- From: Jim Schaad <ietf@augustcellars.com>
- Date: Tue, 28 Jan 2014 11:58:17 -0800
- To: <public-webcrypto@w3.org>
- Message-ID: <003b01cf1c63$49c7e1d0$dd57a570$@augustcellars.com>
I am having a problem with the current description of the unwrapKey method.
I am going to try and lay out my understanding in the hope the somebody will
tell me what I got wrong.
Starting Point:
wrapKey is in the browser
wrapKey.type = secret
wrapKey.extractable = false
wrapKey.algorithm = "AES-GCM"
wrapKey.usages[] = [unwrapKey]
keyData = ENCRYPTED(
'{"kty":"oct", "k":"ABCDEFGHIJKLMNOP","alg":"Magic"}'
)
First I am going to just use the normal call and attempt to unwrap the key
unwrapKey("jwk", keyData, wrapKey, {name:"AES-GCM"}, null, true, [encrypt,
decrypt])
This will fail because the browser does not implement the algorithm Magic
and through an error in step #12 of the unwrap algorithm (the import is
going to fail because of "Magic").
My code then says - that is fine - I have a script version of Magic that I
have downloaded as well so I can run the algorithm in script rather than in
the browser.
Step #2 - Call my internal script unwrapKey function.
I can successfully complete steps #1-9 without any problems in the script.
I am now going to attempt to deal with step #10. This says that I need to
decrypt the bytes of keyData using the value of wrapKey. In order to do
this I could call the decrypt function, but that will fail because it does
not have the decrypt key usage. I could export and have AES-GCM in the
script, but that fails because the key is not exportable. I could call an
undocumented function which does the decryption operation, but that is not
documented.
I am not sure what my script code is supposed to be doing at this point.
Jim
Received on Tuesday, 28 January 2014 20:00:19 UTC