Closed twiss closed 3 months ago
After discussing with other industry colleagues, we’ve decided not to pursue standardization of a CMS API in Web Crypto. However we may pursue an alternative, like a JS or WASM library.
Thanks again for all the feedback and super useful discussion, @twiss!
The current explainer has the following example code:
(in which the first half doesn't quite match the proposal here - but that's less important.) IIUC, the retrieved key could be for any algorithm, not necessarily RSA. So the application would have to guess or find out what the algorithm is. Could the second half be simplified to just
and similarly, further down
? (In the latter case, the recipient keys might also even be for different algorithms, e.g. one using ECDH and one using RSA. So I don't think it's even possible to pass a single object indicating what the public-key algorithm should be, if I'm not mistaken.)