Identity/PlatformCryptoAPI
From MozillaWiki
< Identity
Contents
Plaform Crypto API
The approach being taken in the platform crypto API has 3 parts to it
Lowest Level API: See bug 665057
- A Keypair generation method: nsCrypto::GenerateBrowserIDKeypair(nsIURI& aOrigin, const nsAString& aIdentifier)
- The nsIURI and Identifier (an email address) will be used to create a key for the nsIBrowserIDKeypair object
- The nsIBrowserIDKeypair object is a wrapper that contains the publicKey, privateKey, origin and identifier
- An nsIBrowserIDKeypair object has a getSerializedRSAPublicKey(in AString aPublicKey) method for chrome-privileged JS to call
- An nsIBrowserIDKeypair object has a sign(in AString aText) method to allow for a simple, safe interface for signing
- There is no need to have access to the PrivateKey with this API
IDL
/** * nsIBrowserIDKeypair * This interface provides a keypair and signing interface for BrowserID */ [scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)] interface nsIBrowserIDKeypair : nsISupports { void getSerializedRSAPublicKey(in ACString aOutString); void getRSAPublicKeyExponent(inout octet aOutval); void getRSAPublicKeyModulus(inout AString aOutString); void getOrigin(inout nsIURI aOutOrigin); // Typically, this is an email address void getIdentifier(inout AString aOutIdentifier); void sign(in AString aText, inout AString aOutSignature); };
/** * nsIBrowserIDService * This service keeps a registry of nsIBrowserIDKeypair objects in memory * until shutdown. */ [scriptable, uuid(7335490a-ead7-4b4f-a22c-80a5cb3b2aa0)] interface nsIBrowserIDService : nsISupports { [noscript] void registerKeypair(in nsIBrowserIDKeypair aBIDKeypair); nsIBrowserIDKeypair getBrowserIDKeypair(in nsIURI aOrigin, in AString aIdentifier); };
The next layer up
- We will have a new JavaScript module: BrowserIDAPI.js [not named yet]
- This JSM will provide a chrome-privileged, asynchronous interface to nsIBrowserIDKeypair and nsIBrowserIDService
- API:
- void BrowserIDAPI.generateKeypair(in nsIURI aOrigin, in AString aIdentifier, in function aCallback)
- The callback function is passed in the corresponding nsIBrowserIDKeypair, which can be used to getSerializedRSAPublicKey()
- void BrowserIDAPI.getKeypair(in nsIURI aOrigin, in AString aIdentifier, in function aCallback)
- The callback function is passed in the corresponding nsIBrowserIDKeypair, which can be used to create a signature
- void BrowserIDAPI.generateKeypair(in nsIURI aOrigin, in AString aIdentifier, in function aCallback)
From content
- The above APIs will be consumed by the code that produces the window.navigator.id API methods.
- Let's fill in the working details here