Re: [WebCrypto.Next] "Plan B" - Chrome Native Messaging

So, a nit I have with WebCrypto/whatever at the moment, related to this issue.

If I want to make a webapp that stores unextractable keys, I can store
them in IndexedDB. A browser can implement IndexedDB by providing a
store that is, e.g., a Sqlite3 database on disk. With all of these
"unextractable" keys stored in plaintext.

Every browser, however, does have an internal keystore (e.g., for
passwords). And (some of them) use the best available protection their
platform provides to protect entries in it.

I'd be happy if I could just store one entry in that keystore: A KEK
to wrap all of the keys when they're at rest.

But right now, as far as I know, I can't.

- dlg

On Mon, Feb 2, 2015 at 6:11 PM, Ryan Sleevi <sleevi@google.com> wrote:
> On Mon, Feb 2, 2015 at 5:50 PM, Billy Simon Chaves
> <b.simon@hermes-soft.com> wrote:
>> or Web Crypto mandates to work only with crypto keys stored in the user agent own local storage?
>
> Yes
>

Received on Thursday, 5 February 2015 00:12:30 UTC