668
edits
Changes
→Key Wrapping
== Key Wrapping ==
Using the internal BrowserID API (for now), the Firefox Sync client can request wrapping and unwrapping of sensitive material:
navigator.id.internal.secret.wrap(origin, assertion, plainKey, successCB, failureCB)
This call takes a plaintext key (must be base64-encoded) and calls the <tt>successCB</tt> with the resulting wrapped key.
<tt>origin</tt> should be an origin under Firefox-Sync control, e.g. <tt>https://sync.services.mozilla.org</tt>. This wrapped key can then be safely stored in the Sync storage engine itself.
navigator.id.internal.secret.unwrap(origin, assertion, wrappedKey, successCB, failureCB);
This call takes a wrapped key and calls <tt>successCB</tt> with the resulting plaintext key (same base64-encoded string provided at wrap time). The <tt>origin</tt> must match that used at wrap time.
