- From: Yoshi Huang <allstars.chh@mozilla.com>
- Date: Wed, 03 Jul 2013 12:30:14 +0800
- To: Ryan Sleevi <sleevi@google.com>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Hi Ryan, Sorry for not asking question clearly. The keys could be encrypted pkcs8 or pkcs12 Also does the 'spki' in KeyFormat includes pkcs12 ? And thanks for your detail explanation. On 07/03/2013 01:55 AM, Ryan Sleevi wrote: > Could you explain which keys you're thinking of? > > The spec indicates that "pkcs8" is a PrivateKeyInfo, not an > EncryptedPrivateKeyInfo, from RFC 5208. > > If you had a passphrase protected EncryptedPrivateKeyInfo, you would > do the same thing you do in other APIs - you would prompt the user for > the passphrase, apply it through PBKDF to derive the key, then decrypt > the PrivateKeyInfo to be able to import it. > > This is the same workflow for the JWE-protected JWK, which is that the > API tries to avoid baking in knowledge of specific protocols or > higher-level key formats (whether CMS or JOSE), and instead focus on > primitives and the security boundary therein. This has been quite > suitable for a variety of well-used, long successful APIs. > > -- Yoshi Huang, Mozilla Taiwan allstars.chh@mozilla.com
Received on Wednesday, 3 July 2013 04:30:43 UTC