Hardware Security Module. It's a piece of hardware that goes in a server and manages encryption keys for the server without ever exposing the keys to the server. Usually they're made so that it's infeasible to extract the keys even with access to the hardware: they're made hard to open, covered in epoxy, they erase their keys if the case is breached, etc.
>How can the window.crypto API create and use a crypto key that's handled by the browser?
There's a function for creating a key and you get an opaque object back out. You can pass the key to encrypt and decrypt functions. You can save the key object into IndexedDb, but you're still just dealing with an opaque object reference. There is an export key function, but it only works if the key was created with the "extractable" flag turned on.
The function is `window.crypto.subtle.generateKey`JavaScript can't access the generated key unless you export it using `window.crypto.subtle.exportKey`.
Hardware Security Module. It's a piece of hardware that goes in a server and manages encryption keys for the server without ever exposing the keys to the server. Usually they're made so that it's infeasible to extract the keys even with access to the hardware: they're made hard to open, covered in epoxy, they erase their keys if the case is breached, etc.
>How can the window.crypto API create and use a crypto key that's handled by the browser?
There's a function for creating a key and you get an opaque object back out. You can pass the key to encrypt and decrypt functions. You can save the key object into IndexedDb, but you're still just dealing with an opaque object reference. There is an export key function, but it only works if the key was created with the "extractable" flag turned on.