- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 8 Oct 2014 07:36:13 -0700
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: public-webcrypto-comments@w3.org
- Message-ID: <CACvaWvYZHqA=bj2aojwAi-cnOrnjFA778zsek91hw0m04SOPdw@mail.gmail.com>
On Oct 8, 2014 10:22 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com>
wrote:
>
> Dear List;
> I'm not particularly up-to-speed on the WebCrypto API but I at least got
this working fairly quickly:
>
> // Generate ephemeral ECDH key-pair
> var gen_alg = {name: 'ECDH', namedCurve:
selected_card.bank_encryption_key.crv};
> crypto.subtle.generateKey(gen_alg, false, ['deriveKey']).then
(function(key_pair) {
>
> // Import static ECDH key
> crypto.subtle.importKey('jwk', selected_card.bank_encryption_key, {name:
'ECDH'}, false, ['deriveKey']).then (function(public_key) {
>
> // Derive key using ECDH
> var derive_alg = {name: 'ECDH', public: public_key};
> crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name:
'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key) {
>
> // Encrypt using derived key
> var encryption_algorithm = { name: 'AES-CBC', iv:
window.crypto.getRandomValues(new Uint8Array(16))};
> crypto.subtle.encrypt(encryption_algorithm, aes_key,
signed_auth_data).then (function(encrypted_auth_data) {
>
> Naturally I wanted to use a KDF as well but then it got a bit less
obvious how to do.
> There is no support for deriveKey and CONCAT?
>
> So the proper solution is to deriveBits() and then import() the raw
secret for usage with symmetric encryption algorithms?
>
> Pardon me if I'm totally off, WebCrypto is quite different to JCA/JCE
which is my primary tool...
>
> Cheers
> Anders
>
>
"Derive bits" is the description of the internal algorithm used to support
both the deriveKey and deriveBits API surface.
So you can use deriveKey
Received on Wednesday, 8 October 2014 14:36:40 UTC