19416 2012-10-09 22:47:52 +0000 KeyUsage should be explicitly spelled out as an enforced parameter 2014-01-25 01:26:11 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified PC Windows NT RESOLVED FIXED P2 normal --- 1 sleevi watsonm ap watsonm oldest_to_newest 75741 0 sleevi 2012-10-09 22:47:52 +0000 In the state machine descriptions for creating CryptoOperations - eg: createVerifier, createEncrypter, createDecrypter, etc - it should be explicitly specified that the KeyUsage for the Key should be confirmed to match the desired CryptoOperation, and if not, that an error should be thrown. For example, createEncrypter should ensure that the KeyUsage for the associated key(s) is "encrypt", while createSigner should assert the "sign" KeyUsage. 75742 1 sleevi 2012-10-09 22:48:25 +0000 Raised by John Lyle on http://lists.w3.org/Archives/Public/public-webcrypto-comments/2012Oct/0005.html 98896 2 watsonm 2014-01-22 16:55:31 +0000 I propose we add the following to the procedures for each method, after the algorithm check: "If the usages attribute of the Key object does not contain an entry with value X, throw a NOtSupportedError and terminate the algorithm." 99046 3 watsonm 2014-01-24 23:41:51 +0000 This was apparently agreed in Shenzhen. 99066 4 watsonm 2014-01-25 01:26:11 +0000 https://dvcs.w3.org/hg/webcrypto-api/rev/5efe55b319fc