W3C home > Mailing lists > Public > public-webcrypto@w3.org > March 2013

Should wrapped keys always have extractable = false

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 22 Mar 2013 23:21:30 +0000
To: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-ID: <175549A0-D107-4877-ABEF-FEC7DC63F840@netflix.com>
All,

It occurred to me that support for key wrapping could be simplified if we made a blanket assumption that when unwrapping a key the resulting Key object always has extractable = false.

This would avoid the need for a new JWK attribute indicating extractability.
It would avoid the need for the unwrapKey method to have an extractable parameter.
It would avoid the confusion that arises from having extractability defined both within the JWK and in the unwrapKey method.
It would be simpler.

I think this would make sense, because the act of wrapping a key and sending it to a script with access to WebCrypto is explicitly saying that you do not want the keying material to be visible except to whomever has the unwrapping key.

Does anyone have a use-case where a key needs to be unwrapped into a Key which is then extractable ?

ůMark
Received on Friday, 22 March 2013 23:21:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC