Ambiguity of the Web Crypto API Doc

[ShiqiHe000]

Hi! I was reading the web crypto API spec and I found an unmatched implementation.

Under the importKey() method spec: Point 2. If format is equal to the string "jwk":

1. If the keyData parameter passed to the importKey() method is not a JsonWebKey dictionary, throw a **TypeError**.

However, under the RSASSA-PKCS1-v1_5 algorithm section of importKey() method: If format is "jwk":

• If keyData is a JsonWebKey dictionary: Let jwk equal keyData.
• Otherwise: Throw a **DataError**.

So if the format is "jwk" and keyData is not a JsonWebKey, the general importKey() spec throws a TypeError, but the algorithm-specific spec throws a DataError. It seems like the doc has some inconsistencies in the API Doc.

[twiss]

Hey :wave: Thanks for the report, and apologies for the delay.

I would say that the text is not necessarily ambiguous, since the first check comes strictly before the second one, so a TypeError should be thrown if importKey('jwk', nonJsonWebKey, ...) is called. The "Import Key" steps can be reached from one other place, namely the unwrapKey method, but also there, it's not possible to end up in the import key steps with format == "jwk" and keyData being anything other than a JsonWebKey.

So, I think the second check (and identical checks for the other algorithms) can simply be removed.