- From: Charles Engelke <w3c@engelke.com>
- Date: Fri, 05 Dec 2014 20:26:42 +0000
- To: Jason Proctor <jason@mono.hm>, Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: public-webcrypto-comments@w3.org
Received on Friday, 5 December 2014 20:27:11 UTC
I've seen the same behavior. My understanding of this is that the API effectively says that public keys should only be used for encryption and signature verification, and private keys should only be used for decryption and signing. Of course, with RSA, either of the two keys could be used mathematically for any operation, but the API is operating at a more abstract level. … i could almost understand this if the API enforced public key import and > export via certificates, but i don't see any cert support at all! :-S > You can build that on top of the API. There are some third-party libraries that can help with the BER encoding/decoding. I wrote a detailed example of importing a public key from a certificate without using any other libraries at http://blog.engelke.com/2014/10/21/web-crypto-and-x-509-certificates/ . There's also an example of verifying the CA signature on the certificate there. I found it difficult to understand the API and apply it to my use cases, but it gets clearer the more I use it. I've found all crypto APIs to be tricky to use, anyway. This is no exception. Charlie
Received on Friday, 5 December 2014 20:27:11 UTC