RE: Comments on unwrap method

Ryan,

14.2.11. The unwrapKey method

9 Let bytes be the result of executing the decrypt algorithm, with unwrapAlgorithm as algorithm, unwrapKey as key, and with wrappedKey as buffer.

Should be

9 Let bytes be the result of executing the decrypt algorithm, with unwrapAlgorithm as algorithm, unwrappingKey as key, and with wrappedKey as buffer.

>Michael

> -----Original Message-----
> From: Hutchinson Michael [mailto:Michael.Hutchinson@gemalto.com]
> Sent: Monday, June 17, 2013 5:10 PM
> To: Ryan Sleevi
> Cc: public-webcrypto@w3.org
> Subject: Comments on unwrap method
> 
> Ryan,
> 
> 14.2.10. The wrapKey method
> 
> 7 If Key.extractable is not true, terminate this algorithm with an error.
> 
> need "Key" to be lower case "key"
> 
> 7 If key.extractable is not true, terminate this algorithm with an error.
> 
> 
> 14.2.11. The unwrapKey method
> 
> 8 If Key.extractable is not true, terminate this algorithm with an error.
> 
> This does not make sense as Key has no association here; maybe a copy and
> paste from 14.2.10 7?
> 
> Should it not be
> 
> 8 If unwrappingKey.extractable is true, terminate this algorithm with an
> error.
> 
> 
> Also, should there be some security checking for the unwrap key, such as:
> 
> If unwrappingKey.keyUsage contains the "decrypt" KeyUsage, terminate this
> algorithm with an error.
> 
> or would that be a function of the high level API? :-)
> 
> 
> Also, I note that many of the methods do not contain the test for their
> own key usage.
> e.g. decrypt does not contain
> 
> If key.keyUsage does not contain the "decrypt" KeyUsage, terminate this
> algorithm with an error.
> 
> 
> Of course, as Unwrap is effectively a high level API (it makes use of
> decrypt) inclusion of both the security check and the key usage self test
> would block the Unwrap from using the decrypt implementation directly. :-(
> 
> >Michael

Received on Thursday, 20 June 2013 16:24:27 UTC