Privacy/Features/DOMCryptAPI: Difference between revisions
m (Fixed broken link) |
No edit summary |
||
| Line 16: | Line 16: | ||
== Summary == | == Summary == | ||
DOMCrypt gives web developers and endusers control over who data | DOMCrypt gives web developers and endusers control over who data is shared with in plain text. As a general purpose Crypto API, DOMCrypt will provide Public Key Encryption, Symmetric Encryption and Hashing. There are additional use-cases being developed as well. | ||
== Team == | == Team == | ||
| Line 27: | Line 27: | ||
* '''Privacy''': [[User:Sidstamm|Sid Stamm]] | * '''Privacy''': [[User:Sidstamm|Sid Stamm]] | ||
* '''Cryptography''': | * '''Cryptography''': | ||
== Draft Spec == | |||
* https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest | |||
== Release Requirements == | == Release Requirements == | ||
* Elegant Public Key encryption API | |||
* Elegant Symmetric Encryption API | |||
* SHA256 Hashing API | |||
* Off main thread API methods | * Off main thread API methods | ||
* User and web developer evangelism | * User and web developer evangelism | ||
* Discussion and plan for | * Discussion and plan for standardization | ||
== Next Steps == | == Next Steps == | ||
* Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39 | |||
* Port extension over to Firefox/DOM code: initial patch ready for review | * Port extension over to Firefox/DOM code: initial patch ready for review | ||
* Use ChromeWorkers / callbacks for all API methods - done | * Use ChromeWorkers / callbacks for all API methods - done | ||
* Test suite - done | * Test suite - done | ||
* New name for the DOM property, currently using ' | * New name for the DOM property, currently using 'window.cipher' - this is secondary to how the API operates. perhaps we will integrate this with window.crypto or stick it inside "navigator.crypto" | ||
== Background == | |||
* This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto | |||
== | == Use Cases == | ||
See htpps://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases | |||
== Related Bugs & Dependencies == | == Related Bugs & Dependencies == | ||
| Line 77: | Line 87: | ||
== Non-Goals == | == Non-Goals == | ||
Initially supporting complex Crypto standards | Initially supporting complex Crypto standards | ||
== Other Documentation == | == Other Documentation == | ||
| Line 89: | Line 99: | ||
|- | |- | ||
| '''ETA''' | | '''ETA''' | ||
| 2011- | | 2011-06-23 | ||
|} | |} | ||
Revision as of 21:31, 31 May 2011
| Feature | Status | ETA | Owner |
| DOMCryptAPI (a Crypto API in the DOM) | Currently a Firefox Extension, DOMCrypt adds a new Window property that wraps NSS crypto functions, see http://domcrypt.org | 2011-05-23 | David Dahl |
Summary
DOMCrypt gives web developers and endusers control over who data is shared with in plain text. As a general purpose Crypto API, DOMCrypt will provide Public Key Encryption, Symmetric Encryption and Hashing. There are additional use-cases being developed as well.
Team
- Feature Manager: Dietrich Alaya
- Lead Developer: David Dahl
- Product Manager:
- QA: Juan Becerra
- Security: Curtis Koenig
- Privacy: Sid Stamm
- Cryptography:
Draft Spec
Release Requirements
- Elegant Public Key encryption API
- Elegant Symmetric Encryption API
- SHA256 Hashing API
- Off main thread API methods
- User and web developer evangelism
- Discussion and plan for standardization
Next Steps
- Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39
- Port extension over to Firefox/DOM code: initial patch ready for review
- Use ChromeWorkers / callbacks for all API methods - done
- Test suite - done
- New name for the DOM property, currently using 'window.cipher' - this is secondary to how the API operates. perhaps we will integrate this with window.crypto or stick it inside "navigator.crypto"
Background
- This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto
Use Cases
See htpps://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases
Related Bugs & Dependencies
Designs
See http://domcrypt.org and https://github.com/daviddahl/domcrypt
The current patch for Firefox has become asynchronous. The API has been renamed "window.cipher" and namespaced for the addition of future APIs.
This is the basic design:
window.cipher.pk.generateKeypair(function callback(aPubKey){})
window.cipher.pk.getPublicKey(function callback(aPubKey){})
window.cipher.pk.encrypt(aPlainText, aPublicKey, function callback(aCipherMessage){})
window.cipher.pk.decrypt(aCipherMessage, function callback(aPlainText){})
window.cipher.pk.sign(aPlainText, function callback(aSignature){})
window.cipher.pk.verify(aDecryptedPlainText, aSignature, aPublicKey, function callback(aBoolean){})
window.cipher.hash.SHA256(aPlainText, function callback(aHash){})
Test Plans
We have a mochitest browser test suite in place in the patch in bug 649154
Goals/Use Cases
Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox
Non-Goals
Initially supporting complex Crypto standards
Other Documentation
David Dahl has been working on this project over the past couple of years as a side project. Starting with content-based crypto via wordpress' AES implementation, moving to WeaveCrypto-based extensions and sites like https://droplettr.com - the realization dawned that starting small is the best bet in this endeavor: a single DOM property.
Legend
| Healthy: feature is progressing as expected. | |
| ETA | 2011-06-23 |