Just some commets you could ignore :P As said before, i dont know if you have considered smartcard. These, (as discussed in https://groups.google.com/forum/#!topic/mozilla.dev.tech.crypto/hNS32Zhz9gw) could have some other needs. IMHO, a lot of discuss yet to come.
I have experienced some issues regarding to encoding. A page encoded in ISO send some data to a page encoded in UTF-8 which signs...then, verify could not match. So we decide to use base64 binary encoding for all operations. I think "plaintext" maybe its not the best option (or maybe im wrong) <half offtopic> Its being discussed on the other thread, but just to let you know, actually, theres not a way for knowing if Keypair generation is made on softokn or smartcard, and that lead (in our company) to some problems. I think something must be done about this. I agree with Anders Certenroll could be (*IS*) evil, but if an app/site developer what to use an specificsmartcard, perhaps he should be able to know if that smartcard is present... </half offtopic> Regarding signWithUserConfirmation, you should consider some devices (like spanish DNIe) show their own window, which "you cant control" when going to sign. Anything i can do for you regarding this, just tell me. As i can do RSA512 or RSA1024 with a 2048 RSA key, and like someone suggested, i think a default mechanism/algorithm (if not specified) should be enabled, but developers should be able to choose one... Will be possible to create a more complex sign-formats, like PKCS#1, PKCS#7, XAdES, XML, PDF...? Maybe i didnt understand it well, but Im REALLY concerned about your public key handling. IIUC, a site could get access to the public key, and i dont waht that at all. My public key can contain my name, identity card or even my address...i think this IS a privacy issue. Public or private keys should be a reference/handler, not the keys. Maybe you could do something like this: -invoke selectCertDialog and keep an internal reference of selectedCert. -do operations like hash(sign) form js, without having the public cert (only internal has the reference) -to operate with another key, invoke selecCertDialog again Thanks a lot four your work, Im sure more question should come... -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
