you know there is hidden data, so it is opaque. If an object is an instance of Blob
then you know there is a way to access the data, even if you need other APIs to get access to it, so it is not opaque. If an object is an instance of Response
it may be opaque, depending on the source.
这篇关于如何区分JS不透明对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!