Cryptography API Test Page

There is now a standard web cryptography API. Eventually this will be built in to all browsers. See:

The crypto API has a lot of stuff in it. This demo page exercises just a few calls.

I wanted to note two things about the crypto API. First, the spec makes reference to a BigInteger typedef. It appears in exactly one place, as the public exponent for RSA calls. There are no other operations defined on BigInteger. This is peculiar. If you're not going to let people use BigIntegers then why mention them at all? Declaring the exponent parameter as a Uint8Array or something like that would have worked just as well. Perhaps this was an oversight.

Second, there is nothing in the API to facilitate browser/server key negotiation (Diffie-Hellman). In fact I found a note that it was in an earlier version of the standard but was removed. I guess we're supposed to just depend on HTTPS.

ACME Labs / Web APIs / Cryptography