{"id":2,"date":"2011-08-31T03:41:59","date_gmt":"2011-08-31T03:41:59","guid":{"rendered":"http:\/\/www.w3.org\/community\/webcryptoapi\/?page_id=2"},"modified":"2012-03-28T22:53:24","modified_gmt":"2012-03-28T22:53:24","slug":"draft","status":"publish","type":"page","link":"https:\/\/www.w3.org\/community\/webcryptoapi\/draft\/","title":{"rendered":"Web Crypto API"},"content":{"rendered":"<h1 id=\"title\" class=\"title\">Web Crypto API \u2014 An Authentification of Data and People in SSL<\/h1>\n<h2 id=\"unofficial-draft-01-june-2010\">Unofficial Draft 01 June 2010<\/h2>\n<dl>\n<dt>Editor:<\/dt>\n<dd><a href=\"http:\/\/www.creation.net\" target=\"_blank\" rel=\"nofollow\">Channy Yun<\/a>, <a href=\"http:\/\/www.mozilla.or.kr\/\" target=\"_blank\" rel=\"nofollow\">Mozilla Korea Community<\/a><\/dd>\n<\/dl>\n<p class=\"copyright\">This document is licensed under a <a rel=\"license nofollow\" href=\"http:\/\/creativecommons.org\/licenses\/by\/3.0\/\" class=\"subfoot\" target=\"_blank\">Creative Commons Attribution 3.0 License<\/a>.<\/p>\n<hr \/>\n<\/div>\n<div class=\"introductory section\">\n<h2>Abstract<\/h2>\n<p>\tThis document defines APIs for signing the message by the user certificate issuing from the certificate authority for SSL communications. It provides cryptographic functions like handling the user certificate, secure login\/logout and verifying the authentity of data i.e. digital signatures.\n    <\/p><\/div>\n<div class=\"introductory section\">\n<h2>Status of This Document<\/h2>\n<p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.<\/p>\n<\/p><\/div>\n<div class=\"section\">\n<h2 class=\"introductory\">Table of Contents<\/h2>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#introduction\" class=\"tocxref\"><span class=\"secno\">1. <\/span>Introduction<\/a><\/li>\n<li class=\"tocline\"><a href=\"#requirements-and-use-cases\" class=\"tocxref\"><span class=\"secno\">2. <\/span>Requirements and use cases<\/a><\/li>\n<li class=\"tocline\"><a href=\"#the-webcrypto-interface\" class=\"tocxref\"><span class=\"secno\">3. <\/span>The <code>WebCrypto<\/code> Interface<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#issuing-the-user-certificate\" class=\"tocxref\"><span class=\"secno\">3.1 <\/span>Issuing the user certificate<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#generatecertrequest-method\" class=\"tocxref\"><span class=\"secno\">3.1.1 <\/span><code>generateCertRequest<\/code> method<\/a><\/li>\n<li class=\"tocline\"><a href=\"#importusercert-method\" class=\"tocxref\"><span class=\"secno\">3.1.2 <\/span><code>importUserCert<\/code> method<\/a><\/li>\n<li class=\"tocline\"><a href=\"#viewcertinfo-method\" class=\"tocxref\"><span class=\"secno\">3.1.3 <\/span><code>viewCertInfo<\/code> method<\/a><\/li>\n<li class=\"tocline\"><a href=\"#validateusercert-method\" class=\"tocxref\"><span class=\"secno\">3.1.4 <\/span><code>validateUserCert<\/code> method<\/a><\/li>\n<\/ul>\n<\/li>\n<li class=\"tocline\"><a href=\"#signing-messages\" class=\"tocxref\"><span class=\"secno\">3.2 <\/span>Signing messages<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#signtext-method\" class=\"tocxref\"><span class=\"secno\">3.2.1 <\/span><code>signText<\/code> method<\/a><\/li>\n<li class=\"tocline\"><a href=\"#decrypttext-method\" class=\"tocxref\"><span class=\"secno\">3.2.2 <\/span><code>decryptText<\/code> method<\/a><\/li>\n<li class=\"tocline\"><a href=\"#veryfysign-method\" class=\"tocxref\"><span class=\"secno\">3.2.3 <\/span><code>veryfySign<\/code> method<\/a><\/li>\n<\/ul>\n<\/li>\n<li class=\"tocline\"><a href=\"#key-handling\" class=\"tocxref\"><span class=\"secno\">3.3 <\/span>Key handling<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#importkeypair-method\" class=\"tocxref\"><span class=\"secno\">3.3.1 <\/span><code>importKeypair<\/code> method<\/a><\/li>\n<li class=\"tocline\"><a href=\"#exportkeypair-method\" class=\"tocxref\"><span class=\"secno\">3.3.2 <\/span><code>exportKeypair<\/code> method<\/a><\/li>\n<\/ul>\n<\/li>\n<li class=\"tocline\"><a href=\"#secure-user-authentication\" class=\"tocxref\"><span class=\"secno\">3.4 <\/span>Secure user authentication<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#login-attribute\" class=\"tocxref\"><span class=\"secno\">3.4.1 <\/span><code>login<\/code> attribute<\/a><\/li>\n<li class=\"tocline\"><a href=\"#logout-attribute\" class=\"tocxref\"><span class=\"secno\">3.4.2 <\/span><code>logout<\/code> attribute<\/a><\/li>\n<\/ul>\n<\/li>\n<li class=\"tocline\"><a href=\"#miscellaneous\" class=\"tocxref\"><span class=\"secno\">3.5 <\/span>Miscellaneous<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#version-attribute\" class=\"tocxref\"><span class=\"secno\">3.5.1 <\/span><code>version<\/code> attribute<\/a><\/li>\n<li class=\"tocline\"><a href=\"#enablesmartcardevents-attribute\" class=\"tocxref\"><span class=\"secno\">3.5.2 <\/span><code>enableSmartCardEvents<\/code> attribute<\/a><\/li>\n<li class=\"tocline\"><a href=\"#random-method\" class=\"tocxref\"><span class=\"secno\">3.5.3 <\/span><code>random<\/code> method<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"tocline\"><a href=\"#guidelines-for-user-interface\" class=\"tocxref\"><span class=\"secno\">4. <\/span>Guidelines for user interface<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#login-with-the-user-certificate\" class=\"tocxref\"><span class=\"secno\">4.1 <\/span>Login with the user certificate<\/a><\/li>\n<li class=\"tocline\"><a href=\"#signing-text-the-user-certificate\" class=\"tocxref\"><span class=\"secno\">4.2 <\/span>Signing text the user certificate<\/a><\/li>\n<\/ul>\n<\/li>\n<li class=\"tocline\"><a href=\"#security\" class=\"tocxref\"><span class=\"secno\">5. <\/span>Security<\/a><\/li>\n<li class=\"tocline\"><a href=\"#acknowledgements\" class=\"tocxref\"><span class=\"secno\">A. <\/span>Acknowledgements<\/a><\/li>\n<li class=\"tocline\"><a href=\"#related-specifications\" class=\"tocxref\"><span class=\"secno\">B. <\/span>Related Specifications<\/a><\/li>\n<li class=\"tocline\"><a href=\"#references\" class=\"tocxref\"><span class=\"secno\">C. <\/span>References<\/a>\n<ul class=\"toc\">\n<li class=\"tocline\"><a href=\"#normative-references\" class=\"tocxref\"><span class=\"secno\">C.1 <\/span>Normative references<\/a><\/li>\n<li class=\"tocline\"><a href=\"#informative-references\" class=\"tocxref\"><span class=\"secno\">C.2 <\/span>Informative references<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<div class=\"informative section\">\n      <!--OddPage--><\/p>\n<h2><span class=\"secno\">1. <\/span>Introduction<\/h2>\n<p><em>This section is non-normative.<\/em><\/p>\n<p>\n\tWebCrypto Object implements an interface exposed by a script engine that allows scripts to perform PKI based functionality, such as issuing the user certificate, signing the message and session authentication in the only HTTPS connection.\n\t<\/p>\n<p>\n\tSome simple code to do signing message from the user certificate.\n\t<\/p>\n<pre>var crypto = new WebCrypto();\r\n\r\nfunction login() {\r\n    var crypto = new WebCrypto();\r\n    result = crypto.login(); \/\/ Launching prompt window to select user certificate\r\n}\r\n\r\nfunction generateCSR() {\r\n    with (document.forms[0]) {\r\n        crmfObject = crypto.generateRequest(\r\n                \"CN=\" + name.value, password.value,\r\n                \"\",\"\",\"\", 1024, null, \"rsa-dual-use\");\r\n    cert_request.value = crmfObject.request;\r\n            submit();\r\n            }\r\n        return false;\r\n       }\r\n\r\nfunction signText() {\r\n    var foo = crypto.signText(\"Transfer USD1 to Some bank\", \"ask\");\r\n    \/\/ Launching prompt window to select user certificate\r\n}\r\n\r\nfunction importCertificate() {\r\n    keypair = crypto.exportKeypair(\"PKCS#12\");\r\n    \/\/ Launching prompt window to select p12 file from file system or SmartCard.\r\n}<\/pre>\n<\/p><\/div>\n<div class=\"section\">\n\t<!--OddPage--><\/p>\n<h2><span class=\"secno\">2. <\/span>Requirements and use cases<\/h2>\n<p>This specification must meet the following requirements:<\/p>\n<dl>\n<dt>Secure login\/logout<\/dt>\n<dd>Choose the client certificate issued by its CA in specific user authentication.<\/dd>\n<dt>Generate a certificate request<\/dt>\n<dd>Generates a private key and creates a CRMF Request object and imports issued certificate<\/dd>\n<dt>Signing specific texts or XML<\/dt>\n<dd>\n\t\tGiven a plaintext and a public key, return the corresponding cyphertext.<br \/>Given a cyphertext and a private key, return the corresponding plaintext.\n\t\t<\/dd>\n<dt>Export a public\/private key pair<\/dt>\n<dd>Export certificates from the keystore to file formats, SmartCard or USB token<\/dd>\n<dt>Import a public\/private key pair<\/dt>\n<dd>Load certificates from the keystore, SmartCard or USB token if the corresponding key is found there.<\/dd>\n<dt>Load SmartCard or USB tocken<\/dt>\n<dd>Events for loading the certificate from SmartCard or HSM based USB token<\/dd>\n<\/dl>\n<p>This specification must meet the following use cases:<\/p>\n<dl>\n<dt>Issuing client certificate<\/dt>\n<ol>\n<li>A User fills out enrollment form and calls key generation method (as like Mozilla&#8217;s generateCRMFRequest)<\/li>\n<li>The User agent generates encrypted private key wrapped with public key and signed certificate request with text string from the script (possibly containing naming or enrollment information). It&#8217;s same of the action of <code>keygen<\/code>.<\/li>\n<li>The User agent returns signed certificate request into the script and submits it into the certificate authority. The CA creates and signs certificates.<\/li>\n<li>The CA sends certificates back to the user (as like Mozilla&#8217;s importUserCertificates) and user agent saves it into its keystore.<\/li>\n<\/ol>\n<dt>Signing and verifying text or XML<\/dt>\n<ol>\n<li>A User can see important messages to be signed by oneself and offers them to a bank service site or one&#8217;s company site.<\/li>\n<li>The User agent generates signed messages by user chosen certificate and send HTTPS server issuing the user certificate.<\/li>\n<\/ol>\n<dt>Secure login\/out in HTTPS server<\/dt>\n<ol>\n<li>A User can log in or log out HTTPS web services with the user certificate<\/li>\n<li>The User agent generates protected session key in log-in and destroys in log out.<\/li>\n<\/ol>\n<dt>Import\/Export keypair from\/to keystore<\/dt>\n<\/dl><\/div>\n<div class=\"section\">\n\t<!--OddPage--><\/p>\n<h2><span class=\"secno\">3. <\/span>The <code>WebCrypto<\/code> Interface<\/h2>\n<p><code>WebCrypto<\/code> Object implements an interface used by scripts to programmatically secure communications to their HTTPS server with the user certificate.\n\t<\/p>\n<pre>interface WebCrypto {\r\n\r\n  readonly attribute DOMString        version;\r\n  attribute boolean         enableSmartCardEvents;\r\n\r\n  DOMString                 random(in long numBytes);\r\n\r\n  DOMString                 generateCertRequest(in DOMString requestedDN,\r\n                                           in DOMString regToken,\r\n                                           in boolean authenticator,\r\n                                           in DOMString escrowAuthorityCert,\r\n                                           in DOMString finalCode,\r\n                                           in DOMString keySize,\r\n                                           in DOMString keyParams,\r\n                                           in DOMString keyGenAlgorithm);\r\n\r\n  DOMString                 importUserCert(in DOMString nickname,\r\n                                           in DOMString cmmfResponse,\r\n                                           in boolean doForcedBackup);\r\n\r\n  DOMString                 viewCertInfo(in DOMString nickname);\r\n  DOMString                 validateUserCert(in DOMString nickname);\r\n\r\n  DOMString                 signText(in DOMString stringToSign,\r\n                                     in DOMString caOption);\r\n\r\n  DOMString                 decryptText(in DOMString stringTodecrypt,\r\n                                     in DOMString caOption);\r\n\r\n  DOMString                 verifySign(in DOMString stringToverify,\r\n                                     in DOMString caOption);\r\n \r\n  void                      importKeypair(in DOMString cipherFlag);\r\n  void                      exportKeypair();\r\n\r\n  void                      validateUserCert();\r\n  void                      revokeUserCert();\r\n\r\n\r\n  attribute boolean         login();\r\n  attribute boolean         logout();\r\n};<\/pre>\n<div class=\"section\">\n<h3><span class=\"secno\">3.1 <\/span>Issuing the user certificate<\/h3>\n<div class=\"section\">\n<h4><span class=\"secno\">3.1.1 <\/span><code>generateCertRequest<\/code> method<\/h4>\n<p>The generateCertRequest method generates a sequence of certificate requests that has multiple requests. The user agent must make one request for each key pair that is generated.<\/p>\n<p>When the <code>generateCertRequest(\"requestedDN\", \"regToken\", \"authenticator\",  \"escrowAuthorityCert\", \"finalCode\", keySize, \"keyParams\", \"keyGenAlgorithm\")<\/code> method is invoked, the user agent must run these steps:\n\t<\/p>\n<ol>\n<li> Let requestedDN be a RFC 1485 formatted Distinguished Names to include in the certificate request.<\/li>\n<li>Let regToken be a value used to authenticate the user to the certificate authority.<\/li>\n<li>Let authenticator be a value that the user can authenticate with in the future when their private key is not available. Can be used for key recovery or revocation requests.<\/li>\n<li>The escrowAuthorityCert specifies which KRA certificate should be used to wrap the private key being escrowed. If this value is NULL, then no key escrow will be performed.<\/li>\n<li>If keySize exists, let be the size in bits of the key to generate.<\/li>\n<li>The keyParams be an optional algorithm dependent parameter value.<\/li>\n<li>Let keyGenAlgorithm be encryption algorithm the generated key will support. Acceptable values are listed in Definitions of mechanism flag and algorithm.<\/li>\n<li>The user agent prompts the user to be presented with a key generation dialog. that describes the key generation process and gives the user the opportunity to cancel the operation.<\/li>\n<li>If finalCode exists, the certificate request object is returned to this Javascript method.<\/li>\n<\/ol><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.1.2 <\/span><code>importUserCert<\/code> method<\/h4>\n<p>The importUserCert method loads certificates into the keystore or SmartCard if the corresponding key is found there.\n\t<\/p><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.1.3 <\/span><code>viewCertInfo<\/code> method<\/h4>\n<p>The viewCertInfo method shows detail informations of the specific certificate of given nickname.\n\t<\/p>\n<\/p><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.1.4 <\/span><code>validateUserCert<\/code> method<\/h4>\n<p>The validateUserCert method checks validity of the specific certificate of given nickname by communication to Certificate Revocation List or valid OCSP server.\n\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"section\">\n<h3><span class=\"secno\">3.2 <\/span>Signing messages<\/h3>\n<p>This section non-normative<\/p>\n<div class=\"section\">\n<h4><span class=\"secno\">3.2.1 <\/span><code>signText<\/code> method<\/h4>\n<p>The signText method generates digitally signed encrypted messages by selected the user certificate given text strings. When the signText(&#8220;stringToSign&#8221;, &#8220;caOption&#8221;) method is invoked, the user agent must run these steps:\n\t<\/p>\n<ol>\n<li>Let stringToSign be the string that the user want to sign. It can be the string, json or XML format. If stringToSign indicates document ID for specific form, the user agent generates QUERY_STRING variables from form.\n\t<\/li>\n<li>If caOption is &#8220;ask&#8221;, the user agent must presented to the user in a dialog box to show human-readable text to be signed and select the user certificate.  In case of &#8220;auto&#8221; for the caOption parameter, it indicates the user agent  selects a signing certificate automatically from those available in the certificate keystore.\n\t<\/li>\n<li>In all cases the user may choose either to cancel the signing operation by clicking &#8220;Cancel&#8221; or to approve the operation by clicking &#8220;OK&#8221;. If the user approves the operation, the user agent asks for the password to the  certificate keystore. If the user enters the correct password, this method signs the specified string and returns the signed string.\n\t<\/li>\n<\/ol><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.2.2 <\/span><code>decryptText<\/code> method<\/h4>\n<p>The decryptText method decrypts digitally signed messages from the server with the user certificate. When the decryptText(&#8220;stringTodecrypt&#8221;, &#8220;caOption&#8221;) method is invoked, the user agent must run these steps:\n\t<\/p>\n<ol>\n<li>Let stringTodecrypt be the string that the user want to decrypt.<\/li>\n<li>If caOption is &#8220;ask&#8221;, the user agent must presented to the user in a dialog box to show human-readable text to be signed and select the user certificate.  In case of &#8220;auto&#8221; for the caOption parameter, it indicates the user agent selects a certificate to decrypt given cipher text automatically from those available in the certificate keystore.<\/li>\n<li>In all cases the user may choose either to cancel the signing operation by clicking &#8220;Cancel&#8221; or to approve the operation by clicking &#8220;OK&#8221;. If the user approves the operation, the user agent asks for the password to the  certificate keystore. If the user enters the correct password, this method decrypts specific cipher text and returns the plain text.\n\t<\/li>\n<\/ol><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.2.3 <\/span><code>veryfySign<\/code> method<\/h4>\n<p>The veryfySign method verifies digitally signed encrypted message if the integrity is guranteed or not.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"section\">\n<h3><span class=\"secno\">3.3 <\/span>Key handling<\/h3>\n<p>This section non-normative<\/p>\n<div class=\"section\">\n<h4><span class=\"secno\">3.3.1 <\/span><code>importKeypair<\/code> method<\/h4>\n<p>This importKeypair method import a key pair into a keystore from PKCS #12 or PEM bundle file.<\/p>\n<ol>\n<li>Th user selects the folder where the required PKCS #12 or PEM bundle file is stored and clicks on the required PKCS #12 or PEM bundle file.<\/li>\n<li>If the selected file was a PEM bundle containing encrypted private keys, one or more Password for Private Key dialogs will appear, one fore each such key.<\/li>\n<li>The method can call directly the native user interface of the browser specific function for importing keypair.<\/li>\n<\/ol><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.3.2 <\/span><code>exportKeypair<\/code> method<\/h4>\n<p>This section non-normative<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"section\">\n<h3><span class=\"secno\">3.4 <\/span>Secure user authentication<\/h3>\n<p>This section non-normative<\/p>\n<div class=\"section\">\n<h4><span class=\"secno\">3.4.1 <\/span><code>login<\/code> attribute<\/h4>\n<\/p><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.4.2 <\/span><code>logout<\/code> attribute<\/h4>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"section\">\n<h3><span class=\"secno\">3.5 <\/span>Miscellaneous<\/h3>\n<div class=\"section\">\n<h4><span class=\"secno\">3.5.1 <\/span><code>version<\/code> attribute<\/h4>\n<\/p><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.5.2 <\/span><code>enableSmartCardEvents<\/code> attribute<\/h4>\n<p>The <code>enableSmartCardEvents<\/code> attribute  listens for SmartCard insertion and removal events. By setting webcrypto.enableSmartCardEvents to true, the system is ready for listening of these events. Two smart card related events are generated &#8220;smartcard-insert&#8221; when SmartCards are inserted, and &#8220;smartcard-remove&#8221; when SmartCards are removed.\n\t<\/p>\n<pre>function onSmartCardChange() {\r\nwindow.location.reload();\r\n}\r\n\r\nfunction register() {\r\nwindow.crypto.enableSmartCardEvents=true;\r\ndocument.addEventListener(\"smartcard-insert\",onSmartCardChange,false);\r\ndocument.addEventListener(\"smartcard-remove\",onSmartCardChange,false);\r\n}\r\n\r\nfunction deregister() {\r\ndocument.removeEventListener(\"smartcard-insert\",onSmartCardChange,false);\r\ndocument.removeEventListener(\"smartcard-remove\",onSmartCardChange,false);\r\n}<\/pre>\n<\/p><\/div>\n<div class=\"section\">\n<h4><span class=\"secno\">3.5.3 <\/span><code>random<\/code> method<\/h4>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<div class=\"section\">\n<!--OddPage--><\/p>\n<h2><span class=\"secno\">4. <\/span>Guidelines for user interface<\/h2>\n<p>\nThis guideline is to maintain the consistency of user interfaces for avoiding confusion of the user between the user agent.\n<\/p>\n<div class=\"section\">\n<h3><span class=\"secno\">4.1 <\/span>Login with the user certificate<\/h3>\n<p>When the user logs in the HTTPS server, the user agent shows the important information of HTTS server i.e. the URL, company name and basic location informations.<\/p>\n<p>The user agent should avoid pop-up style window to select the user certificate.<\/p>\n<\/p>\n<\/div>\n<div class=\"section\">\n<h3><span class=\"secno\">4.2 <\/span>Signing text the user certificate<\/h3>\n<p>When the user signs the text with the user certificate, the user agent shoud show signing text to the user.<\/p>\n<p>The user agent should avoid pop-up style window to select the user certificate.<\/p>\n<\/p>\n<\/div>\n<\/div>\n<div class=\"section\">\n<!--OddPage--><\/p>\n<h2><span class=\"secno\">5. <\/span>Security<\/h2>\n<p>This section explains security considerations for this specification.<\/p>\n<ol>\n<li>All of functions in this specification must be operated under HTTPS-forced connection.<\/li>\n<li>Some important methods must be processed after browser-based key protection method as like Firefox&#8217;s master password. <\/li>\n<li>Before signining request, the user must be logged in this same domain with the same client certificate issued by the valid certificate autority.<\/li>\n<li>Signing request must be done by the only user certificate which the extension of certificate Key Usage is &#8220;Signing&#8221;.<\/li>\n<li>Signing requests must be restricted to the top level content (i.e. not frames) to ensure origin of the request in URL of location bar.<\/li>\n<li>It must be included the content domain information in the signed message for the guarantee of an data integrity.<\/li>\n<\/ol>\n<\/div>\n<div class=\"section appendix\">\n<p>      <!--OddPage--><\/p>\n<h2><span class=\"secno\">A. <\/span>Acknowledgements<\/h2>\n<div>\n\tThis specification is the result of <a href=\"http:\/\/lists.w3.org\/Archives\/Public\/public-webapps\/2009JanMar\/0898.html\" target=\"_blank\" rel=\"nofollow\">many discussions<\/a> in W3C HTML5 and Web Applications Workging Group and many people helped to make this including Anders Rundgren, Lucas Adamski, Kai Engert,  Bob Relyea, Amax Guan, Gen Kanai, Minkyu Shin, Dongsan Lee and Jungsik Shin.\n      <\/div>\n<div><\/div>\n<\/p><\/div>\n<div class=\"section\">\n<!--OddPage--><\/p>\n<h2><span class=\"secno\">B. <\/span>Related Specifications<\/h2>\n<dl>\n<dt>RFC 1485<\/dt>\n<dd>A String Representation of Distinguished Names<\/dd>\n<dt>RFC 4211<\/dt>\n<dd>the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF), defines a certReqMessage. The object returned by generateCRMFRequest() contains one of those.<\/dd>\n<dt>HTML5<\/dt>\n<dd><code>keygen<\/code> element to key-pair generator\/input control<\/dd>\n<dt>HTML5 Web Workers<\/dt>\n<dd>1.2.6 Providing libraries Suppose that a cryptography library is made available<\/dd>\n<\/dl>\n<\/div>\n<div class=\"appendix section\"><!--OddPage--><\/p>\n<h2><span class=\"secno\">C. <\/span>References<\/h2>\n<div class=\"section\">\n<h3><span class=\"secno\">C.1 <\/span>Normative references<\/h3>\n<p>No normative references.<\/p>\n<\/div>\n<div class=\"section\">\n<h3><span class=\"secno\">C.2 <\/span>Informative references<\/h3>\n<p>No informative references.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web Crypto API \u2014 An Authentification of Data and People in SSL Unofficial Draft 01 June 2010 Editor: Channy Yun, Mozilla Korea Community This document is licensed under a Creative Commons Attribution 3.0 License. Abstract This document defines APIs for &hellip; <a href=\"https:\/\/www.w3.org\/community\/webcryptoapi\/draft\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_s2mail":"yes","footnotes":""},"class_list":["post-2","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/pages\/2","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/comments?post=2"}],"version-history":[{"count":3,"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/pages\/2\/revisions"}],"predecessor-version":[{"id":48,"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/pages\/2\/revisions\/48"}],"wp:attachment":[{"href":"https:\/\/www.w3.org\/community\/webcryptoapi\/wp-json\/wp\/v2\/media?parent=2"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}