W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

[Bug 25465] New: ECDSA importKey for JWK should specify how to handle when "alg" conflicts with "crv"

From: <bugzilla@jessica.w3.org>
Date: Fri, 25 Apr 2014 21:58:21 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25465-7213@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25465

            Bug ID: 25465
           Summary: ECDSA importKey for JWK should specify how to handle
                    when "alg" conflicts with "crv"
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: sleevi@google.com
                CC: public-webcrypto@w3.org

"alg" is a generic parameter applicable to all JWKs.

For keys with a "kty" of "EC", the field "crv" is present, which indicates the
parameters of the Elliptic Curve public key.

It's possible to construct a JWK whose "alg" is in conflict with the "crv"
parameter, for example:

{ kty: "EC",
  alg: "ES256",
  crv: "P-521",
  x: ...,
  y: ...
}

Such keys are fundamentally inconsistent. As currently specified, the "alg"
field is ignored, and the key is imported with a namedCurve of "P-521".

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Friday, 25 April 2014 21:58:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC