New mentor request: Hardware-backed SubtleCrypto calls

633 views
Skip to first unread message

dom...@chromium.org

unread,
Nov 23, 2022, 3:15:25 PM11/23/22
to spec-m...@chromium.org, ron...@rmacd.com

A new Chromium specification mentor request was submitted via the form:

Requestor email
ron...@rmacd.com
API or proposal name
Hardware-backed SubtleCrypto calls
Brief description
I would like to work on a proposal to update the implementation of the SubtleCrypto.encrypt() and .decrypt() APIs, such that calls can be made to hardware tokens (ie HSMs, or otherwise). I note previous work undertaken on the WebUSB APIs, but feel this is not the right path to take. The intention would be to enable appropriately marked-up cyphertext to be decrypted on the client side via hardware tokens. A straightforward use-case would be to allow for the use of OpenPGP in browsers without having to run gpg-agent etc., and "just" (he says) allow access to the hardware token directly. As I have not gone through this process before I would very much appreciate a mentor (if only to tell me that this idea is ridiculous and that I should drop it ...).

If you're interested in mentoring, please volunteer by replying to this email! Otherwise, dom...@chromium.org will assign someone within the next 2 business days.

Reilly Grant

unread,
Nov 28, 2022, 12:29:28 PM11/28/22
to dom...@chromium.org, spec-m...@chromium.org, ron...@rmacd.com
I don't have time to mentor this work but I recommend before continuing that the proposer familiarize themselves with previous discussions in this space, such as the conclusions of the WebCrypto Next Workshop and later discussions.
Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome


--
You received this message because you are subscribed to the Google Groups "spec-mentors" group.
To unsubscribe from this group and stop receiving emails from it, send an email to spec-mentors...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/spec-mentors/CAJnPROzfhKy9Wu2mgULxXQP7A%2B22BwR%3DOyZhCyU2aU40rCyPUw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

Jeffrey Yasskin

unread,
Nov 29, 2022, 12:44:56 PM11/29/22
to Reilly Grant, dom...@chromium.org, spec-m...@chromium.org, ron...@rmacd.com
I could spec-mentor, but before spending a lot of time on this, beyond Reilly's point, I'd want to make sure that the code owners of the relevant subsystems in Chromium are interested in accepting code to do this, and that enough UX resources are available to get the permission prompt right.

Domenic Denicola

unread,
Dec 1, 2022, 12:26:28 AM12/1/22
to ron...@rmacd.com, Reilly Grant, dom...@chromium.org, spec-m...@chromium.org, Jeffrey Yasskin
Thanks to you both for your responses! Ronald, have you been in communications with the code owners and UX designers Jeffrey mentions?
Reply all
Reply to author
Forward
0 new messages