This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25857 - Extractability is not always specified when importing keys (in particular public keys)
Summary: Extractability is not always specified when importing keys (in particular pub...
Status: RESOLVED FIXED
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Mark Watson
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-21 18:58 UTC by Eric Roman
Modified: 2014-09-24 18:54 UTC (History)
2 users (show)

See Also:

Attachments

Description Eric Roman 2014-05-21 18:58:55 UTC 
The value of "key.extractable" for importKey() is not consistently specified by the per-algorithm "Import Key".

For instance AES-KW defines it, however RSA-SSA, RSA-OAEP, RSA-ES, do not.

I suggest extracting the common properties out of the per-algorithm definitions, and into the generic importKey() language.

In particular, it is worth clarifying how "key.extractable" behaves for public keys.

In the case of generateKey(), the extractablity of public keys is always set to true. So one might interpret likewise for importKey() unless it is indicated. That said, I found evidence in the spec that the intent is for public keys to respect the extractability set in importKey() -- since Diffie-Hellman's definition spells it out.
Comment 1 Mark Watson 2014-09-22 17:52:07 UTC 
I suggest we move the setting of the key.extractable attribute to the importKey method procedures.