ISSUE-58: Define how to derive/generate PBKDF2 keys
Define how to derive/generate PBKDF2 keys
- State:
- CLOSED
- Product:
- crypto for Web Crypto API
- Raised by:
- Nick Van Den Bleeken
- Opened on:
- 2013-11-13
- Description:
- To generate PBKDF2 keys the spec says that you have to use deriveKey(), but what is the baseKey in this case?
The function signature of deriveKey is:
Promise<any> deriveKey(AlgorithmIdentifier algorithm,
Key baseKey,
AlgorithmIdentifier? derivedKeyType,
optional boolean extractable = false,
optional KeyUsage[] keyUsages = []);
algorithm would be something like {name: “PBKDF2”, salt: mySalt, iterations: 100000, password: myPassword, prf:{name:“HMAC”, hash: {name=“SHA-1”} }
derivedKeyType could be something like {name: “ AES-GCM”, iv: myIV, length: 512}
extractable and keyUsage are trivial, just the values that you want them to be ;)
The baseKey is not required in this use case because all information is already available to derive the AES-GCM key.
I thought they baseKey should be null in this case. But Ryan responded this: One possibility is to treat PBKDF2 as a generateKey method instead. Another would be to make baseKey nullable, but that seems a bit odd.
I don't mind what we choose, but either way we should update the spec (update IDL and a note if nullable, or support the generateKey() operation for it) - Related Actions Items:
- No related actions
- Related emails:
- RE: What is the baseKey for deriveKey when using PBKDF2? (from Vijay.Bharadwaj@microsoft.com on 2013-11-14)
- Re: What is the baseKey for deriveKey when using PBKDF2? (from Nick.Van.den.Bleeken@inventivegroup.com on 2013-11-13)
- crypto-ISSUE-58: Define how to derive/generate PBKDF2 keys [crypto for Web Crypto API] (from sysbot+tracker@w3.org on 2013-11-13)
Related notes:
No additional notes.
Display change log