Re: RSA JWK import from Charles Engelke on 2016-08-19 (public-webcrypto@w3.org from August 2016)

From: Charles Engelke <w3c@engelke.com>
Date: Fri, 19 Aug 2016 16:36:37 -0400
To: Ryan Sleevi <sleevi@google.com>
Cc: Eric Roman <ericroman@google.com>, Charles Engelke <w3c@engelke.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAFeVzdwkj8Ep7461iORurJbX46Y1qo4nYAC84R8ZL52=HneZ+Q@mail.gmail.com>

Ryan,

Even if JWA won't change, shouldn't the WebCrypto spec change to say that
if "d" is included, then the optional parameters that JWA says SHOULD be
included, MUST be included for importKey. Otherwise it seems likely we
won't get any implementations that implement what WebCrypto currently says
is allowed: including only n, e, and d for private keys.

Charlie

On Fri, Aug 19, 2016 at 3:51 PM, Ryan Sleevi <sleevi@google.com> wrote:

>
>
> On Fri, Aug 19, 2016 at 12:38 PM, Eric Roman <ericroman@google.com> wrote:
>
>> Perhaps JWA would be willing to change that SHOULD to a MUST, and then
>> consumers needn't concern themselves with their absence.
>>
>
> I doubt that spec will change.
>
> The archives contain the motivation - it's a security nightmare in
> virtually every implementation if you omit the parameters. Certainly, when
> doing private key operations, if you don't have the parameters, then most
> of your JWA implementations will disable RSA blinding, which can end up
> leaking your key.
>
> See https://tools.ietf.org/html/rfc7518#section-8.14
>

Received on Friday, 19 August 2016 20:37:10 UTC