This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Presently, the algorithm whose import key operation is executed when importKey is called is determined entirely by the "algorithm" parameter to that method. For JWK, it would in theory be possible to support: P = crypto.subtle.importKey( "jwk", jwk, null, true, [ <usages> ] ) and have the correct algorithm determined by the "alg" member of the JWK. Do we want to support this ?
Do we want to support this? No. SPKI is equally possible that it CAN be self-describing, but it is not GUARANTEED to be self-describing. "alg" is OPTIONAL in JWK. All that matters is kty. The API should ALWAYS require to specify the algorithm.
If support for self-identifying JWK keys is not expected, then can we change the inputs to importKey() and unwrapKey() to make all parameters required? Currently: Promise<any> importKey(KeyFormat format, CryptoOperationData keyData, AlgorithmIdentifier? algorithm, boolean extractable, KeyUsage[] keyUsages ); Promise<any> unwrapKey(KeyFormat format, CryptoOperationData wrappedKey, Key unwrappingKey, AlgorithmIdentifier unwrapAlgorithm, AlgorithmIdentifier? unwrappedKeyAlgorithm, boolean extractable, KeyUsage[] keyUsages ); In particular, I am proposing the removal of the questionmark (nullable). Cheers
Eric, you are right. I filed Bug 25036.