On Tuesday, August 12, 2014 1:22:28 PM UTC-4, Gregory Szorc wrote: > The possibility of using JavaScript Object Signing and Encryption (JOSE) > > - specifically the verification part of the JSON Web Signature (JWS) > > component - came up as part of planning a JavaScript-based feature I'm > > working on. > > > > We don't appear to have an implementation in mozilla-central yet. I'm > > trying to weigh whether to spend extra effort to add JWS support to the > > tree or to try to shoehorn existing signing solutions to fit my need. > > > > First, does anyone know of an existing browser-side implementation of > > JWS used by Mozilla? I know we have Python in Marketplace doing signing. > > We /may/ have parts of Firefox OS doing client-side signing > > verification. My requirement is for chrome-privileged JS to do X509 > > signing verification. I'll settle for an XPIDL interface to NSS. > > > > Second, would having JWS support in m-c be beneficial to anyone else? > > > > If this isn't easy to add, I'll probably be lazy and leverage an > > existing solution. Convince me it is worth doing. > > > > Gregory
Once you have the right crypto, the JWS bits should be easy to do in JS. (X.509 only slightly harder, due to DER parsing.) WebCrypto *should* be accessible from privileged JS. If you've got a window object, ask for window.crypto.subtle. --Richard _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
