--- a/spec/Overview-WebCryptoAPI.xml Sun Jan 27 20:58:49 2013 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Sun Jan 27 20:59:29 2013 -0800
@@ -644,7 +644,7 @@
<div class="note">
<p>
Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-Crypto-method-generateKey"><code>generateKey</code></a> method instead.
+ <a href="#dfn-SubtleSubtleCrypto-method-generateKey"><code>generateKey</code></a> method instead.
</p>
</div>
</div>
@@ -1315,6 +1315,21 @@
<div id="crypto-interface" class="section">
<h2>Crypto interface</h2>
<x:codeblock language="idl">
+interface <dfn id="dfn-Crypto">Crypto</dfn> {
+ readonly attribute <a href="#dfn-SubtleCrypto">SubtleCrypto</a> subtle;
+};
+
+<a href="#dfn-Crypto">Crypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
+
+partial interface Window {
+ readonly attribute <a href="#dfn-Crypto">Crypto</a> crypto;
+};
+ </x:codeblock>
+ </div>
+
+ <div id="subtlecrypto-interface" class="section">
+ <h2>SubtleCrypto interface</h2>
+ <x:codeblock language="idl">
enum <dfn id="dfn-KeyFormat">KeyFormat</dfn> {
<span class="comment">// An unformatted sequence of bytes. Intended for secret keys.</span>
"raw",
@@ -1326,46 +1341,40 @@
"jwk",
};
-interface <dfn id="dfn-Crypto">Crypto</dfn> {
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+interface <dfn id="dfn-SubtleCrypto">SubtleCrypto</dfn> {
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
ArrayBufferView signature,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
optional ArrayBufferView? buffer = null);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/36">ISSUE-36</a></span>
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-deriveKey">deriveKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-deriveKey">deriveKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> baseKey,
<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>? derivedKeyType,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a></span>
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-importKey">importKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-importKey">importKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
ArrayBufferView keyData,
<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>? algorithm,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
-};
-
-<a href="#dfn-Crypto">Crypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
-
-partial interface Window {
- readonly attribute <a href="#dfn-Crypto">Crypto</a> crypto;
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
};
</x:codeblock>
<div class="ednote">
@@ -1386,12 +1395,54 @@
</li>
</ul>
</div>
- <div id="crypto-interface-methods" class="section">
+ <div id="subtlecrypto-interface-description" class="section">
+ <h3>Description</h3>
+ <p class="norm">This section is non-normative.</p>
+ <p>
+ The <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface provides a set of
+ methods for dealing with low-level cryptographic primitives and algorithms. It is
+ named <code>SubtleCrypto</code> to reflect the fact that many of these algorithms
+ have subtle usage requirements in order to provide the required algorithmic
+ security guarantees.
+ </p>
+ <p>
+ For example, the direct use of an unauthenticated encryption scheme, such as
+ <a href="#aes-ctr">AES in counter mode</a>, gives potential attackers the ability to
+ manipulate bits in the output by manipulating bits in the input, compromising the
+ integrity of the message. However, AES-CTR can be used securely in combination
+ with other cryptographic primitives, such as message authentication codes, to ensure
+ the integrity of the protected message, but only when the message authentication
+ code is constructed over the encrypted message and IV.
+ </p>
+ <p>
+ Developers making use of the SubtleCrypto interface are expected to be aware of the
+ security concerns associated with both the design and implementation of the various
+ algorithms provided. The raw algorithms are provided in order to allow developers
+ maximum flexibility in implementing a variety of protocols and applications, each of
+ which may represent the composition and security parameters in a unique manner that
+ necessitate the use of the raw algorithms.
+ </p>
+ <div class="ednote">
+ <p>
+ Because of the subtleties associated with this API, the Web Cryptography Working
+ Group is also investigating providing a high-level API which provides a
+ comprehensive secure construction and messaging format, to allow new web
+ applications to exchange information without having to be aware of the cryptographic
+ subtleties associated with these individual algorithms.
+ </p>
+ <p>
+ It is likely that such a high-level API will produce messages using algorithms and
+ formats defined in the IETF JOSE Working Group, although this is still a topic of
+ discussion.
+ </p>
+ </div>
+ </div>
+ <div id="subtlecrypto-interface-methods" class="section">
<h3>Methods and Parameters</h3>
- <div id="Crypto-method-encrypt" class="section">
+ <div id="SubtleCrypto-method-encrypt" class="section">
<h4>The encrypt method</h4>
<p>
- The <dfn id="dfn-Crypto-method-encrypt"><code>encrypt</code></dfn>
+ The <dfn id="dfn-SubtleSubtleCrypto-method-encrypt"><code>encrypt</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will encrypt data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1490,10 +1541,10 @@
</ol>
</div>
- <div id="Crypto-method-decrypt" class="section">
+ <div id="SubtleCrypto-method-decrypt" class="section">
<h4>The decrypt method</h4>
<p>
- The <dfn id="dfn-Crypto-method-decrypt"><code>decrypt</code></dfn>
+ The <dfn id="dfn-SubtleSubtleCrypto-method-decrypt"><code>decrypt</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will decrypt data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1592,10 +1643,10 @@
</ol>
</div>
- <div id="Crypto-method-sign" class="section">
+ <div id="SubtleCrypto-method-sign" class="section">
<h4>The sign method</h4>
<p>
- The <dfn id="dfn-Crypto-method-sign"><code>sign</code></dfn> method
+ The <dfn id="dfn-SubtleSubtleCrypto-method-sign"><code>sign</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will sign data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1693,10 +1744,10 @@
</ol>
</div>
- <div id="Crypto-method-verify" class="section">
+ <div id="SubtleCrypto-method-verify" class="section">
<h4>The verify method</h4>
<p>
- The <dfn id="dfn-Crypto-method-verify"><code>verify</code></dfn> method
+ The <dfn id="dfn-SubtleSubtleCrypto-method-verify"><code>verify</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will verify data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1794,10 +1845,10 @@
</ol>
</div>
- <div id="Crypto-method-digest" class="section">
+ <div id="SubtleCrypto-method-digest" class="section">
<h4>The digest method</h4>
<p>
- The <dfn id="dfn-Crypto-method-digest"><code>digest</code></dfn> method returns
+ The <dfn id="dfn-SubtleSubtleCrypto-method-digest"><code>digest</code></dfn> method returns
a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will digest data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a>.
@@ -1895,10 +1946,10 @@
</ol>
</div>
- <div id="Crypto-method-generateKey" class="section">
+ <div id="SubtleCrypto-method-generateKey" class="section">
<h4>The generateKey method</h4>
<p>
- When invoked, <dfn id="dfn-Crypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-SubtleSubtleCrypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -1995,10 +2046,10 @@
</div>
</div>
- <div id="Crypto-method-deriveKey" class="section">
+ <div id="SubtleCrypto-method-deriveKey" class="section">
<h4>The deriveKey method</h4>
<p>
- When invoked, <dfn id="dfn-Crypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-SubtleSubtleCrypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -2104,12 +2155,12 @@
</div>
</div>
- <div id="Crypto-method-importKey" class="section">
- <h4>The <dfn id="dfn-Crypto-method-importKey">importKey</dfn> method</h4>
+ <div id="SubtleCrypto-method-importKey" class="section">
+ <h4>The <dfn id="dfn-SubtleSubtleCrypto-method-importKey">importKey</dfn> method</h4>
<p></p>
</div>
- <div id="Crypto-method-exportKey" class="section">
- <h4>The <dfn id="dfn-Crypto-method-exportKey">exportKey</dfn> method</h4>
+ <div id="SubtleCrypto-method-exportKey" class="section">
+ <h4>The <dfn id="dfn-SubtleSubtleCrypto-method-exportKey">exportKey</dfn> method</h4>
<p></p>
</div>
@@ -2182,7 +2233,7 @@
<p>
The Working Group is actively discussing means of discovering <code><a href="#dfn-Key">Key</a></code>
objects that are not not directly created by the application via
- <code><a href="#Crypto-method-generateKey">generateKey</a></code>, or allowing
+ <code><a href="#SubtleCrypto-method-generateKey">generateKey</a></code>, or allowing
web applications to indicate how and where the cryptographic keying material associated with
<code>Key</code> objects is stored. Examples of such <code>Key</code> objects or interfaces that
may be exposed include:
@@ -3575,7 +3626,7 @@
}
};
-var keyGen = window.crypto.generateKey(algorithmKeyGen,
+var keyGen = window.crypto.subtle.generateKey(algorithmKeyGen,
false, <span class="comment">// extractable</span>
["sign"]);
@@ -3628,7 +3679,7 @@
};
<span class="comment">// Create a keygenerator to produce a one-time-use AES key to encrypt some data</span>
-var cryptoKeyGen = window.crypto.generateKey(aesAlgorithmKeyGen,
+var cryptoKeyGen = window.crypto.subtle.generateKey(aesAlgorithmKeyGen,
false, <span class="comment">// extractable</span>
["encrypt"]);
@@ -3638,7 +3689,7 @@
<span class="comment">// Unlike the signing example, which showed multi-part encryption, here we
// will perform the entire AES operation in a single call.</span>
- var aesOp = window.crypto.encrypt(aesAlgorithmEncrypt, aesKey, clearDataArrayBufferView);
+ var aesOp = window.crypto.subtle.encrypt(aesAlgorithmEncrypt, aesKey, clearDataArrayBufferView);
aesOp.oncomplete = function(event) {
<span class="comment">// The clearData has been encrypted.</span>
var ciphertext = event.target.result; <span class="comment">// ArrayBufferView</span>
--- a/spec/Overview.html Sun Jan 27 20:58:49 2013 -0800
+++ b/spec/Overview.html Sun Jan 27 20:59:29 2013 -0800
@@ -49,7 +49,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 22 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 23 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -141,7 +141,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-processing-model">12.1. Processing Model</a></li><li><a href="#cryptooperation-events">12.2. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.3. Attributes</a></li><li><a href="#CryptoOperation-methods">12.4. Methods</a><ul><li><a href="#CryptoOperation-method-process">12.4.1. process(ArrayBufferView data)</a></li><li><a href="#CryptoOperation-method-finish">12.4.2. The finish() method</a></li><li><a href="#CryptoOperation-method-abort">12.4.3. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#crypto-interface">14. Crypto interface</a><ul><li><a href="#crypto-interface-methods">14.1. Methods and Parameters</a><ul><li><a href="#Crypto-method-encrypt">14.1.1. The encrypt method</a></li><li><a href="#Crypto-method-decrypt">14.1.2. The decrypt method</a></li><li><a href="#Crypto-method-sign">14.1.3. The sign method</a></li><li><a href="#Crypto-method-verify">14.1.4. The verify method</a></li><li><a href="#Crypto-method-digest">14.1.5. The digest method</a></li><li><a href="#Crypto-method-generateKey">14.1.6. The generateKey method</a></li><li><a href="#Crypto-method-deriveKey">14.1.7. The deriveKey method</a></li><li><a href="#Crypto-method-importKey">14.1.8. The importKey method</a></li><li><a href="#Crypto-method-exportKey">14.1.9. The exportKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">15. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">15.1. Description</a></li></ul></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. KeyPair</a></li><li><a href="#key-discovery">18. Key Discovery</a></li><li><a href="#algorithms">19. Algorithms</a><ul><li><a href="#recommended-algorithms">19.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">19.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">19.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">19.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">19.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">19.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">19.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">19.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">19.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">19.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">19.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">19.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">19.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">19.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">19.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">19.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">19.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">19.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">19.5.1. Description</a></li><li><a href="#rsa-pss-registration">19.5.2. Registration</a></li><li><a href="#rsa-pss-params">19.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">19.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">19.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">19.6.1. Description</a></li><li><a href="#rsa-oaep-registration">19.6.2. Registration</a></li><li><a href="#rsa-oaep-params">19.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">19.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">19.7. ECDSA</a><ul><li><a href="#ecdsa-description">19.7.1. Description</a></li><li><a href="#ecdsa-registration">19.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">19.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">19.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">19.7.5. Operations</a></li></ul></li><li><a href="#ecdh">19.8. ECDH</a><ul><li><a href="#ecdh-description">19.8.1. Description</a></li><li><a href="#ecdh-registration">19.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">19.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">19.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">19.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">19.9.1. Description</a></li><li><a href="#aes-ctr-registration">19.9.2. Registration</a></li><li><a href="#aes-ctr-params">19.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">19.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">19.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">19.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">19.10.1. Description</a></li><li><a href="#aes-cbc-registration">19.10.2. Registration</a></li><li><a href="#aes-cbc-params">19.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">19.10.4. Operations</a></li></ul></li><li><a href="#aes-gcm">19.11. AES-GCM</a><ul><li><a href="#aes-gcm-description">19.11.1. Description</a></li><li><a href="#aes-gcm-registration">19.11.2. Registration</a></li><li><a href="#aes-gcm-params">19.11.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">19.11.4. Operations</a></li></ul></li><li><a href="#hmac">19.12. HMAC</a><ul><li><a href="#hmac-description">19.12.1. Description</a></li><li><a href="#hmac-registration">19.12.2. Registration</a></li><li><a href="#hmac-params">19.12.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">19.12.4. Operations</a></li></ul></li><li><a href="#dh">19.13. Diffie-Hellman</a><ul><li><a href="#dh-description">19.13.1. Description</a></li><li><a href="#dh-registration">19.13.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">19.13.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">19.13.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">19.13.5. Operations</a></li></ul></li><li><a href="#sha">19.14. SHA</a><ul><li><a href="#sha-description">19.14.1. Description</a></li><li><a href="#sha-registration">19.14.2. Registration</a></li><li><a href="#sha-operations">19.14.3. Operations</a></li></ul></li><li><a href="#concatkdf">19.15. Concat KDF</a><ul><li><a href="#concatkdf-description">19.15.1. Description</a></li><li><a href="#concatkdf-registration">19.15.2. Registration</a></li><li><a href="#concat-params">19.15.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">19.15.4. Operations</a></li></ul></li><li><a href="#pbkdf2">19.16. PBKDF2</a><ul><li><a href="#pbkdf2-description">19.16.1. Description</a></li><li><a href="#pbkdf2-registration">19.16.2. Registration</a></li><li><a href="#pbkdf2-params">19.16.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">19.16.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">20. Algorithm normalizing rules</a></li><li><a href="#examples-section">21. JavaScript Example Code</a><ul><li><a href="#examples-signing">21.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">21.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-processing-model">12.1. Processing Model</a></li><li><a href="#cryptooperation-events">12.2. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.3. Attributes</a></li><li><a href="#CryptoOperation-methods">12.4. Methods</a><ul><li><a href="#CryptoOperation-method-process">12.4.1. process(ArrayBufferView data)</a></li><li><a href="#CryptoOperation-method-finish">12.4.2. The finish() method</a></li><li><a href="#CryptoOperation-method-abort">12.4.3. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#crypto-interface">14. Crypto interface</a></li><li><a href="#subtlecrypto-interface">15. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">15.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">15.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">15.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">15.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">15.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">15.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">15.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">15.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">15.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-importKey">15.2.8. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">15.2.9. The exportKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">16. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">16.1. Description</a></li></ul></li><li><a href="#big-integer">17. BigInteger</a></li><li><a href="#keypair">18. KeyPair</a></li><li><a href="#key-discovery">19. Key Discovery</a></li><li><a href="#algorithms">20. Algorithms</a><ul><li><a href="#recommended-algorithms">20.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">20.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">20.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">20.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">20.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">20.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">20.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">20.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">20.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">20.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">20.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">20.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">20.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">20.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">20.5.1. Description</a></li><li><a href="#rsa-pss-registration">20.5.2. Registration</a></li><li><a href="#rsa-pss-params">20.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">20.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">20.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">20.6.1. Description</a></li><li><a href="#rsa-oaep-registration">20.6.2. Registration</a></li><li><a href="#rsa-oaep-params">20.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">20.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">20.7. ECDSA</a><ul><li><a href="#ecdsa-description">20.7.1. Description</a></li><li><a href="#ecdsa-registration">20.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">20.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">20.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">20.7.5. Operations</a></li></ul></li><li><a href="#ecdh">20.8. ECDH</a><ul><li><a href="#ecdh-description">20.8.1. Description</a></li><li><a href="#ecdh-registration">20.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">20.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">20.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">20.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">20.9.1. Description</a></li><li><a href="#aes-ctr-registration">20.9.2. Registration</a></li><li><a href="#aes-ctr-params">20.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">20.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">20.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">20.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">20.10.1. Description</a></li><li><a href="#aes-cbc-registration">20.10.2. Registration</a></li><li><a href="#aes-cbc-params">20.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">20.10.4. Operations</a></li></ul></li><li><a href="#aes-gcm">20.11. AES-GCM</a><ul><li><a href="#aes-gcm-description">20.11.1. Description</a></li><li><a href="#aes-gcm-registration">20.11.2. Registration</a></li><li><a href="#aes-gcm-params">20.11.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">20.11.4. Operations</a></li></ul></li><li><a href="#hmac">20.12. HMAC</a><ul><li><a href="#hmac-description">20.12.1. Description</a></li><li><a href="#hmac-registration">20.12.2. Registration</a></li><li><a href="#hmac-params">20.12.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">20.12.4. Operations</a></li></ul></li><li><a href="#dh">20.13. Diffie-Hellman</a><ul><li><a href="#dh-description">20.13.1. Description</a></li><li><a href="#dh-registration">20.13.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">20.13.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">20.13.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">20.13.5. Operations</a></li></ul></li><li><a href="#sha">20.14. SHA</a><ul><li><a href="#sha-description">20.14.1. Description</a></li><li><a href="#sha-registration">20.14.2. Registration</a></li><li><a href="#sha-operations">20.14.3. Operations</a></li></ul></li><li><a href="#concatkdf">20.15. Concat KDF</a><ul><li><a href="#concatkdf-description">20.15.1. Description</a></li><li><a href="#concatkdf-registration">20.15.2. Registration</a></li><li><a href="#concat-params">20.15.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">20.15.4. Operations</a></li></ul></li><li><a href="#pbkdf2">20.16. PBKDF2</a><ul><li><a href="#pbkdf2-description">20.16.1. Description</a></li><li><a href="#pbkdf2-registration">20.16.2. Registration</a></li><li><a href="#pbkdf2-params">20.16.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">20.16.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">21. Algorithm normalizing rules</a></li><li><a href="#examples-section">22. JavaScript Example Code</a><ul><li><a href="#examples-signing">22.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">22.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">23. Acknowledgements</a></li><li><a href="#references">24. References</a><ul><li><a href="#normative-references">24.1. Normative References</a></li><li><a href="#informative-references">24.2. Informative References</a></li></ul></li></ul></div>
</div>
<div id="sections">
@@ -653,7 +653,7 @@
<div class="note"><div class="noteHeader">Note</div>
<p>
Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-Crypto-method-generateKey"><code>generateKey</code></a> method instead.
+ <a href="#dfn-SubtleSubtleCrypto-method-generateKey"><code>generateKey</code></a> method instead.
</p>
</div>
</div>
@@ -1324,6 +1324,21 @@
<div id="crypto-interface" class="section">
<h2>14. Crypto interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
+interface <dfn id="dfn-Crypto">Crypto</dfn> {
+ readonly attribute <a href="#dfn-SubtleCrypto">SubtleCrypto</a> subtle;
+};
+
+<a href="#dfn-Crypto">Crypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
+
+partial interface Window {
+ readonly attribute <a href="#dfn-Crypto">Crypto</a> crypto;
+};
+ </code></pre></div></div>
+ </div>
+
+ <div id="subtlecrypto-interface" class="section">
+ <h2>15. SubtleCrypto interface</h2>
+ <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
enum <dfn id="dfn-KeyFormat">KeyFormat</dfn> {
<span class="comment">// An unformatted sequence of bytes. Intended for secret keys.</span>
"raw",
@@ -1335,46 +1350,40 @@
"jwk",
};
-interface <dfn id="dfn-Crypto">Crypto</dfn> {
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+interface <dfn id="dfn-SubtleCrypto">SubtleCrypto</dfn> {
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
ArrayBufferView signature,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
optional ArrayBufferView? buffer = null);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/36">ISSUE-36</a></span>
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-deriveKey">deriveKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-deriveKey">deriveKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> baseKey,
<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>? derivedKeyType,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a></span>
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-importKey">importKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-importKey">importKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
ArrayBufferView keyData,
<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>? algorithm,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
-};
-
-<a href="#dfn-Crypto">Crypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
-
-partial interface Window {
- readonly attribute <a href="#dfn-Crypto">Crypto</a> crypto;
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
};
</code></pre></div></div>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
@@ -1395,12 +1404,54 @@
</li>
</ul>
</div>
- <div id="crypto-interface-methods" class="section">
- <h3>14.1. Methods and Parameters</h3>
- <div id="Crypto-method-encrypt" class="section">
- <h4>14.1.1. The encrypt method</h4>
+ <div id="subtlecrypto-interface-description" class="section">
+ <h3>15.1. Description</h3>
+ <p class="norm">This section is non-normative.</p>
+ <p>
+ The <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface provides a set of
+ methods for dealing with low-level cryptographic primitives and algorithms. It is
+ named <code>SubtleCrypto</code> to reflect the fact that many of these algorithms
+ have subtle usage requirements in order to provide the required algorithmic
+ security guarantees.
+ </p>
+ <p>
+ For example, the direct use of an unauthenticated encryption scheme, such as
+ <a href="#aes-ctr">AES in counter mode</a>, gives potential attackers the ability to
+ manipulate bits in the output by manipulating bits in the input, compromising the
+ integrity of the message. However, AES-CTR can be used securely in combination
+ with other cryptographic primitives, such as message authentication codes, to ensure
+ the integrity of the protected message, but only when the message authentication
+ code is constructed over the encrypted message and IV.
+ </p>
+ <p>
+ Developers making use of the SubtleCrypto interface are expected to be aware of the
+ security concerns associated with both the design and implementation of the various
+ algorithms provided. The raw algorithms are provided in order to allow developers
+ maximum flexibility in implementing a variety of protocols and applications, each of
+ which may represent the composition and security parameters in a unique manner that
+ necessitate the use of the raw algorithms.
+ </p>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
<p>
- The <dfn id="dfn-Crypto-method-encrypt"><code>encrypt</code></dfn>
+ Because of the subtleties associated with this API, the Web Cryptography Working
+ Group is also investigating providing a high-level API which provides a
+ comprehensive secure construction and messaging format, to allow new web
+ applications to exchange information without having to be aware of the cryptographic
+ subtleties associated with these individual algorithms.
+ </p>
+ <p>
+ It is likely that such a high-level API will produce messages using algorithms and
+ formats defined in the IETF JOSE Working Group, although this is still a topic of
+ discussion.
+ </p>
+ </div>
+ </div>
+ <div id="subtlecrypto-interface-methods" class="section">
+ <h3>15.2. Methods and Parameters</h3>
+ <div id="SubtleCrypto-method-encrypt" class="section">
+ <h4>15.2.1. The encrypt method</h4>
+ <p>
+ The <dfn id="dfn-SubtleSubtleCrypto-method-encrypt"><code>encrypt</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will encrypt data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1499,10 +1550,10 @@
</ol>
</div>
- <div id="Crypto-method-decrypt" class="section">
- <h4>14.1.2. The decrypt method</h4>
+ <div id="SubtleCrypto-method-decrypt" class="section">
+ <h4>15.2.2. The decrypt method</h4>
<p>
- The <dfn id="dfn-Crypto-method-decrypt"><code>decrypt</code></dfn>
+ The <dfn id="dfn-SubtleSubtleCrypto-method-decrypt"><code>decrypt</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will decrypt data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1601,10 +1652,10 @@
</ol>
</div>
- <div id="Crypto-method-sign" class="section">
- <h4>14.1.3. The sign method</h4>
+ <div id="SubtleCrypto-method-sign" class="section">
+ <h4>15.2.3. The sign method</h4>
<p>
- The <dfn id="dfn-Crypto-method-sign"><code>sign</code></dfn> method
+ The <dfn id="dfn-SubtleSubtleCrypto-method-sign"><code>sign</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will sign data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1702,10 +1753,10 @@
</ol>
</div>
- <div id="Crypto-method-verify" class="section">
- <h4>14.1.4. The verify method</h4>
+ <div id="SubtleCrypto-method-verify" class="section">
+ <h4>15.2.4. The verify method</h4>
<p>
- The <dfn id="dfn-Crypto-method-verify"><code>verify</code></dfn> method
+ The <dfn id="dfn-SubtleSubtleCrypto-method-verify"><code>verify</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will verify data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1803,10 +1854,10 @@
</ol>
</div>
- <div id="Crypto-method-digest" class="section">
- <h4>14.1.5. The digest method</h4>
+ <div id="SubtleCrypto-method-digest" class="section">
+ <h4>15.2.5. The digest method</h4>
<p>
- The <dfn id="dfn-Crypto-method-digest"><code>digest</code></dfn> method returns
+ The <dfn id="dfn-SubtleSubtleCrypto-method-digest"><code>digest</code></dfn> method returns
a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will digest data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a>.
@@ -1904,10 +1955,10 @@
</ol>
</div>
- <div id="Crypto-method-generateKey" class="section">
- <h4>14.1.6. The generateKey method</h4>
+ <div id="SubtleCrypto-method-generateKey" class="section">
+ <h4>15.2.6. The generateKey method</h4>
<p>
- When invoked, <dfn id="dfn-Crypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-SubtleSubtleCrypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -2004,10 +2055,10 @@
</div>
</div>
- <div id="Crypto-method-deriveKey" class="section">
- <h4>14.1.7. The deriveKey method</h4>
+ <div id="SubtleCrypto-method-deriveKey" class="section">
+ <h4>15.2.7. The deriveKey method</h4>
<p>
- When invoked, <dfn id="dfn-Crypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-SubtleSubtleCrypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -2113,12 +2164,12 @@
</div>
</div>
- <div id="Crypto-method-importKey" class="section">
- <h4>14.1.8. The <dfn id="dfn-Crypto-method-importKey">importKey</dfn> method</h4>
+ <div id="SubtleCrypto-method-importKey" class="section">
+ <h4>15.2.8. The <dfn id="dfn-SubtleSubtleCrypto-method-importKey">importKey</dfn> method</h4>
<p></p>
</div>
- <div id="Crypto-method-exportKey" class="section">
- <h4>14.1.9. The <dfn id="dfn-Crypto-method-exportKey">exportKey</dfn> method</h4>
+ <div id="SubtleCrypto-method-exportKey" class="section">
+ <h4>15.2.9. The <dfn id="dfn-SubtleSubtleCrypto-method-exportKey">exportKey</dfn> method</h4>
<p></p>
</div>
@@ -2126,7 +2177,7 @@
</div>
<div id="WorkerCrypto-interface" class="section">
- <h2>15. WorkerCrypto interface</h2>
+ <h2>16. WorkerCrypto interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-WorkerCrypto">WorkerCrypto</dfn> {
};
@@ -2138,7 +2189,7 @@
};
</code></pre></div></div>
<div id="WorkerCrypto-description" class="section">
- <h3>15.1. Description</h3>
+ <h3>16.1. Description</h3>
<p>
The <a href="#dfn-WorkerCrypto">WorkerCrypto</a> interface provides cryptographic
functionality for background scripts, as specified by Web Workers [
@@ -2156,7 +2207,7 @@
</div>
<div id="big-integer" class="section">
- <h2>16. BigInteger</h2>
+ <h2>17. BigInteger</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
typedef Uint8Array <dfn id="dfn-BigInteger">BigInteger</dfn>;
</code></pre></div></div>
@@ -2171,7 +2222,7 @@
</div>
<div id="keypair" class="section">
- <h2>17. KeyPair</h2>
+ <h2>18. KeyPair</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyPair">KeyPair</dfn> {
<a href="#dfn-Key">Key</a> publicKey;
@@ -2185,13 +2236,13 @@
</div>
<div id="key-discovery" class="section">
- <h2>18. Key Discovery</h2>
+ <h2>19. Key Discovery</h2>
<p class="norm">This section is non-normative.</p>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
<p>
The Working Group is actively discussing means of discovering <code><a href="#dfn-Key">Key</a></code>
objects that are not not directly created by the application via
- <code><a href="#Crypto-method-generateKey">generateKey</a></code>, or allowing
+ <code><a href="#SubtleCrypto-method-generateKey">generateKey</a></code>, or allowing
web applications to indicate how and where the cryptographic keying material associated with
<code>Key</code> objects is stored. Examples of such <code>Key</code> objects or interfaces that
may be exposed include:
@@ -2228,9 +2279,9 @@
</div>
<div id="algorithms" class="section">
- <h2>19. Algorithms</h2>
+ <h2>20. Algorithms</h2>
<div id="recommended-algorithms" class="section">
- <h3>19.1. Recommended algorithms</h3>
+ <h3>20.1. Recommended algorithms</h3>
<p class="norm">This section is non-normative</p>
<p>
As the API is meant to be extensible in order to keep up with future developments within
@@ -2269,7 +2320,7 @@
</p>
</div>
<div id="defining-an-algorithm" class="section">
- <h3>19.2. Defining an algorithm</h3>
+ <h3>20.2. Defining an algorithm</h3>
<p>
Each algorithm that is to be exposed via the Web Cryptography API
<span class="RFC2119">SHOULD</span> be registered via the Web Cryptography working group,
@@ -2278,7 +2329,7 @@
<span class="RFC2119">MUST</span> be processed as if the sections had been defined.
</p>
<div id="recognized-algorithm-name" class="section">
- <h4>19.2.1. Recognized algorithm name</h4>
+ <h4>20.2.1. Recognized algorithm name</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> have a canonical name
for which applications can refer to the algorithm. The canonical name
@@ -2289,14 +2340,14 @@
</p>
</div>
<div id="supported-operations" class="section">
- <h4>19.2.2. Supported operations</h4>
+ <h4>20.2.2. Supported operations</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> define the operations
that it supports.
</p>
</div>
<div id="algorithm-specific-params" class="section">
- <h4>19.2.3. Algorithm-specific parameters</h4>
+ <h4>20.2.3. Algorithm-specific parameters</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> define the expected
contents of the <a href="#dfn-Algorithm-params"><code>params</code></a> member of
@@ -2311,7 +2362,7 @@
</p>
</div>
<div id="algorithm-result" class="section">
- <h4>19.2.4. Algorithm results</h4>
+ <h4>20.2.4. Algorithm results</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> define the contents
of the <a href="#dfn-CryptoOperation-result"><code>result</code></a> attribute of the
@@ -2320,7 +2371,7 @@
</p>
</div>
<div id="algorithm-alias" class="section">
- <h4>19.2.5. <dfn id="dfn-algorithm-alias">Algorithm aliases</dfn></h4>
+ <h4>20.2.5. <dfn id="dfn-algorithm-alias">Algorithm aliases</dfn></h4>
<p>
Each registered algorithm <span class="RFC2119">MAY</span> define one or more aliases
that may define a fully normalized <a href="#dfn-Algorithm">Algorithm</a> object.
@@ -2343,9 +2394,9 @@
</div>
<div id="rsaes-pkcs1" class="section">
- <h3>19.3. RSAES-PKCS1-v1_5</h3>
+ <h3>20.3. RSAES-PKCS1-v1_5</h3>
<div id="rsaes-pkcs1-description" class="section">
- <h4>19.3.1. Description</h4>
+ <h4>20.3.1. Description</h4>
<p>
The <code>"RSAES-PKCS1-v1_5"</code> algorithm identifier is used to perform encryption
and decryption ordering to the RSAES-PKCS1-v1_5 algorithm specified in
@@ -2353,7 +2404,7 @@
</p>
</div>
<div id="rsaes-pkcs1-registration" class="section">
- <h4>19.3.2. Registration</h4>
+ <h4>20.3.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSAES-PKCS1-v1_5"</code>.
@@ -2386,7 +2437,7 @@
</table>
</div>
<div id="RsaKeyGenParams-dictionary" class="section">
- <h4>19.3.3. RsaKeyGenParams dictionary</h4>
+ <h4>20.3.3. RsaKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaKeyGenParams">RsaKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The length, in bits, of the RSA modulus</span>
@@ -2397,7 +2448,7 @@
</code></pre></div></div>
</div>
<div id="rsaes-pkcs1-operations" class="section">
- <h4>19.3.4. Operations</h4>
+ <h4>20.3.4. Operations</h4>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
<p>
Note: The following processing algorithms have not been updated to match the processing algorithm
@@ -2531,9 +2582,9 @@
</div>
<div id="rsassa-pkcs1" class="section">
- <h3>19.4. RSASSA-PKCS1-v1_5</h3>
+ <h3>20.4. RSASSA-PKCS1-v1_5</h3>
<div id="rsassa-pkcs1-description" class="section">
- <h4>19.4.1. Description</h4>
+ <h4>20.4.1. Description</h4>
<p>
The <code>"RSASSA-PKCS1-v1_5"</code> algorithm identifier is used to perform
signing and verification using the RSASSA-PKCS1-v1_5 algorithm specified in
@@ -2541,7 +2592,7 @@
</p>
</div>
<div id="rsassa-pkcs1-registration" class="section">
- <h4>19.4.2. Registration</h4>
+ <h4>20.4.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSASSA-PKCS1-v1_5"</code>.
@@ -2574,7 +2625,7 @@
</table>
</div>
<div id="RsaSsaParams-dictionary" class="section">
- <h4>19.4.3. RsaSsaParams dictionary</h4>
+ <h4>20.4.3. RsaSsaParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaSsaParams">RsaSsaParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash algorithm to use</span>
@@ -2583,7 +2634,7 @@
</code></pre></div></div>
</div>
<div id="rsassa-pkcs1-operations" class="section">
- <h4>19.4.4. Operations</h4>
+ <h4>20.4.4. Operations</h4>
<ul>
<li>Sign</li>
<li>Verify</li>
@@ -2593,9 +2644,9 @@
</div>
<div id="rsa-pss" class="section">
- <h3>19.5. RSA-PSS</h3>
+ <h3>20.5. RSA-PSS</h3>
<div id="rsa-pss-description" class="section">
- <h4>19.5.1. Description</h4>
+ <h4>20.5.1. Description</h4>
<p>
The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
and verification using the RSASSA-PSS algorithm specified in
@@ -2604,7 +2655,7 @@
</p>
</div>
<div id="rsa-pss-registration" class="section">
- <h4>19.5.2. Registration</h4>
+ <h4>20.5.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSA-PSS"</code>.
@@ -2637,7 +2688,7 @@
</table>
</div>
<div id="rsa-pss-params" class="section">
- <h4>19.5.3. RsaPssParams dictionary</h4>
+ <h4>20.5.3. RsaPssParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaPssParams">RsaPssParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash function to apply to the message</span>
@@ -2648,7 +2699,7 @@
</code></pre></div></div>
</div>
<div id="rsa-pss-operations" class="section">
- <h4>19.5.4. Operations</h4>
+ <h4>20.5.4. Operations</h4>
<ul>
<li>Sign</li>
<li>Verify</li>
@@ -2658,9 +2709,9 @@
</div>
<div id="rsa-oaep" class="section">
- <h3>19.6. RSA-OAEP</h3>
+ <h3>20.6. RSA-OAEP</h3>
<div id="rsa-oaep-description" class="section">
- <h4>19.6.1. Description</h4>
+ <h4>20.6.1. Description</h4>
<p>
The <code>"RSA-OAEP"</code> algorithm identifier is used to perform encryption
and decryption ordering to the RSAES-OAEP algorithm specified in
@@ -2669,7 +2720,7 @@
</p>
</div>
<div id="rsa-oaep-registration" class="section">
- <h4>19.6.2. Registration</h4>
+ <h4>20.6.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSA-OAEP"</code>.
@@ -2703,7 +2754,7 @@
</div>
<div id="rsa-oaep-params" class="section">
- <h4>19.6.3. RsaOaepParams dictionary</h4>
+ <h4>20.6.3. RsaOaepParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaOaepParams">RsaOaepParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash function to apply to the message</span>
@@ -2714,7 +2765,7 @@
</code></pre></div></div>
</div>
<div id="rsa-oaep-operations" class="section">
- <h4>19.6.4. Operations</h4>
+ <h4>20.6.4. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -2724,9 +2775,9 @@
</div>
<div id="ecdsa" class="section">
- <h3>19.7. ECDSA</h3>
+ <h3>20.7. ECDSA</h3>
<div id="ecdsa-description" class="section">
- <h4>19.7.1. Description</h4>
+ <h4>20.7.1. Description</h4>
<p>
The <code>"ECDSA"</code> algorithm identifier is used to perform signing
and verification using the ECDSA algorithm specified in
@@ -2734,7 +2785,7 @@
</p>
</div>
<div id="ecdsa-registration" class="section">
- <h4>19.7.2. Registration</h4>
+ <h4>20.7.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"ECDSA"</code>.
@@ -2768,7 +2819,7 @@
</table>
</div>
<div id="EcdsaParams-dictionary" class="section">
- <h4>19.7.3. EcdsaParams dictionary</h4>
+ <h4>20.7.3. EcdsaParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-EcdsaParams">EcdsaParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash algorithm to use</span>
@@ -2777,7 +2828,7 @@
</code></pre></div></div>
</div>
<div id="EcKeyGenParams-dictionary" class="section">
- <h4>19.7.4. EcKeyGenParams dictionary</h4>
+ <h4>20.7.4. EcKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
enum <dfn id="dfn-NamedCurve">NamedCurve</dfn> {
<span class="comment">// NIST recommended curve P-256, also known as secp256r1.</span>
@@ -2800,7 +2851,7 @@
</div>
<div id="ecdsa-operations" class="section">
- <h4>19.7.5. Operations</h4>
+ <h4>20.7.5. Operations</h4>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
<p>
Note: The following processing algorithms have not been updated to match the processing algorithm
@@ -2930,16 +2981,16 @@
</div>
<div id="ecdh" class="section">
- <h3>19.8. ECDH</h3>
+ <h3>20.8. ECDH</h3>
<div id="ecdh-description" class="section">
- <h4>19.8.1. Description</h4>
+ <h4>20.8.1. Description</h4>
<p>
This describes using Elliptic Curve Diffie-Hellman (ECDH) for key generation and key agreement, as
specified by <a href="#X9.63">X9.63</a>.
</p>
</div>
<div id="ecdh-registration" class="section">
- <h4>19.8.2. Registration</h4>
+ <h4>20.8.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"ECDH"</code>.
@@ -2967,7 +3018,7 @@
</table>
</div>
<div id="dh-EcdhKeyDeriveParams" class="section">
- <h4>19.8.3. EcdhKeyDeriveParams dictionary</h4>
+ <h4>20.8.3. EcdhKeyDeriveParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
typedef Uint8Array <dfn id="dfn-ECPoint">ECPoint</dfn>;
@@ -2983,7 +3034,7 @@
</p>
</div>
<div id="ecdh-operations" class="section">
- <h4>19.8.4. Operations</h4>
+ <h4>20.8.4. Operations</h4>
<ul>
<li>Generate Key</li>
<li>Derive Key
@@ -3003,14 +3054,14 @@
</div>
<div id="aes-ctr" class="section">
- <h3>19.9. AES-CTR</h3>
+ <h3>20.9. AES-CTR</h3>
<div id="aes-ctr-description" class="section">
- <h4>19.9.1. Description</h4>
+ <h4>20.9.1. Description</h4>
<p>
</p>
</div>
<div id="aes-ctr-registration" class="section">
- <h4>19.9.2. Registration</h4>
+ <h4>20.9.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-CTR"</code>.
@@ -3044,7 +3095,7 @@
</div>
<div id="aes-ctr-params" class="section">
- <h4>19.9.3. AesCtrParams dictionary</h4>
+ <h4>20.9.3. AesCtrParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesCtrParams">AesCtrParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The initial value of the counter block. counter <span class="RFC2119">MUST</span> be 16 bytes
@@ -3062,7 +3113,7 @@
</code></pre></div></div>
</div>
<div id="aes-keygen-params" class="section">
- <h4>19.9.4. AesKeyGenParams dictionary</h4>
+ <h4>20.9.4. AesKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesKeyGenParams">AesKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The length, in bits, of the key.</span>
@@ -3071,7 +3122,7 @@
</code></pre></div></div>
</div>
<div id="aes-ctr-operations" class="section">
- <h4>19.9.5. Operations</h4>
+ <h4>20.9.5. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -3081,12 +3132,12 @@
</div>
<div id="aes-cbc" class="section">
- <h3>19.10. AES-CBC</h3>
+ <h3>20.10. AES-CBC</h3>
<div id="aes-cbc-description" class="section">
- <h4>19.10.1. Description</h4>
+ <h4>20.10.1. Description</h4>
</div>
<div id="aes-cbc-registration" class="section">
- <h4>19.10.2. Registration</h4>
+ <h4>20.10.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-CBC"</code>.
@@ -3119,7 +3170,7 @@
</table>
</div>
<div id="aes-cbc-params" class="section">
- <h4>19.10.3. AesCbcParams dictionary</h4>
+ <h4>20.10.3. AesCbcParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesCbcParams">AesCbcParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
@@ -3128,7 +3179,7 @@
</code></pre></div></div>
</div>
<div id="aes-cbc-operations" class="section">
- <h4>19.10.4. Operations</h4>
+ <h4>20.10.4. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -3138,12 +3189,12 @@
</div>
<div id="aes-gcm" class="section">
- <h3>19.11. AES-GCM</h3>
+ <h3>20.11. AES-GCM</h3>
<div id="aes-gcm-description" class="section">
- <h4>19.11.1. Description</h4>
+ <h4>20.11.1. Description</h4>
</div>
<div id="aes-gcm-registration" class="section">
- <h4>19.11.2. Registration</h4>
+ <h4>20.11.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-GCM"</code>.
@@ -3176,7 +3227,7 @@
</table>
</div>
<div id="aes-gcm-params" class="section">
- <h4>19.11.3. AesGcmParams dictionary</h4>
+ <h4>20.11.3. AesGcmParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The initialization vector to use. May be up to 2^56 bytes long.</span>
@@ -3189,7 +3240,7 @@
</code></pre></div></div>
</div>
<div id="aes-gcm-operations" class="section">
- <h4>19.11.4. Operations</h4>
+ <h4>20.11.4. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -3199,12 +3250,12 @@
</div>
<div id="hmac" class="section">
- <h3>19.12. HMAC</h3>
+ <h3>20.12. HMAC</h3>
<div id="hmac-description" class="section">
- <h4>19.12.1. Description</h4>
+ <h4>20.12.1. Description</h4>
</div>
<div id="hmac-registration" class="section">
- <h4>19.12.2. Registration</h4>
+ <h4>20.12.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"HMAC"</code>.
@@ -3237,7 +3288,7 @@
</table>
</div>
<div id="hmac-params" class="section">
- <h4>19.12.3. HmacParams dictionary</h4>
+ <h4>20.12.3. HmacParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HmacParams">HmacParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -3246,7 +3297,7 @@
</code></pre></div></div>
</div>
<div id="hmac-operations" class="section">
- <h4>19.12.4. Operations</h4>
+ <h4>20.12.4. Operations</h4>
<ul>
<li>Sign</li>
<li>Verify</li>
@@ -3255,16 +3306,16 @@
</div>
</div>
<div id="dh" class="section">
- <h3>19.13. Diffie-Hellman</h3>
+ <h3>20.13. Diffie-Hellman</h3>
<div id="dh-description" class="section">
- <h4>19.13.1. Description</h4>
+ <h4>20.13.1. Description</h4>
<p>
This describes using Diffie-Hellman for key generation and key agreement, as specified
by <a href="#PKCS3">PKCS #3</a>.
</p>
</div>
<div id="dh-registration" class="section">
- <h4>19.13.2. Registration</h4>
+ <h4>20.13.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"DH"</code>.
@@ -3292,7 +3343,7 @@
</table>
</div>
<div id="dh-DhKeyGenParams" class="section">
- <h4>19.13.3. DhKeyGenParams dictionary</h4>
+ <h4>20.13.3. DhKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-DhKeyGenParams">DhKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The prime p.</span>
@@ -3303,7 +3354,7 @@
</code></pre></div></div>
</div>
<div id="dh-DhKeyDeriveParams" class="section">
- <h4>19.13.4. DhKeyDeriveParams dictionary</h4>
+ <h4>20.13.4. DhKeyDeriveParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-DhKeyDeriveParams">DhKeyDeriveParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The peer's public value.</span>
@@ -3312,7 +3363,7 @@
</code></pre></div></div>
</div>
<div id="dh-operations" class="section">
- <h4>19.13.5. Operations</h4>
+ <h4>20.13.5. Operations</h4>
<ul>
<li>Generate Key</li>
<li>Derive Key</li>
@@ -3320,16 +3371,16 @@
</div>
</div>
<div id="sha" class="section">
- <h3>19.14. SHA</h3>
+ <h3>20.14. SHA</h3>
<div id="sha-description" class="section">
- <h4>19.14.1. Description</h4>
+ <h4>20.14.1. Description</h4>
<p>
This describes the SHA-1 and SHA-2 families, as specified by
[<a href="#FIPS180-4">FIPS 180-4</a>].
</p>
</div>
<div id="sha-registration" class="section">
- <h4>19.14.2. Registration</h4>
+ <h4>20.14.2. Registration</h4>
<p>
The following algorithms are added as <a href="#recognized-algorithm-name">
recognized algorithm names</a>:
@@ -3364,16 +3415,16 @@
</table>
</div>
<div id="sha-operations" class="section">
- <h4>19.14.3. Operations</h4>
+ <h4>20.14.3. Operations</h4>
<ul>
<li>Digest</li>
</ul>
</div>
</div>
<div id="concatkdf" class="section">
- <h3>19.15. Concat KDF</h3>
+ <h3>20.15. Concat KDF</h3>
<div id="concatkdf-description" class="section">
- <h4>19.15.1. Description</h4>
+ <h4>20.15.1. Description</h4>
<p>
The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
using the key derivation algorithm defined in Section 5.8.1 of NIST SP 800-56A
@@ -3381,7 +3432,7 @@
</p>
</div>
<div id="concatkdf-registration" class="section">
- <h4>19.15.2. Registration</h4>
+ <h4>20.15.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"CONCAT"</code>.
@@ -3404,7 +3455,7 @@
</table>
</div>
<div id="concat-params" class="section">
- <h4>19.15.3. ConcatParams dictionary</h4>
+ <h4>20.15.3. ConcatParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-ConcatParams">ConcatParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The digest method to use to derive the keying material.</span>
@@ -3427,19 +3478,19 @@
</code></pre></div></div>
</div>
<div id="concat-operations" class="section">
- <h4>19.15.4. Operations</h4>
+ <h4>20.15.4. Operations</h4>
<ul>
<li>Derive Key</li>
</ul>
</div>
</div>
<div id="pbkdf2" class="section">
- <h3>19.16. PBKDF2</h3>
+ <h3>20.16. PBKDF2</h3>
<div id="pbkdf2-description" class="section">
- <h4>19.16.1. Description</h4>
+ <h4>20.16.1. Description</h4>
</div>
<div id="pbkdf2-registration" class="section">
- <h4>19.16.2. Registration</h4>
+ <h4>20.16.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"PBKDF2"</code>.
@@ -3462,7 +3513,7 @@
</table>
</div>
<div id="pbkdf2-params" class="section">
- <h4>19.16.3. Pbkdf2Params dictionary</h4>
+ <h4>20.16.3. Pbkdf2Params dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-Pbkdf2Params">Pbkdf2Params</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
ArrayBufferView salt;
@@ -3481,7 +3532,7 @@
</div>
</div>
<div id="pbkdf2-operations" class="section">
- <h4>19.16.4. Operations</h4>
+ <h4>20.16.4. Operations</h4>
<ul>
<li>Derive Key</li>
</ul>
@@ -3490,7 +3541,7 @@
</div>
<div id="algorithm-normalizing-rules" class="section">
- <h2>20. Algorithm normalizing rules</h2>
+ <h2>21. Algorithm normalizing rules</h2>
<p>
The <a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> typedef
permits algorithms to be specified as either a <code>dictionary</code> or a DOMString.
@@ -3559,9 +3610,9 @@
</ol>
</div>
<div id="examples-section" class="section">
- <h2>21. JavaScript Example Code</h2>
+ <h2>22. JavaScript Example Code</h2>
<div id="examples-signing" class="section">
- <h3>21.1. Generate a signing key pair, sign some data</h3>
+ <h3>22.1. Generate a signing key pair, sign some data</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
<span class="comment">// Algorithm Object</span>
@@ -3584,7 +3635,7 @@
}
};
-var keyGen = window.crypto.generateKey(algorithmKeyGen,
+var keyGen = window.crypto.subtle.generateKey(algorithmKeyGen,
false, <span class="comment">// extractable</span>
["sign"]);
@@ -3615,7 +3666,7 @@
</code></pre></div></div>
</div>
<div id="examples-symmetric-encryption" class="section">
- <h3>21.2. Symmetric Encryption</h3>
+ <h3>22.2. Symmetric Encryption</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
<span class="comment">// TODO: create example utility function that converts text -> ArrayBufferView</span>
@@ -3637,7 +3688,7 @@
};
<span class="comment">// Create a keygenerator to produce a one-time-use AES key to encrypt some data</span>
-var cryptoKeyGen = window.crypto.generateKey(aesAlgorithmKeyGen,
+var cryptoKeyGen = window.crypto.subtle.generateKey(aesAlgorithmKeyGen,
false, <span class="comment">// extractable</span>
["encrypt"]);
@@ -3647,7 +3698,7 @@
<span class="comment">// Unlike the signing example, which showed multi-part encryption, here we
// will perform the entire AES operation in a single call.</span>
- var aesOp = window.crypto.encrypt(aesAlgorithmEncrypt, aesKey, clearDataArrayBufferView);
+ var aesOp = window.crypto.subtle.encrypt(aesAlgorithmEncrypt, aesKey, clearDataArrayBufferView);
aesOp.oncomplete = function(event) {
<span class="comment">// The clearData has been encrypted.</span>
var ciphertext = event.target.result; <span class="comment">// ArrayBufferView</span>
@@ -3660,7 +3711,7 @@
</div>
</div>
<div id="acknowledgements-section" class="section">
- <h2>22. Acknowledgements</h2>
+ <h2>23. Acknowledgements</h2>
<p>
The editors would like to thank Adam Barth, Alex Russell, Ali Asad, Arun Ranganathan,
Brian Smith, Brian Warner, Channy Yun, Kai Engert, Mark Watson, Vijay Bharadwaj,
@@ -3681,9 +3732,9 @@
</p>
</div>
<div id="references" class="section">
- <h2>23. References</h2>
+ <h2>24. References</h2>
<div id="normative-references" class="section">
- <h3>23.1. Normative References</h3>
+ <h3>24.1. Normative References</h3>
<dl>
<dt id="DOM4">DOM4</dt>
<dd>
@@ -3756,7 +3807,7 @@
</dl>
</div>
<div id="informative-references" class="section">
- <h3>23.2. Informative References</h3>
+ <h3>24.2. Informative References</h3>
<dl>
<dt id="CDSA">CDSA</dt>
<dd>