This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25465 - ECDSA importKey for JWK should specify how to handle when "alg" conflicts with "crv"
Summary: ECDSA importKey for JWK should specify how to handle when "alg" conflicts wit...
Status: RESOLVED FIXED
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Windows NT
: P2 normal
Target Milestone: ---
Assignee: Ryan Sleevi
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-25 21:58 UTC by Ryan Sleevi
Modified: 2014-06-16 23:16 UTC (History)
1 user (show)

See Also:

Attachments

Description Ryan Sleevi 2014-04-25 21:58:21 UTC 
"alg" is a generic parameter applicable to all JWKs.

For keys with a "kty" of "EC", the field "crv" is present, which indicates the parameters of the Elliptic Curve public key.

It's possible to construct a JWK whose "alg" is in conflict with the "crv" parameter, for example:

{ kty: "EC",
  alg: "ES256",
  crv: "P-521",
  x: ...,
  y: ...
}

Such keys are fundamentally inconsistent. As currently specified, the "alg" field is ignored, and the key is imported with a namedCurve of "P-521".