ISSUE-36: Semantics for key generation versus key derivation from Vijay Bharadwaj on 2013-11-14 (public-webcrypto@w3.org from November 2013)

From: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Date: Thu, 14 Nov 2013 06:22:06 +0000
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <df57a3a80bdd417babf8f94a0d237156@DFM-CO1MBX15-08.exchange.corp.microsoft.com>

I missed much of the in-room discussion due to really bad audio, so I'm not sure what is new here.

I am happy with derivedBits as is. Two issues:


1.      I am leery of the password parameter in the AlgorithmIdentifier for PBKDF2. This is key material and I think we should be very careful about putting key material in identifiers. As mentioned in the other thread I would prefer something like importKey to create a Key here.

2.      For deriveKey and generateKey, I am not sure I understand the algorithm descriptions. Nowhere does either description say that these methods should construct and return a Key object. Shouldn't the penultimate step be something like "Let keyMaterial be the result of executing the key generation algorithm defined by the algorithm indicated in normalizedAlgorithm, and result be a Key object obtained by executing the importKey procedure with format set to "raw", keyData set to keyMaterial, and algorithm to derivedKeyType"?

Received on Thursday, 14 November 2013 06:23:15 UTC