- From: Ryan Sleevi <sleevi@google.com>
- Date: Tue, 4 Feb 2014 07:15:56 -0800
- To: Matthew Tamayo <matthew@kryptnostic.com>
- Cc: public-webcrypto-comments@w3.org
- Message-ID: <CACvaWva5Em5o6Mibp4-zf-jCHQemphKbSsm5i+5qEBRxLWt7ow@mail.gmail.com>
On Feb 4, 2014 4:53 AM, "Matthew Tamayo" <matthew@kryptnostic.com> wrote: > > A fellow developer point me at the Web Crypto API draft, when I was looking into whether it would be possible to have the browser execute some key generation process that would allow use of a secret key for encryption / decryption, but would not allow that key to be extracted and sent elsewhere with a Javascript call. I was wondering if the "Key.extractable" property in section 11 was intended for that purpose. > > The specific scenario I am interested in is if a bad actor is able to compromise a website to deliver bad JS that attempts to extract they keys and send them to their own server, whenever a user visits what is otherwise a functional and previously safe site. > > It would be very useful for a site to be able to generate a key, which is could use via a handle like interface, but the site is unable to read the contents of the keys. > > Matthew The spec attempts to make clear that its very design is based upon the premise of opaque key handles that may not allow access to the underlying met material. I'm curious what you may have found confusing or vague about this in the spec, as its reiterated several times, so that we can try and improve it. Regards, Ryan
Received on Tuesday, 4 February 2014 15:16:23 UTC