Home/ Questions/Q 7808807
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T03:14:25+00:00

I am studying Caja and having some trouble understanding how it works: function Brand()

  • 0

I am studying Caja and having some trouble understanding how it works:

function Brand() {
  var flag = false, payload = null; 

  return caja.freeze({
    seal: function(payloadToSeal) {
      function box() {
        flag = true;
        payload = payloadToSeal;
      }
      box.toString = function() {
        return "(box)";
      };
      unseal: function(box) {
        flag = false;
        payload = null; 
        try {
          box();
          if (!flag)  { throw ...; }
          return payload;
        } finally {
          flag = false;
          payload = null; 
        }
      }
   });
}

This has a caption that reads:

Fig. 10: Rights amplification. Each brand has a seal and unseal
function, acting like a matched encryption and decryption key. Sealing
an object returns a sealed box that can only be unsealed by the
corresponding unseal function. The implementation technique shown here
is due to M. Stiegler.

Is this pseudocode? I’m confused at what’s happening, such as at box() and throw ...; . I appreciate any tips or advice.

Here is the Specification PDF where I got this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The throw bit is pseudocode. The real code is available via svn.

    Marc Stiegler describes the sealer/unsealer pattern and other secure decomposition patterns at http://www.youtube.com/watch?v=eL5o4PFuxTY

    • 0