crypto-ISSUE-58: Define how to derive/generate PBKDF2 keys [crypto for Web Crypto API] from Web Cryptography Working Group Issue Tracker on 2013-11-13 (public-webcrypto@w3.org from November 2013)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Wed, 13 Nov 2013 17:08:13 +0000
To: public-webcrypto@w3.org
Message-Id: <E1VgdvJ-0006ic-7f@stuart.w3.org>

crypto-ISSUE-58: Define how to derive/generate PBKDF2 keys [crypto for Web Crypto API]

http://www.w3.org/2012/webcrypto/track/issues/58

Raised by: Nick Van Den Bleeken
On product: crypto for Web Crypto API

To generate PBKDF2 keys the spec says that you have to use deriveKey(), but what is the baseKey in this case?

The function signature of  deriveKey is:

Promise<any> deriveKey(AlgorithmIdentifier algorithm,
                         Key baseKey,
                         AlgorithmIdentifier? derivedKeyType,
                         optional boolean extractable = false,
                         optional KeyUsage[] keyUsages = []);


algorithm would be something like {name: “PBKDF2”, salt: mySalt, iterations: 100000, password: myPassword, prf:{name:“HMAC”, hash: {name=“SHA-1”} } 
derivedKeyType could be something like  {name: “ AES-GCM”, iv: myIV, length: 512}
extractable and keyUsage are trivial, just the values that you want them to be ;)

The baseKey is not required in this use case because all information is already available to derive the AES-GCM key.

I thought they baseKey should be null in this case. But Ryan responded this: One possibility is to treat PBKDF2 as a generateKey method instead. Another would be to make baseKey nullable, but that seems a bit odd.

I don't mind what we choose, but either way we should update the spec (update IDL and a note if nullable, or support the generateKey() operation for it)

Received on Wednesday, 13 November 2013 17:08:14 UTC