W3C home > Mailing lists > Public > public-web-security@w3.org > February 2015

Re: [WebCrypto.Next] "Plan B" - Chrome Native Messaging

From: David Leon Gil <coruus@gmail.com>
Date: Wed, 4 Feb 2015 16:11:39 -0800
Message-ID: <CAA7UWsU3wvSDun++C4MPnyAt1Wy3YXWVhn_AhjLSD3EApXniyg@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
Cc: Billy Simon Chaves <b.simon@hermes-soft.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Siva Narendra <siva@tyfone.com>, Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, POTONNIEE Olivier <Olivier.Potonniee@gemalto.com>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
So, a nit I have with WebCrypto/whatever at the moment, related to this issue.

If I want to make a webapp that stores unextractable keys, I can store
them in IndexedDB. A browser can implement IndexedDB by providing a
store that is, e.g., a Sqlite3 database on disk. With all of these
"unextractable" keys stored in plaintext.

Every browser, however, does have an internal keystore (e.g., for
passwords). And (some of them) use the best available protection their
platform provides to protect entries in it.

I'd be happy if I could just store one entry in that keystore: A KEK
to wrap all of the keys when they're at rest.

But right now, as far as I know, I can't.

- dlg

On Mon, Feb 2, 2015 at 6:11 PM, Ryan Sleevi <sleevi@google.com> wrote:
> On Mon, Feb 2, 2015 at 5:50 PM, Billy Simon Chaves
> <b.simon@hermes-soft.com> wrote:
>> or Web Crypto mandates to work only with crypto keys stored in the user agent own local storage?
>
> Yes
>
Received on Thursday, 5 February 2015 00:12:30 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 5 February 2015 00:12:31 UTC