Secret

The Secret library (real name TBD) is a general-purpose cryptography API and implementation for JavaScript.

Our plan is to design a modern API and first expose it to chrome JS (for browser add-ons), and later expose it to content as well.

Goals

• Give tools to developers
• Deliver an API
• Deliver a fast implementation of a subset of that API
• Make it possible for others to implement the API, both using native code and in pure JS

Desirable Properties

• Good JS feel to the API
• Good error messaging
• Hard to screw up - reasonably safe defaults, good samples & docs
• Async support?

Non Goals

• Expose HW acceleration to consumers of this API (but HW accel could be used if the API implementor can & wants)
• Implement end-to-end high level solutions, see Features below for examples

Use Cases

Weave

• Protecting bookmarks/user data
• Exchange credentials

Account Manager

• Could use keys to prove ownership of an account, no passwords needed

Using crypto to prove access to an account Petname toolbar

• Looks into SSL certs, etc

Tahoe

• Uses symmetric crypto, and asymmetric signatures

Encrypted mail (decryption in content)

Features

Primitives Level

• bytestring
• bigint
• (u)random (optional blocking, calls out to OS)

Low Level

Packing

• ASN.1/DER
• Base64
• Charset conversion/encoding (UTF8, UCS2)
• HTML FileAPI FileBlob

Mid Level

Symmetric crypto

• Algorithms: AES
• Modes: CBC, CTR, (XTS? EAX?)

Asymmetric crypto

• RSA
• (EC)DSA
• (EC)DH

Hashing

• Algorithms: SHA1, SHA256
• HMAC

Key generation

• PBKDF2
• Smartcard/token (?)

Key exchange

• J-PAKE

High Level

High-level primitives are OK

• NaCl-style box/unbox

No plans to support any high-level implementations of particular use-cases, including:

• Cert stuff (signing, etc)
• PKCS
• SSL
• X509