26348 2014-07-16 03:46:51 +0000 Allow JWK for PBKDF2 2014-09-24 01:22:38 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified All All RESOLVED WONTFIX P2 normal --- 1 rlb sleevi public-webcrypto watsonm oldest_to_newest 108978 0 rlb 2014-07-16 03:46:51 +0000 The current spec forbids the use of JWK for import of keys to PBKDF2. This is unnecessarily restrictive, since a JWK containing only "kty" and "k" elements is valid and equivalent to a raw key. 108979 1 sleevi 2014-07-16 03:56:18 +0000 From the point of view of a "JOSE" JWK, I don't think this is a good idea. JOSE intentionally doesn't provide PBKDF2 as a valid kty; the key algorithm is only used with the CEK, and associated by alg, not kty. Additionally, rather than store the security parameters on the JWK, they're part of the JWE's header parameters. It's not "unnecessarily restrictive", it's "not defined because it's undefined for JWK". If you feel strongly about this, then I think you'll need to propose text to the WG for adoption. It certainly seems like it involves new registrations with JWA. 111960 2 watsonm 2014-09-22 18:00:36 +0000 I think we should live with the existing text here. If necessary the script can extract the raw key from the JWK itself and import that.