Privacy/Features/DOMCryptAPISpec/Latest
DOMCrypt 'window.mozCipher' Specification
- DRAFT
- Version 0.1
- Author
- David Dahl <ddahl@mozilla.com>
Introduction
This document describes a proposed Javascript Cryptography API available in web browsers to allow any web page script the ability to generate asymmetric key pairs, encrypt, decrypt, sign, verify, hash data ( via a variety of algorithms ) as well as the discovery and persistence of a contact's public key.
Terms
- DOMCrypt
- A generic label for the entire crypto API originating in the open source project 'DOMCrypt'
- mozCipher
- The proposed moz-prefixed window property name for this API
- mozCipher Configuration
- A JSON object that stores the user's private key and public key
- Public Key
- The public half of an asymmetric key pair
- Private Key
- The private half of an asymmetric key pair
- mozCipherAddressbook or Addressbook
- A JSON object containing a user's contact's public key. This is also a term used to avoid such cryptography lingo as 'key', 'key ring'
- AddressbookEntry
- A JSON object that contains a contact's public key. The addressbook and AddressbookEntry nomenclature is used to simplify the way refer to public keys and key rings. e.g.: I need Natasha's AddressbookEntry in order to send her a private message (and she will need my AddressbookEntry to reply).
Objects
Note: Object definitions below are written in JSON.
- mozCipherConfiguration
A JSON Object which labels the KEYPAIRs, staring with a "default" KEYPAIR. This allows for multiple KEYPAIRs in the future.
{
"default": {
"created" : 1305140629979,
"privKey" : <BASE64 ENCODEDED PRIVATE KEY>,
"pubKey" : <BASE64 ENCODEDED PUBLIC KEY>,
"salt" : <ENCODED or ENCRYPTED Salt>,
"iv" : <ENCODED or ENCRYPTED IV>,
"algorithm" : "AES_256_CBC",
}
- mozCipherAddressbook
The JSON object containing a user's contact's PUBLIC KEYs
[
{
"id" : <a unique id, e.g: an email address>,
"handle" : "natasha",
"domain" : "domcrypt.org",
"pubKey" : <BASE64 ENCODED PUBLIC KEY>,
"created" : 1305140629979,
},
]
Browser Window property
- window.mozCipher
All web pages will have this property. The property is namespaced in order to provide future capabilities. The current design is asynchronous and looks like this:
{
pk: {
// Public Key API
set algorithm(algorithm){ },
get algorithm(){ },
// Generate a keypair and then execute the callback function
generateKeypair: function ( function callback( aPublicKey ) { } ) { }
// encrypt a plainText
encrypt: function ( plainText, function callback (cipherMessageObject) ) { } ) { }
// decrypt a cipherMessage
decrypt: function ( cipherMessageObject, function callback ( plainText ) { } ) { }
// sign a message
sign: function ( plainText, function callback ( signature ) { } ) { }
// verify a signature
verify: function ( signature, plainText, function callback ( boolean ) { } ) { }
// get the JSON mozCipherAddressbook
get addressbook() {}
// make changes to the addressbook
saveAddressbook: function (JSONObject, function callback () { }) { }
},
hash: {
SHA256: function (function callback (hash){}) { }
}
}
PublicKey discovery
A user discovers public keys (addressbook entries) in the markup of a web page as a meta tag. The browser alerts the user that an 'addressbookEntry' has been published. the user then has the option to save it to the mozCipherAddressbook
- addressbookEntry
<meta name="addressbook-entry" pubkey="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vW1laRyBkIfdeB2GQT+rz4dRwYUMtQJQ4Z8/QJCQj5qFuYKqcUn+8UssedWMjygRME1Eamcv5X5HLvphYMaRufk4PvKXLNq0Xh7cmNLcpQT639v+RjWpvHNWsdtYfd80nKCf1S46TlbH2/aw/+tcdLdj8MOTDtzII2oCcXU8B8PXNf49rcNMv8KagjC6LMQDrgvmZ56T1J3wHtQAH/QXGvh4WjQc2sWC/V+2xGkQL4+4yeP7STJBQXKmmqanExsqmwii1rV0Rd2GQnJRaSj+56HMDbZkLnZsxJExul5vu6ec+nBfACxWDMVCeVWbYxBpfURgC5nDsznkgT5VhXOJwIDAQAB",
handle="natasha",
domain="droplettr.com"
date="1298322911812",
algorithm="AES_256_CBC">
</meta>
References
- DOMCrypt: http://domcrypt.org
- mozCipher mozilla bugs: