Confirm
97
edits
Changes
Update to current WebIDL
};
[Constructor(in DOMString algorithm)]
interface CryptoHash {
void append(in ArrayBuffer data);
ArrayBuffer finish();
};
[Constructor(in DOMString algorithm, in ArrayBuffer key)]
interface CryptoHmac {
void append(in ArrayBuffer data);
ArrayBuffer finish();
};
void onsuccess(ArrayBuffer keyID, ArrayBuffer pubKey);
};
void onsuccess(ArrayBuffer pubKey);
};
void onsuccess(ArrayBuffer message);
};
void onsuccess(ArrayBuffer plainText);
};
interface CryptoPk {
void generateKeypair(DOMString algorithm, GenerateKeypairCallback callback, boolean signingKeypair);
void getPublicKey(GetPublicKeyCallback callback);
void encrypt(ArrayBuffer plainText, ArrayBuffer keyID, PKEncryptCallback callback);
void decrypt(ArrayBuffer message, ArrayBuffer keyID, PKDecryptCallback callback);
};
void onsuccess(ArrayBuffer signature);
};
void onsuccess(boolean verified);
};
interface CryptoSign {
void sign(ArrayBuffer keyID, ArrayBuffer plainText, PKSignCallback callback);
void verify(ArrayBuffer signature, ArrayBuffer pubKey, ArrayBuffer plainText, PKVerifyCallback callback);
};
</pre>
One possible addition we might consider is providing the web site with a secure mechanism having the user confirm a transaction. For example, a bank web site might wish to have the user sign a statement authorizing the transfer of funds from one account to another. Unlike the DOMCrypt APIs described above, this API involves interacting with the user to achieve non-repudiation:
<pre class="brush:js;toolbar:false;">
void signWithUserConfirmation(in ArrayBuffer keyID, in DOMString description, in ArrayBuffer data, in PKSignCallback callback);
};
**https://bugs.webkit.org/show_bug.cgi?id=62010
*WHAT-WG WHATWG mailing list thread: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html
*W3C mailing list thread: http://lists.w3.org/Archives/Public/public-web-security/2011Jun/0000.html
*Mailing lists summarized http://etherpad.mozilla.com:9000/DOMCrypt-discussion
