Bug 19416 - KeyUsage should be explicitly spelled out as an enforced parameter
KeyUsage should be explicitly spelled out as an enforced parameter
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document
PC Windows NT
: P2 normal
: ---
Assigned To: Mark Watson
Depends on:
  Show dependency treegraph
Reported: 2012-10-09 22:47 UTC by Ryan Sleevi
Modified: 2014-01-25 01:26 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Sleevi 2012-10-09 22:47:52 UTC
In the state machine descriptions for creating CryptoOperations - eg: createVerifier, createEncrypter, createDecrypter, etc - it should be explicitly specified that the KeyUsage for the Key should be confirmed to match the desired CryptoOperation, and if not, that an error should be thrown.

For example, createEncrypter should ensure that the KeyUsage for the associated key(s) is "encrypt", while createSigner should assert the "sign" KeyUsage.
Comment 1 Ryan Sleevi 2012-10-09 22:48:25 UTC
Raised by John Lyle on http://lists.w3.org/Archives/Public/public-webcrypto-comments/2012Oct/0005.html
Comment 2 Mark Watson 2014-01-22 16:55:31 UTC
I propose we add the following to the procedures for each method, after the algorithm check:

"If the usages attribute of the Key object does not contain an entry with value X, throw a NOtSupportedError and terminate the algorithm."
Comment 3 Mark Watson 2014-01-24 23:41:51 UTC
This was apparently agreed in Shenzhen.