- From: Arun Ranganathan <arun@mozilla.com>
- Date: Mon, 8 Jul 2013 15:12:31 -0400
- To: Hutchinson Michael <Michael.Hutchinson@gemalto.com>
- Cc: "Web Cryptography Working Group (public-webcrypto@w3.org)" <public-webcrypto@w3.org>
- Message-Id: <2303F8A0-6626-4EB3-88BD-B38FE8DE806E@mozilla.com>
Hi Michael, After the public/private key pair is generated, both are stored in client-side storage. I think instead of "extract" I should say "retrieve from client-side storage." In the case of browsers that have a native BrowserID implementation, this might mean a separate key store (and thus, "extract" would mean calling the API that is on top of that key store). In the case of browsers that don't have a native BrowserID implementation, this would be IndexedDB or localStorage. -- A* On Jul 8, 2013, at 3:10 PM, Hutchinson Michael wrote: > Arun, > > Although there is an indication that the code is for illustrative purposes only. I would like to understand why/how the private key is extracted in 3 step 2 > > > 3. Persona.org then sends this over to script hosted by PSS using cross-origin messaging. > > /** > This code is for illustrative purposes only and runs on Persona.org. > > 1. Assume a combined assertion and certificate structure in JWT format for use with postMessage() > var assertionPlusCert is a JWT like above > 2. Extract karen@webcrypto.com private key for signing assertion > > > >Michael > > > -----Original Message----- > > From: Arun Ranganathan [mailto:arun@mozilla.com] > > Sent: Monday, July 08, 2013 10:20 AM > > To: Web Cryptography Working Group (public-webcrypto@w3.org) > > Subject: ACTION-94 | Add BrowserID use case to use cases document > > > > I'd added the BrowserID use case, which is also a use case for cross- > > origin messaging. > > > > I'll close this action item. The code used is pending review, and is a > > reduced and highly simplified subset of what's used in practice. > > > > -- A* >
Received on Monday, 8 July 2013 19:13:00 UTC