- From: David Dahl <ddahl@mozilla.com>
- Date: Tue, 26 Jul 2011 12:59:20 -0700 (PDT)
Hello All: Just a quick report on a DOMCrypt meeting that took place Thursday, 2011-07-14 at Mozilla in Mountain View. Summary: DOMCrypt is a high-level API that should be usable by web developers after a short period of study DOMCrypt will be designed and implemented so that it is difficult to "do the wrong thing" HASH and HMAC methods may be implemented first The Public Key API is the most useful, so it should be implemented before the symmetric encryption API Keypairs must be generated on a per-origin basis The Keypair for a specific origin cannot be used in another origin No private or wrapped key material will be accessible to content scripts Each implementation will provide a mechanism to clear keys A "Key ID" will be used to tell the decrypt method which (content inaccessible) private key to use to decrypt data The returned encrypted object format will be a raw ArrayBuffer The public key format will be a raw ArrayBuffer **We agreed to "have all the inputs and outputs be raw, unformatted ArrayBuffers, letting higher-level pure JS wrappers deal with conversion to application data formats until we understand better what higher-level formats would be useful" HASH and HMAC methods should be synchronous to make them simpler HASH and HMAC methods should be constructors We may implement the HASH and HMAC APIs first then the PublicKey API A wiki page with more detail is here: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Meeting-2011-07-14 The DOMCrypt Spec is here: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest Any comments and discussion will be most welcome. Regards, David Dahl
Received on Tuesday, 26 July 2011 12:59:20 UTC