W3C home > Mailing lists > Public > public-webcrypto@w3.org > March 2013

Re: Should wrapped keys always have extractable = false

From: Richard Barnes <rbarnes@bbn.com>
Date: Sat, 23 Mar 2013 17:41:05 -0400
Cc: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-Id: <E4CA44EB-19AE-42DA-A6C9-25956193AA96@bbn.com>
To: Ryan Sleevi <sleevi@google.com>

On Mar 22, 2013, at 7:36 PM, Ryan Sleevi <sleevi@google.com> wrote:
> 
> On Fri, Mar 22, 2013 at 4:21 PM, Mark Watson <watsonm@netflix.com> wrote:
> All,
> 
> It occurred to me that support for key wrapping could be simplified if we made a blanket assumption that when unwrapping a key the resulting Key object always has extractable = false.
> 
> This would avoid the need for a new JWK attribute indicating extractability.
> It would avoid the need for the unwrapKey method to have an extractable parameter.
> It would avoid the confusion that arises from having extractability defined both within the JWK and in the unwrapKey method.
> It would be simpler.
> 
> I think this would make sense, because the act of wrapping a key and sending it to a script with access to WebCrypto is explicitly saying that you do not want the keying material to be visible except to whomever has the unwrapping key.
> 
> Does anyone have a use-case where a key needs to be unwrapped into a Key which is then extractable ?
> 
> ůMark
> 
> 
> -1.
> 
> There are plenty of reasons to use key wrapping independent of extraction concerns. The most obvious one is key transport.

+1 to Ryan, so another -1 to Mark.

There's no guarantee that the thing you're sending the key to has any idea what "extractable" means, so it doesn't really make sense to require extractable=false.

Shouldn't the wrapped key just have whatever attributes the key had?  

--Richard
Received on Saturday, 23 March 2013 21:41:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC