Google and Mozilla's web cryptography API gets first working draft
Summary: The programming interface, being developed within the W3C, could lead to more secure web apps. Possible use cases include cloud storage and secure messaging.
Web apps could become more secure through the use of a 'web cryptography API', a working draft of which has been published by the World Wide Web Consortium.
The draft, published late last week, was put together by engineers from Google and Mozilla and is the first for the API to be publicly released.
It describes a JavaScript application programming interface (API) that would allow web apps to perform basic cryptographic operations, and to generate and manage the keying materials needed for this.
The functionality would include hashing, encryption and decryption, signature generation and signature verification.
Use cases for the API could be found in cloud storage, multi-factor authentication, secure messaging, document signing and protected document exchange, the draft suggested.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Why, Is Web Security A Problem?
* Forged CA certs issued with the collusion of malicious CAs, or the negligence of lax ones
* Phishing attacks, which can only be perpetrated because users don't actually bother to check certificates anyway.
So in what way will yet another cryptography API address either of these problems?