This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24584 - Determine how to handle unexpected usages when generating a key
Summary: Determine how to handle unexpected usages when generating a key
Status: RESOLVED FIXED
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Ryan Sleevi
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-07 21:05 UTC by Mark Watson
Modified: 2014-02-20 20:08 UTC (History)
0 users

See Also:


Attachments

Description Mark Watson 2014-02-07 21:05:11 UTC
An RSA-PSS key, for example, can be used only for "sign" or "verify" (private or public key respectively).

If additional usages are specified in the generateKey call, is this an error, or are they ignored ?
Comment 1 Ryan Sleevi 2014-02-07 21:38:46 UTC
(In reply to Mark Watson from comment #0)
> An RSA-PSS key, for example, can be used only for "sign" or "verify"
> (private or public key respectively).
> 
> If additional usages are specified in the generateKey call, is this an
> error, or are they ignored ?

There are two types of "additional usages"

If there are usages not specified in the specification, it's an error.
If there are valid usages that are specified, but do not describe supported operations of the algorithm, it's an error.

That is, RSA-PSS does not support an "encrypt" operation, so an "encrypt" usage is invalid.