Martin, thanks for your quick response. Martin Paljak wrote: > On Sep 21, 2010, at 12:19 PM, Michael Ströder wrote: >> We're thinking about doing RSA encryption/decryption within the browser. For >> this application Javascript is assumed to be enabled but we consider using >> Java applets to cause too much trouble with user support. RSA key size should >> be 2048 bits and therefore pure Javascript implementations are much too slow. >> >> Is it possible to access the crypto libs in Mozilla-based browsers (Firefox, >> Seamonkey, etc.) from Javascript? > Where will you keep the keys for decryption inside the browser and how do > you plan to provision them?
The keys should be sent from the web app to the browser protected via Shared Secret negotiated before. So we would need to access a RSA API functions for encryption/decryption from Javascript passing in the RSA key blob (probably PKCS#1). > Do you mean using the keys available via NSS? The keys are definitely not stored in a key-store accessible via PKCS#11. > There is signText() but that's not really useful IMHO [1] > > [1] https://developer.mozilla.org/en/JavaScript_crypto Yes, I know. Unfortunately not applicable in our case. Implementing and rolling out an extension is also not an option... Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
