In the window.crypto spec:
http://www.w3.org/TR/WebCryptoAPI/#RandomSource-interface
It says explicitly:
"Do not generate keys using the getRandomValues method. Use the generateKey method instead."
but generateKey does not support secp256k1/ECDSA (bitcoin related).
Why does it say that? Because the random numbers are not crypto secure? or because the key needs to be verified afterwards? (if it is the later case, we can verify it).
Well, for one, ECDSA is not an encryption scheme, but a digital signature algorithm.
The generic purpose of a crypto API like window.crypto is to give you access to implementations of some cryptographic algorithms. These implementations may be based on software or hardware. In particular, an implementation may be a piece of tamper resistant hardware (a HSM or a smart card) that can generate keys for some algorithm, and store them, without ever letting the key exist outside of the hardware. generateKey() handles such cases. With getRandomValues(), you can only generate a bunch of bytes in the RAM of the computer.
Moreover, private keys often need some mathematical structure. In the case of a ECDSA, a private key is a big integer in a definite range (1 to n-1, where n is the order of the curve subgroup generator); if you want to produce such a key yourself, with getRandomValues(), then you must use some big-integer arithmetics to make sure that your value will fit in the proper range. There again, generateKey() will produce a key with the right structure for the algorithm at hand.
