- From: Mark Watson <watsonm@netflix.com>
- Date: Tue, 25 Feb 2014 12:01:36 -0800
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAEnTvdBAc3E3KcPsqf1vHpCyPaqg-W9qrs0Guqih7NFzZhdO-w@mail.gmail.com>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=24811 The deriveKey operation derives a key targeted at a specified algorithm. Both ECDH and DH algorithms output a Secret Value. It is not yet specified how to map from the Secret Value to a key for the specified target algorithm. It seems intuitive to use the "raw" import format for the target algorithm with the Secret Value as the raw input. If we do this we must define how to provide the length of the key and how to convert the secret value to that length. Presently, raw import for symmetric keys e.g. AES-GCM derives the key length from the provided data and fails if the provided data is not one of the supported lengths. It seems valuable to be able to specify the length of the required key independently from the length of the Secret Value. So, one possibility is to allow the length of the symmetric key to be specified as an input to the import operation and have that operation define the mapping from arbitrary length raw value to a key of the requested length. The deriveKey operations can then refer directly to the "raw" import operations for the derived key algorithm. ...Mark
Received on Tuesday, 25 February 2014 20:02:04 UTC