- From: helpcrypto helpcrypto <helpcrypto@gmail.com>
- Date: Tue, 22 Oct 2013 20:13:03 +0200
- To: public-webcrypto-comments@w3.org
- Message-ID: <CAHMQSgs4Y1Q3DCofcrPBbdprub1aAb-_EaiSU-QnHpEUU+vVmw@mail.gmail.com>
Hi all!
Few months ago I asked about WebCrypto state of the art.
Today, many things have changed and after a long reading, here I go again.
Please, *feel free to send me any comments, corrections or suggestions*,
they are all welcome.
I truly thank your answers!!!
If I didn't understand wrong, *there are currently 3 documents to have in
mind*:
WebCrypto API: [1]
Which focus on API to make operations such signing or verifying. This has
been already implemented by [2] for Javascript.
Firstly, there are some parts I have interest in:
13.2.6. The generateKey method
13.2.9. The importKey method
13.2.10. The exportKey method
*I know that "handling the keys" is out of the scope of this document
(smartcards too)*, but I'll like to know if, as an integrator, I'll be able
to generate a key pair on CSP/NSS/PKCS#11 modules, or import/export keys
from my smartcards using -for example- a PKCS#11 interface. In other words:
*Will this invoke microsoft-csp or linux-nss operations under this layer to
get access to keystores?*
(I think so, but looking for confirmation)
I'm also missing a* getKey(filter)* function that returns a handler to use
keys in operations like sign(key,data).
*Do you plan to add it?*
*Will be possible to specify a filter/unicode string to search on
subject/cert?*
I think key protection is also outside of the scope of this document, but:
*Will it be possible to make a key "sticky", being able to sign more than 1
document with "one PIN" only? (batch mode)
*
Finally, [3] says "Also, the system must display to the user the data that
is being signed, so that he knows what he is signing"
I'll like to publicly ask, request, beg, plead, pray...this to be human
readable.
Old Mozilla's signText was one of the worst -imho- *human *friendly GUIs
ever made.
*Could it be possible to display what the user is going to say using tools
like PDF.js (for PDF files)?
Could it be possible to display a short customizable message like: "Hi
peter, here are the documents you have to sign!"?*
KeyDiscovery: [4]
This document purpose is to define how the keys will be recovered from the
browser.
IMHO, the *getKey *function IS the link between these two documents, and
thats the reason why WebCrypto spec should contain the function and
reference to KeyDiscovery (not the way around).
Reading this document, I not sure if I understood this part:
interface NamedKey : Key {
readonly attribute DOMString name;
readonly attribute DOMString? id;
};
*Will getKeyByName("PETER") will look for all keys containing (in any
attribute) the word "PETER"?*
(If that's correct, im happpy to hear it!)
Also, will be great to be able to filter by keystore like
getKey(keystore,filter).
This keystore could match CSP name or PKCS#11 library. All keystores should
be queried if no keystore provided.
*Could this be possible?*
Some examples, like [5] will be much appreciated.
High-Level API: [6]
*Cant this document be merged with [1] as callbacks?*
Last but not least, *I'll like to thank the big effort you are doing with
this*. With each little step of this spec in happier in my daily work,
knowing one day in the future, ill get rid of Java.
Thank you all!!!
[1] https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
[2] polycrypt.net
[3] http://www.w3.org/2012/webcrypto/wiki/Use_Cases
[4] https://dvcs.w3.org/hg/webcrypto-keydiscovery/raw-file/tip/Overview.html
[5] https://github.com/daviddahl/domcrypt
[6] https://dvcs.w3.org/hg/webcrypto-highlevel/raw-file/tip/Overview.html
Received on Tuesday, 22 October 2013 18:13:50 UTC