Evaluate new WebCrypto API for use in Apps
Closed this issue · 4 comments
Need to check the applicability of the APIs outlined in http://www.w3.org/TR/2014/WD-WebCryptoAPI-20140325/#scope-algorithms for use in the Apps.
Two areas of interest are a) browser implementation of crypto algorithms (rather than JS based code) and b) ability to sign JS application code.
Need to see what the timeline for implementation in browsers is too.
This feature is still in development in most browsers.
http://www.chromestatus.com/features/5030265697075200
IE 11 Beta has a version based on the draft: https://dvcs.w3.org/hg/webcrypto-api/raw-file/tag2013.05.21/spec/Overview.html
In Chrome, you can access the crypto preview code by going to about:flags,
and enabling: Enable experimental Web Platform features.
Here is some sample code to play with in the dev console:
https://docs.google.com/document/d/1rkWu0zfAtdfiwXMRNu9wRZm_19BfVd-B2U7j8dNeYek/edit#
Netflix have developed their own PolyFill solution to web crypto - much like the SJCL being used.
https://github.com/Netflix/NfWebCrypto
Theoretically with the encrypt and decrypt capabilities provided by the API, it should be possible to replace the SJCL library with native WebCrypto in the future.
I can't seem to get the decrypt working for the chrome demo, but this could be for a number of reasons - there isn't much documentation around the API at this stage either.
The ability to sign JS application code should be possible with WebCrypto - this is briefly touched on in section 2.7 Javascript Object Signing and Encryption (JOSE).
"A web application wishes to make use of the structures and format of messages defined by the IETF Javascript Object Signing and Encryption (JOSE) Working Group. The web application wishes to manipulate public keys encoded in the JSON key format (JWK), messages that have been integrity protected using digital signatures or MACs (JWS), or that have been encrypted (JWE)."