Definition

The Web Crypto API is a low-level JavaScript interface standardized by the W3C (Web Cryptography API Recommendation, January 2017) that exposes core cryptographic operations to web applications and JavaScript runtimes. Accessible via the crypto.subtle namespace, it provides native, hardware-accelerated implementations of key generation, symmetric encryption (AES-CBC, AES-GCM, AES-CTR), asymmetric encryption (RSA-OAEP), digital signatures (ECDSA, RSA-PSS, Ed25519), hashing (SHA-256, SHA-384, SHA-512), key derivation (PBKDF2, HKDF), and key agreement (ECDH).

The API is deliberately named “subtle” because its operations are subtle to use correctly—small implementation errors (wrong IV reuse, missing authentication tags, incorrect padding) can completely undermine the security of the system. The W3C specification includes explicit warnings about the expertise required for correct usage.

The Web Crypto API is natively available in all major browsers (Chrome, Firefox, Safari, Edge), in Node.js (since v15), in Deno, and critically, in Cloudflare Workers—making it the universal cryptographic primitive for JavaScript-based architectures from client to edge.

Why It Matters

Before the Web Crypto API, client-side cryptography in JavaScript relied on pure-JS implementations like CryptoJS, SJCL, and Forge. These libraries had three fundamental weaknesses: they were slow (100-1,000x slower than native implementations), they were vulnerable to side-channel attacks (JavaScript’s lack of constant-time guarantees meant operations on secret data could leak timing information), and they stored key material in JavaScript heap objects accessible to any code running in the same origin.

The Web Crypto API solves all three problems. Operations execute in native code (typically leveraging hardware AES-NI instructions, which are present in over 99% of x86 processors shipped since 2010), providing performance within 2-5x of native C implementations. CryptoKey objects are opaque handles—the raw key material is held by the browser engine, not in the JavaScript heap, making it inaccessible to XSS attacks or heap inspection. And the API’s use of Promises enforces asynchronous, non-blocking operation.

A 2024 benchmark by the Web Platform Tests project showed crypto.subtle.encrypt with AES-256-GCM processing 500 MB/sec on a modern laptop—more than sufficient for real-time encryption of chat messages, file uploads, and streaming responses.

How It Works

The Web Crypto API operates through a consistent pattern:

  1. Key generation: crypto.subtle.generateKey() creates a new cryptographic key using the platform’s cryptographically secure random number generator (CSPRNG). For AES-256-GCM: crypto.subtle.generateKey({name: "AES-GCM", length: 256}, extractable, ["encrypt", "decrypt"]). The extractable parameter controls whether the raw key material can be exported—setting it to false ensures the key can never be read by JavaScript.

  2. Encryption: crypto.subtle.encrypt() takes an algorithm specification, a CryptoKey, and plaintext data (as an ArrayBuffer). For AES-256-GCM, the algorithm spec includes a 96-bit initialization vector (IV) generated via crypto.getRandomValues(). The output is ciphertext with an appended 128-bit authentication tag.

  3. Decryption: crypto.subtle.decrypt() reverses the process, using the same key, algorithm, and IV. For AES-GCM, decryption also verifies the authentication tag—rejecting any ciphertext that has been tampered with.

  4. Key derivation: crypto.subtle.deriveKey() derives encryption keys from passwords (PBKDF2) or shared secrets (HKDF). This enables key agreement protocols like ECDH, where two parties derive a shared symmetric key from their elliptic curve key pairs.

  5. Signing and verification: crypto.subtle.sign() creates digital signatures using ECDSA or RSA-PSS. crypto.subtle.verify() checks signatures against public keys—the mechanism underlying wallet authentication flows.

  6. Key destruction: When a CryptoKey reference goes out of scope (or is explicitly set to null), the browser engine deallocates the underlying key material. For non-extractable keys, this destruction is final—the key material was never accessible to JavaScript, and the engine’s garbage collector reclaims the native memory.

Stealth Cloud Relevance

The Web Crypto API is the cryptographic engine of Stealth Cloud. Every Ghost Chat session generates an AES-256-GCM key via crypto.subtle.generateKey() in the user’s browser. Every prompt is encrypted via crypto.subtle.encrypt() before leaving the client. Every response is decrypted via crypto.subtle.decrypt() after arriving. The key is created as non-extractable, meaning even the JavaScript application code cannot access the raw key bytes—it can only use the key through the crypto.subtle interface.

On session termination—whether by user-triggered burn, tab closure, or TTL expiration—the CryptoKey reference is released. The browser engine deallocates the native key material. This is crypto shredding at the browser level: the key is gone, and every encrypted message from the session is now indecipherable.

The same API runs in Cloudflare Workers, enabling the edge layer to perform cryptographic operations within V8 isolates without any external dependencies. The symmetry is architecturally significant: the same cryptographic API executes client-side in the browser and server-side at the edge, using the same algorithms, the same key formats, and the same security properties. The Stealth Cloud architecture is built entirely on a single cryptographic substrate: crypto.subtle, from browser to edge and back.

The Stealth Cloud Perspective

The Web Crypto API is the reason Stealth Cloud can deliver military-grade cryptography without asking users to install anything. The browser already has everything needed to encrypt, sign, and destroy—all Stealth Cloud had to do was build an architecture that uses it correctly.