W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

[Bug 26413] New: Inconsistent handling of usages parameter between importKey and generateKey

From: <bugzilla@jessica.w3.org>
Date: Tue, 22 Jul 2014 21:49:16 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-26413-7213@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26413

            Bug ID: 26413
           Summary: Inconsistent handling of usages parameter between
                    importKey and generateKey
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: sleevi@google.com
                CC: public-webcrypto@w3.org

The per-algorithm definitions for import key traditionally include a 'usages'
check to ensure that the caller's supplied set of usages intersects with the
set of operations defined for that algorithm.

For example, an attempt to generateKey for RSASSA-PKCS1-v1_5 with usages of
["encrypt", "decrypt"] will fail, because of Step 1 of the "Generate Key" phase
in
https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html#rsassa-pkcs1-operations

However, attempting to importKey with the same usages will, presumably,
succeed.

This is not true for all algorithms. For example, AES-CTR (
https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html#aes-ctr-operations
) has checks for usages as Step 2 of Generate Key and Step 1 of Import Key.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 22 July 2014 21:49:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC