search

WICG / webcrypto-secure-curves

Proposal for the addition of Curve25519 and Curve448 to the Web Cryptography API
https://wicg.github.io/webcrypto-secure-curves/
Other
42 stars 4 forks source link

suggestions wrt. JWK "alg" and "use" fields #2

Closed panva closed 2 years ago

panva commented 2 years ago

Since Ed keys can only be used for signatures (and have one dedicated JWS "alg" identifier) and X can only be used for ECDH (meaning not the WebCrypto algorithm identifier here) the following operation steps should be added. The alg ones I think for sure, the use ones I'll leave to a discussion.

Ed25519 JWK importKey operation

Add a step

If the alg field of jwk is present and not "EdDSA", then throw a DataError.

Ed448 JWK importKey operation

Add a step

If the alg field of jwk is present and not "EdDSA", then throw a DataError.

Ed25519 JWK exportKey operation

Add steps

Set the alg attribute of jwk to "EdDSA". Set the use attribute of jwk to "sig".

Ed448 JWK exportKey operation

Add steps

Set the alg attribute of jwk to "EdDSA". Set the use attribute of jwk to "sig".

X25519 JWK exportKey operation

Add a step

Set the use attribute of jwk to "enc".

X448 JWK exportKey operation

Add a step

Set the use attribute of jwk to "enc".

twiss commented 2 years ago

Yeah, I definitely agree we should add the alg field, thanks for catching that.

The use attribute I don't think we should set, as the Web Crypto spec currently doesn't do so either for any of the algorithms (while it does check them on import; I assume the intention was to have the key_ops field fulfill the same role for exported keys).

panva commented 2 years ago

I'll remove the use commits from my PR

panva commented 2 years ago

3 updated.