September 26, 2016

In brief: Web Cryptography API draft published

(LiveHacking.Com) – The Web Cryptography Working Group, part of the W3C web standards consortium, has published the First Public Working Draft of Web Cryptography API. The API, which  itself is agnostic of the underlying implementation of key storage, provides a way that allow rich web applications to perform basic cryptographic operations.

According to the Abstract section of the draft the “specification describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Key storage is provided for both temporary and permanent keys. Access to keying material is contingent on the same origin policy. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.”

The API also provides interfaces for key generation, key derivation, key import and export, and key discovery.

The group will is now looking for discussion and feedback on this draft document by web developers, companies, standardization bodies or forums interested in deployment of secure services with web applications. More versions of the standard will be published in 2013 and the final specification should be released in 2014.

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks