Closed jeremyVignelles closed 6 years ago
Thanks for your review. Why is there an "extractable" parameter then?
I looked at the spec and it's not saying anything about detecting wether the key is public or private and actions to be taken on extractable:
https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-importKey
Let format, algorithm, extractable and usages, be the format, algorithm, extractable and keyUsages parameters passed to the importKey method, respectively.
then
Set the [[extractable]] internal slot of result to extractable.
I was wrong
var alg = {name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", publicExponent: new Uint8Array([1,0,1]), modulusLength: 2048};
crypto.subtle.generateKey(alg, false, ["sign", "verify"])
.then((keys) => {
console.log(keys.privateKey.extractable); // false
console.log(keys.publicKey.extractable); // true
return crypto.subtle.exportKey("jwk", keys.publicKey);
})
.then((jwk) => {
return crypto.subtle.importKey("jwk", jwk, alg, false, ["verify"]);
})
.then((key) => {
console.log(key.extractable); // false
})
Chrome returns unextractable public key from importKey
@jeremyVignelles new version of webcrypto-liner
is available v0.1.31
Otherwise, imported RSA keys couldn't be made extractable