Zero Knowledge/Access Encryption using Cloudflare Workers

I’m looking to implement zero knowledge/access encryption using Cloudflare Workers. Upon researching some ways to do this, I came across It talks about creating a CA store using the node-forge NPM package. Interesting enough, it doesn’t look like that package has been updated in over 2 years which definitely concerns me.

Therefore, I started looking into the Web Crypto API found at, recommended for performance reasons over pure JavaScript. However, it doesn’t appear that library has any native functionality for creating a certificate store. It looks like I could implement this functionality using pure JavaScript but the article on Web Crypto indicates doing so comes with a performance penalty.

Has anyone successfully implemented zero knowledge/access encryption yet using Cloudflare Workers? Any thoughts and help on this would be greatly appreciated. Thank you.

Been doing some research and it looks like from a performance standpoint, it is crucial to ensure the use of Cloudflare’s Web Crypto API implementation via crypto.subtle. Currently, Node Forge doesn’t use the regular Web Crypto API (see but another library does which may suite my needs: PKI.js (see If I fork the library or enhance it via a pull request, I could enable the use of crypto.subtle where possible to ensure the performance benefits are achieved. In cases where an implementation is missing, I can then just use the NodeJS implementation and set the nodejs_compat compatibility flag (see

I’ll keep digging into this and update this thread with my findings.

Looks like I may be able to implement some of the functionality I’m looking for without an additional library by just using the Web Crypto API Certificate class (example: I’m not sure if this will have all the options I need. Will continue to post updates as I learn more.

This post from Stack Exchange is an insightful read: It may be possible to simplify things without needing multiple libraries/frameworks. Also, reading how Proton Mail encryption works offers additional clues, especially what’s found at