This specification describes a JavaScript API for public key generation, encryption, decryption, digital signature generation and verification, and hashing.
This document is the First Public Working Draft of the WebCrypto High-level API recommendation. It defines an API that provides access to named origin-specific pre-provisioned keys.
The Web Cryptography API [[!WEBCRYPTO]] describes a JavaScript API for performing basic cryptographic operations in web applications. The Web Cryoptography API is not a simple API geared towards the average web developer, rather its use requires near-expert knowledge of cryptography. The 'High-level' API described here is designed around fewer use cases and is not concerned with backward-compatibility with existing crypto systems and protocols. This API leverages the IETF JOSE JWA, JWK and JWE JSON formats for algorithms, public keys and cipher data.
An E-commerce website needs to store credit card numbers and related customer information to facilitate 1-step ordering. The site can either store this data on its own servers, making it a rich target for criminals. Another option is protecting this data with the "seal" method and decrypting later with "open" during a transaction. The server stores the the key ID and uses it when appropriate. A credit card transaction is processed easily, the server does not store the credentials and the data is more safely stored in the browser's LocalStorage without the KeyID, without which, an attacker cannot access the 'sealed' data.
A web-messaging company would like to provide a private messaging feature. Users can create keypairs and share them via a link, out of band or via a text message. (The user experience of the site equates each public key with an "addressbook entry", without which, no communication can take place.) After a message is composed, it is encrypted and signed, then sent to the server for delivery. No plaintext is passed to the server or retained on the client.
The following conformance classes are defined by this specification:
A user agent is considered to be a conforming user agent if it satisfies all of the MUST-, REQUIRED- and SHALL-level criteria in this specification that apply to implementation. This specification uses both the terms "conforming user agent" and "user agent" to refer to this product class.
User agents MAY implement algorithms in this specification in any way desired, so long as the end result is indistinguishable from the result that would be obtained from the specification's algorithms.
User agents that use ECMAScript to implement the APIs defined in this specification MUST implement them in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification [[!WEBIDL]] as this specification uses that specification and terminology.
The considerations in the Scope section of [[!WEBCRYPTO]] apply to this specification as well.
The Privacy considerations of [[!WEBCRYPTO]] apply to this specification.
This specification relies on several other underlying specifications.
Window
,
Function
,
origin, same origin, structured clone,
structured clone algorithm, task, task source,
queue a task
and fire a simple event are defined by the HTML 5
specification [[!HTML5]].
WorkerGlobalScope
is defined by
the WebWorkers specification [[!WEBWORKERS]].This specification defines a new highlevel
attribute on the Window.crypto
and WorkerGlobalScope
objects.
var cryptoAPI = new window.crypto.highlevel(); function onCreateKeypairSuccess(aKeypair) { localStorage.setItem(aKeypair.id, aKeypair.publicKey); } cryptoAPI.onCreateKeypair = onCreateKeypair; function onCreateKeypairError(aError) { console.log(aError); } cryptoAPI.createKeypair();
var cryptoAPI = new window.crypto.highlevel(); var plainText = "The rain in Spain falls mainly on the plain."; function onEncryptSuccess(aJWE, aPublicKey) { // send cipher data to the server for storage, etc... } cryptoAPI.onEncryptSuccess = onEncryptSuccess; function onEncryptError(aError) { console.log(aError); } cryptoAPI.onEncryptError = onEncryptError; cryptoAPI.encryptAndSign(plainText, recipientJSONWebKey, myKeyID);
var cryptoAPI = new window.crypto.highlevel(); function onDecryptSuccess(aPlainText) { // read and save plain text } function onDecryptError(aError) { console.log(aError); } cryptoAPI.onDecryptError = onDecryptError; cryptoAPI.onDecryptSuccess = onDecryptSuccess; // verfiy and decrypt - if verification or decryption fails, onDecryptError is fired cryptoAPI.verifyAndDecrypt(receivedJSONWebEncryption, senderJSONWebKey, myKeyID);
var cryptoAPI = new window.crypto.highlevel(); function onSealComplete(aCipherText, aKeyID) { // cipher text and the key ID are provided to this event handler } function onSealError(aError) { console.log(aError); } cryptoAPI.onSealError = onSealError; cryptoAPI.onSealComplete = onSealComplete; cryptoAPI.seal("s3kr3t m355ag3");
var cryptoAPI = new window.crypto.highlevel(); function onOpenSuccess(aPlainText) { savePlainTextToLocalStorageOrWhatever(aPlainText); } function onOpenError(aError) { console.log(aError); } cryptoAPI.onOpenError = onOpenError; cryptoAPI.onOpenSuccess = onOpenSuccess; cryptoAPI.open(cipherString, keyID);