This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The per-algorithm definitions for import key traditionally include a 'usages' check to ensure that the caller's supplied set of usages intersects with the set of operations defined for that algorithm. For example, an attempt to generateKey for RSASSA-PKCS1-v1_5 with usages of ["encrypt", "decrypt"] will fail, because of Step 1 of the "Generate Key" phase in https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html#rsassa-pkcs1-operations However, attempting to importKey with the same usages will, presumably, succeed. This is not true for all algorithms. For example, AES-CTR ( https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html#aes-ctr-operations ) has checks for usages as Step 2 of Generate Key and Step 1 of Import Key.
In addition, the errors returned by these methods in the case of unrecognized usages are different. generateKey -> InvalidAccessError deriveKey -> SyntaxError importKey -> SyntaxError By majority rule, it seems we should change generateKey to SyntaxError. That also seems to make sense, compared to, say, how unrecognized format values are handled.
SyntaxError seems appropriate here: "A required parameter was missing or out-of-range" Usage checking should be provided consistently for all algorithms for importKey and generateKey operations. In the import case the checking may be dependent on the key type (public/private).
https://dvcs.w3.org/hg/webcrypto-api/rev/d461dd0a2bdd https://dvcs.w3.org/hg/webcrypto-api/rev/13846e3198f6 https://dvcs.w3.org/hg/webcrypto-api/rev/ac6406fe7075