MozillaWiki

Privacy/Features/DOMCryptAPI/UseCases

< Privacy‎ | Features‎ | DOMCryptAPI
Revision as of 18:06, 6 December 2011 by Ddahl (talk | contribs) (→‎General Purpose Symmetric Crypto)

DOMCrypt API Use Cases

Back to DOMCrypt Draft Spec: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest

Messaging

  • Deuxdrop ( https://wiki.mozilla.org/Labs/Deuxdrop ), a project from Mozilla Labs would benefit from the DOMCrypt API.
  • Boot2Gecko apps will benefit greatly from the DOMCrypt API, as the only thing to consume is the DOM and all of the APIs we provide.
    • Example: Natasha and Boris would like to message one another privately via a web application. The server is untrusted and all message data that Natasha sends to the server should be encrypted so only Boris can read it after downloading. A server compromise will net the server's attacker only blobs of useless data. This web application will use the Public Key API: window.cipher.pk.*

Example Code: 

var publicKey = messagingApp.getPublicKey("boris");

var plainText = "Hey, wanna grab a root beer with me after work?";

window.crypto.pk.encrypt(plainText, publicKey, function callback(aCipherMessage) {
  // Asynchronous crypto API - the plainText is encrypted and the CipherMessage object is returned to this callback function
  // aCipherMessage is a JS object literal: 
  //   { content: <ENCRYPTED, BASE64 Encoded String>, 
  //     pubKey: <PUBLICKEY used to encrypt the a symmetric key>, 
  //     wrappedKey: <SYMMETRIC KEY wrapped with the recipient's public key>,
  //     iv: <Initialization Vector> 
  //   }
  messagingApp.sendMessage(aCipherMessage, {from: 'natasha', to: 'boris'});
});

Symmetric Crypto via Diffie-Hellman Key Exchange

  • TBD
  // This API is under development

Hashing

SHA 256 hashes are handy for storing passwords and generating checksums (among other uses)

Example code uses the hashing API: window.cipher.hash.* 

var myPassword = "5ekr3tPa55w0rd";

window.cipher.hash.SHA256(myPassword, function callback(aHash) {
  myApp.doSomethingWithAHash(aHash);  
});

// Another idea: generating a file checksum in conjunction with the FileAPI

Identity in the Browser

We will need both a chrome-privileged and content Crypto API for generating keypairs and hashing data. See Identity/Verified_Email_Protocol/Latest

New Ideas

  • Some ideas that have been mentioned via mailing lists, etc.

An API to make <keygen> easier

  • Jonas Sicking mentioned this to me during a Mozilla All-hands DOMCrypt presentation
    • NEED EXAMPLE

Signing APIs that would allow S. Korean web users to use any browser for online banking

Retrieved from "https://wiki.allizom.org/index.php?title=Privacy/Features/DOMCryptAPI/UseCases&oldid=376135"