问题
The WebCrypto API introduces the notion of non exportable private keys, which can be exported to IndexDB but not not LocalStorage or over the web. This is nicely explained in Charles Engleke's blog "Saving Cryptographic Keys in the Browser".
But how do these objects actually work? Is there a way to tell from JS if an object is opaque or not? I am having trouble finding any information on this.
回答1:
There isn't a magical "opaque flag" anywhere. "Opaque" here just means there is data held in the object that is never visible to script. You can still perform some operations with a CryptoKey instance - e.g. in this case, store it in Indexed DB or send to another context via postMessage().
This is in contrast to e.g. a Blob object where all of the held data can be inspected either directly via attributes on the object or indirectly via a FileReader.
Another opaque example would be a Response object as a result of a cross-origin Fetch operation, which can be processed by a Service Worker but where the body can't be inspected.
So "is there a way to tell from JS if an object is opaque?" - it depends. If an object is an instance of CryptoKey then you know there is hidden data, so it is opaque. If an object is an instance of Blob then you know there is a way to access the data, even if you need other APIs to get access to it, so it is not opaque. If an object is an instance of Response it may be opaque, depending on the source.
来源:https://stackoverflow.com/questions/33971634/how-can-one-distinguish-js-opaque-objects