On 10 September 2013 11:36, Ted Lemon <Ted.Lemon@xxxxxxxxxxx> wrote: > So I run Javascript provided by Comodo to generate the key pair. This means that my security depends on my willingness and ability to read possibly obfuscated Javascript to make sure that it only uploads the public half of the key pair. It's actually far worse than that when you consider the inherent mutability of JavaScript. The WebCrypto API should go a long way to addressing your concerns though.