David, Here are my review comments on https://wiki.mozilla.org/DOMCryptInternalAPI:
1. I don't understand the difference between the two methods that generate key pairs: PKGenerateKeyPair SigGenerateKeyPair 2. PKEncrypt just need a public key, not a key pair. 3. I suggest not assigning 0 to any algorithm enumerator. This allows the use of 0 as an invalid value. We can't use -1 because the type is unsigned long. So ALGORITHM_RSA should be 1 and ALGORITHM_DSA should be 2. 4. Like PKDecrypt, Sign just needs aKeyID, which represents a private key. 5. Verify should take a public key. 6. The second arguments of Sign and Verify should have the same name (because the refer to the same thing) and the name should not imply it is encrypted (such as aPlaintext and aClearBytes). You can use 'message' as the argument name. 7. When verifying a MAC, the byte comparison must be constant time to avoid leaking timing info. Leaking timing info of MAC verification could be problematic in some situations. This issue is described in https://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13 So I suggest adding a verify() method to the CryptoHmac interface, so that we can implement the verify() method with constant time byte comparison. Wan-Teh Chang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto