From 1412cf819cb68fefdd35a0f46da2b448e9991a88 Mon Sep 17 00:00:00 2001 From: Mark Watson Date: Thu, 8 Sep 2016 12:40:26 -0700 Subject: [PATCH 1/3] Fix #85: Specify the global object associated with objects created by this API --- spec/Overview-WebCryptoAPI.xml | 8 ++- spec/Overview.html | 120 ++++++++++++++++++--------------- 2 files changed, 70 insertions(+), 58 deletions(-) diff --git a/spec/Overview-WebCryptoAPI.xml b/spec/Overview-WebCryptoAPI.xml index 8277971..68c2911 100644 --- a/spec/Overview-WebCryptoAPI.xml +++ b/spec/Overview-WebCryptoAPI.xml @@ -1293,6 +1293,11 @@ interface SubtleCrypto {

Methods and Parameters

+

+ Objects created by the methods defined in this section shall be associated with the + relevant global object + of this [HTML]. +

All errors are reported asynchronously by rejecting the returned @@ -15323,8 +15328,7 @@ window.crypto.subtle.generateKey(aesAlgorithmKeyGen, false, ["encrypt"]).then(

HTML
- HTML5: A vocabulary and - associated APIs for HTML and XHTML (work in progress), I. Hickson. W3C. + HTML5.1, W3C.
ITU-T Recommendation X.690 (11/08)
diff --git a/spec/Overview.html b/spec/Overview.html index e42e15b..94bd7bf 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -28,7 +28,7 @@ -

Web Cryptography API

W3C Editor’s Draft 26 August 2016

Latest Editor’s Draft:
http://w3c.github.io/webcrypto/Overview.html
Latest Published Version:
http://www.w3.org/TR/WebCryptoAPI/
Previous Version(s):
https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html
Editor:
Mark Watson, Netflix <watsonm@netflix.com>
Participate:
We are on GitHub. +

Web Cryptography API

W3C Editor’s Draft 8 September 2016

Latest Editor’s Draft:
http://w3c.github.io/webcrypto/Overview.html
Latest Published Version:
http://www.w3.org/TR/WebCryptoAPI/
Previous Version(s):
https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html
Editor:
Mark Watson, Netflix <watsonm@netflix.com>
Participate:
We are on GitHub.
Send feedback to public-webcrypto@w3.org (archives).
File a bug @@ -60,7 +60,7 @@

Status of this Document

report can be found in the W3C technical reports index at http://www.w3.org/TR/.

- This document is the 26 August 2016 Editor’s Draft of the + This document is the 8 September 2016 Editor’s Draft of the Web Cryptography API specification. Please send comments about this document to @@ -171,57 +171,58 @@

2.1. Multi-factor Authentication

A web application may wish to extend or replace existing username/password based authentication schemes with authentication methods based on proving that the user has access to some secret keying material. Rather than using transport-layer authentication, - such as TLS client certificates, the web application may wish to provide a rich user - experience by providing authentication within the application itself. + such as TLS client certificates, the web application may prefer the richer user + experience provided by authenticating within the application itself.

- Using the Web Cryptography API, such an application could locate suitable client keys, - which may have been previously generated via the user agent or pre-provisioned - out-of-band by the web application. It could then perform cryptographic operations such - as decrypting an authentication challenge followed by signing an authentication response. + Using the Web Cryptography API, the application could locate suitable client keys, which + may have been previously generated via the user agent or pre-provisioned out-of-band by + the web application. It could then perform cryptographic operations such as decrypting an + authentication challenge followed by signing an authentication response.

- Further, the authentication data could be further enhanced by binding the authentication - to the TLS session that the client is authenticating over, by deriving a key based on - properties of the underlying transport. + This exchange could be further strengthened by binding the authentication to the TLS + session over which the client is authenticating, by deriving a key based on properties of + the underlying transport.

- If a user did not already have a key associated with their account, the web application + If a user does not already have a key associated with their account, the web application could direct the user agent to either generate a new key or to re-use an existing key of - the user's choosing. + the user's choice.

2.2. Protected Document Exchange

- When exchanging documents that may contain sensitive or personal information, a - web application may wish to ensure that only certain users can view the documents, even - after they have been securely received, such as over TLS. One way that a web application - can do so is by encrypting the documents with a secret key, and then wrapping that key - with the public keys associated with authorized users. + A web application may wish to limit the viewership of documents that contain sensitive or + personal information, even when these documents have been securely received, such as over + TLS.

- When a user agent navigates to such a web application, the application may send the - encrypted form of the document. The user agent is then instructed to unwrap the encryption - key, using the user's private key, and from there, decrypt and display the document. + Using the Web Cryptography API, the application could do so by encrypting the documents + with a secret key, and then wrapping that key with the public keys associated with the + authorized viewers. When a user agent navigates to such a web application, the + application would send the encrypted form of the document. The user agent is then + instructed to unwrap the encryption key, using the user's private key, and from there, + decrypt and display the document.

2.3. Cloud Storage

- When storing data with remote service providers, users may wish to protect the - confidentiality of their documents and data prior to uploading them. The Web - Cryptography API allows an application to have a user select a private or secret key, - to either derive encryption keys from the selected key or to directly encrypt documents - using this key, and then to upload the transformed/encrypted data to the service provider - using existing APIs. + A web application may wish to permit users to protect the confidentiality of data and + documents stored with remote service providers prior to uploading. +

+

+ Using the Web Cryptography API, the application may have a user select a private or + secret key, optionally derive an encryption key from the selected key, encrypt the + document, and then upload the encrypted data to the service provider using existing APIs.

This use case is similar to the Protected Document - Exchange use case because Cloud Storage can be considered as a user exchanging - protected data with himself in the future. + Exchange use case, with viewership of the document limited to the user themself.

@@ -229,53 +230,56 @@

2.3. Cloud Storage

2.4. Document Signing

A web application may wish to accept electronic signatures on documents, in lieu of - requiring physical signatures. An authorized signature may use a key that was - pre-provisioned out-of-band by the web application, or it may be using a key that the - client generated specifically for the web application. + requiring physical signatures.

- The web application must be able to locate any appropriate keys for signatures, then - direct the user to perform a signing operation over some data, as proof that they accept - the document. + Using the Web Cryptography API, the application may direct the user to select a key, + which may have been pre-provisioned out-of-band, or generated specifically for the web + application. Using this key, the application may perform a signing operation over some + data, as proof that the user accepts the document.

2.5. Data Integrity Protection

- When caching data locally, an application may wish to ensure that this data cannot be - modified in an offline attack. In such a case, the server may sign the data that it - intends the client to cache, with a private key held by the server. The web application - that subsequently uses this cached data may contain a public key that enables it to - validate that the cache contents have not been modified by anyone else. + A web application may wish to cache data locally, while ensuring that this data cannot be + modified in an offline attack. +

+

+ Using the Web Cryptography API, the application may use a public key contained within the + application to verify the contents of the data cache. Previously, when data was added to + the cache, it would have been signed by the server with the corresponding private key. By + validating the signature when restoring data from the cache, the client ensures that the + cached data has not been tampered with.

2.6. Secure Messaging

- In addition to a number of web applications already offering chat based services, the - rise of WebSockets and WebRTC allows a great degree of flexibility in inter-user-agent - messaging. While TLS/DTLS may be used to protect messages to web applications, users - may wish to directly secure messages using schemes such as off-the-record (OTR) messaging. + A web application may wish to employ message layer security using schemes such as + off-the-record (OTR) messaging, even when these messages have been securely received, + such as over TLS.

- The Web Cryptography API enables OTR, by allowing key agreement to be performed so that - the two parties can negotiate shared encryption keys and message authentication code (MAC) - keys, to allow encryption and decryption of messages, and to prevent tampering of - messages through the MACs. + The Web Cryptography API enables OTR and similar message signing schemes, by allowing key + agreement to be performed. The two parties can negotiate shared encryption keys and + message authentication code (MAC) keys, to allow encryption and decryption of messages, + and to prevent tampering.

2.7. JavaScript Object Signing and Encryption (JOSE)

- A web application wishes to make use of the structures and format of - messages defined by the IETF JavaScript Object Signing and Encryption - (JOSE) Working Group. The web application wishes to manipulate public - keys encoded in the JSON key format (JWK), messages that have been - integrity protected using digital signatures or MACs (JWS), or that - have been encrypted (JWE). + A web application may wish to interact with the structures and message formats defined by + the IETF JavaScript Object Signing and Encryption (JOSE) Working Group. +

+

+ Using the Web Cryptography API, the application may read and import keys encoded in the + JSON key format (JWK), validate messages that have been integrity protected using digital + signatures or MACs (JWS), or decrypt messages that have been encrypted (JWE).

@@ -1297,6 +1301,11 @@

14.2. Data Types

14.3. Methods and Parameters

+

+ Objects created by the methods defined in this section shall be associated with the + relevant global object + of this [HTML]. +

Note

All errors are reported asynchronously by rejecting the returned @@ -14832,8 +14841,7 @@

36.1. Normative References

HTML
- HTML5: A vocabulary and - associated APIs for HTML and XHTML (work in progress), I. Hickson. W3C. + HTML5.1, W3C.
ITU-T Recommendation X.690 (11/08)
From 0506035189bd1f726b1b4c0ce1ea8127b7442aa2 Mon Sep 17 00:00:00 2001 From: Mark Watson Date: Mon, 12 Sep 2016 09:47:31 -0700 Subject: [PATCH 2/3] Specify global object for error objects thrown --- spec/Overview-WebCryptoAPI.xml | 3 +++ spec/Overview.html | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/spec/Overview-WebCryptoAPI.xml b/spec/Overview-WebCryptoAPI.xml index 68c2911..ecea493 100644 --- a/spec/Overview-WebCryptoAPI.xml +++ b/spec/Overview-WebCryptoAPI.xml @@ -2710,6 +2710,9 @@ interface SubtleCrypto { [WebIDL]. When this occurs in a sub-algorithm, this results in termination of execution of the sub-algorithm and all ancestor algorithms until one is reached that explicitly describes procedures for catching exceptions. + The error object thrown shall be associated with the + relevant global object + of this [HTML].

diff --git a/spec/Overview.html b/spec/Overview.html index 94bd7bf..981afaa 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -28,7 +28,7 @@ -

Web Cryptography API

W3C Editor’s Draft 8 September 2016

Latest Editor’s Draft:
http://w3c.github.io/webcrypto/Overview.html
Latest Published Version:
http://www.w3.org/TR/WebCryptoAPI/
Previous Version(s):
https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html
Editor:
Mark Watson, Netflix <watsonm@netflix.com>
Participate:
We are on GitHub. +

Web Cryptography API

W3C Editor’s Draft 12 September 2016

Latest Editor’s Draft:
http://w3c.github.io/webcrypto/Overview.html
Latest Published Version:
http://www.w3.org/TR/WebCryptoAPI/
Previous Version(s):
https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html
Editor:
Mark Watson, Netflix <watsonm@netflix.com>
Participate:
We are on GitHub.
Send feedback to public-webcrypto@w3.org (archives).
File a bug @@ -60,7 +60,7 @@

Status of this Document

report can be found in the W3C technical reports index at http://www.w3.org/TR/.

- This document is the 8 September 2016 Editor’s Draft of the + This document is the 12 September 2016 Editor’s Draft of the Web Cryptography API specification. Please send comments about this document to @@ -2677,6 +2677,9 @@

14.4. Exceptions

[WebIDL]. When this occurs in a sub-algorithm, this results in termination of execution of the sub-algorithm and all ancestor algorithms until one is reached that explicitly describes procedures for catching exceptions. + The error object thrown shall be associated with the + relevant global object + of this [HTML].

From 491891dfc4e4feff53826a89dffae8a3055b5563 Mon Sep 17 00:00:00 2001 From: Mark Watson Date: Mon, 12 Sep 2016 10:52:20 -0700 Subject: [PATCH 3/3] Specify associated global when objects are created --- spec/Overview-WebCryptoAPI.xml | 334 +++++++++++++++++++++++---------- spec/Overview.html | 334 +++++++++++++++++++++++---------- 2 files changed, 480 insertions(+), 188 deletions(-) diff --git a/spec/Overview-WebCryptoAPI.xml b/spec/Overview-WebCryptoAPI.xml index ecea493..9581254 100644 --- a/spec/Overview-WebCryptoAPI.xml +++ b/spec/Overview-WebCryptoAPI.xml @@ -1294,7 +1294,7 @@ interface SubtleCrypto {

Methods and Parameters

- Objects created by the methods defined in this section shall be associated with the + Unless otherwise stated, objects created by the methods defined in this section shall be associated with the relevant global object of this [HTML].

@@ -2053,6 +2053,9 @@ interface SubtleCrypto {
  • Let result be a new ArrayBuffer + associated with the + relevant global object + of this [HTML], and containing the result of executing the derive bits operation specified by normalizedAlgorithm using baseKey, algorithm and length. @@ -3573,7 +3576,7 @@ dictionary CryptoKeyPair { sign None - ArrayBuffer + ArrayBuffer verify @@ -3688,6 +3691,14 @@ dictionary RsaHashedImportParams :

  • +
  • +

    + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing the + bytes of signature. +

    +
  • @@ -3723,6 +3734,9 @@ dictionary RsaHashedImportParams : +
  • +

    Return result.

    +
  • Generate Key
    @@ -3795,7 +3809,9 @@ dictionary RsaHashedImportParams :

    Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + object, associated with the + relevant global object + of this [HTML], and representing the public key of the generated key pair.

  • @@ -3825,8 +3841,10 @@ dictionary RsaHashedImportParams :
  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -3874,8 +3892,7 @@ dictionary RsaHashedImportParams :
  • - Return the result of converting result to an ECMAScript Object, as - defined by [WebIDL]. + Return result.

  • @@ -4051,8 +4068,10 @@ dictionary RsaHashedImportParams :
  • - Let key be a new CryptoKey - object that represents the RSA public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA public key identified by publicKey.

  • @@ -4226,8 +4245,10 @@ dictionary RsaHashedImportParams :
  • - Let key be a new CryptoKey - object that represents the RSA private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA private key identified by rsaPrivateKey.

  • @@ -4606,7 +4627,9 @@ dictionary RsaHashedImportParams :
  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -4675,7 +4698,9 @@ dictionary RsaHashedImportParams :
  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -4875,7 +4900,7 @@ dictionary RsaHashedImportParams : sign RsaPssParams - ArrayBuffer + ArrayBuffer verify @@ -4949,10 +4974,18 @@ dictionary RsaPssParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing the + bytes of signature. +

    + @@ -5064,8 +5097,10 @@ dictionary RsaPssParams : CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -5095,8 +5130,10 @@ dictionary RsaPssParams : CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -5384,8 +5421,10 @@ dictionary RsaPssParams : CryptoKey - object that represents the RSA public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA public key identified by publicKey.

  • @@ -5621,8 +5660,10 @@ dictionary RsaPssParams : CryptoKey - object that represents the RSA private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA private key identified by rsaPrivateKey.

    @@ -6136,7 +6177,9 @@ dictionary RsaPssParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -6347,7 +6390,9 @@ dictionary RsaPssParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -6541,12 +6586,12 @@ dictionary RsaPssParams : RsaOaepParams - ArrayBuffer + ArrayBuffer decrypt RsaOaepParams - ArrayBuffer + ArrayBuffer generateKey @@ -6624,11 +6669,18 @@ dictionary RsaOaepParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext. +

    +
    Decrypt
    @@ -6676,11 +6728,18 @@ dictionary RsaOaepParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext. +

    +
    Generate Key
    @@ -6753,8 +6812,10 @@ dictionary RsaOaepParams : CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -6785,8 +6846,10 @@ dictionary RsaOaepParams : CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -7074,8 +7137,10 @@ dictionary RsaOaepParams : CryptoKey - object that represents the RSA public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA public key identified by publicKey.

  • @@ -7315,8 +7380,10 @@ dictionary RsaOaepParams : CryptoKey - object that represents the RSA private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA private key identified by rsaPrivateKey.

    @@ -7800,7 +7867,9 @@ dictionary RsaOaepParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -8000,7 +8069,9 @@ dictionary RsaOaepParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -8215,7 +8286,7 @@ dictionary RsaOaepParams : EcdsaParams - ArrayBuffer + ArrayBuffer verify @@ -8359,7 +8430,9 @@ dictionary EcKeyImportParams : ArrayBuffer associated with the + relevant global object + of this [HTML].

  • @@ -8400,7 +8473,10 @@ dictionary EcKeyImportParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing the + bytes of result.

  • @@ -8563,8 +8639,10 @@ dictionary EcKeyImportParams : CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -8594,8 +8672,10 @@ dictionary EcKeyImportParams : CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -8759,8 +8839,10 @@ dictionary EcKeyImportParams : CryptoKey - object that represents the Elliptic Curve public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve public key identified by performing the conversion steps defined in Section 2.2 of RFC 5480.

    @@ -8976,8 +9058,10 @@ dictionary EcKeyImportParams : CryptoKey - object that represents the Elliptic Curve private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve private key identified by performing the conversion steps defined in Section 3 of RFC 5915 using ecPrivateKey.

    @@ -9352,8 +9436,10 @@ dictionary EcKeyImportParams : CryptoKey - object that represents Q + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents Q

  • @@ -9593,7 +9679,9 @@ dictionary EcKeyImportParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -9763,7 +9851,9 @@ dictionary EcKeyImportParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -9953,7 +10043,9 @@ dictionary EcKeyImportParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -10126,8 +10218,10 @@ dictionary EcdhKeyDeriveParams :
  • - Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -10156,8 +10250,10 @@ dictionary EcdhKeyDeriveParams :
  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -10452,8 +10548,10 @@ dictionary EcdhKeyDeriveParams : If namedCurve is not undefined:

    - Let key be a new CryptoKey - object that represents the Elliptic Curve public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve public key identified by performing the conversion steps defined in Section 2.2 of RFC 5480.

    @@ -10669,8 +10767,10 @@ dictionary EcdhKeyDeriveParams :
  • - Let key be a new CryptoKey - object that represents the Elliptic Curve private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve private key identified by performing the conversion steps defined in Section 3 of RFC 5915 using ecPrivateKey.

    @@ -10998,8 +11098,10 @@ dictionary EcdhKeyDeriveParams :
  • - Let key be a new CryptoKey - object that represents Q + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents Q

  • @@ -11579,7 +11681,9 @@ dictionary EcdhKeyDeriveParams :
  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -11627,12 +11731,12 @@ dictionary EcdhKeyDeriveParams : encrypt AesCtrParams - ArrayBuffer + ArrayBuffer decrypt AesCtrParams - ArrayBuffer + ArrayBuffer generateKey @@ -11745,7 +11849,10 @@ dictionary AesDerivedKeyParams :
  • - Return ciphertext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext.

  • @@ -11789,7 +11896,10 @@ dictionary AesDerivedKeyParams :
  • - Return plaintext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext.

  • @@ -12072,7 +12182,9 @@ dictionary AesDerivedKeyParams :
  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -12215,12 +12327,12 @@ dictionary AesDerivedKeyParams : encrypt AesCbcParams - ArrayBuffer + ArrayBuffer decrypt AesCbcParams - ArrayBuffer + ArrayBuffer generateKey @@ -12291,7 +12403,10 @@ dictionary AesCbcParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext.

  • @@ -12341,7 +12456,10 @@ dictionary AesCbcParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext.

    @@ -12618,7 +12736,9 @@ dictionary AesCbcParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -12755,12 +12875,12 @@ dictionary AesCbcParams : AesGcmParams - ArrayBuffer + ArrayBuffer decrypt AesGcmParams - ArrayBuffer + ArrayBuffer generateKey @@ -12873,10 +12993,18 @@ dictionary AesGcmParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext. +

    +
    Decrypt
    @@ -12975,7 +13103,10 @@ dictionary AesGcmParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext.

    @@ -13252,7 +13383,9 @@ dictionary AesGcmParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -13388,12 +13521,12 @@ dictionary AesGcmParams : ArrayBuffer unwrapKey None - ArrayBuffer + ArrayBuffer generateKey @@ -13674,8 +13807,10 @@ dictionary AesGcmParams : CryptoKey - object representing an AES key with value data. + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing an AES key with value data.

  • @@ -13733,7 +13868,9 @@ dictionary AesGcmParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -13876,7 +14013,7 @@ dictionary AesGcmParams : ArrayBuffer verify @@ -13960,7 +14097,10 @@ dictionary HmacKeyGenParams : ArrayBuffer object, associated with the + relevant global object + of this [HTML], and containing the + bytes of mac.

    @@ -14396,7 +14536,9 @@ dictionary HmacKeyGenParams : ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -14599,7 +14741,7 @@ dictionary HmacKeyGenParams : ArrayBuffer @@ -14846,7 +14988,9 @@ dictionary HkdfParams :
  • - Let key be a new CryptoKey object + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and representing the key data provided in keyData.

  • @@ -15047,7 +15191,9 @@ dictionary Pbkdf2Params : CryptoKey object + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and representing keyData.

    diff --git a/spec/Overview.html b/spec/Overview.html index 981afaa..24fbb09 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -1302,7 +1302,7 @@

    14.2. Data Types

    14.3. Methods and Parameters

    - Objects created by the methods defined in this section shall be associated with the + Unless otherwise stated, objects created by the methods defined in this section shall be associated with the relevant global object of this [HTML].

    @@ -2040,6 +2040,9 @@

    14.3.8. The deriveBits method

  • Let result be a new ArrayBuffer + associated with the + relevant global object + of this [HTML], and containing the result of executing the derive bits operation specified by normalizedAlgorithm using baseKey, algorithm and length. @@ -3529,7 +3532,7 @@

    20.2. Registration

    sign None - ArrayBuffer + ArrayBuffer verify @@ -3637,6 +3640,14 @@

    20.8. Operations

    performing the operation.

  • +
  • +

    + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing the + bytes of signature. +

    +
  • @@ -3669,6 +3680,9 @@

    20.8. Operations

    false otherwise.

    +
  • +

    Return result.

    +
  • Generate Key
    @@ -3740,7 +3754,9 @@

    20.8. Operations

  • Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + object, associated with the + relevant global object + of this [HTML], and representing the public key of the generated key pair.

  • @@ -3770,8 +3786,10 @@

    20.8. Operations

  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -3819,8 +3837,7 @@

    20.8. Operations

  • - Return the result of converting result to an ECMAScript Object, as - defined by [WebIDL]. + Return result.

  • @@ -3993,8 +4010,10 @@

    20.8. Operations

  • - Let key be a new CryptoKey - object that represents the RSA public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA public key identified by publicKey.

  • @@ -4165,8 +4184,10 @@

    20.8. Operations

  • - Let key be a new CryptoKey - object that represents the RSA private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA private key identified by rsaPrivateKey.

  • @@ -4534,7 +4555,9 @@

    20.8. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -4599,7 +4622,9 @@

    20.8. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -4795,7 +4820,7 @@

    21.2. Registration

    sign RsaPssParams - ArrayBuffer + ArrayBuffer verify @@ -4862,10 +4887,18 @@

    21.4. Operations

  • - Let signature be a new ArrayBuffer containing the + Let signature be the signature, S, that results from performing the operation.

  • +
  • +

    + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing the + bytes of signature. +

    +
  • @@ -4971,8 +5004,10 @@

    21.4. Operations

  • - Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -5002,8 +5037,10 @@

    21.4. Operations

  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -5284,8 +5321,10 @@

    21.4. Operations

  • - Let key be a new CryptoKey - object that represents the RSA public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA public key identified by publicKey.

  • @@ -5512,8 +5551,10 @@

    21.4. Operations

  • - Let key be a new CryptoKey - object that represents the RSA private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA private key identified by rsaPrivateKey.

  • @@ -6001,7 +6042,9 @@

    21.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -6193,7 +6236,9 @@

    21.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -6382,12 +6427,12 @@

    22.2. Registration

    encrypt RsaOaepParams - ArrayBuffer + ArrayBuffer decrypt RsaOaepParams - ArrayBuffer + ArrayBuffer generateKey @@ -6460,11 +6505,18 @@

    22.4. Operations

  • - Let ciphertext be a new ArrayBuffer - containing the value C that results from performing the + Let ciphertext be the value C that results from performing the operation.

  • +
  • +

    + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext. +

    +
  • Decrypt
    @@ -6507,11 +6559,18 @@

    22.4. Operations

  • - Let plaintext be a new ArrayBuffer - containing the value M that results from performing the + Let plaintext the value M that results from performing the operation.

  • +
  • +

    + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext. +

    +
  • Generate Key
    @@ -6583,8 +6642,10 @@

    22.4. Operations

  • - Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -6615,8 +6676,10 @@

    22.4. Operations

  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -6897,8 +6960,10 @@

    22.4. Operations

  • - Let key be a new CryptoKey - object that represents the RSA public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA public key identified by publicKey.

  • @@ -7126,8 +7191,10 @@

    22.4. Operations

  • - Let key be a new CryptoKey - object that represents the RSA private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the RSA private key identified by rsaPrivateKey.

  • @@ -7587,7 +7654,9 @@

    22.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -7771,7 +7840,9 @@

    22.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -7974,7 +8045,7 @@

    23.2. Registration

    sign EcdsaParams - ArrayBuffer + ArrayBuffer verify @@ -8116,7 +8187,9 @@

    23.7. Operations

  • - Let result be a new ArrayBuffer. + Let result be a new empty ArrayBuffer associated with the + relevant global object + of this [HTML].

  • @@ -8157,7 +8230,10 @@

    23.7. Operations

  • - Return result. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing the + bytes of result.

  • @@ -8317,8 +8393,10 @@

    23.7. Operations

  • - Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -8348,8 +8426,10 @@

    23.7. Operations

  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -8511,8 +8591,10 @@

    23.7. Operations

    If namedCurve is not undefined:

    - Let key be a new CryptoKey - object that represents the Elliptic Curve public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve public key identified by performing the conversion steps defined in Section 2.2 of RFC 5480.

    @@ -8715,8 +8797,10 @@

    23.7. Operations

  • - Let key be a new CryptoKey - object that represents the Elliptic Curve private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve private key identified by performing the conversion steps defined in Section 3 of RFC 5915 using ecPrivateKey.

  • @@ -9068,8 +9152,10 @@

    23.7. Operations

  • - Let key be a new CryptoKey - object that represents Q + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents Q

  • @@ -9295,7 +9381,9 @@

    23.7. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -9453,7 +9541,9 @@

    23.7. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -9633,7 +9723,9 @@

    23.7. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -9805,8 +9897,10 @@

    24.4. Operations

  • - Let publicKey be a new CryptoKey - object representing the public key of the generated key pair. + Let publicKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the public key of the generated key pair.

  • @@ -9835,8 +9929,10 @@

    24.4. Operations

  • - Let privateKey be a new CryptoKey - object representing the private key of the generated key pair. + Let privateKey be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing the private key of the generated key pair.

  • @@ -10117,8 +10213,10 @@

    24.4. Operations

    If namedCurve is not undefined:

    - Let key be a new CryptoKey - object that represents the Elliptic Curve public key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve public key identified by performing the conversion steps defined in Section 2.2 of RFC 5480.

    @@ -10324,8 +10422,10 @@

    24.4. Operations

  • - Let key be a new CryptoKey - object that represents the Elliptic Curve private key identified by + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents the Elliptic Curve private key identified by performing the conversion steps defined in Section 3 of RFC 5915 using ecPrivateKey.

  • @@ -10630,8 +10730,10 @@

    24.4. Operations

  • - Let key be a new CryptoKey - object that represents Q + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + that represents Q

  • @@ -11176,7 +11278,9 @@

    24.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -11224,12 +11328,12 @@

    25.2. Registration

    encrypt AesCtrParams - ArrayBuffer + ArrayBuffer decrypt AesCtrParams - ArrayBuffer + ArrayBuffer generateKey @@ -11338,7 +11442,10 @@

    25.7. Operations

  • - Return ciphertext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext.

  • @@ -11378,7 +11485,10 @@

    25.7. Operations

  • - Return plaintext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext.

  • @@ -11652,7 +11762,9 @@

    25.7. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -11792,12 +11904,12 @@

    26.2. Registration

    encrypt AesCbcParams - ArrayBuffer + ArrayBuffer decrypt AesCbcParams - ArrayBuffer + ArrayBuffer generateKey @@ -11865,7 +11977,10 @@

    26.4. Operations

  • - Return ciphertext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext.

  • @@ -11911,7 +12026,10 @@

    26.4. Operations

  • - Return plaintext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext.

  • @@ -12186,7 +12304,9 @@

    26.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -12320,12 +12440,12 @@

    27.2. Registration

    encrypt AesGcmParams - ArrayBuffer + ArrayBuffer decrypt AesGcmParams - ArrayBuffer + ArrayBuffer generateKey @@ -12432,10 +12552,18 @@

    27.4. Operations

  • - Return a new ArrayBuffer containing C | T + Let ciphertext be equal to C | T, where '|' denotes concatenation.

  • +
  • +

    + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing ciphertext. +

    +
  • Decrypt
    @@ -12528,7 +12656,10 @@

    27.4. Operations

  • - Return a new ArrayBuffer containing plaintext. + Return a new ArrayBuffer associated with the + relevant global object + of this [HTML], and + containing plaintext.

  • @@ -12803,7 +12934,9 @@

    27.4. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -12934,12 +13067,12 @@

    28.2. Registration

    wrapKey None - ArrayBuffer + ArrayBuffer unwrapKey None - ArrayBuffer + ArrayBuffer generateKey @@ -13216,8 +13349,10 @@

    28.3. Operations

  • - Let key be a new CryptoKey - object representing an AES key with value data. + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and + representing an AES key with value data.

  • @@ -13273,7 +13408,9 @@

    28.3. Operations

  • - Let result be a new ArrayBuffer containing + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

  • @@ -13411,7 +13548,7 @@

    29.2. Registration

    sign None - ArrayBuffer + ArrayBuffer verify @@ -13493,7 +13630,10 @@

    29.6. Operations

  • - Return mac. + Return a new ArrayBuffer object, associated with the + relevant global object + of this [HTML], and containing the + bytes of mac.

  • @@ -13924,7 +14064,9 @@

    29.6. Operations

    1. - Let result be a new ArrayBuffer containing data. + Let result be a new ArrayBuffer associated with the + relevant global object + of this [HTML], and containing data.

    @@ -14124,7 +14266,7 @@

    30.2. Registration

    digest None - ArrayBuffer + ArrayBuffer @@ -14366,7 +14508,9 @@

    31.4. Operations

  • - Let key be a new CryptoKey object + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and representing the key data provided in keyData.

  • @@ -14561,7 +14705,9 @@

    32.4. Operations

  • - Let key be a new CryptoKey object + Let key be a new CryptoKey associated with the + relevant global object + of this [HTML], and representing keyData.