MozillaWiki

BrowserID Key Wrapping: Difference between revisions

Page Discussion

BrowserID Key Wrapping (view source)

Revision as of 06:46, 19 January 2012

198 bytes added ,  19 January 2012
→‎API and Overall Behavior
Line 3: Line 3:
== API and Overall Behavior ==
== API and Overall Behavior ==


A web site wants to have access to a securely stored cryptographic key bound to each of its users. That key should be as stable as possible for a given user on a given web site: if it is lost, the user's data that the site chooses to secure with this key will also be lost.
A web site wants to perform client-side encryption of user data. We propose an API where a site can take a cryptographic key, wrap it with BrowserID in a way that can be later unwrapped. Wrapping should be keyed to a single email address, and should be as stable as possible: if the user changes password, unwrapping should continue to work. We accept that, if the user loses their BrowserID password altogether, the keys wrapped prior to the password reset will be lost.


BrowserID does <em>not</em> store any data on behalf of the web site. Instead, it provides a wrapping/unwrapping API. The web site is expected to generate a key for the user, wrap it via BrowserID, and store the wrapped key on its own servers.
BrowserID does <em>not</em> store any data on behalf of the web site. Instead, it provides a wrapping/unwrapping API. The web site is expected to generate a key for the user, wrap it via BrowserID, and store the wrapped key on its own servers.
BenAdida
668

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/388414"