There are several sample programs my company has
made available on
its GitHub page:
The authoritative reference for the Web Cryptography API is
the W3C Candidate
Recommendation produced by the
Cryptography Working Group. You can also read their
Harry Halpin of the W3C presented a paper on
W3C Web Cryptography API: Design and Issues at the
on Web APIs and RESTful Design. It gives background into
the factors going into the development of the API.
What parts of the API does your browser support? Find out
with this test
page from Daniel Roesler.
All the SubtleCrypto methods return new ECMAScript 6
objects. This Google Web Fundamentals tutorial
is a good place to learn more.
The API uses ArrayBuffer
and ArrayBufferView objects for all data input and results.
HTML5 Rocks has a lot of good articles on them:
- Typed Arrays: Binary Data in the Browser
- New Tricks in XMLHttpdRequest2
- Workers ♥ ArrayBuffer
You can convert between strings and ArrayBuffers with
the new Encoding API, well
explained, as usual, in an
If your browser doesn't yet support it, you can wait a while, or
you can use this trick
from Johan Sundström.
The only way to persistently store CryptoKey objects in the browser is by using
IndexedDB. There's a nice
by Raymond Camden available
X.509, PKIX, and ASN.1
Just in case using the Web Cryptography API isn't challenging
enough for you, you can build PKIX solutions on top of
it. The relevant standards are
for Cryptographic Message Syntax, and
X.690 for ASN.1 and BER/DER encoding rules.
Carl Mehner has a series of posters
showing examples of many PKIX objects in hex form with detailed
explanations of every part of their structure. Print them out
The most useful explanation of ASN.1 I've found is
by simple words from Yuri
Strozhevsky. Yuri is also a major contributor to
GlobalSign's open source
Need more? Take a look at this
blog post, an RSA Technical Note titled
Guide to a Subset of ASN.1, BER, and DER, and an article on
Key Structures in DER and PEM. There's even an
book you can download on the subject.