- From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 13 Nov 2013 17:08:13 +0000
- To: public-webcrypto@w3.org
crypto-ISSUE-58: Define how to derive/generate PBKDF2 keys [crypto for Web Crypto API] http://www.w3.org/2012/webcrypto/track/issues/58 Raised by: Nick Van Den Bleeken On product: crypto for Web Crypto API To generate PBKDF2 keys the spec says that you have to use deriveKey(), but what is the baseKey in this case? The function signature of deriveKey is: Promise<any> deriveKey(AlgorithmIdentifier algorithm, Key baseKey, AlgorithmIdentifier? derivedKeyType, optional boolean extractable = false, optional KeyUsage[] keyUsages = []); algorithm would be something like {name: “PBKDF2”, salt: mySalt, iterations: 100000, password: myPassword, prf:{name:“HMAC”, hash: {name=“SHA-1”} } derivedKeyType could be something like {name: “ AES-GCM”, iv: myIV, length: 512} extractable and keyUsage are trivial, just the values that you want them to be ;) The baseKey is not required in this use case because all information is already available to derive the AES-GCM key. I thought they baseKey should be null in this case. But Ryan responded this: One possibility is to treat PBKDF2 as a generateKey method instead. Another would be to make baseKey nullable, but that seems a bit odd. I don't mind what we choose, but either way we should update the spec (update IDL and a note if nullable, or support the generateKey() operation for it)
Received on Wednesday, 13 November 2013 17:08:14 UTC