Cryptographic Message Syntax (CMS) API

[marcoscaceres]

Introduction

This proposal advocates for the development of a web standard for the Cryptographic Message Syntax (CMS) API, specifically tailored to enhance the security of email communications through S/MIME. CMS, as described in RFC 5652, is fundamental for signing, encrypting, decrypting, and verifying email messages, facilitating end-to-end secure email communication. For example:

const message = await window.crypto.cms.encrypt(algorithm, key, recipients, emailContent);

This code snippet illustrates how developers could securely encrypt email content using recipient public keys managed through the CMS API.

Feedback

We welcome all feedback and discussion related to this proposal. Please feel free to comment in this thread or file specific issues against the explainer. For a more comprehensive understanding, see the full Cryptographic Message Syntax (CMS) API Explainer.

[yoavweiss]

Hey Marcos! Can you expand on the use case for this? Is this destined to enable/simplify the implementation of web-based email clients that include encryption?

[marcoscaceres]

That is correct. It’s for end to end encrypted emails in web clients

[marcoscaceres]

After conferring with industry colleagues, we've decided to withdraw this proposal. We might look at other potential avenues, such as a JS or WASM library. However, there are no concrete plans yet.