Privacy/Features/DOMCryptAPI/UseCases: Difference between revisions
< Privacy | Features | DOMCryptAPI
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
=== Messaging === | === Messaging === | ||
* Natasha and Boris would like to message one another privately via a web application. The server is untrusted and all message data that Natasha sends to the server should be encrypted so only Boris can read it after downloading. A server compromise will net the server's attacker only blobs of useless data. This web application will use the Public Key API: '''window.cipher.pk.*''' | * Deuxdrop ( https://wiki.mozilla.org/Labs/Deuxdrop ), a project from Mozilla Labs would benefit from the DOMCrypt API. | ||
* Boot2Gecko apps will benefit greatly from the DOMCrypt API, as the only thing to consume is the DOM and all of the APIs we provide. | |||
** Example: Natasha and Boris would like to message one another privately via a web application. The server is untrusted and all message data that Natasha sends to the server should be encrypted so only Boris can read it after downloading. A server compromise will net the server's attacker only blobs of useless data. This web application will use the Public Key API: '''window.cipher.pk.*''' | |||
Example Code: | Example Code: | ||
| Line 14: | Line 16: | ||
var plainText = "Hey, wanna grab a root beer with me after work?"; | var plainText = "Hey, wanna grab a root beer with me after work?"; | ||
window. | window.crypto.pk.encrypt(plainText, publicKey, function callback(aCipherMessage) { | ||
// Asynchronous crypto API - the plainText is encrypted and the CipherMessage object is returned to this callback function | // Asynchronous crypto API - the plainText is encrypted and the CipherMessage object is returned to this callback function | ||
// aCipherMessage is a JS object literal: | // aCipherMessage is a JS object literal: | ||
| Line 26: | Line 28: | ||
</pre> | </pre> | ||
=== | === Symmetric Crypto via Diffie-Hellman Key Exchange === | ||
* | * TBD | ||
<pre class="brush:js;toolbar:false;"> | <pre class="brush:js;toolbar:false;"> | ||
// | // This API is under development | ||
</pre> | </pre> | ||
| Line 60: | Line 40: | ||
SHA 256 hashes are handy for storing passwords and generating checksums (among other uses) | SHA 256 hashes are handy for storing passwords and generating checksums (among other uses) | ||
Example code uses the hashing API | Example code uses the hashing API, using the constructor '''window.crypto.hash''' | ||
<pre class="brush:js;toolbar:false;"> | <pre class="brush:js;toolbar:false;"> | ||
window. | var hasher = new window.crypto.hash("RS256"); | ||
var myData = "1234567890abcdefghijklmnopqrstuwxyz"; | |||
}); | var arrBufferView = new Int8Array(myData.length); | ||
for (var i = 0; i < myData.length; i++) { | |||
arrBufferView[i] = myData.charCodeAt(i); | |||
} | |||
hasher.append(arrBufferView); | |||
var hashed = hasher.finish(); | |||
// Another idea: generating a file checksum in conjunction with the FileAPI | // Another idea: generating a file checksum in conjunction with the FileAPI | ||
</pre> | </pre> | ||
== New Ideas == | == New Ideas == | ||
Latest revision as of 18:40, 6 December 2011
DOMCrypt API Use Cases
Back to DOMCrypt Draft Spec: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
Messaging
- Deuxdrop ( https://wiki.mozilla.org/Labs/Deuxdrop ), a project from Mozilla Labs would benefit from the DOMCrypt API.
- Boot2Gecko apps will benefit greatly from the DOMCrypt API, as the only thing to consume is the DOM and all of the APIs we provide.
- Example: Natasha and Boris would like to message one another privately via a web application. The server is untrusted and all message data that Natasha sends to the server should be encrypted so only Boris can read it after downloading. A server compromise will net the server's attacker only blobs of useless data. This web application will use the Public Key API: window.cipher.pk.*
Example Code:
var publicKey = messagingApp.getPublicKey("boris");
var plainText = "Hey, wanna grab a root beer with me after work?";
window.crypto.pk.encrypt(plainText, publicKey, function callback(aCipherMessage) {
// Asynchronous crypto API - the plainText is encrypted and the CipherMessage object is returned to this callback function
// aCipherMessage is a JS object literal:
// { content: <ENCRYPTED, BASE64 Encoded String>,
// pubKey: <PUBLICKEY used to encrypt the a symmetric key>,
// wrappedKey: <SYMMETRIC KEY wrapped with the recipient's public key>,
// iv: <Initialization Vector>
// }
messagingApp.sendMessage(aCipherMessage, {from: 'natasha', to: 'boris'});
});
Symmetric Crypto via Diffie-Hellman Key Exchange
- TBD
// This API is under development
Hashing
SHA 256 hashes are handy for storing passwords and generating checksums (among other uses)
Example code uses the hashing API, using the constructor window.crypto.hash
var hasher = new window.crypto.hash("RS256");
var myData = "1234567890abcdefghijklmnopqrstuwxyz";
var arrBufferView = new Int8Array(myData.length);
for (var i = 0; i < myData.length; i++) {
arrBufferView[i] = myData.charCodeAt(i);
}
hasher.append(arrBufferView);
var hashed = hasher.finish();
// Another idea: generating a file checksum in conjunction with the FileAPI
New Ideas
- Some ideas that have been mentioned via mailing lists, etc.
An API to make <keygen> easier
- Jonas Sicking mentioned this to me during a Mozilla All-hands DOMCrypt presentation
- NEED EXAMPLE
Signing APIs that would allow S. Korean web users to use any browser for online banking
- on the WHAT-WG mailing list, this was brought up. The API as spec'd is part of the way there, but needs additional research and API methods http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031789.html
- NEED EXAMPLES