- From: Jason Proctor <jason@mono.hm>
- Date: Fri, 5 Dec 2014 09:39:30 -0800
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: Jason Proctor <jason@mono.hm>, public-webcrypto-comments@w3.org
- Message-ID: <CALQanA+RYSHaLVA10tyRE9rf=L+WXa_FkgQig_8PZSg+woosNQ@mail.gmail.com>
On Fri, Dec 5, 2014 at 2:44 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:
> On 2014-12-05 03:02, Jason Proctor wrote:
>
>
> the main issue i ran into was related to (surprise) usages. if for
> example i generate an RSA key pair, and happily encrypt and decrypt with
> it, then export the public key, then i instantly lose its encryption
> capability. this was a surprise, to say the least -- this is a *public* key
> we're dealing with.
>
>
> Hi Jason,
> it seems that in practice (deployment-wise) there are only plain RSA
> encryption keys. I have managed importing like this:
>
> var encryption_key = {kty:'RSA', alg:'RSA-OAEP-256',
> n:'yz1k8Hbi5aTE4t...ZrHNTQAfvw', e:'AQAB'}
> var asym_alg = {name: 'RSA-OAEP', hash: {name: 'SHA-256'}};
> crypto.subtle.importKey('jwk', encryption_key, asym_alg, true,
> ['encrypt']).then (function(public_key) {
> crypto.subtle.encrypt(asym_alg, public_key, data).then
> (function(encryped_data) {
>
> Cheers,
> Anders
>
>
hi Anders,
thanks for your response.
partial success. i exported a public key to JWK, then removed the key_ops
and ext properties so as to mirror your structure. i can now import the
public key for *encrypt* but not *decrypt*, which is the opposite of the
situation i had before.
so to make this work i would have to persist two differently exported
public keys, which is not a disaster, i suppose :-) but this mechanism does
seem little arbitrary.
i could almost understand this if the API enforced public key import and
export via certificates, but i don't see any cert support at all! :-S
best regards
Jason
Received on Friday, 5 December 2014 17:40:01 UTC