I wonder whether the problem is actually just one of generating
sufficiently cryptographically secure PRNGs or whether there are real
benefits to creating a full-blown UA-based Crypto API and the can of
worms that might open.
There was a proposal on the WHATWG back in February for producing a
cryptographic pseudo-random number generation API (ala the NS4
window.crypto.random API IIRC) within browsers [1].
A 2009 Stanford white paper entitled 'Symmetric Cryptography in
Javascript' [2] detailed a number of optimizations to make symmetric
cryptography performant in pure-Javascript (i.e. maximizing
precomputation, loop unrolling, bitslicing). There is an implementation
available at [3]. The paper concluded by saying that one of their
biggest problems was finding a way to generate enough cryptographic
randomness in the browser for key generation - other than that their
solution is quite performant.
So would window.crypto.random allow performant symmetric and asymmetric
cryptography to be written in pure JS? It would be good to see some
benchmarks between JS and Native around SHA256 and SHA512 key generation
(for example) to really understand the performance benefits that this
API could bring.
Other than that, it's still a very rough proposal but it could be
interesting pending some performance benchmark data (or details of
additional benefits that this proposal brings) :)
- Rich
[1]
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-February/030241.html
[2] http://crypto.stanford.edu/sjcl/acsac.pdf
[3] http://crypto.stanford.edu/sjcl/
David Dahl wrote:
Hello public-webapps members,
(I wanted to post this proposed draft spec for the DOMCrypt API (
https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest ) to this list
- if there is a more fitting mailing list, please let me know)
I recently posted this draft spec for a crypto API for browsers to the whatwg
(see: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html)
and wanted to get feedback from W3C as well.
Privacy and user control on the web is of utter importance. Tracking,
unauthorized user data aggregation and personal information breaches are
becoming so commonplace you see a new headline almost daily. (It seems).
We need crypto APIs in browsers to allow developers to create more secure
communications tools and web applications that don’t have to implicitly trust
the server, among other use cases.
The DOMCrypt API is a good start, and more feedback and discussion will really
help round out how all of this should work – as well as how it can work in any
browser that will support such an API.
This API will provide each web browser window with a ‘cipher’ property[1] that
facilitates:
asymmetric encryption key pair generation
public key encryption
public key decryption
symmetric encryption
signature generation
signature verification
hashing
easy public key discovery via meta tags or an ‘addressbookentry’ tag
[1] There is a bit of discussion around adding this API to window.navigator or
consolidation within window.crypto
I have created a Firefox extension that implements most of the above, and am
working on an experimental patch that integrates this API into Firefox.
The project originated in an extension I wrote, the home page is here:
http://domcrypt.org
The source code for the extension is here: https://github.com/daviddahl/domcrypt
The Mozilla bugs are here:
https://bugzilla.mozilla.org/show_bug.cgi?id=649154
https://bugzilla.mozilla.org/show_bug.cgi?id=657432
Firefox "feature wiki page":
https://wiki.mozilla.org/Privacy/Features/DOMCryptAPI
You can test the API by installing the extension hosted at domcrypt.org, and
going to http://domcrypt.org
A recent blog post updating all of this is posted here:
http://monocleglobe..wordpress.com/2011/06/01/domcrypt-update-2011-06-01/
The API:
window.cipher = {
// Public Key API
pk: {
set algorithm(algorithm){ },
get algorithm(){ },
// Generate a keypair and then execute the callback function
generateKeypair: function ( function callback( aPublicKey ) { } ) { },
// encrypt a plainText
encrypt: function ( plainText, function callback (cipherMessageObject) ) {
} ) { },
// decrypt a cipherMessage
decrypt: function ( cipherMessageObject, function callback ( plainText ) { }
) { },
// sign a message
sign: function ( plainText, function callback ( signature ) { } ) { },
// verify a signature
verify: function ( signature, plainText, function callback ( boolean ) { } )
{ },
// get the JSON cipherAddressbook
get addressbook() {},
// make changes to the addressbook
saveAddressbook: function (JSONObject, function callback ( addresssbook ) {
}) { }
},
// Symmetric Crypto API
sym: {
get algorithm(),
set algorithm(algorithm),
// create a new symmetric key
generateKey: function (function callback ( key ){ }) { },
// encrypt some data
encrypt: function (plainText, key, function callback( cipherText ){ }) { },
// decrypt some data
decrypt: function (cipherText, key, function callback( plainText ) { }) { },
},
// hashing
hash: {
SHA256: function (function callback (hash){}) { }
}
}
Your feedback and criticism will be invaluable.
Best regards,
David Dahl
Firefox Engineer, Mozilla Corp.
