[whatwg] window.cipher HTML crypto API draft spec
=JeffH
Jeff.Hodges at KingsMountain.com
Fri May 20 13:36:52 PDT 2011
> With user control and privacy in mind, I have created a spec and an
> implementation for an easy to use cryptography API called DOMCrypt. This API
> will provide each web browser window with a 'cipher' property that
> facilitates:
>
> * asymmetric encryption key pair generation
> * public key encryption
> * decryption
> * signature generation
> * signature verification
> * hashing
> * easy public key discovery via meta tags
>
> I have created a Firefox extension that implements all of the above, and am
> working on an experimental patch that integrates this API into Firefox.
A subtle-but-important aspect to note about the above is that you impl'd it via
interfacing to the in-browser NSS API rather than (re)coding it in JS.
> The draft spec is here:
> https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
It's an interesting start, but the methods of the window.cipher property appear
to be tailored pretty specifically for your "addressbook" use case..
https://wiki.mozilla.org/Privacy/Features/mozCipherAddressbook
..which itself describes an implicit key exchange mechanism.
While that's sorta interesting, there's various use cases that've been
mentioned in various places that the above proposed API doesn't necessarily
address..
Web Sigining in Action
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0898.html
Re: Web Sigining in Action
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0953.html
JS crypto? (and ensuing thread)
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0605.html
Re: Hash functions (and ensuing thread)
http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/1041.html
Additionally, key exchange often becomes a tar pit. It'd be great if there were
functionality in such a JS-accessible API so that one could leverage keying
material from underlying, e.g. TLS, key exchanges (see RFC 5705, and "keying
material exporter" column in
<https://secure.wikimedia.org/wikipedia/en/wiki/Comparison_of_TLS_Implementations#Extensions>;
also NSS'
SSL_PeerCertificate() with which one can get the peer's cert and thus public
key), rather than invent new ones.
HTH,
=JeffH
More information about the whatwg
mailing list