Privacy/Features/DOMCryptAPI

From MozillaWiki
< Privacy‎ | Features
Revision as of 21:34, 31 May 2011 by Ddahl (talk | contribs)
Jump to navigation Jump to search
Feature Status ETA Owner
DOMCryptAPI (a Crypto API in the DOM) Currently a Firefox Extension, DOMCrypt adds a new Window property that wraps NSS crypto functions, see http://domcrypt.org and https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest 2011-07-01 David Dahl

Summary

DOMCrypt gives web developers and endusers control over who data is shared with in plain text. As a general purpose Crypto API, DOMCrypt will provide Public Key Encryption, Symmetric Encryption and Hashing. There are additional use-cases being developed as well.

Team

  • Feature Manager: Dietrich Alaya
  • Lead Developer: David Dahl
  • Product Manager:
  • QA: Juan Becerra
  • Security: Curtis Koenig
  • Privacy: Sid Stamm
  • Cryptography:

Draft Spec

Release Requirements

  • Elegant Public Key encryption API
  • Elegant Symmetric Encryption API
  • SHA256 Hashing API
  • Off main thread API methods
  • User and web developer evangelism
  • Discussion and plan for standardization

Next Steps

  • Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39
  • Port extension over to Firefox/DOM code: initial patch ready for review
  • Use ChromeWorkers / callbacks for all API methods - done
  • Test suite - done
  • New name for the DOM property, currently using 'window.cipher' - this is secondary to how the API operates. perhaps we will integrate this with window.crypto or stick it inside "navigator.crypto"

Background

  • This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto

Use Cases

See htpps://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases

Related Bugs & Dependencies

bug 649154

Designs

See http://domcrypt.org and https://github.com/daviddahl/domcrypt

The current patch for Firefox has become asynchronous. The API has been renamed "window.cipher" and namespaced for the addition of future APIs.

This is the basic design:

window.cipher.pk.generateKeypair(function callback(aPubKey){})

window.cipher.pk.getPublicKey(function callback(aPubKey){})

window.cipher.pk.encrypt(aPlainText, aPublicKey, function callback(aCipherMessage){})

window.cipher.pk.decrypt(aCipherMessage, function callback(aPlainText){})

window.cipher.pk.sign(aPlainText, function callback(aSignature){})

window.cipher.pk.verify(aDecryptedPlainText, aSignature, aPublicKey, function callback(aBoolean){})

window.cipher.hash.SHA256(aPlainText, function callback(aHash){})

Test Plans

We have a mochitest browser test suite in place in the patch in bug 649154

Goals/Use Cases

Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox

Non-Goals

Initially supporting complex Crypto standards

Other Documentation

David Dahl has been working on this project over the past couple of years as a side project. Starting with content-based crypto via wordpress' AES implementation, moving to WeaveCrypto-based extensions and sites like https://droplettr.com - the realization dawned that starting small is the best bet in this endeavor: a single DOM property.

Legend

  Healthy: feature is progressing as expected.
ETA 2011-06-23
Retrieved from "https://wiki.mozilla.org/index.php?title=Privacy/Features/DOMCryptAPI&oldid=314295"