- From: Hodges, Jeff <jeff.hodges@paypal.com>
- Date: Thu, 17 Dec 2015 15:43:39 +0000
- To: Ryan Sleevi <sleevi@google.com>
- CC: W3C WebCrypto comments <public-webcrypto-comments@w3.org>, Mark Watson <watsonm@netflix.com>, "Hodges, Jeff" <jeff.hodges@paypal.com>
- Message-ID: <D29752C0.50C66%jehodges@paypalcorp.com>
On 12/16/15, 5:17 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote:
On Wed, Dec 16, 2015 at 5:02 PM, Hodges, Jeff <jeff.hodges@paypal.com<mailto:jeff.hodges@paypal.com>> wrote:
Hi,
how does one specify a WebCrypto AlgorithmIdentifier such that it
represents "sign operation using ECDSA key on SECP256R1 curve with SHA-256
hash" ?
Here's my guess:
// WebCrytpo AlgorithmIdentifier stipulating:
//
// "sign operation using ECDSA key on SECP256R1 curve with SHA-256 hash"
//
// See: http://www.w3.org/TR/WebCryptoAPI/#ecdsa
//
// Note: the private key used to sign MUST have been created using
// NIST recommended curve P-256, also known as secp256r1, and with
// a KeyUsage including "sign".
//
var algSign_ECDSA_SECP256R1_SHA256 = {
"name": "ECDSA",
"hash": "SHA-256"
}
Is that correct, including the "Note:" in the comment ?
var data = ...;
return window.crypto.subtle.generateKey({ "name": "ECDSA", "namedCurve": "P-384"}, false, ["sign", "verify"]).then(keyPair => {
return window.crypto.subtle.sign({ "name": "ECDSA", "hash": { "name": "SHA-256" } }, keyPair.privateKey, data).then(signature => {
return window.crypto.subtle.verify({ "name": "ECDSA", "hash": "SHA-256"}, keyPair.publicKey, signature, data).then(verified => {
if (verified) {
return { "data": data, "signature": signature };
} else {
return null;
}
});
});
Will return a promise that either resolves to an object with the data and signature - if it can generate a key that can sign and then verify the data - or null if it can't.
Two different forms of Hash are used as two different forms are acceptable for AlgorithmIdentifier.
Ok, thanks, this answers part of my question wrt AlgorithmIdentifier. You indicate that both of these forms are syntactically correct (yes?):
var algSign_ECDSA_SECP256R1_SHA256 = {
"name": "ECDSA",
"hash": "SHA-256"
}
var algSign_ECDSA_SECP256R1_SHA256 = {
"name": "ECDSA",
"hash": { "name": "SHA-256" }
}
However, if the use case we have is specifying in some spec a "sign operation using an ECDSA key on curve P-256 (SECP256R1) using a SHA-256 hash", the code above its not quite compliant because it uses a key on "P-384", yes?
thanks,
=JeffH
Received on Thursday, 17 December 2015 15:44:18 UTC