This time a short entry just to inform about a new API that is going to come to JavaScript / HTML 5. During the last years I have presented several entries about web cryptography (mainly the three chapter series about the signature applet). If you remember, those old posts recommended to use a Java Applet to perform signatures in the browser/client side (throughout the series different levels of integration were presented), and the main reason for this weird and old fashioned statement was that there was no standard API for managing cryptography and browser keys in the web. That situation is about to change now.
The W3C has published a specification draft to standardized the cryptography in the web world. The Web Cryptography API is a new JavaScript interface for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, encryption and decryption. Obviously the browsers are now starting to implement it (check this bug for firefox and this other for chrome). It is important to remember that the specification is only a first draft and currently only a pure JavaScript implementation (PolyCrypt) is available. For a better understanding of the current situation please read this very informative blog entry by poulpita.
When the specification and the browser implementations were more mature I will try to post a more detailed entry about this new HTML 5 feature and how to use it. This cryptography specification is a long awaited feature in the web standards, at least for me. As a person interested in security, it was absolutely incredible that this important aspect was out of any specification.
A very good new for sure!
Comments