> Supporting smart cards in the spec and first implementations is not a goal,
> however, I think a lot of the base work we are doing will help in a future
> iteration. For instance, I hope that this Gecko 'internal API' will help
> extension and browser developers to experiment with smartcards, crypto keys,
> etc.
Really happy to hear. Keep us updated when some work is made!
> Are you saying you base64 encode the data to be signed before the signature
> is created?
No. Let me show you an example.
Consider you provide this API:
sign(keyId, data)
IMHO, the correct way of invoking wil be:
sign(1,"ZGF0YXRvYmVzaWduZWQ=")
Inseatd of (cause it can end in encoding translation problem)
sign(1,"datatobesigned")
For example, using iso-8859-1 and UTF-8 this string is not the same
"En España el Paragüas es invisíble"
> Public key as a privacy risk? I don't imagine we will have an address bound
> the the public key.
My X509 cert has my name, surname, identity ID...i dont want ANY site,
(except those requiring SSL client authentication like Tax ministry)
have any access to it.
My public key has a unique hash that could (easily) be used to track a
user. I dont want that either.
Regards
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
