[Pki-users] Web Cryptography API

In some sections of the application I get the message: Warning: This version of Firefox no longer supports the crypto web object used to generate and archive keys from the browser. As a result expect limited functionality in this area. Doing a little research I found this information : https://www.redhat.com/archives/pki-users/2015-September/msg00012.html It means that Firefox's API changed. The old, custom keygen / crypto API was deprecated for a long time, then removed, but the new, standardised Web Crypto API is not supported by Dogtag yet. Hope that clarifies the situation for you. -Fraser Tweedale- It was reported On Mon, Sep 07, 2015 at 03:03:03PM +0300, By Aleksey Chudov Little more than a year , so I doubt arise as follows : Do you have plans to migrate to Web Cryptography API? Could take a look at PKI.js project, have made great strides in this topic: https://github.com/PeculiarVentures/PKI.js PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications. It is built on WebCrypto ( Web Cryptography API ) and aspires to make it possible to build native web applications that utilize X.509 and the related formats on the web without plug-ins. Features of the library * First and ONLY (April 2015) open-source JS library with full support for all "Suite B" algorithms in CMS messages; * First library with support for CMS Enveloped data (encrypt/decrypt) in pure JavaScript + Web Cryptography API; * Fully object-oriented library. Inhiritence is using everywhere inside the lib; * Working with HTML5 data objects (ArrayBuffer, Uint8Array, Promises, Web Cryptography API, etc.); * Has a complete set of helpers for working with types like: * GeneralName; * RelativeDistinguishedName; * Time; * AlgorithmIdentifier; * All types of ASN.1 strings, including "international" like UniversalString, UTF8String and BMPString (with help from ASN1js ); * All extension types of X.509 certificates (BasicConstraints, CertificatePolicies, AuthorityKeyIdentifier etc.); * All "support types" for OCSP requests and responces; * All "support types" for Time-Stamping Protocol (TSP) requests and responces; * Has own certification chain verification engine, built in pure JavaScript, with help from Promises and Web Cryptography API latest standard implementation; * Working with all Web Cryptography API signature algorithms: * RSASSA-PKCS1-v1_5; * RSA-PSS; * ECDSA; * Working with all "Suite B" (and more) encryption algorithms and schemas: * RSASSA-OAEP + AES-KW + AES-CBC/GCM; * ECDH + KDF on SHA-1/256/384/512 + AES-KW + AES-CBC/GCM; * Pre-defined "key encryption key" + AES-KW + AES-CBC/GCM; * Password-based encryption for CMS with PBKDF2 on HMAC on SHA-1/256/384/512 + AES-KW + AES-CBC/GCM; * Working with all major PKI-related types ("minor" types are not mentioned here but there are huge number of such "minor types"): * X.509 certificates: * Parsing internal values; * Getting/setting any internal values; * Creatiion of a new X.509 certificate "from scratch"; * Internal certificate chain validation engine ; * X.509 "certificate revocation lists" (CRLs): * Parsing internal values; * Getting/setting any internal values; * Creation of a new CRL "from scratch"; * Validation of CRL signature; * Search inside CRL for specific revoked certificate. * PKCS#10 certificate request: * Parsing internal values; * Getting/setting any internal values; * Creation of a new PKCS#10 certificate request "from scratch"; * Validation of PKCS#10 signature; * OCSP request: * Parsing internal values; * Getting/setting any internal values; * Creation of a new OCSP request "from scratch". * OCSP response: * Parsing internal values; * Getting/setting any internal values; * Creation of a new OCSP response "from scratch"; * Validation of OCSP response signature. * Time-stamping request: * Parsing internal values; * Getting/setting any internal values; * Creation of a new Time-stamping request "from scratch"; * Validation of Time-stamping request signature; * Time-stamping response: * Parsing internal values; * Getting/setting any internal values; * Creation of a new Time-stamping response "from scratch"; * Validation of Time-stamping response signature * CMS Signed Data: * Parsing internal values; * Getting/setting any internal values; * Creation of a new CMS Signed Data "from scratch"; * Validation of CMS Signed Data signature; * CMS Enveloped Data: * Parsing internal values; * Getting/setting any internal values; * Creation (encryption) with full support for "Suite B" algorithms and more; * Decryption with full support for "Suite B" algorithms and more; * CMS Encrypted Data: * Parsing internal values; * Getting/setting any internal values; * Creation (encryption) with password; * Decryption with password; * PKCS#12: * Parsing internal values; * Making any kind of internal values (SafeContexts/SafeBags) with any kind of parameters;