How to using AES-ECB on Cloudflare Workers

Dear all,

I saw that Cloudflare’s Web Crypto does not support AES-ECB [1]. However, this algorithm is already implemented on our system (We have greater than 260TB data file implemented on AES-ECB).

We using AES-ECB to decrypt file. And we are needing this algorithm to create a workers. Does Cloudflare intend to have AES-ECB implemented? Or someone can suggest for me about solution to implement AES-ECB algorithm on Cloudflare Workers?

Thank you in advance.

Regards,

Hai

[1] https://developers.cloudflare.com/workers/runtime-apis/web-crypto#supported-algorithms

Thanks for the feedback.
I’m tagging @KentonVarda here for visibility.

2 Likes

Thanks for the suggestion! I’m on the Workers team and will pass this to the right people. Would love if you could share more how you’d like to use Workers with this crypto algo? Would it be using Workers to decrypt a file? Also could you explain more on needing it to “create a workers”?

1 Like

Dear @azhao. I’m using Workers to fetch encrypt the file from the Storage server (same as S3, Backblaze) and respond to the Client. And I want to decrypt file responses for the Client during Cloudflare Workers processing.

I have considered using Cloudflare Workers this solution many times and it’s fit in this case.

Thank you for your help.

Hi, I’m also from the Workers team & wanted to get a better understanding of the request.

Is my understanding correct that you have a single 260TB AES-ECB encrypted file that you want to decrypt via a Worker or do you have 260TB of data total split up across smaller files & a much smaller subset of this is returned for each individual request?

I’m also curious if you’ve seen/tried out pure JavaScript implementation of AES-ECB? For example, aes-ecb - npm but there are many others.

Finally, you may already be aware, as a best-practices note, cryptographers will generally recommend against AES-ECB because it’s largely considered insecure (that’s why it’s omitted from WebCrypto). Is it at all possible to migrate your source data to a more secure cipher (e.g. AES-CTR is probably better for your use-cases & is well-supported in the WebCrypto standard)?

2 Likes