- From: Eric Roman <ericroman@google.com>
- Date: Thu, 5 Mar 2015 18:55:24 -0800
- To: Charles Engelke <w3c@engelke.com>
- Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAFswn4k74TX=9qE3+w8USoFUWQL7wiCQ7H1VbEgzWVcgomG5TQ@mail.gmail.com>
On Thu, Mar 5, 2015 at 9:28 AM, Charles Engelke <w3c@engelke.com> wrote: > On Thu, Mar 5, 2015 at 5:44 AM, GALINDO Virginie > <Virginie.Galindo@gemalto.com> wrote: > > Dear all, > > > > a question to the WG members (and specially to implementers) related to > > defining profile(s) and tracked into the bug 25985 [1]. > > As a developer, not UA implementer, I would find profiles very useful, > especially a minimal one that all UAs support. That should include at > least one each of PK signing, PK encryption, symmetric encryption, > HMAC, hash, and key derivation. With those universally available I > could build applications that could communicate with each other > regardless of the browser they run on. > > > - what is the current overlapping coverage of algorithms across the > > implementations ? > > It appears that browser makers pretty much support a common set of > those kinds of algorithms (almost). I've got some sample applications > at https://github.com/infotechinc, and have found that every browser > I've tried that supports web crypto at all runs all of them > successfully except key derivation. Specifically, I've found universal > support for RSASSA-PKCS1-v1_5, RSA-OAEP, AES-CBC, and SHA-256. Only > Chrome Canary and Opera Developer support PBKDF2 at this time. > Actually I believe Firefox supports PBKDF2 too. (Seen in the code here: http://lxr.mozilla.org/mozilla-central/source/dom/crypto/WebCryptoTask.cpp#3102 ) > I've tried these apps on Chrome, Opera, and Firefox on Ubuntu Linux > and Windows 7, and Chrome on Android 5.0. (I'm still tickled that the > ones that don't use files work on my Android Wear watch, too.) I'm > putting together a table of browser support based on those apps plus > the results from the Web Cryptography API Live Table from > https://diafygi.github.io/webcrypto-examples/ . I'll share that when > it's done, probably within a day or two. > In case it is helpful, there is a list of the algorithms supported by Chromium here: https://sites.google.com/a/chromium.org/dev/blink/webcrypto?pli=1#TOC-Supported-algorithms-as-of-Chrome-41- PBKDF2 and HKDF are not available in the current stable version of Chrome, but will be in the next version. Also HKDF-CTR got implemented as HKDF. I've also found Safari on OS/X, which has a prefixed subtle crypto > implementation, seems to support many of the apps but still has issues > that keep most of them from working. I haven't tried Internet > Explorer's prefixed implementation because it is based on a much > earlier version of the API that isn't compatible with the current one. > Other notable differences between implementations from memory (apologies if this information has become out of date): * WebWorker support is not universal. I think Chromium is the only one to support WebCrypto in workers * JWK is the only universally supported key format (Safari doesn't implement PKCS8/SPKI) * 192-bit AES keys are not universally supported (as Chromium does not support them, but other browser do) * Key import in general is likely to be an area with a number of subtle implementation differences, especially around malformed JWK/PKCS8/SPKI data. (For instance using non-base64url characters, incorrectly padded EC parameters, invalid points, etc.) > - what is your feeling about having a profile captured into a document ? > > - which level of normalization would you like ot see associated with that > > document ? (being a note, a recommendation...). > > I would very much like that. I'm not set on any particular level of > normalization, probably because I don't have a good understanding of > the differences. > > Thanks, > > Charlie > -- > Charles Engelke, Chief Technology Officer > Info Tech, Inc. > Phone: +1 (352) 381-4400 > >
Received on Friday, 6 March 2015 03:02:21 UTC