Privacy/Features/DOMCryptAPI
Status
| DOMCryptAPI (a Crypto API in the DOM) | |
| Stage | Design |
| Status | ` |
| Release target | ` |
| Health | OK |
| Status note | Currently a Firefox Extension, DOMCrypt adds a new Window property that wraps NSS crypto functions, see http://domcrypt.org and https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest |
{{#set:Feature name=DOMCryptAPI (a Crypto API in the DOM)
|Feature stage=Design |Feature status=` |Feature version=` |Feature health=OK |Feature status note=Currently a Firefox Extension, DOMCrypt adds a new Window property that wraps NSS crypto functions, see http://domcrypt.org and https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest }}
Team
| Product manager | Chris Blizzard |
| Directly Responsible Individual | Dietrich Ayala |
| Lead engineer | David Dahl |
| Security lead | Curtis Koenig |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | Juan Becerra |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Chris Blizzard
|Feature feature manager=Dietrich Ayala |Feature lead engineer=David Dahl |Feature security lead=Curtis Koenig |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=Juan Becerra |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
DOMCrypt gives web developers and endusers control over who data is shared with in plain text. As a general purpose Crypto API, DOMCrypt will provide Public Key Encryption, Symmetric Encryption and Hashing. There are additional use-cases being developed as well.
Goal: Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox
2. Users & use cases
See https://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases
3. Dependencies
`
4. Requirements
- Elegant Public Key encryption API
- Elegant Symmetric Encryption API
- SHA256 Hashing API
- Off main thread API methods
- User and web developer evangelism
- Discussion and plan for standardization
Non-goals
Initially supporting complex Crypto standards.
Stage 2: Design
5. Functional specification
See http://domcrypt.org and https://github.com/daviddahl/domcrypt
The current patch for Firefox has become asynchronous. The API has been renamed "window.cipher" and namespaced for the addition of future APIs.
This is the basic API design:
window.cipher.pk.generateKeypair(function callback(aPubKey){})
window.cipher.pk.getPublicKey(function callback(aPubKey){})
window.cipher.pk.encrypt(aPlainText, aPublicKey, function callback(aCipherMessage){})
window.cipher.pk.decrypt(aCipherMessage, function callback(aPlainText){})
window.cipher.pk.sign(aPlainText, function callback(aSignature){})
window.cipher.pk.verify(aDecryptedPlainText, aSignature, aPublicKey, function callback(aBoolean){})
window.cipher.hash.SHA256(aPlainText, function callback(aHash){})
6. User experience design
`
Stage 3: Planning
7. Implementation plan
Next Steps
- Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39
- Port extension over to Firefox/DOM code: initial patch ready for review
- Use ChromeWorkers / callbacks for all API methods - done
- Test suite - done
- New name for the DOM property, currently using 'window.cipher' - this is secondary to how the API operates. perhaps we will integrate this with window.crypto or stick it inside "navigator.crypto"
Background
- This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
We have a mochitest browser test suite in place in the patch in bug 649154
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=DOMCrypt gives web developers and endusers control over who data is shared with in plain text. As a general purpose Crypto API, DOMCrypt will provide Public Key Encryption, Symmetric Encryption and Hashing. There are additional use-cases being developed as well.
Goal: Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox |Feature users and use cases=See https://wiki.mozilla.org/Privacy/Features/DOMCryptAPI/UseCases |Feature dependencies=` |Feature requirements=* Elegant Public Key encryption API
- Elegant Symmetric Encryption API
- SHA256 Hashing API
- Off main thread API methods
- User and web developer evangelism
- Discussion and plan for standardization
|Feature non-goals=Initially supporting complex Crypto standards. |Feature functional spec=* Draft spec: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
See http://domcrypt.org and https://github.com/daviddahl/domcrypt
The current patch for Firefox has become asynchronous. The API has been renamed "window.cipher" and namespaced for the addition of future APIs.
This is the basic API design:
window.cipher.pk.generateKeypair(function callback(aPubKey){})
window.cipher.pk.getPublicKey(function callback(aPubKey){})
window.cipher.pk.encrypt(aPlainText, aPublicKey, function callback(aCipherMessage){})
window.cipher.pk.decrypt(aCipherMessage, function callback(aPlainText){})
window.cipher.pk.sign(aPlainText, function callback(aSignature){})
window.cipher.pk.verify(aDecryptedPlainText, aSignature, aPublicKey, function callback(aBoolean){})
window.cipher.hash.SHA256(aPlainText, function callback(aHash){})
|Feature ux design=` |Feature implementation plan===== Next Steps ====
- Get the discussion going with other browser vendors, WHAT-WG, W3C, TC-39
- Port extension over to Firefox/DOM code: initial patch ready for review
- Use ChromeWorkers / callbacks for all API methods - done
- Test suite - done
- New name for the DOM property, currently using 'window.cipher' - this is secondary to how the API operates. perhaps we will integrate this with window.crypto or stick it inside "navigator.crypto"
Background
- This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, when Sync switched to J-PAKE crypto
|Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=We have a mochitest browser test suite in place in the patch in bug 649154 |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | P3 |
| Rank | 999 |
| Theme / Goal | Enhance User Controlled Disclosure |
| Roadmap | Privacy |
| Secondary roadmap | ` |
| Feature list | Platform |
| Project | ` |
| Engineering team | Platform |
{{#set:Feature priority=P3
|Feature rank=999 |Feature theme=Enhance User Controlled Disclosure |Feature roadmap=Privacy |Feature secondary roadmap=` |Feature list=Platform |Feature project=` |Feature engineering team=Platform }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}
Other Documentation
David Dahl has been working on this project over the past couple of years as a side project. Starting with content-based crypto via wordpress' AES implementation, moving to WeaveCrypto-based extensions and sites like https://droplettr.com - the realization dawned that starting small is the best bet in this endeavor: a single DOM property.