====== WasmCryptoProvider ======

**Namespace:** ''WvdS.System.Security.Cryptography.Providers''

JavaScript Interop-based crypto provider for Blazor WebAssembly. Communicates via ''IJSRuntime'' with ''openssl.wasm''.

===== Overview =====

The ''WasmCryptoProvider'' enables post-quantum cryptography in Blazor WebAssembly applications through:

  * JavaScript Interop to WebAssembly-compiled OpenSSL
  * Fully asynchronous API (required for JS Interop)
  * Identical functionality to ''NativeCryptoProvider''

===== Architecture =====

<code>
Blazor WebAssembly
      |
      v
+-----------------+
| WasmCrypto-     |
| Provider        |
| (C#)            |
+--------+--------+
         | IJSRuntime.InvokeAsync
         v
+-----------------+
| wvds-crypto.js  |
| (JavaScript)    |
+--------+--------+
         |
         v
+-----------------+
| openssl.wasm    |
| (WebAssembly)   |
+-----------------+
</code>

===== Properties =====

^ Property ^ Type ^ Description ^
| ''Name'' | string | ''%%"WASM (JS Interop)"%%'' |
| ''IsAvailable'' | bool | ''true'' when initialized |

===== Dependency Injection =====

<code csharp>
// Program.cs (Blazor WebAssembly)
builder.Services.AddScoped<ICryptoProvider>(sp =>
    new WasmCryptoProvider(sp.GetRequiredService<IJSRuntime>()));
</code>

===== Initialization =====

<code csharp>
@inject ICryptoProvider CryptoProvider

@code {
    protected override async Task OnInitializedAsync()
    {
        await CryptoProvider.InitializeAsync();

        if (CryptoProvider.IsAvailable)
        {
            var version = CryptoProvider.GetOpenSslVersion();
            Console.WriteLine($"OpenSSL WASM: {version}");
        }
    }
}
</code>

===== Required JS/WASM Files =====

In ''wwwroot/index.html'':

<code html>
<head>
    <!-- OpenSSL WASM Module -->
    <script src="_content/WvdS.Crypto/openssl.js"></script>

    <!-- WvdS Crypto Wrapper -->
    <script src="_content/WvdS.Crypto/wvds-crypto.js"></script>
</head>
</code>

===== ML-DSA and ML-KEM =====

The methods are identical to ''NativeCryptoProvider'':

<code csharp>
// ML-KEM
var (publicKey, privateKey) = await provider.GenerateMlKemKeyPairAsync("ML-KEM-768");
var (sharedSecret, ciphertext) = await provider.EncapsulateAsync(recipientPublicKey);
byte[] sharedSecret = await provider.DecapsulateAsync(ciphertext, privateKey);

// ML-DSA
var (sigPub, sigPriv) = await provider.GenerateMlDsaKeyPairAsync("ML-DSA-65");
byte[] signature = await provider.SignMlDsaAsync(data, sigPriv);
bool isValid = await provider.VerifyMlDsaAsync(data, signature, sigPub);
</code>

===== Additional WASM-specific Methods =====

==== Key Derivation ====

^ Method ^ Description ^
| ''Pbkdf2Async'' | PBKDF2 via Web Crypto API |
| ''Pbkdf2WithPqSaltAsync'' | PBKDF2 with PQ-enhanced salt |
| ''Argon2idAsync'' | Memory-hard KDF via OpenSSL WASM |
| ''HkdfDeriveKeyAsync'' | HKDF Extract + Expand |
| ''DeriveHybridKeyAsync'' | Combines classic + PQ secret |

==== Stream/Chunked Encryption ====

^ Method ^ Description ^
| ''EncryptChunkedAsync'' | Chunked AES-GCM encryption |
| ''DecryptChunkedAsync'' | Chunked AES-GCM decryption |
| ''EncryptStreamWithPqKeyAsync'' | ML-KEM + chunked encryption |
| ''DecryptStreamWithPqKeyAsync'' | ML-KEM + chunked decryption |

==== Utility ====

^ Method ^ Description ^
| ''RandomBytesAsync'' | Cryptographically secure random numbers via Web Crypto API |
| ''CreateHybridSignatureAsync'' | Create hybrid signature |
| ''DeriveTls13KeysAsync'' | TLS 1.3 key schedule |

===== Security Notes =====

<WRAP warning>
  * **Requires .NET 8.0+** with Blazor WebAssembly
  * Browser memory is less secure than server memory
  * Private keys should not be stored long-term in the browser
  * For sensitive operations: Prefer server-side processing
  * ''openssl.wasm'' and ''wvds-crypto.js'' must be correctly loaded
</WRAP>

<WRAP tip>
**Best Practices for Browser Crypto:**

  * Use ephemeral keys for session-based encryption
  * Keep sensitive private keys on the server
  * Do not use IndexedDB/localStorage for unencrypted keys
  * Configure CSP headers correctly for WASM
</WRAP>

===== See Also =====

  * [[.:start|Providers Namespace]]
  * [[.:icryptoprovider|ICryptoProvider]]
  * [[.:nativecryptoprovider|NativeCryptoProvider]]
  * [[en:int:pqcrypt:developer:integration|Integration Guide]]

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//