- From: David Leon Gil <coruus@gmail.com>
- Date: Wed, 4 Feb 2015 16:11:39 -0800
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Billy Simon Chaves <b.simon@hermes-soft.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Siva Narendra <siva@tyfone.com>, Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, POTONNIEE Olivier <Olivier.Potonniee@gemalto.com>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
So, a nit I have with WebCrypto/whatever at the moment, related to this issue. If I want to make a webapp that stores unextractable keys, I can store them in IndexedDB. A browser can implement IndexedDB by providing a store that is, e.g., a Sqlite3 database on disk. With all of these "unextractable" keys stored in plaintext. Every browser, however, does have an internal keystore (e.g., for passwords). And (some of them) use the best available protection their platform provides to protect entries in it. I'd be happy if I could just store one entry in that keystore: A KEK to wrap all of the keys when they're at rest. But right now, as far as I know, I can't. - dlg On Mon, Feb 2, 2015 at 6:11 PM, Ryan Sleevi <sleevi@google.com> wrote: > On Mon, Feb 2, 2015 at 5:50 PM, Billy Simon Chaves > <b.simon@hermes-soft.com> wrote: >> or Web Crypto mandates to work only with crypto keys stored in the user agent own local storage? > > Yes >
Received on Thursday, 5 February 2015 00:12:30 UTC