Re: Need for Smart Card support from David Dahl on 2012-06-08 (public-webcrypto@w3.org from June 2012)

From: David Dahl <ddahl@mozilla.com>
Date: Fri, 8 Jun 2012 09:43:10 -0700 (PDT)
To: Ali Asad <Asad.Ali@gemalto.com>
Cc: "James L. Davenport" <jdavenpo@mitre.org>, public-webcrypto@w3.org
Message-ID: <170001772.6006748.1339173790726.JavaMail.root@mozilla.com>

Of course, the existing PKCS#11 routine (Prefs->Advanced->Encryption) in Firefox is a way to register a device. Perhaps I am under the impression that the API would govern the registration of hardware modules? 

I need to read up on how other browsers do this - and how NSS deals with crypto hardware and keyIDs. I think the real question here is does the API not have to do anything, just have the keyID passed to it to operate? All of the implementation details are hidden from the API, and things 
just work?


Cheers,

David

----- Original Message -----
From: "David Dahl" <ddahl@mozilla.com>
To: "Ali Asad" <Asad.Ali@gemalto.com>
Cc: "James L. Davenport" <jdavenpo@mitre.org>, public-webcrypto@w3.org
Sent: Friday, June 8, 2012 11:18:56 AM
Subject: Re: Need for Smart Card support

----- Original Message -----
> From: "Ali Asad" <Asad.Ali@gemalto.com>
> To: "James L. Davenport" <jdavenpo@mitre.org>, public-webcrypto@w3.org
> Sent: Monday, June 4, 2012 9:32:25 AM
> Subject: RE: Need for Smart Card support
> 
> I think it will be good to have an option for interacting with secure
> element (smart card being one example) in the API. Browsers that
> choose to support it can implement it while others can skip it. But
> the fact that it is there in the API will allow creation of secure
> applications (as indicated by the use cases below) for those
> interested in them.
> 

I would like to see what the interfaces for this look like.

A. How does the browser (in a cross-browser and platform way) know about the secure element? In other words, how is the secure element registered with the browser?

B. Does the secure element appear to the browser as another software API that can be called, e.g: window.crypto.secureElement.* ?

* or *

C. Does the secure element export keys which the browser imports and uses like any other keys that have a key handle?

I wonder what this looks like in practice. Is this a combination of crypto API + new browser features that 'register' the secure element with the  browser?  It does not appear an API can do all of this alone.

Cheers,

David

Received on Friday, 8 June 2012 16:43:41 UTC