Class window.crypto

by Douglas Stebila – 2009/08/12

This document describes one proposed additions to Javascript to enable application-level cryptography in Javascript: an interface to the TLS keying material exporter, standardized as RFC 5705.

This functionality allows an application to safely derive ("export") additional keying material from the master secret generated by TLS. By exposing this functionality to an application, the application can perform cryptographic operations that are bound to the underlying TLS channel.

For example, a client could establish an encrypted TLS channel with a server without using client certificates, then later perform a cryptographic protocol at the application layer to perform secure password authentication. By using TLS keying material exporters, the application can bind the password authentication to the underlying TLS channel. This means that the client can detect a man-in-the-middle or phishing attack at the application layer: if there was a man-in-the-middle attacker who had set up separate TLS channels with the client and the server and relayed the traffic between them, the exported keying material would be different and the client and the real server would be able to detect this. Note that this works even if the client mistakenly accepted the certificate it was presented with when it should not have (such as in a phishing attack).

Method Summary
Method Attributes Method Name and Description
{String}
window.crypto.tlsExportKeyingMaterial(label, len, context_value)
Returns a string of len bytes of keying material derived from the TLS master secret using the given label, according to draft-ietf-tls-extractor-06.
Method Detail
{String} window.crypto.tlsExportKeyingMaterial(label, len, context_value)
Returns a string of len bytes of keying material derived from the TLS master secret using the given label, according to RFC 5705.

This function only works when the page loaded into the window uses HTTPS with TLS v1.0 or higher; otherwise, it returns null. Although loading a page may result in multiple requests issued, possibly over different TLS channels, this function uses the TLS channel for the main page loaded into the window, not any subrequests.

An implementation exists for Mozilla Firefox with the patch in Bugzilla bug #508184.

The following example returns a string containing 40 bytes generated from the label "EXPERIMENTAL test".

var s = window.crypto.tlsExportKeyingMaterial("EXPERIMENTAL test", 40, null);
Parameters:
{String} label
A label
{int} len
The number of bytes to generate.
{String} context_value
A string containing additional material to put into the keying material exporter; may be null.
Returns:
{String} A string containing len bytes, or null if TLS is not being used for the document contained in window.
See:
RFC 5705

Documentation generated by JsDoc Toolkit 2.3.0 on Wed Aug 12 2009 10:42:50 GMT+1000 (EST)