--- a/Overview-UseCases.xml Thu Dec 06 12:23:48 2012 -0500
+++ b/Overview-UseCases.xml Thu Dec 06 18:10:05 2012 -0500
@@ -110,8 +110,8 @@
<p>This section presents required features of the Web Cryptography API; in many cases, the Web Cryptography API encompasses more than one algorithm and more than one mechanism to accomplish each of these features. The section presents code names for each of the features.</p>
<ul>
<li><p><dfn id="digest">DIGEST</dfn>, the ability to perform a cryptographic hash, where an algorithm that takes an arbitrary block of data returns a fixed-size bit sequence, called the <dfn id="hash-value">hash value</dfn>, such that any change to the block of data changes the hash value.</p></li>
- <li><p><dfn id="mac">MAC</dfn>, the ability to generate a <em>message authentication code</em>, using an algorithm</p></li>
- <li><p><dfn id="sign">SIGN</dfn>, the ability to digitally sign a document, such that upon verification of the signature, the document's authenticity can be determined. The term document in this context can refer to any kind of data used in web applications.</p></li>
+ <li><p><dfn id="mac">MAC</dfn>, the ability to generate a <em>message authentication code</em>, using an algorithm, with <dfn id="hmac">HMAC</dfn> being a specific kind of message authentication code, with a specific algorithm.</p></li>
+ <li><p><dfn id="sign">SIGN</dfn>, the ability to digitally sign a document with private key, such that upon verification of the signature with the corresponding public key, the document's authenticity from the point of view of the signature can be determined. The term document in this context can refer to any kind of data used in web applications.</p></li>
<li><p><dfn id="verify">VERIFY</dfn>, the ability to verify a digitally signed document, as well as verify a MAC.</p></li>
<li><p><dfn id="encrypt">ENCRYPT</dfn>, the ability to encode a document using an encryption algorithm. <dfn id="encrypt-pki">ENCRYPT-PKI</dfn> is a specific type of encryption involving PKI, and <dfn id="encrypt-sym">ENCRYPT-SYM</dfn> is a specific type of encryption using symmetric keys.</p></li>
<li><p><dfn id="decrypt">DECRYPT</dfn>, the ability to decrypt a digitally signed document. <dfn id="decrypt-pki">DECRYPT-PKI</dfn> is a specific type of decryption using PKI, and <dfn id="decrypt-sym">DECRYPT-SYM</dfn> is a specific type of decryption using symmetric keys.</p></li>
@@ -130,7 +130,7 @@
<div id='banking-korea' class='section'>
<h3>Banking Transactions</h3>
<p>Park Jae-sang opens up a bank account with Gangnam Bank (GB), and wishes to log-in and engage in online transactions, including account balance checking, online payments (with some automated scheduled payments), and account transfers between domestic and investment accounts. The first time Park logs in to the GB website with a temporary verification code sent to his cell phone, the bank asks him to ascertain if the browser he is using is not at a kiosk; moreover, he is asked if it is a web browser and machine configuration he will use often.</p>
- <p>He confirms that it is. The GB web site then asks him to generate a public key/private key pair, along with a digital certificate. Park consents, and the web page creates the key pair, storing his private key in the browser's designated key store, along with a one-time key escrow by the bank. Additinoally, Jae-sang is presented with the bank's public key, such that documents issued by the bank can be verified and decrypted. Jae-sang is also presented with a user guide that explains the validity period of the certificate, and for how long it will persist. [<a href="#derive">DERIVE</a> | <a href="#keyex-dh">KEYEX-DH</a>].</p>
+ <p>He confirms that it is. The GB web site then asks him to generate a public key/private key pair, along with a digital certificate. Park consents, and the web page creates the key pair, storing his private key in the browser's designated key store, along with a one-time key escrow by the bank. Additionally, Jae-sang is presented with the bank's public key, such that documents issued by the bank can be verified and decrypted. Jae-sang is also presented with a user guide that explains the validity period of the certificate, and for how long it will persist. [<a href="#derive">DERIVE</a> | <a href="#keyex-dh">KEYEX-DH</a>].</p>
<div class="example">
<p>GB may first generate a key pair for Jae-sang. This is the public key/private key pair which will be used in subsequent transactions.</p>
<x:codeblock language="es">
@@ -142,38 +142,79 @@
<span class="comment">// TODO add DHKE code </span>
</x:codeblock>
</div>
- <p>Subsequent access to the GB website -- always over TLS -- is triggered via presentation of the key and certificate that Jae-sang generated when he first accessed the website. JavaScript initially loaded by GB contains a message that only Jae-sang can decipher, since it is encrypted with his public key. The message is deciphered, and the deciphered message is then digitally signed and sent back to the GB server. This establishes identity with non-repudiation. [<a href="#keycall">KEYCALL</a> | <a href="#decrypt-pki">DECRYPT-PKI</a> ].
+ <p>Subsequent access to the GB website -- always over TLS -- is triggered via presentation of the key and certificate that Jae-sang generated when he first accessed the website. JavaScript initially loaded by GB contains a message that only Jae-sang can decipher, since it is encrypted with his public key; moreover, that message is signed by GB, which gives the client confidence that the message originates from GB. The message is deciphered, and the deciphered message is then digitally signed and sent back to the GB server. This establishes identity with non-repudiation. [<a href="#keycall">KEYCALL</a> | <a href="#verify">VERIFY</a> | <a href="#decrypt-pki">DECRYPT-PKI</a> | <a href="#sign">SIGN</a>].
<div class="example">
<p><div class="ednote">Flesh out this example.</div> </p>
<x:codeblock language="es">
- <span class="comment">/* Assume key retrieval code from IndexedDB that results in prvKeyObjectHandle
- Assume that if key retrieval is unsuccessful GB provides an alternate process
-
- */ </span>
- <span class="comment">// Message generated by GB </span>
- var cat = "qANQR1DBw04Dk2uPpEjcJT8QD/0VCfFK2XDM5Cg4iTRwmXrB+Pp8SMK5x09WkYqc ";
- var data = createArrayBuffer(cat);
- decrypter = window.crypto.createDecrypter("RSAES-PKCS1-v1_5", prvKeyObjectHandle);
- decrypter.init();
- decrypter.processData(data);
- decrypter.complete();
- decrypter.oncomplete = function(evt){
+ <span class="comment">// Message generated by GB... the ellipsis are added. </span>
+ var cat = "qANQR1DBw04Dk2uPpEjcJT8QD/0VCfFK2XDM5Cg4iTRwmXrB+Pp8SMK5x09WkYqc... ";
- <span class="comment">// If successfully decrypted send a signed version back</span>
+ <span class="comment">/* 1. Generate an ArrayBufferView of the overall message.
+ 2. Bit-manipulate this with the ArrayBufferView API to obtain the portion of bytes
+ constituting the signature as an ArrayBufferView, and the message as an ArrayBufferView.
+ 3. Obtain the public key of GB from IndexedDB -- pubGBKeySign -- a step not shown here.
+ 4. Verify the signature ... assume GB provides a method getSignature() to obtain a signature
+ from the server against which the message's signature can be verified.
+ */</span>
- message = evt.target.result;
+ var data = createArrayBufferView(cat);
+ var signature = extractSignature(data);
+ var pMessage = extractMessage(data);
+ var mRSARFC3447 = {
+ name: "RSASSA-PKCS1-v1_5", params: {
+ hash: "SHA-256"
+ }
+ };
+ verifier = window.crypto.createVerifier(mRSARFC3447, pubGBKeySign, getSignature());
+ verifier.init();
+ verifier.processData(signature);
+ verifier.complete();
+ verifier.oncomplete = function(e){
+ <span class="comment">/*
+ If verified, obtain a prvKeyEncrypt from IndexedDB representing Jae-sang's private key and:
+ 1. Decrypt the message
+ 2. Sign it
+ 3. Send it back
+ Else the signature is invalid -- abort
+ */
+ </span>
+ if (e.target.result == true)
+ {
+ var decrypter = window.crypto.createDecrypter("RSAES-PKCS1-v1_5", prvKeyEncrypt);
+ decrypter.init();
+ decrypter.processData(pMessage);
+ decrypter.onprogress = function(e){e.target.complete()};
+ decrypter.oncomplete = function(evt)
+ {
- <span class="comment">/* Assume key retrieval code from IndexedDB that results in pubKeyObjectHandle */</span>
+ <span class="comment">// If successfully decrypted send a signed version back</span>
+
+ message = evt.target.result;
+
+ <span class="comment">/* Assume key retrieval code from IndexedDB that results in pubKeySign */</span>
- var signer = window.crypto.createSigner("RSASSA-PKCS1-v1_5", pubKeyObjectHandle);
- signer.init();
- signer.processData(message);
- signer.complete();
- signer.oncomplete = function(evt){
- <span class="comment">// sigma.send(evt.target.result, clear) </span>
+ var signer = window.crypto.createSigner(mRSARFC3447, pubKeySign);
+ signer.init();
+ signer.processData(message);
+ signer.onprogress = function(e){e.target.complete();}
+ signer.oncomplete = function(evt)
+ {
+ <span class="comment">/* Combine signature and signed data into an ArrayBuffer
+ Use XHR to send signed data back...
+ Wait for auth token...
+
+ */ </span>
}
}
+ else
+ {
+ <span class="comment">// Unverified signature -- ABORT </span>
+ }
+ }
+
+
+
</x:codeblock>
</div>
@@ -236,16 +277,16 @@
In practice including an onprogress handler and onerror handler is recommended - the code here
is terse for readability.
- */</span>
+ */
+ </span>
bufferData = createArrayBufferView(src);
var digest = window.crypto.createDigester("SHA-256");
digest.init();
digest.processData(bufferData);
digest.complete();
-
- digest.oncomplete = function(e){
-
+ digest.oncomplete = function(e)
+ {
if(e.target.result === src_hash)
{
eval(src);
@@ -254,12 +295,7 @@
{
<span class="comment">// Fetch the code using XHR and repopulate localStorage</span>
}
-
-
}
-
-
-
}
</x:codeblock>
--- a/Overview.html Thu Dec 06 12:23:48 2012 -0500
+++ b/Overview.html Thu Dec 06 18:10:05 2012 -0500
@@ -126,8 +126,8 @@
<p>This section presents required features of the Web Cryptography API; in many cases, the Web Cryptography API encompasses more than one algorithm and more than one mechanism to accomplish each of these features. The section presents code names for each of the features.</p>
<ul>
<li><p><dfn id="digest">DIGEST</dfn>, the ability to perform a cryptographic hash, where an algorithm that takes an arbitrary block of data returns a fixed-size bit sequence, called the <dfn id="hash-value">hash value</dfn>, such that any change to the block of data changes the hash value.</p></li>
- <li><p><dfn id="mac">MAC</dfn>, the ability to generate a <em>message authentication code</em>, using an algorithm</p></li>
- <li><p><dfn id="sign">SIGN</dfn>, the ability to digitally sign a document, such that upon verification of the signature, the document's authenticity can be determined. The term document in this context can refer to any kind of data used in web applications.</p></li>
+ <li><p><dfn id="mac">MAC</dfn>, the ability to generate a <em>message authentication code</em>, using an algorithm, with <dfn id="hmac">HMAC</dfn> being a specific kind of message authentication code, with a specific algorithm.</p></li>
+ <li><p><dfn id="sign">SIGN</dfn>, the ability to digitally sign a document with private key, such that upon verification of the signature with the corresponding public key, the document's authenticity from the point of view of the signature can be determined. The term document in this context can refer to any kind of data used in web applications.</p></li>
<li><p><dfn id="verify">VERIFY</dfn>, the ability to verify a digitally signed document, as well as verify a MAC.</p></li>
<li><p><dfn id="encrypt">ENCRYPT</dfn>, the ability to encode a document using an encryption algorithm. <dfn id="encrypt-pki">ENCRYPT-PKI</dfn> is a specific type of encryption involving PKI, and <dfn id="encrypt-sym">ENCRYPT-SYM</dfn> is a specific type of encryption using symmetric keys.</p></li>
<li><p><dfn id="decrypt">DECRYPT</dfn>, the ability to decrypt a digitally signed document. <dfn id="decrypt-pki">DECRYPT-PKI</dfn> is a specific type of decryption using PKI, and <dfn id="decrypt-sym">DECRYPT-SYM</dfn> is a specific type of decryption using symmetric keys.</p></li>
@@ -146,7 +146,7 @@
<div id="banking-korea" class="section">
<h3>3.1. Banking Transactions</h3>
<p>Park Jae-sang opens up a bank account with Gangnam Bank (GB), and wishes to log-in and engage in online transactions, including account balance checking, online payments (with some automated scheduled payments), and account transfers between domestic and investment accounts. The first time Park logs in to the GB website with a temporary verification code sent to his cell phone, the bank asks him to ascertain if the browser he is using is not at a kiosk; moreover, he is asked if it is a web browser and machine configuration he will use often.</p>
- <p>He confirms that it is. The GB web site then asks him to generate a public key/private key pair, along with a digital certificate. Park consents, and the web page creates the key pair, storing his private key in the browser's designated key store, along with a one-time key escrow by the bank. Additinoally, Jae-sang is presented with the bank's public key, such that documents issued by the bank can be verified and decrypted. Jae-sang is also presented with a user guide that explains the validity period of the certificate, and for how long it will persist. [<a href="#derive">DERIVE</a> | <a href="#keyex-dh">KEYEX-DH</a>].</p>
+ <p>He confirms that it is. The GB web site then asks him to generate a public key/private key pair, along with a digital certificate. Park consents, and the web page creates the key pair, storing his private key in the browser's designated key store, along with a one-time key escrow by the bank. Additionally, Jae-sang is presented with the bank's public key, such that documents issued by the bank can be verified and decrypted. Jae-sang is also presented with a user guide that explains the validity period of the certificate, and for how long it will persist. [<a href="#derive">DERIVE</a> | <a href="#keyex-dh">KEYEX-DH</a>].</p>
<div class="example"><div class="exampleHeader">Example</div>
<p>GB may first generate a key pair for Jae-sang. This is the public key/private key pair which will be used in subsequent transactions.</p>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
@@ -158,38 +158,79 @@
<span class="comment">// TODO add DHKE code </span>
</code></pre></div></div>
</div>
- <p>Subsequent access to the GB website -- always over TLS -- is triggered via presentation of the key and certificate that Jae-sang generated when he first accessed the website. JavaScript initially loaded by GB contains a message that only Jae-sang can decipher, since it is encrypted with his public key. The message is deciphered, and the deciphered message is then digitally signed and sent back to the GB server. This establishes identity with non-repudiation. [<a href="#keycall">KEYCALL</a> | <a href="#decrypt-pki">DECRYPT-PKI</a> ].
+ <p>Subsequent access to the GB website -- always over TLS -- is triggered via presentation of the key and certificate that Jae-sang generated when he first accessed the website. JavaScript initially loaded by GB contains a message that only Jae-sang can decipher, since it is encrypted with his public key; moreover, that message is signed by GB, which gives the client confidence that the message originates from GB. The message is deciphered, and the deciphered message is then digitally signed and sent back to the GB server. This establishes identity with non-repudiation. [<a href="#keycall">KEYCALL</a> | <a href="#verify">VERIFY</a> | <a href="#decrypt-pki">DECRYPT-PKI</a> | <a href="#sign">SIGN</a>].
<div class="example"><div class="exampleHeader">Example</div>
<p><div class="ednote"><div class="ednoteHeader">Editorial note</div>Flesh out this example.</div> </p>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
- <span class="comment">/* Assume key retrieval code from IndexedDB that results in prvKeyObjectHandle
- Assume that if key retrieval is unsuccessful GB provides an alternate process
-
- */ </span>
- <span class="comment">// Message generated by GB </span>
- var cat = "qANQR1DBw04Dk2uPpEjcJT8QD/0VCfFK2XDM5Cg4iTRwmXrB+Pp8SMK5x09WkYqc ";
- var data = createArrayBuffer(cat);
- decrypter = window.crypto.createDecrypter("RSAES-PKCS1-v1_5", prvKeyObjectHandle);
- decrypter.init();
- decrypter.processData(data);
- decrypter.complete();
- decrypter.oncomplete = function(evt){
+ <span class="comment">// Message generated by GB... the ellipsis are added. </span>
+ var cat = "qANQR1DBw04Dk2uPpEjcJT8QD/0VCfFK2XDM5Cg4iTRwmXrB+Pp8SMK5x09WkYqc... ";
- <span class="comment">// If successfully decrypted send a signed version back</span>
+ <span class="comment">/* 1. Generate an ArrayBufferView of the overall message.
+ 2. Bit-manipulate this with the ArrayBufferView API to obtain the portion of bytes
+ constituting the signature as an ArrayBufferView, and the message as an ArrayBufferView.
+ 3. Obtain the public key of GB from IndexedDB -- pubGBKeySign -- a step not shown here.
+ 4. Verify the signature ... assume GB provides a method getSignature() to obtain a signature
+ from the server against which the message's signature can be verified.
+ */</span>
- message = evt.target.result;
+ var data = createArrayBufferView(cat);
+ var signature = extractSignature(data);
+ var pMessage = extractMessage(data);
+ var mRSARFC3447 = {
+ name: "RSASSA-PKCS1-v1_5", params: {
+ hash: "SHA-256"
+ }
+ };
+ verifier = window.crypto.createVerifier(mRSARFC3447, pubGBKeySign, getSignature());
+ verifier.init();
+ verifier.processData(signature);
+ verifier.complete();
+ verifier.oncomplete = function(e){
+ <span class="comment">/*
+ If verified, obtain a prvKeyEncrypt from IndexedDB representing Jae-sang's private key and:
+ 1. Decrypt the message
+ 2. Sign it
+ 3. Send it back
+ Else the signature is invalid -- abort
+ */
+ </span>
+ if (e.target.result == true)
+ {
+ var decrypter = window.crypto.createDecrypter("RSAES-PKCS1-v1_5", prvKeyEncrypt);
+ decrypter.init();
+ decrypter.processData(pMessage);
+ decrypter.onprogress = function(e){e.target.complete()};
+ decrypter.oncomplete = function(evt)
+ {
- <span class="comment">/* Assume key retrieval code from IndexedDB that results in pubKeyObjectHandle */</span>
+ <span class="comment">// If successfully decrypted send a signed version back</span>
+
+ message = evt.target.result;
+
+ <span class="comment">/* Assume key retrieval code from IndexedDB that results in pubKeySign */</span>
- var signer = window.crypto.createSigner("RSASSA-PKCS1-v1_5", pubKeyObjectHandle);
- signer.init();
- signer.processData(message);
- signer.complete();
- signer.oncomplete = function(evt){
- <span class="comment">// sigma.send(evt.target.result, clear) </span>
+ var signer = window.crypto.createSigner(mRSARFC3447, pubKeySign);
+ signer.init();
+ signer.processData(message);
+ signer.onprogress = function(e){e.target.complete();}
+ signer.oncomplete = function(evt)
+ {
+ <span class="comment">/* Combine signature and signed data into an ArrayBuffer
+ Use XHR to send signed data back...
+ Wait for auth token...
+
+ */ </span>
}
}
+ else
+ {
+ <span class="comment">// Unverified signature -- ABORT </span>
+ }
+ }
+
+
+
</code></pre></div></div>
</div>
@@ -252,16 +293,16 @@
In practice including an onprogress handler and onerror handler is recommended - the code here
is terse for readability.
- */</span>
+ */
+ </span>
bufferData = createArrayBufferView(src);
var digest = window.crypto.createDigester("SHA-256");
digest.init();
digest.processData(bufferData);
digest.complete();
-
- digest.oncomplete = function(e){
-
+ digest.oncomplete = function(e)
+ {
if(e.target.result === src_hash)
{
eval(src);
@@ -270,12 +311,7 @@
{
<span class="comment">// Fetch the code using XHR and repopulate localStorage</span>
}
-
-
}
-
-
-
}
</code></pre></div></div>