Where does the WebCrypto API store keys?

CryptoKeys are not persistent by default. You need to store the keys in the IndexedDB to make them available to the next browser execution.

IndexedDB is a secure storage, keys can be stored, recovered and used without exposing the key material

See https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage

5.2. Key Storage

This specification does not explicitly provide any new storage mechanisms for CryptoKey objects. Instead, by allowing the CryptoKey to be used with the structured clone algorithm, any existing or future web storage mechanisms that support storing structured clonable objects can be used to store CryptoKey objects.

In practice, it is expected that most authors will make use of the Indexed Database API, which allows associative storage of key/value pairs, where the key is some string identifier meaningful to the application, and the value is a CryptoKey object. This allows the storage and retrieval of key material, without ever exposing that key material to the application or the JavaScript environment

Here you have a full example https://blog.engelke.com/2014/09/19/saving-cryptographic-keys-in-the-browser/

SOLVED:

You can use IndexedDB for storing CryptoKey objects.

I tried plain old local storage and it does not work.

For more info, see:

• https://pomcor.com/2017/06/02/keys-in-browser/
• https://www.w3.org/TR/WebCryptoAPI/
• https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
• https://www.w3.org/TR/IndexedDB/
• https://www.boxcryptor.com/en/blog/post/building-an-app-with-webcrypto-in-2016/
• https://gist.github.com/saulshanabrook/b74984677bccd08b028b30d9968623f5
• https://blog.engelke.com/2014/09/19/saving-cryptographic-keys-in-the-browser/