Re: Unwrap Questions - How do I do this? from Ryan Sleevi on 2014-01-28 (public-webcrypto@w3.org from January 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 28 Jan 2014 12:13:00 -0800
To: Jim Schaad <ietf@augustcellars.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvbC4KVJ+=R_1nDtvqSf+rU7fLX9j1DTjMa1cC-us7ibTg@mail.gmail.com>

On Tue, Jan 28, 2014 at 11:58 AM, Jim Schaad <ietf@augustcellars.com> wrote:

> I am having a problem with the current description of the unwrapKey
> method.  I am going to try and lay out my understanding in the hope the
> somebody will tell me what I got wrong.
>
>
>
> Starting Point:
>
>
>
> wrapKey is in the browser
>
>                 wrapKey.type = secret
>
>                 wrapKey.extractable = false
>
>                 wrapKey.algorithm = “AES-GCM”
>
>                 wrapKey.usages[] = [unwrapKey]
>
>
>
> keyData = ENCRYPTED(
>
> ‘{“kty”:”oct”, “k”:”ABCDEFGHIJKLMNOP”,”alg”:”Magic”}’
>
> )
>
>
>
>
>
> First I am going to just use the normal call and attempt to unwrap the key
>
>
>
> unwrapKey(“jwk”, keyData, wrapKey, {name:“AES-GCM”},  null, true,
> [encrypt, decrypt])
>
>
>
> This will fail because the browser does not implement the algorithm Magic
> and through an error in step #12 of the unwrap algorithm (the import is
> going to fail because of “Magic”).
>
>
>
> My code then says – that is fine – I have  a script version of Magic that
> I have downloaded as well so I can run the algorithm in script rather than
> in the browser.
>
>
>
> Step #2 – Call my internal script unwrapKey function.
>
>
>
> I can successfully complete steps #1-9 without any problems in the script.
>
>
>
> I am now going to attempt to deal with step #10.  This says that I need to
> decrypt the bytes of keyData using the value of wrapKey.  In order to do
> this I could call the decrypt function, but that will fail because it does
> not have the decrypt key usage.  I could export and have AES-GCM in the
> script, but that fails because the key is not exportable.  I could call an
> undocumented function which does the decryption operation, but that is not
> documented.
>
>
>
> I am not sure what my script code is supposed to be doing at this point.
>
>
>
> Jim
>
>
>

>

Jim,

There is no undocumented function which does the decryption operation. Your
polyfill (which is what it is) will not work in this case. It's as simple
as that.

Supporting polyfill-extended algorithms (eg: where JS registers its own
implementation of some algorithm) is not something this WG has done. So
there's no hidden feature you're missing - it's not supported *at this
time*.

We've discussed how it might be able to, and this was something the TAG
suggested we consider for *future* work, but that's all it is, future work.

If you want to unwrap "magic" keys, your AES-GCM key must be available to
your implementation as decrypt, and you can implement the security boundary
within your application. Since you're polyfilling the "magic" algorithm,
which by definition means the key bytes of the "magic" key are available to
you, this is no change in security properties - you've already decided
where your security boundary is.

Received on Tuesday, 28 January 2014 20:13:27 UTC