Feedback and criticism wanted: DOMCrypt API proposal

Bill Frantz frantz at pwpconsult.com
Mon Jun 6 09:00:29 PDT 2011


On 6/1/11 at 16:01, ddahl at mozilla.com (David Dahl) wrote:

>Hello JavaScript Enthusiasts,
>
>I recently posted this draft spec ( https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest

In looking at this proposal, I am confused by:

>cipherConfiguration
>
>A JSON Object which labels the Key Pairs, staring with a "default" Key Pair. This allows for multiple Key Pairs in the future.
>
>01. {
>02. "default": {
>03. "created"   : 1305140629979,
>04. "privKey"   : <BASE64 ENCODEDED PRIVATE KEY>,
>05. "pubKey"    : <BASE64 ENCODEDED PUBLIC KEY>,
>06. "salt"      : <ENCODED or ENCRYPTED Salt>,
>07. "iv"        : <ENCODED or ENCRYPTED IV>,
>08. "algorithm" : "AES_256_CBC",
>09. }

This example seems to define public and private keys for a 
symmetric algorithm. The detailed format of public keys will 
depend on which algorithm is used. Are you planning on storing 
them in their ASN1 form, or as JSON objects?


>window.mozCrypto
>All windows will have this property (in the current implementation) for the time being as this API is hashed out.
>
>The property is namespaced in order to provide future capabilities. The current design is asynchronous and looks like this:

Is an asynchronous interface the best choice. I thought one of 
the great reliability advantages of Javascript was its single 
thread, synchronous nature.



>) for a crypto API for browsers to the whatwg (see: 
>http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html 
>, summary is here: 
>http://etherpad.mozilla.com:9000/DOMCrypt-discussion ) and 
>wanted to get feedback and criticism from es-discuss/TC39.
>
>Privacy and user control on the web is of utter importance. 
>Tracking, unauthorized user data aggregation and personal 
>information breaches are becoming so commonplace you see a new 
>headline almost daily. (It seems).
>
>We need crypto APIs in browsers to allow developers to create 
>more secure communications tools and web applications that 
>don’t have to implicitly trust the server, among other use cases.
>
>The DOMCrypt API is a good start, and more feedback and 
>discussion will really help round out how all of this should 
>work – as well as how it can work in any browser that will 
>support such an API. I think the main issue is creating an 
>elegant API regardless of how it is implemented.
>
>This API will provide each web browser window with a ‘cipher’ property[1] that facilitates:
>
>asymmetric encryption key pair generation
>public key encryption
>public key decryption
>symmetric encryption
>signature generation
>signature verification
>hashing
>easy public key discovery via meta tags or an ‘addressbookentry’ tag
>
>[1] There is a bit of discussion around adding this API to 
>window.navigator or consolidation within window.crypto
>
>I have created a Firefox extension that implements most of the 
>above, and am working on an experimental patch that integrates 
>this API into Firefox.
>
>The project originated in an extension I wrote, the home page is here: http://domcrypt.org
>
>The source code for the extension is here: https://github.com/daviddahl/domcrypt
>
>The Mozilla bugs are here:
>
>https://bugzilla.mozilla.org/show_bug.cgi?id=649154
>https://bugzilla.mozilla.org/show_bug.cgi?id=657432
>
>Firefox "feature wiki page": https://wiki.mozilla.org/Privacy/Features/DOMCryptAPI
>
>You can test the API by installing the extension hosted at 
>domcrypt.org, and going to http://domcrypt.org
>
>A recent blog post updating all of this is posted here: http://monocleglobe.wordpress.com/2011/06/01/domcrypt-update-2011-06-01/
>
>The API:
>
>window.cipher = {
>// Public Key API
>pk: {
>set algorithm(algorithm){ },
>get algorithm(){ },
>
>// Generate a keypair and then execute the callback function
>generateKeypair: function ( function callback( aPublicKey ) { } ) {  },
>
>// encrypt a plainText
>encrypt: function ( plainText, function callback (cipherMessageObject) ) {  } ) {  },
>
>// decrypt a cipherMessage
>decrypt: function ( cipherMessageObject, function callback ( plainText ) { } ) {  },
>
>// sign a message
>sign: function ( plainText, function callback ( signature ) { } ) {  },
>
>// verify a signature
>verify: function ( signature, plainText, function callback ( boolean ) { } ) {  },
>
>// get the JSON cipherAddressbook
>get addressbook() {},
>
>// make changes to the addressbook
>saveAddressbook: function (JSONObject, function callback ( addresssbook ) { }) {  }
>},
>
>// Symmetric Crypto API
>sym: {
>get algorithm(),
>set algorithm(algorithm),
>
>// create a new symmetric key
>generateKey: function (function callback ( key ){ }) {  },
>
>// encrypt some data
>encrypt: function (plainText, key, function callback( cipherText ){ }) {  },
>
>// decrypt some data
>decrypt: function (cipherText, key, function callback( plainText ) { }) {  },
>},
>
>// hashing
>hash: {
>SHA256: function (function callback (hash){}) {  }
>}
>}
>
>Your feedback and criticism will be invaluable.
>
>Best regards,
>
>David Dahl
>
>Firefox Engineer, Mozilla Corp.
>_______________________________________________
>es-discuss mailing list
>es-discuss at mozilla.org
>https://mail.mozilla.org/listinfo/es-discuss
-----------------------------------------------------------------------
Bill Frantz        |Security, like correctness, is| Periwinkle
(408)356-8506      |not an add-on feature. - Attr-| 16345 
Englewood Ave
www.pwpconsult.com |ibuted to Andrew Tannenbaum   | Los Gatos, 
CA 95032



More information about the es-discuss mailing list