- From: Ryan Sleevi <sleevi@google.com>
- Date: Tue, 2 Jul 2013 10:55:21 -0700
- To: Yoshi Huang <allstars.chh@mozilla.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Could you explain which keys you're thinking of? The spec indicates that "pkcs8" is a PrivateKeyInfo, not an EncryptedPrivateKeyInfo, from RFC 5208. If you had a passphrase protected EncryptedPrivateKeyInfo, you would do the same thing you do in other APIs - you would prompt the user for the passphrase, apply it through PBKDF to derive the key, then decrypt the PrivateKeyInfo to be able to import it. This is the same workflow for the JWE-protected JWK, which is that the API tries to avoid baking in knowledge of specific protocols or higher-level key formats (whether CMS or JOSE), and instead focus on primitives and the security boundary therein. This has been quite suitable for a variety of well-used, long successful APIs. On Tue, Jul 2, 2013 at 12:34 AM, Yoshi Huang <allstars.chh@mozilla.com> wrote: > Hi, > > For the importKey method, > AFAIK, some keys could have a pass-phrase in them, > > So when we use importKey to import these keys, > how should we pass the pass-phrase to unlock the pass-phrase? > > Thanks > > -- > Yoshi Huang, Mozilla Taiwan > allstars.chh@mozilla.com > > >
Received on Tuesday, 2 July 2013 17:55:54 UTC