--- a/spec/Overview-WebCryptoAPI.xml Mon May 20 12:55:28 2013 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Mon May 20 12:55:31 2013 -0700
@@ -703,7 +703,9 @@
"decrypt",
"sign",
"verify",
- "derive"
+ "derive",
+ "wrap",
+ "unwrap"
};
interface <dfn id="dfn-Key">Key</dfn> {
@@ -1335,6 +1337,19 @@
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
<a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
+
+ <span class="comment">// Note: wrap and unwrap remain "Features at Risk"</span>
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-wrapKey">wrapKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ <a href="#dfn-Key">Key</a> key,
+ <a href="#dfn-Key">Key</a> wrappingKey,
+ <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> wrapAlgorithm);
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-unwrapKey">unwrapKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ ArrayBufferView wrappedKey,
+ <a href="#dfn-Key">Key</a> unwrappingKey,
+ <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> unwrapAlgorithm,
+ <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier?</a> unwrappedKeyAlgorithm,
+ bool extractable = false,
+ <a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
};
</x:codeblock>
<div class="ednote">
@@ -2052,11 +2067,253 @@
<h4>The <dfn id="dfn-SubtleCrypto-method-importKey">importKey</dfn> method</h4>
<p></p>
</div>
+
<div id="SubtleCrypto-method-exportKey" class="section">
<h4>The <dfn id="dfn-SubtleCrypto-method-exportKey">exportKey</dfn> method</h4>
- <p></p>
</div>
-
+
+ <div id="SubtleCrypto-method-wrapKey" class="section">
+ <h4>The <dfn id="dfn-SubtleCrypto-method-wrapKey">wrapKey</dfn> method</h4>
+ <p>
+ When invoked, the <dfn id="dfn-SubtleCrypto-method-wrapKey">wrapKey</dfn> method <span class="RFC2119">MUST</span> perform the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of processing
+ <code>wrapAlgorithm</code> according to the
+ <a href="#algorithm-normalizing-rules">algorithm normalizing rules</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedAlgorithm</var> does not describe a
+ <a href="#algorithms">registered algorithm</a> that supports the wrapKey
+ operation, throw a <code>NotSupportedError</code> and
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>keyOp</var> be a newly created object implementing the
+ <a href="#dfn-KeyOperation"><code>KeyOperation</code></a> interface.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>keyOp</var> to the task that invoked this <code>wrapKey</code>, while
+ continuing the remaining steps of this algorithm.
+ </p>
+ </li>
+ <li>
+ <p>
+ Queue up an operation to run the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ If <var>wrappingKey</var>.<a href="#dfn-Key-KeyUsage"><code>keyUsage</code></a> does not
+ contain the <code>"wrap"</code> <a href="#dfn-KeyUsage"><code>KeyUsage</code></a>,
+ <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>Key</var>.<a href="#dfn-Key-extractable"><code>extractable</code></a> is not true,
+ <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>bytes</var> be the result of executing the <a href="#dfn-SubtleCrypto-method-exportKey">exportKey</a>
+ algorithm, with the <var>keyFormat</var> as <code>keyFormat</code> and with <var>key</var> as
+ <code>key</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key export algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of executing the <a href="#dfn-SubtleCrypto-method-encrypt">encrypt</a>
+ algorithm, with <var>wrappingKey</var> as <code>Key</code>, <var>normalizedAlgorithm</var> as
+ <code>algorithm</code>, and with <var>bytes</var> as <code>buffer</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the encrypt algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Otherwise, if the encrypt method completed successfully,
+ let <var>result</var> be the result of that operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>keyOp</var>.<a href="#dfn-KeyOperation-result"><code>result</code></a> =
+ <var>result</var>
+ </p>
+ </li>
+ <li>
+ <p>
+ <a href="#queue-a-task">Queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a> called
+ <a href="#dfn-KeyOperation-oncomplete"><code>oncomplete</code></a> at
+ <var>KeyOp</var>
+ </p>
+ </li>
+ </ol>
+ </li>
+ </ol>
+ </div>
+
+ <div id="SubtleCrypto-method-unwrapKey" class="section">
+ <h4>The <dfn id="dfn-SubtleCrypto-method-unwrapKey">unwrapKey</dfn> method</h4>
+ <p>
+ When invoked, the <dfn id="dfn-SubtleCrypto-method-unwrapKey">unwrapKey</dfn> method <span class="RFC2119">MUST</span> perform the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedUnwrapAlgorithm</var> be the result of processing
+ <code>unwrapAlgorithm</code> according to the
+ <a href="#algorithm-normalizing-rules">algorithm normalizing rules</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedUnwrapAlgorithm</var> does not describe a
+ <a href="#algorithms">registered algorithm</a> that supports the wrapKey
+ operation, throw a <code>NotSupportedError</code> and
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <ul>
+ <li>
+ <p>If <code>unwrappedKeyAlgorithm</code> is defined:</p>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedKeyAlgorithm</var> be the result of processing
+ <code>unwrappedKeyAlgorithm</code> according to the
+ <a href="#algorithm-normalizing-rules">algorithm normalizing rules</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedKeyAlgorithm</var> does not describe a
+ <a href="#algorithms">registered algorithm</a> that supports the wrapKey
+ operation, throw a <code>NotSupportedError</code> and
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ </ol>
+ </li>
+ <li>
+ <p>Otherwise, let <var>normalizedKeyAlgorithm</var> be <code>null</code>.</p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Let <var>keyOp</var> be a newly created object implementing the
+ <a href="#dfn-KeyOperation"><code>KeyOperation</code></a> interface.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>keyOp</var> to the task that invoked this <code>unwrapKey</code>, while
+ continuing the remaining steps of this algorithm.
+ </p>
+ </li>
+ <li>
+ <p>
+ Queue up an operation to run the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ If <var>unwrappingKey</var>.<a href="#dfn-Key-KeyUsage"><code>keyUsage</code></a> does not
+ contain the <code>"unwrap"</code> <a href="#dfn-KeyUsage"><code>KeyUsage</code></a>,
+ <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>bytes</var> be the result of executing the <a href="#dfn-SubtleCrypto-method-decrypt">decrypt</a>
+ algorithm, with <var>unwrapAlgorithm</var> as <code>algorithm</code>, <var>unwrapKey</var>
+ as <code>key</code>, and with <var>wrappedKey</var> as <code>buffer</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key decrypt algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of executing the <a href="#dfn-SubtleCrytpo-method-importKey">importKey</a>
+ algorithm, with <var>format</var> as <code>format</code>, with <var>bytes</var> as
+ <code>keyData</code>, with <var>unwrappedKeyAlgorithm</var> as <code>algorithm</code>, with <var>extractable</var>
+ as <code>extractable</code>, and <var>keyUsages</var> as <code>keyUsages</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key import algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Otherwise, if the algorithm-specific key unwrapping method completed successfully,
+ let <var>result</var> be the result of that operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>keyOp</var>.<a href="#dfn-KeyOperation-result"><code>result</code></a> =
+ <var>result</var>
+ </p>
+ </li>
+ <li>
+ <p>
+ <a href="#queue-a-task">Queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a> called
+ <a href="#dfn-KeyOperation-oncomplete"><code>oncomplete</code></a> at
+ <var>KeyOp</var>
+ </p>
+ </li>
+ </ol>
+ </li>
+ </ol>
+ </div>
</div>
</div>
@@ -2587,6 +2844,16 @@
<td><a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a></td>
<td><a href="#dfn-KeyPair">KeyPair</a>?</td>
</tr>
+ <tr>
+ <td>wrap</td>
+ <td><a href="#dfn-RsaOaepParams">RsaOaepParams</a></td>
+ <td>ArrayBuffer?</td>
+ </tr>
+ <tr>
+ <td>unwrap</td>
+ <td><a href="#dfn-RsaOaepParams">RsaOaepParams</a></td>
+ <td><a href="#dfn-Key">Key</a>?</td>
+ </tr>
</tbody>
</table>
</div>
@@ -2604,11 +2871,18 @@
</div>
<div id="rsa-oaep-operations" class="section">
<h4>Operations</h4>
- <ul>
- <li>Encrypt</li>
- <li>Decrypt</li>
- <li>Generate Key</li>
- </ul>
+ <dl>
+ <dt>Encrypt</dt>
+ <dd></dd>
+ <dt>Decrypt</dt>
+ <dd></dd>
+ <dt>Generate Key</dt>
+ <dd></dd>
+ <dt>Wrap</dt>
+ <dd></dd>
+ <dt>Unwrap</dt>
+ <dd></dd>
+ </dl>
</div>
</div>
--- a/spec/Overview.html Mon May 20 12:55:28 2013 -0700
+++ b/spec/Overview.html Mon May 20 12:55:31 2013 -0700
@@ -141,7 +141,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-processing-model">12.1. Processing Model</a></li><li><a href="#cryptooperation-events">12.2. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.3. Attributes</a></li><li><a href="#CryptoOperation-methods">12.4. Methods</a><ul><li><a href="#CryptoOperation-method-process">12.4.1. process(ArrayBufferView data)</a></li><li><a href="#CryptoOperation-method-finish">12.4.2. The finish() method</a></li><li><a href="#CryptoOperation-method-abort">12.4.3. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#crypto-interface">14. Crypto interface</a></li><li><a href="#subtlecrypto-interface">15. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">15.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">15.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">15.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">15.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">15.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">15.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">15.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">15.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">15.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-importKey">15.2.8. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">15.2.9. The exportKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">16. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">16.1. Description</a></li></ul></li><li><a href="#big-integer">17. BigInteger</a></li><li><a href="#keypair">18. KeyPair</a></li><li><a href="#algorithms">19. Algorithms</a><ul><li><a href="#recommended-algorithms">19.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">19.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">19.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">19.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">19.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">19.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">19.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">19.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">19.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">19.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">19.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">19.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">19.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">19.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">19.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">19.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">19.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">19.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">19.5.1. Description</a></li><li><a href="#rsa-pss-registration">19.5.2. Registration</a></li><li><a href="#rsa-pss-params">19.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">19.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">19.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">19.6.1. Description</a></li><li><a href="#rsa-oaep-registration">19.6.2. Registration</a></li><li><a href="#rsa-oaep-params">19.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">19.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">19.7. ECDSA</a><ul><li><a href="#ecdsa-description">19.7.1. Description</a></li><li><a href="#ecdsa-registration">19.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">19.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">19.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">19.7.5. Operations</a></li></ul></li><li><a href="#ecdh">19.8. ECDH</a><ul><li><a href="#ecdh-description">19.8.1. Description</a></li><li><a href="#ecdh-registration">19.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">19.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">19.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">19.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">19.9.1. Description</a></li><li><a href="#aes-ctr-registration">19.9.2. Registration</a></li><li><a href="#aes-ctr-params">19.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">19.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">19.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">19.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">19.10.1. Description</a></li><li><a href="#aes-cbc-registration">19.10.2. Registration</a></li><li><a href="#aes-cbc-params">19.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">19.10.4. Operations</a></li></ul></li><li><a href="#aes-cmac">19.11. AES-CMAC</a><ul><li><a href="#aes-cmac-description">19.11.1. Description</a></li><li><a href="#aes-cmac-registration">19.11.2. Registration</a></li><li><a href="#aes-cmac-operations">19.11.3. Operations</a></li></ul></li><li><a href="#aes-gcm">19.12. AES-GCM</a><ul><li><a href="#aes-gcm-description">19.12.1. Description</a></li><li><a href="#aes-gcm-registration">19.12.2. Registration</a></li><li><a href="#aes-gcm-params">19.12.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">19.12.4. Operations</a></li></ul></li><li><a href="#aes-cfb">19.13. AES-CFB</a><ul><li><a href="#aes-cfb-description">19.13.1. Description</a></li><li><a href="#aes-cfb-registration">19.13.2. Registration</a></li><li><a href="#aes-cfb-params">19.13.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">19.13.4. Operations</a></li></ul></li><li><a href="#hmac">19.14. HMAC</a><ul><li><a href="#hmac-description">19.14.1. Description</a></li><li><a href="#hmac-registration">19.14.2. Registration</a></li><li><a href="#hmac-params">19.14.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">19.14.4. Operations</a></li></ul></li><li><a href="#dh">19.15. Diffie-Hellman</a><ul><li><a href="#dh-description">19.15.1. Description</a></li><li><a href="#dh-registration">19.15.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">19.15.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">19.15.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">19.15.5. Operations</a></li></ul></li><li><a href="#sha">19.16. SHA</a><ul><li><a href="#sha-description">19.16.1. Description</a></li><li><a href="#sha-registration">19.16.2. Registration</a></li><li><a href="#sha-operations">19.16.3. Operations</a></li></ul></li><li><a href="#concatkdf">19.17. Concat KDF</a><ul><li><a href="#concatkdf-description">19.17.1. Description</a></li><li><a href="#concatkdf-registration">19.17.2. Registration</a></li><li><a href="#concat-params">19.17.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">19.17.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">19.18. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">19.18.1. Description</a></li><li><a href="#hkdf-ctr-registration">19.18.2. Registration</a></li><li><a href="#hkdf-ctr-params">19.18.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">19.18.4. Operations</a></li></ul></li><li><a href="#pbkdf2">19.19. PBKDF2</a><ul><li><a href="#pbkdf2-description">19.19.1. Description</a></li><li><a href="#pbkdf2-registration">19.19.2. Registration</a></li><li><a href="#pbkdf2-params">19.19.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">19.19.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">20. Algorithm normalizing rules</a></li><li><a href="#examples-section">21. JavaScript Example Code</a><ul><li><a href="#examples-signing">21.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">21.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-processing-model">12.1. Processing Model</a></li><li><a href="#cryptooperation-events">12.2. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.3. Attributes</a></li><li><a href="#CryptoOperation-methods">12.4. Methods</a><ul><li><a href="#CryptoOperation-method-process">12.4.1. process(ArrayBufferView data)</a></li><li><a href="#CryptoOperation-method-finish">12.4.2. The finish() method</a></li><li><a href="#CryptoOperation-method-abort">12.4.3. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#crypto-interface">14. Crypto interface</a></li><li><a href="#subtlecrypto-interface">15. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">15.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">15.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">15.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">15.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">15.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">15.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">15.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">15.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">15.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-importKey">15.2.8. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">15.2.9. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">15.2.10. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">15.2.11. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">16. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">16.1. Description</a></li></ul></li><li><a href="#big-integer">17. BigInteger</a></li><li><a href="#keypair">18. KeyPair</a></li><li><a href="#algorithms">19. Algorithms</a><ul><li><a href="#recommended-algorithms">19.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">19.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">19.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">19.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">19.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">19.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">19.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">19.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">19.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">19.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">19.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">19.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">19.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">19.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">19.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">19.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">19.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">19.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">19.5.1. Description</a></li><li><a href="#rsa-pss-registration">19.5.2. Registration</a></li><li><a href="#rsa-pss-params">19.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">19.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">19.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">19.6.1. Description</a></li><li><a href="#rsa-oaep-registration">19.6.2. Registration</a></li><li><a href="#rsa-oaep-params">19.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">19.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">19.7. ECDSA</a><ul><li><a href="#ecdsa-description">19.7.1. Description</a></li><li><a href="#ecdsa-registration">19.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">19.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">19.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">19.7.5. Operations</a></li></ul></li><li><a href="#ecdh">19.8. ECDH</a><ul><li><a href="#ecdh-description">19.8.1. Description</a></li><li><a href="#ecdh-registration">19.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">19.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">19.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">19.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">19.9.1. Description</a></li><li><a href="#aes-ctr-registration">19.9.2. Registration</a></li><li><a href="#aes-ctr-params">19.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">19.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">19.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">19.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">19.10.1. Description</a></li><li><a href="#aes-cbc-registration">19.10.2. Registration</a></li><li><a href="#aes-cbc-params">19.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">19.10.4. Operations</a></li></ul></li><li><a href="#aes-cmac">19.11. AES-CMAC</a><ul><li><a href="#aes-cmac-description">19.11.1. Description</a></li><li><a href="#aes-cmac-registration">19.11.2. Registration</a></li><li><a href="#aes-cmac-operations">19.11.3. Operations</a></li></ul></li><li><a href="#aes-gcm">19.12. AES-GCM</a><ul><li><a href="#aes-gcm-description">19.12.1. Description</a></li><li><a href="#aes-gcm-registration">19.12.2. Registration</a></li><li><a href="#aes-gcm-params">19.12.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">19.12.4. Operations</a></li></ul></li><li><a href="#aes-cfb">19.13. AES-CFB</a><ul><li><a href="#aes-cfb-description">19.13.1. Description</a></li><li><a href="#aes-cfb-registration">19.13.2. Registration</a></li><li><a href="#aes-cfb-params">19.13.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">19.13.4. Operations</a></li></ul></li><li><a href="#hmac">19.14. HMAC</a><ul><li><a href="#hmac-description">19.14.1. Description</a></li><li><a href="#hmac-registration">19.14.2. Registration</a></li><li><a href="#hmac-params">19.14.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">19.14.4. Operations</a></li></ul></li><li><a href="#dh">19.15. Diffie-Hellman</a><ul><li><a href="#dh-description">19.15.1. Description</a></li><li><a href="#dh-registration">19.15.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">19.15.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">19.15.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">19.15.5. Operations</a></li></ul></li><li><a href="#sha">19.16. SHA</a><ul><li><a href="#sha-description">19.16.1. Description</a></li><li><a href="#sha-registration">19.16.2. Registration</a></li><li><a href="#sha-operations">19.16.3. Operations</a></li></ul></li><li><a href="#concatkdf">19.17. Concat KDF</a><ul><li><a href="#concatkdf-description">19.17.1. Description</a></li><li><a href="#concatkdf-registration">19.17.2. Registration</a></li><li><a href="#concat-params">19.17.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">19.17.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">19.18. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">19.18.1. Description</a></li><li><a href="#hkdf-ctr-registration">19.18.2. Registration</a></li><li><a href="#hkdf-ctr-params">19.18.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">19.18.4. Operations</a></li></ul></li><li><a href="#pbkdf2">19.19. PBKDF2</a><ul><li><a href="#pbkdf2-description">19.19.1. Description</a></li><li><a href="#pbkdf2-registration">19.19.2. Registration</a></li><li><a href="#pbkdf2-params">19.19.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">19.19.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">20. Algorithm normalizing rules</a></li><li><a href="#examples-section">21. JavaScript Example Code</a><ul><li><a href="#examples-signing">21.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">21.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul></div>
</div>
<div id="sections">
@@ -646,7 +646,7 @@
<div class="note"><div class="noteHeader">Note</div>
<p>
Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-SubtleSubtleCrypto-method-generateKey"><code>generateKey</code></a> method instead.
+ <a href="#dfn-SubtleCrypto-method-generateKey"><code>generateKey</code></a> method instead.
</p>
</div>
</div>
@@ -712,7 +712,9 @@
"decrypt",
"sign",
"verify",
- "derive"
+ "derive",
+ "wrap",
+ "unwrap"
};
interface <dfn id="dfn-Key">Key</dfn> {
@@ -1311,39 +1313,52 @@
};
interface <dfn id="dfn-SubtleCrypto">SubtleCrypto</dfn> {
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleCrypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleCrypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleCrypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleCrypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> key,
ArrayBufferView signature,
optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-SubtleCrypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
optional ArrayBufferView? buffer = null);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/36">ISSUE-36</a></span>
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-deriveKey">deriveKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-deriveKey">deriveKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
<a href="#dfn-Key">Key</a> baseKey,
<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>? derivedKeyType,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a></span>
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-importKey">importKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-importKey">importKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
ArrayBufferView keyData,
<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>? algorithm,
bool extractable = false,
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
- <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleSubtleCrypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-exportKey">exportKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
+
+ <span class="comment">// Note: wrap and unwrap remain "Features at Risk"</span>
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-wrapKey">wrapKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ <a href="#dfn-Key">Key</a> key,
+ <a href="#dfn-Key">Key</a> wrappingKey,
+ <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> wrapAlgorithm);
+ <a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-SubtleCrypto-method-unwrapKey">unwrapKey</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format,
+ ArrayBufferView wrappedKey,
+ <a href="#dfn-Key">Key</a> unwrappingKey,
+ <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> unwrapAlgorithm,
+ <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier?</a> unwrappedKeyAlgorithm,
+ bool extractable = false,
+ <a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
};
</code></pre></div></div>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
@@ -1391,7 +1406,7 @@
<div id="SubtleCrypto-method-encrypt" class="section">
<h4>15.2.1. The encrypt method</h4>
<p>
- The <dfn id="dfn-SubtleSubtleCrypto-method-encrypt"><code>encrypt</code></dfn>
+ The <dfn id="dfn-SubtleCrypto-method-encrypt"><code>encrypt</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will encrypt data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1493,7 +1508,7 @@
<div id="SubtleCrypto-method-decrypt" class="section">
<h4>15.2.2. The decrypt method</h4>
<p>
- The <dfn id="dfn-SubtleSubtleCrypto-method-decrypt"><code>decrypt</code></dfn>
+ The <dfn id="dfn-SubtleCrypto-method-decrypt"><code>decrypt</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will decrypt data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1595,7 +1610,7 @@
<div id="SubtleCrypto-method-sign" class="section">
<h4>15.2.3. The sign method</h4>
<p>
- The <dfn id="dfn-SubtleSubtleCrypto-method-sign"><code>sign</code></dfn> method
+ The <dfn id="dfn-SubtleCrypto-method-sign"><code>sign</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will sign data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1696,7 +1711,7 @@
<div id="SubtleCrypto-method-verify" class="section">
<h4>15.2.4. The verify method</h4>
<p>
- The <dfn id="dfn-SubtleSubtleCrypto-method-verify"><code>verify</code></dfn> method
+ The <dfn id="dfn-SubtleCrypto-method-verify"><code>verify</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will verify data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> with
@@ -1797,7 +1812,7 @@
<div id="SubtleCrypto-method-digest" class="section">
<h4>15.2.5. The digest method</h4>
<p>
- The <dfn id="dfn-SubtleSubtleCrypto-method-digest"><code>digest</code></dfn> method returns
+ The <dfn id="dfn-SubtleCrypto-method-digest"><code>digest</code></dfn> method returns
a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
object that will digest data using the specified
<a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a>.
@@ -1898,7 +1913,7 @@
<div id="SubtleCrypto-method-generateKey" class="section">
<h4>15.2.6. The generateKey method</h4>
<p>
- When invoked, <dfn id="dfn-SubtleSubtleCrypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-SubtleCrypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -1974,7 +1989,7 @@
<div id="SubtleCrypto-method-deriveKey" class="section">
<h4>15.2.7. The deriveKey method</h4>
<p>
- When invoked, <dfn id="dfn-SubtleSubtleCrypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-SubtleCrypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -2058,14 +2073,256 @@
</div>
<div id="SubtleCrypto-method-importKey" class="section">
- <h4>15.2.8. The <dfn id="dfn-SubtleSubtleCrypto-method-importKey">importKey</dfn> method</h4>
+ <h4>15.2.8. The <dfn id="dfn-SubtleCrypto-method-importKey">importKey</dfn> method</h4>
<p></p>
</div>
+
<div id="SubtleCrypto-method-exportKey" class="section">
- <h4>15.2.9. The <dfn id="dfn-SubtleSubtleCrypto-method-exportKey">exportKey</dfn> method</h4>
- <p></p>
+ <h4>15.2.9. The <dfn id="dfn-SubtleCrypto-method-exportKey">exportKey</dfn> method</h4>
</div>
-
+
+ <div id="SubtleCrypto-method-wrapKey" class="section">
+ <h4>15.2.10. The <dfn id="dfn-SubtleCrypto-method-wrapKey">wrapKey</dfn> method</h4>
+ <p>
+ When invoked, the <dfn id="dfn-SubtleCrypto-method-wrapKey">wrapKey</dfn> method <span class="RFC2119">MUST</span> perform the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of processing
+ <code>wrapAlgorithm</code> according to the
+ <a href="#algorithm-normalizing-rules">algorithm normalizing rules</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedAlgorithm</var> does not describe a
+ <a href="#algorithms">registered algorithm</a> that supports the wrapKey
+ operation, throw a <code>NotSupportedError</code> and
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>keyOp</var> be a newly created object implementing the
+ <a href="#dfn-KeyOperation"><code>KeyOperation</code></a> interface.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>keyOp</var> to the task that invoked this <code>wrapKey</code>, while
+ continuing the remaining steps of this algorithm.
+ </p>
+ </li>
+ <li>
+ <p>
+ Queue up an operation to run the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ If <var>wrappingKey</var>.<a href="#dfn-Key-KeyUsage"><code>keyUsage</code></a> does not
+ contain the <code>"wrap"</code> <a href="#dfn-KeyUsage"><code>KeyUsage</code></a>,
+ <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>Key</var>.<a href="#dfn-Key-extractable"><code>extractable</code></a> is not true,
+ <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>bytes</var> be the result of executing the <a href="#dfn-SubtleCrypto-method-exportKey">exportKey</a>
+ algorithm, with the <var>keyFormat</var> as <code>keyFormat</code> and with <var>key</var> as
+ <code>key</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key export algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of executing the <a href="#dfn-SubtleCrypto-method-encrypt">encrypt</a>
+ algorithm, with <var>wrappingKey</var> as <code>Key</code>, <var>normalizedAlgorithm</var> as
+ <code>algorithm</code>, and with <var>bytes</var> as <code>buffer</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the encrypt algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Otherwise, if the encrypt method completed successfully,
+ let <var>result</var> be the result of that operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>keyOp</var>.<a href="#dfn-KeyOperation-result"><code>result</code></a> =
+ <var>result</var>
+ </p>
+ </li>
+ <li>
+ <p>
+ <a href="#queue-a-task">Queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a> called
+ <a href="#dfn-KeyOperation-oncomplete"><code>oncomplete</code></a> at
+ <var>KeyOp</var>
+ </p>
+ </li>
+ </ol>
+ </li>
+ </ol>
+ </div>
+
+ <div id="SubtleCrypto-method-unwrapKey" class="section">
+ <h4>15.2.11. The <dfn id="dfn-SubtleCrypto-method-unwrapKey">unwrapKey</dfn> method</h4>
+ <p>
+ When invoked, the <dfn id="dfn-SubtleCrypto-method-unwrapKey">unwrapKey</dfn> method <span class="RFC2119">MUST</span> perform the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedUnwrapAlgorithm</var> be the result of processing
+ <code>unwrapAlgorithm</code> according to the
+ <a href="#algorithm-normalizing-rules">algorithm normalizing rules</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedUnwrapAlgorithm</var> does not describe a
+ <a href="#algorithms">registered algorithm</a> that supports the wrapKey
+ operation, throw a <code>NotSupportedError</code> and
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <ul>
+ <li>
+ <p>If <code>unwrappedKeyAlgorithm</code> is defined:</p>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedKeyAlgorithm</var> be the result of processing
+ <code>unwrappedKeyAlgorithm</code> according to the
+ <a href="#algorithm-normalizing-rules">algorithm normalizing rules</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedKeyAlgorithm</var> does not describe a
+ <a href="#algorithms">registered algorithm</a> that supports the wrapKey
+ operation, throw a <code>NotSupportedError</code> and
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ </ol>
+ </li>
+ <li>
+ <p>Otherwise, let <var>normalizedKeyAlgorithm</var> be <code>null</code>.</p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Let <var>keyOp</var> be a newly created object implementing the
+ <a href="#dfn-KeyOperation"><code>KeyOperation</code></a> interface.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>keyOp</var> to the task that invoked this <code>unwrapKey</code>, while
+ continuing the remaining steps of this algorithm.
+ </p>
+ </li>
+ <li>
+ <p>
+ Queue up an operation to run the following steps:
+ </p>
+ <ol>
+ <li>
+ <p>
+ If <var>unwrappingKey</var>.<a href="#dfn-Key-KeyUsage"><code>keyUsage</code></a> does not
+ contain the <code>"unwrap"</code> <a href="#dfn-KeyUsage"><code>KeyUsage</code></a>,
+ <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>bytes</var> be the result of executing the <a href="#dfn-SubtleCrypto-method-decrypt">decrypt</a>
+ algorithm, with <var>unwrapAlgorithm</var> as <code>algorithm</code>, <var>unwrapKey</var>
+ as <code>key</code>, and with <var>wrappedKey</var> as <code>buffer</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key decrypt algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of executing the <a href="#dfn-SubtleCrytpo-method-importKey">importKey</a>
+ algorithm, with <var>format</var> as <code>format</code>, with <var>bytes</var> as
+ <code>keyData</code>, with <var>unwrappedKeyAlgorithm</var> as <code>algorithm</code>, with <var>extractable</var>
+ as <code>extractable</code>, and <var>keyUsages</var> as <code>keyUsages</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key import algorithm failed, <a href="#queue-a-task">queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a>
+ called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
+ <var>keyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Otherwise, if the algorithm-specific key unwrapping method completed successfully,
+ let <var>result</var> be the result of that operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>keyOp</var>.<a href="#dfn-KeyOperation-result"><code>result</code></a> =
+ <var>result</var>
+ </p>
+ </li>
+ <li>
+ <p>
+ <a href="#queue-a-task">Queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a> called
+ <a href="#dfn-KeyOperation-oncomplete"><code>oncomplete</code></a> at
+ <var>KeyOp</var>
+ </p>
+ </li>
+ </ol>
+ </li>
+ </ol>
+ </div>
</div>
</div>
@@ -2596,6 +2853,16 @@
<td><a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a></td>
<td><a href="#dfn-KeyPair">KeyPair</a>?</td>
</tr>
+ <tr>
+ <td>wrap</td>
+ <td><a href="#dfn-RsaOaepParams">RsaOaepParams</a></td>
+ <td>ArrayBuffer?</td>
+ </tr>
+ <tr>
+ <td>unwrap</td>
+ <td><a href="#dfn-RsaOaepParams">RsaOaepParams</a></td>
+ <td><a href="#dfn-Key">Key</a>?</td>
+ </tr>
</tbody>
</table>
</div>
@@ -2613,11 +2880,18 @@
</div>
<div id="rsa-oaep-operations" class="section">
<h4>19.6.4. Operations</h4>
- <ul>
- <li>Encrypt</li>
- <li>Decrypt</li>
- <li>Generate Key</li>
- </ul>
+ <dl>
+ <dt>Encrypt</dt>
+ <dd></dd>
+ <dt>Decrypt</dt>
+ <dd></dd>
+ <dt>Generate Key</dt>
+ <dd></dd>
+ <dt>Wrap</dt>
+ <dd></dd>
+ <dt>Unwrap</dt>
+ <dd></dd>
+ </dl>
</div>
</div>