Re: [WebCryptoAPI-tests] Webcrypto encrypt and decrypt tests (#3110) from Jim Schaad on 2016-06-08 (public-web-platform-tests-notifications@w3.org from June 2016)

From: Jim Schaad <web-platform-tests-notifications@w3.org>
Date: Wed, 08 Jun 2016 19:36:11 GMT
To: public-web-platform-tests-notifications@w3.org
Message-Id: <<web-platform-tests_issue_3110_1465414571292@w3.org>>

The check for 1 does not need to check just the variations of the same algorithm.  It would also check that one does not use, for example, an RSA-PSS key in an RSA-OAEP operation. One of the things that people have managed to mess up with JOSE implemenations is that they permit the use of an RSA key object to be used as the key for an HMAC operation.  This check prevents this type of thing from happening assuming you do the key and HMAC operation separately.

I'll review everything again later today.

View on GitHub: https://github.com/w3c/web-platform-tests/pull/3110#issuecomment-224703277

Received on Wednesday, 8 June 2016 19:36:18 UTC