[Cryptographic Message Syntax (CMS)] Can the API be algorithm-agnostic?

[twiss]

The current explainer has the following example code:

  // Get a pointer to the remote signing key
  const signerKey = await window.crypto.subtle.generateKey(
    {
      name: "remote",
      action: "fetch",
      userIdentifier: "alice@icloud.com",
    },
    false,
    ["sign"]
  );

  // Define required algorithms
  const digestAlgo = "SHA-256";
  const signAlgo = {
    name: "RSA-PSS",
    saltLength: someNumber,
  };

  // Sign and return signatures as array
  const signedData = await cms.signData(digestAlgo, signAlgo, signerKey, data);
  return signedData.signerInfos.map((s) => s.signature);

(in which the first half doesn't quite match the proposal here - but that's less important.) IIUC, the retrieved key could be for any algorithm, not necessarily RSA. So the application would have to guess or find out what the algorithm is. Could the second half be simplified to just

  const signedData = await cms.sign(signerKey, data);

and similarly, further down

  const envelopedData = await cms.encrypt(recipientKeys, data);

? (In the latter case, the recipient keys might also even be for different algorithms, e.g. one using ECDH and one using RSA. So I don't think it's even possible to pass a single object indicating what the public-key algorithm should be, if I'm not mistaken.)

[jonchoukroun]

After discussing with other industry colleagues, we’ve decided not to pursue standardization of a CMS API in Web Crypto. However we may pursue an alternative, like a JS or WASM library.

[marcoscaceres]

Thanks again for all the feedback and super useful discussion, @twiss!