27601 2014-12-13 01:34:08 +0000 Inconsistent enforcement of JWK's "use" versus "key_ops" during public key import 2016-05-24 00:07:10 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified PC Linux RESOLVED MOVED P2 normal --- 1 ericroman sleevi public-webcrypto watsonm oldest_to_newest 116248 0 ericroman 2014-12-13 01:34:08 +0000 Consider the case of importing an RSA-PSS public key using JWK. WebCrypto callers can request usages of either ['verify' or [] (no usages) If empty usages are specified then it is possible to import the following JWK: { "kty": "RSA", "key_ops": ["encrypt", "decrypt", "wrapKey", "unwrapKey"], ... } The above key is for an encryption algorithm, but it is allowed to be imported for a signing algorithm because the requested usages, [], were a subset of the usages granted to the key. OK fine. However, it is NOT possible to import the following: { "kty": "RSA", "use": "enc", ... } Conceptually these represent the same kind of key, however WebCrypto enforces "use" differently from "key_ops". "use" in this case is required to be an exact match of "sig". The same situation applies to ECDH keys. I believe the key_ops behavior is the correct one, and "use" should work the same way. I feel this way because JWK allows pairing unrelated usages in key_ops (although discourages it) [1]. So it stands to reason that such a key should be importable into WebCrypto. [1] Section 4.3 of JWK spec says: "Multiple unrelated key operations SHOULD NOT be specified" ..... SHOULD NOT != MUST NOT 126524 1 watsonm 2016-05-24 00:07:10 +0000 Moved https://github.com/w3c/webcrypto/issues/64