PROPOSAL: WebCrypto Key Management API Extension #214
Description
Introduction
As cryptographic key management is becoming more necessary on the Web for security purposes it has meant that many wallets, extensions, and browser features need to re-implement key management for various features in the Web platform. Furthermore, many sites rely upon cryptographic operations, but often need hardware backed key storage or do not want to expose the cryptographic keys to site scripts and utilize site storage. This has meant that there's a lot of re-implementation of basic cryptographic operations in many places that all encounter their own various tradeoffs. The purpose of this WebCrypto extension is to add low level key management API so that it would be possible to have hardware backed keys as a low level primitive. Additionally, this would allow for a purely browser managed software cryptographic implementation for commonly used algorithms. From there various features on the web such as wallets and browser APIs like WebAuthn Level 3 could be built upon this generalized key management layer.
Feedback (Choose One)
I welcome feedback in this thread, but encourage you to file bugs against the Explainer.