Privacy/Features/DOMCryptAPISpec/Latest: Difference between revisions

Jump to navigation Jump to search

Privacy/Features/DOMCryptAPISpec/Latest (view source)

Revision as of 21:15, 3 June 2011

1,396 bytes removed ,  3 June 2011
no edit summary
No edit summary
Line 1: Line 1:
= DOMCrypt 'window.cipher' Specification =
= DOMCrypt 'window.mozCrypto' Specification =


;DRAFT
;DRAFT


;Version 0.1
;Version 0.2PRE This draft is under heavy development right now. WebIDL is being added, v0.2 will be posted 2011-06-06
 
;Updated 2011-06-03


; Author: David Dahl <ddahl@mozilla.com>
; Author: David Dahl <ddahl@mozilla.com>
Line 9: Line 11:
== Introduction ==
== Introduction ==


This document describes a proposed Javascript Cryptography API available in web browsers to allow any web page script the ability to generate asymmetric key pairs, encrypt, decrypt, sign, verify, hash data ( via a variety of algorithms ) as well as the discovery and persistence of a contact's public key.
This document describes a proposed Javascript Cryptography API available in web browsers to allow any web page script the ability to generate asymmetric key pairs, encrypt, decrypt (asymmetric and symmetric crypto), sign, verify, HMAC, and hash data ( via a variety of algorithms ).


== Terms ==
== Terms ==
Line 17: Line 19:


; window.cipher
; window.cipher
: The proposed window property name for this API
: The now '''deprecated''' proposed window property name for this API
 
; window.mozCrypto
: The temporary window property used to distinguish this new API from the current window.crypto property. The consensus so far is to add this API to the window.crypto property


; cipher Configuration
; cipher Configuration
Line 30: Line 35:
; Private Key
; Private Key
: The private half of an asymmetric key pair
: The private half of an asymmetric key pair
; cipherAddressbook or Addressbook
: A JSON object containing a user's contact's public key. This is also a term used to avoid such cryptography lingo as 'key', 'key ring'
; AddressbookEntry
: A JSON object that contains a contact's public key. The addressbook and AddressbookEntry nomenclature is used to simplify the way refer to public keys and key rings. e.g.: I need Natasha's AddressbookEntry in order to send her a private message (and she will need my AddressbookEntry to reply).


; Symmetric Key
; Symmetric Key
Line 59: Line 58:
</pre>
</pre>


;cipherAddressbook


The JSON object containing a user's contact's Public Keys
== Browser Window property ==
<pre class="brush:js;toolbar:false;">
 
  [
;window.mozCrypto<br>
    {
      "id"      : <a unique id, e.g: an email address>,
      "handle"  : "natasha",
      "domain"  : "domcrypt.org",
      "pubKey"  : <BASE64 ENCODED PUBLIC KEY>,
      "created" : 1305140629979,
    },
  ]
</pre>


== Browser Window property ==
All windows will have this property (in the current implementation) for the time being as this API is hashed out.


;window.cipher<br>
The property is namespaced in order to provide future capabilities. The current design is asynchronous and looks like this: <br>  


All web pages will have this property. The property is namespaced in order to provide future capabilities. The current design is asynchronous and looks like this: <br>
<pre class="brush:js;toolbar:false;">  
<pre class="brush:js;toolbar:false;">  
{  
{  
Line 102: Line 90:
     // verify a signature
     // verify a signature
     verify: function ( signature, plainText, function callback ( boolean ) { } ) {  },
     verify: function ( signature, plainText, function callback ( boolean ) { } ) {  },
    // get the JSON cipherAddressbook
    get addressbook() {},
   
    // make changes to the addressbook
    saveAddressbook: function (JSONObject, function callback ( addresssbook ) { }) {  }
   },
   },
    
    
Line 128: Line 110:


   hash: {
   hash: {
     SHA256: function (function callback (hash) {}) {  }
     set algorithm( algorithm ) { },
 
    get algorithm( ) { },
 
    createHash: function (function callback (hash) {}) {  }
   },
   },


Line 143: Line 129:
</pre>
</pre>


== PublicKey discovery  ==
A user discovers public keys (addressbook entries) in the markup of a web page as a meta tag. The browser alerts the user that an 'addressbookEntry' has been published. the user then has the option to save it to the cipherAddressbook
;addressbookEntry
<pre  class="brush:html;toolbar:false;">
<meta name="addressbook-entry" pubkey="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vW1laRyBkIfdeB2GQT+rz4dRwYUMtQJQ4Z8/QJCQj5qFuYKqcUn+8UssedWMjygRME1Eamcv5X5HLvphYMaRufk4PvKXLNq0Xh7cmNLcpQT639v+RjWpvHNWsdtYfd80nKCf1S46TlbH2/aw/+tcdLdj8MOTDtzII2oCcXU8B8PXNf49rcNMv8KagjC6LMQDrgvmZ56T1J3wHtQAH/QXGvh4WjQc2sWC/V+2xGkQL4+4yeP7STJBQXKmmqanExsqmwii1rV0Rd2GQnJRaSj+56HMDbZkLnZsxJExul5vu6ec+nBfACxWDMVCeVWbYxBpfURgC5nDsznkgT5VhXOJwIDAQAB",
          handle="natasha",
          domain="droplettr.com"
          date="1298322911812",
          algorithm="AES_256_CBC"&gt;
</meta>
</pre>


== Notes ==
== Notes ==


; window.mozCipher is the proposed experimental, mozilla-prefixed window property name for this API
; The implementation should allow users to whitelist domains and pages which are authorized to use this API - much like how the Geolocation API asks the user for permission to get location data
 
; The implementation should allow users to whitelist domains and pages which are authorized to use this API - especially in regards to creating keypairs and getting the user's addressbook


== References  ==
== References  ==


*DOMCrypt: http://domcrypt.org  
*DOMCrypt: http://domcrypt.org  
*cipher mozilla bugs:  
*DOMCrypt Mozilla bugs:  
**https://bugzilla.mozilla.org/show_bug.cgi?id=649154  
**https://bugzilla.mozilla.org/show_bug.cgi?id=649154  
**https://bugzilla.mozilla.org/show_bug.cgi?id=657432
**https://bugzilla.mozilla.org/show_bug.cgi?id=657432
*DOMCrypt WebKit bug:
**https://bugs.webkit.org/show_bug.cgi?id=62010
*WHAT-WG mailing list thread: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html
*WHAT-WG mailing list thread: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html
*WHAT-WG mailing list summary: http://etherpad.mozilla.com:9000/DOMCrypt-discussion
*W3C mailing list thread: http://lists.w3.org/Archives/Public/public-web-security/2011Jun/0000.html
*Mailing lists summarized http://etherpad.mozilla.com:9000/DOMCrypt-discussion
<br>
<br>
Ddahl
564

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/315387"

Navigation menu