Bug 19416 - KeyUsage should be explicitly spelled out as an enforced parameter
Summary: KeyUsage should be explicitly spelled out as an enforced parameter
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Windows NT
: P2 normal
Target Milestone: ---
Assignee: Mark Watson
QA Contact:
Depends on:
Reported: 2012-10-09 22:47 UTC by Ryan Sleevi
Modified: 2014-01-25 01:26 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Sleevi 2012-10-09 22:47:52 UTC
In the state machine descriptions for creating CryptoOperations - eg: createVerifier, createEncrypter, createDecrypter, etc - it should be explicitly specified that the KeyUsage for the Key should be confirmed to match the desired CryptoOperation, and if not, that an error should be thrown.

For example, createEncrypter should ensure that the KeyUsage for the associated key(s) is "encrypt", while createSigner should assert the "sign" KeyUsage.
Comment 1 Ryan Sleevi 2012-10-09 22:48:25 UTC
Raised by John Lyle on http://lists.w3.org/Archives/Public/public-webcrypto-comments/2012Oct/0005.html
Comment 2 Mark Watson 2014-01-22 16:55:31 UTC
I propose we add the following to the procedures for each method, after the algorithm check:

"If the usages attribute of the Key object does not contain an entry with value X, throw a NOtSupportedError and terminate the algorithm."
Comment 3 Mark Watson 2014-01-24 23:41:51 UTC
This was apparently agreed in Shenzhen.