New Feature - WebCrypto Identities in agent-js

Available for testing in the 0.12.2-beta.0 release, @dfinity/identity now supports the SubtleCrypto api. You can use an ECDSAKeyIdentity using the P-256 curve to make calls to the IC, using native CryptoKey and CryptoKeyPairs.

Importantly, this identity pattern is non-exportable by default, so even malicious code can’t export your key to use outside a secure browser context. CryptoKeyPairs can be stored in IndexedDb instead of localstorage, which also enhances the security of the identity.

With more experimentation, this new Identity type may be suitable to be the default, recommended way to manage identities in agent-js.

Example usage

// generating and using in an actor
const identity = await ECDSAKeyIdentity.generate();
const whoami = createActor(<canister-id>, { agentOptions: { identity } });

// persisting in indexeddb
import { get, set } from 'idb-keyval';
await set('keyPair', identity1.getKeyPair());

// retrieving
const storedKeyPair = await get('keyPair');
const identity2 = await ECDSAKeyIdentity.fromKeyPair(storedKeyPair);
const whoami2 = createActor(canisterId, { agentOptions: { identity: identity2 } });

Logic is from agent-js/ at main · dfinity/agent-js · GitHub


Nice improvement.
96.4% browser support

1 Like

Am I correct in assuming that this makes it impossible to use these both from dfx and from a dapp? Just want to know the score…sounds like a great improvement!

This is a JS, browser-specific feature. The value of the feature lies in the security of having non-exportable identities