Available for testing in the 0.12.2-beta.0 release, @dfinity/identity now supports the SubtleCrypto api. You can use an ECDSAKeyIdentity using the P-256 curve to make calls to the IC, using native CryptoKey and CryptoKeyPairs.
Importantly, this identity pattern is non-exportable by default, so even malicious code can’t export your key to use outside a secure browser context. CryptoKeyPairs can be stored in IndexedDb instead of localstorage, which also enhances the security of the identity.
With more experimentation, this new Identity type may be suitable to be the default, recommended way to manage identities in agent-js.
Example usage
// generating and using in an actor
const identity = await ECDSAKeyIdentity.generate();
const whoami = createActor(<canister-id>, { agentOptions: { identity } });
// persisting in indexeddb
import { get, set } from 'idb-keyval';
await set('keyPair', identity1.getKeyPair());
// retrieving
const storedKeyPair = await get('keyPair');
const identity2 = await ECDSAKeyIdentity.fromKeyPair(storedKeyPair);
const whoami2 = createActor(canisterId, { agentOptions: { identity: identity2 } });
Logic is from agent-js/ecdsa.cy.js at main · dfinity/agent-js · GitHub