Web Cryptography API on Securing JavaScript

Written by on February 28, 2013 in AJAX Security, Javascript - No comments

w3cOne of the latest development for a more secure JavaScript, is the Web Cryptography API by the W3C. The latest working draft released on January 8th, 2013, describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.

Some Web Cryptography API Use Cases have been developed to represent some of the set of expected functionality that may be achieved by the Web Cryptography API. Examples include Banking Transactions, Video services, Code Sanctity and Bandwidth Saver, Encrypted Communications via Webmail, and Off The Record Real Time Messaging.

According to the working group, the expected Candidate Recommendation is scheduled for August 2013. The Web Cryptography API is actually a working draft, and you are encouraged to send your comments or even join the working group.

 

Leave a Comment