24963 – Export Key with "jwk" operations should return a Javascript object, rather than a JSON Web Key

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24963 - Export Key with "jwk" operations should return a Javascript object, rather than a JSON Web Key

Summary: Export Key with "jwk" operations should return a Javascript object, rather th...

Status:	RESOLVED FIXED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-07 00:20 UTC by Ryan Sleevi
Modified:	2014-06-16 23:17 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Ryan Sleevi 2014-03-07 00:20:15 UTC

The export operations that take "jwk" as a format should return a Javascript Object that is a valid JWK, rather than returning an ArrayBuffer and requiring callers JSON.parse() it.

This may require specifying IDL definitions for JWK keys (presently: RSA and EC keys) that would conform to the JWK definition.

Comment 1 Ryan Sleevi 2014-03-07 00:22:16 UTC

Bug filed based on this thread - http://lists.w3.org/Archives/Public/public-webcrypto/2014Mar/0059.html

Specifically, http://lists.w3.org/Archives/Public/public-webcrypto/2014Mar/0063.html and http://lists.w3.org/Archives/Public/public-webcrypto/2014Mar/0064.html

Comment 2 Mark Watson 2014-03-08 00:59:35 UTC

As per my comment on the mailing list, I disagree.

Serialized output aligns with the other formats and is necessary in any case for wrap/unwrap. We discussed and rejected providing object input / output instead some time ago and the reasons discussed then still apply now.

We should consider in Last Call whether to *add* the capability to import / export in object format. This would be an additional key format (e.g. "jwk-js").

Comment 3 Mark Watson 2014-04-19 04:36:57 UTC

Based on the mailing list discussion, the simplicity of translation using the Encoding specification and the likely support for the Encoding specification, I've changed my opinion on this and am ok with import / export accepting / returning Javascript objects as proposed.

Browsers still need to support (de)serialization of JWKs for the wrap/unwrap cases.

Comment 4 vijaybh 2014-05-05 18:33:55 UTC

When this is fixed, this wording in 14.2 will also need to be updated to clarify that the return value is an object and not a serialization:

“jwk” “The key is represented as JSON according to the JSON Web Key format.” 

(see discussion in http://lists.w3.org/Archives/Public/public-webcrypto/2014Apr/0085.html)

Comment 5 Ryan Sleevi 2014-06-16 23:17:11 UTC

https://dvcs.w3.org/hg/webcrypto-api/rev/f61017a76a5d