W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > February 2014

Re: Extractable Keys

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 4 Feb 2014 07:15:56 -0800
Message-ID: <CACvaWva5Em5o6Mibp4-zf-jCHQemphKbSsm5i+5qEBRxLWt7ow@mail.gmail.com>
To: Matthew Tamayo <matthew@kryptnostic.com>
Cc: public-webcrypto-comments@w3.org
On Feb 4, 2014 4:53 AM, "Matthew Tamayo" <matthew@kryptnostic.com> wrote:
>
> A fellow developer point me at the Web Crypto API draft, when I was
looking into whether it would be possible to have the browser execute some
key generation process that would allow use of a secret key for encryption
/ decryption, but would not allow that key to be extracted and sent
elsewhere with a Javascript call. I was wondering if the "Key.extractable"
property in section 11 was intended for that purpose.
>
> The specific scenario I am interested in is if a bad actor is able to
compromise a website to deliver bad JS that attempts to extract they keys
and send them to their own server, whenever a user visits what is otherwise
a functional and previously safe site.
>
> It would be very useful for a site to be able to generate a key, which is
could use via a handle like interface, but the site is unable to read the
contents of the keys.
>
> Matthew

The spec attempts to make clear that its very design is based upon the
premise of opaque key handles that may not allow access to the underlying
met material.

I'm curious what you may have found confusing or vague about this in the
spec, as its reiterated several times, so that we can try and improve it.

Regards,
Ryan
Received on Tuesday, 4 February 2014 15:16:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:03:27 UTC