27717 – Require RSA key import to validate the key parameters

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27717 - Require RSA key import to validate the key parameters

Summary: Require RSA key import to validate the key parameters

Status:	RESOLVED MOVED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-12-30 20:59 UTC by Eric Roman
Modified:	2016-05-24 00:21 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Eric Roman 2014-12-30 20:59:46 UTC

The RSA key import does not appear to mandate any validity tests on the key data. (for instance require that n = pq).

I recommend adding a step that validates the key parameters, and throws a DataError if they are not legitimate.

This would match up with EC key import, which minimally requires the public key to be a point on the curve, and throws a DataError if not.

Comment 1 Mark Watson 2016-05-24 00:21:27 UTC

Moved to https://github.com/w3c/webcrypto/issues/72