89 lines
2.8 KiB
Markdown
89 lines
2.8 KiB
Markdown
# SAL Modular Cryptographic Browser Extension
|
|
|
|
A modern, secure browser extension for interacting with the SAL modular Rust cryptographic stack, enabling key management, cryptographic operations, and secure Rhai script execution.
|
|
|
|
## Features
|
|
|
|
### Session & Key Management
|
|
- Create and unlock encrypted keyspaces with password protection
|
|
- Create, select, and manage multiple keypairs (Ed25519, Secp256k1)
|
|
- Clear session state visualization and management
|
|
|
|
### Cryptographic Operations
|
|
- Sign and verify messages using selected keypair
|
|
- Encrypt and decrypt messages using asymmetric cryptography
|
|
- Support for symmetric encryption using password-derived keys
|
|
|
|
### Scripting (Rhai)
|
|
- Execute Rhai scripts securely within the extension
|
|
- Explicit user approval for all script executions
|
|
- Script history and audit trail
|
|
|
|
### WebSocket Integration
|
|
- Connect to WebSocket servers using keypair's public key
|
|
- Receive, review, and approve/reject incoming scripts
|
|
- Support for both local and remote script execution
|
|
|
|
### Security
|
|
- Dark mode UI with modern, responsive design
|
|
- Session auto-lock after configurable inactivity period
|
|
- Explicit user approval for all sensitive operations
|
|
- No persistent storage of passwords or private keys in plaintext
|
|
|
|
## Architecture
|
|
|
|
The extension is built with a modern tech stack:
|
|
|
|
- **Frontend**: React with TypeScript, Material-UI
|
|
- **State Management**: Zustand
|
|
- **Backend**: WebAssembly (WASM) modules compiled from Rust
|
|
- **Storage**: Chrome extension storage API with encryption
|
|
- **Networking**: WebSocket for server communication
|
|
|
|
## Development Setup
|
|
|
|
1. Install dependencies:
|
|
```
|
|
cd sal_extension
|
|
npm install
|
|
```
|
|
|
|
2. Build the extension:
|
|
```
|
|
npm run build
|
|
```
|
|
|
|
3. Load the extension in Chrome/Edge:
|
|
- Navigate to `chrome://extensions/`
|
|
- Enable "Developer mode"
|
|
- Click "Load unpacked" and select the `dist` directory
|
|
|
|
4. For development with hot-reload:
|
|
```
|
|
npm run watch
|
|
```
|
|
|
|
## Integration with WASM
|
|
|
|
The extension uses WebAssembly modules compiled from Rust to perform cryptographic operations securely. The WASM modules are loaded in the extension's background script and provide a secure API for the frontend.
|
|
|
|
Key WASM functions exposed:
|
|
- `init_session` - Unlock a keyspace with password
|
|
- `create_keyspace` - Create a new keyspace
|
|
- `add_keypair` - Create a new keypair
|
|
- `select_keypair` - Select a keypair for use
|
|
- `sign` - Sign a message with the selected keypair
|
|
- `run_rhai` - Execute a Rhai script securely
|
|
|
|
## Security Considerations
|
|
|
|
- The extension follows the principle of least privilege
|
|
- All sensitive operations require explicit user approval
|
|
- Passwords are never stored persistently, only kept in memory during an active session
|
|
- Session state is automatically cleared when the extension is locked
|
|
- WebSocket connections are authenticated using the user's public key
|
|
|
|
## License
|
|
|
|
[MIT License](LICENSE)
|