Web apps could become more secure through the use of a 'web cryptography API', a working draft of which has been published by the World Wide Web Consortium.

The draft, published late last week, was put together by engineers from Google and Mozilla and is the first for the API to be publicly released.

It describes a JavaScript application programming interface (API) that would allow web apps to perform basic cryptographic operations, and to generate and manage the keying materials needed for this.

The functionality would include hashing, encryption and decryption, signature generation and signature verification.

Use cases for the API could be found in cloud storage, multi-factor authentication, secure messaging, document signing and protected document exchange, the draft suggested.