Bug 23786: Move the JWK tables to an appendix, and fill in the tables for SPKI and PKCS#8
--- a/spec/Overview-WebCryptoAPI.xml Thu Feb 13 00:00:00 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Thu Feb 13 00:00:00 2014 -0800
@@ -778,7 +778,7 @@
</x:codeblock>
<div id="key-interface-description" class="section">
<h3>Description</h3>
- <span class="normative">This section is non-normative</span>
+ <p class="norm">This section is non-normative</p>
<p>
This specification provides a uniform interface for many different kinds of keying
material managed by the user agent. This may include keys that have been generated by
@@ -885,335 +885,6 @@
<code>Key</code> object.
</div>
</div>
-
- <div id="key-interface-jwk" class="section">
- <h3>Representation using JSON Web Key</h3>
- <p>
- The <a href="#dfn-KeyFormat">KeyFormat</a> value <code>jwk</code> enables <a
- href="#dfn-Key">Key</a> objects to be imported or exported in <a href="#jwk">JSON Web
- Key</a> format.
- </p>
- <p>
- This specification defines additional <a href="#jwk">JSON Web Key</a> attributes and
- attribute values that may be used for this purpose as follows:
- <ul>
- <li>
- Additional <code>alg</code> names for algorithms supported by WebCrypto not already
- defined for <a href="#jwk">JSON Web Key</a>
- </li>
- <li>
- A new <code>ext</code> attribute providing the value of the <a
- href="#dfn-Key">Key</a>'s <a href="#dfn-Key-extractable">extractable</a> attribute.
- </li>
- </ul>
- </p>
- <div id="key-interface-jwk-extensions" class="section">
- <h4>Extensions to JSON Web Key</h4>
- <div id="key-interface-jwk-algorithms" class="section">
- <h5>JSON Web Key algorithm names for WebCrypto algorithms</h5>
- <p>
- This specification defines additional <a href="#jwk">JSON Web Key</a> algorithm names:
- <code>A128CTR</code>,
- <code>A192CTR</code>,
- <code>A256CTR</code>,
- <code>A128CBC</code>,
- <code>A192CBC</code>,
- <code>A256CBC</code>,
- <code>A128CMAC</code>,
- <code>A192CMAC</code>,
- <code>A256CMAC</code>,
- <code>A128CFB</code>,
- <code>A192CFB</code>,
- <code>A256CFB</code>,
- <code>HS1</code>,
- <code>HS224</code>.
- These are associated with WebCrypto algorithms as defined in the mapping tables
- below.
- </p>
- </div>
- <div id="key-interface-jwk-ext" class="section">
- <h5>JSON Web Key <code>ext</code> attribute</h5>
- <p>
- This specification defines a new <a href="#jwk">JSON Web Key</a> attribute
- <code>ext</code> that enables the value of the
- <a href="#dfn-Key-extractable">extractable</a> attribute of a
- <a href="#dfn-Key">Key</a> to be included in a <a href="#jwk">JSON Web Key</a>
- object. The <code>ext</code> attribute SHALL have a Boolean value.
- </p>
- </div>
- </div>
- <div id="key-interface-jwk-mapping" class="section">
- <h4>Mapping between WebCrypto and JSON Web Key</h4>
- <p>
- This section defines the mapping between WebCrypto <a href="#dfn-Key">Key</a>
- objects and <a href="#jwk">JSON Web Key</a> objects.
- </p>
- <div id="key-interface-jwk-mapping-alg" class="section">
- <h5>Mapping of algorithms</h5>
- <p>
- The JSON Web Key <code>alg</code> member shall be mapped to / from the
- <code>name</code>, <code>length</code> and <code>hash</code> members of the
- <code>algorithm</code> attribute of the Key object according to the following
- tables:
- </p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>RSAES-PKCS1-V1_5</code></td>
- <td><code>RSA1_5</code></td>
- </tr>
- <tr>
- <td><code>RSA-OAEP</code></td>
- <td><code>RSA-OAEP</code></td>
- </tr>
- <tr>
- <td><code>ECDH</code></td>
- <td><code>ECDH-ES</code></td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>WebCrypto <code>Key.algorithm.length</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>AES-CTR</code></td>
- <td>128</td>
- <td><code>A128CTR</code></td>
- </tr>
- <tr>
- <td><code>AES-CTR</code></td>
- <td>192</td>
- <td><code>A192CTR</code></td>
- </tr>
- <tr>
- <td><code>AES-CTR</code></td>
- <td>256</td>
- <td><code>A256CTR</code></td>
- </tr>
- <tr>
- <td><code>AES-CBC</code></td>
- <td>128</td>
- <td><code>A128CBC</code></td>
- </tr>
- <tr>
- <td><code>AES-CBC</code></td>
- <td>192</td>
- <td><code>A192CBC</code></td>
- </tr>
- <tr>
- <td><code>AES-CBC</code></td>
- <td>256</td>
- <td><code>A256CBC</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>128</td>
- <td><code>A128KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>192</td>
- <td><code>A192KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>256</td>
- <td><code>A256KW</code></td>
- </tr>
- <tr>
- <td><code>AES-GCM</code></td>
- <td>128</td>
- <td><code>A128GCM</code> or <code>A128GCMKW</code></td>
- </tr>
- <tr>
- <td><code>AES-GCM</code></td>
- <td>192</td>
- <td><code>A192GCM</code> or <code>A128GCMKW</code></td>
- </tr>
- <tr>
- <td><code>AES-GCM</code></td>
- <td>256</td>
- <td><code>A256GCM</code> or <code>A128GCMKW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>128</td>
- <td><code>A128KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>192</td>
- <td><code>A192KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>256</td>
- <td><code>A256KW</code></td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>WebCrypto <code>Key.algorithm.hash</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-1</code></td>
- <td><code>HS1</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-224</code></td>
- <td><code>HS224</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-256</code></td>
- <td><code>HS256</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-384</code></td>
- <td><code>HS384</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-512</code></td>
- <td><code>HS512</code></td>
- </tr>
- <tr>
- <td><code>RSASSA-PKCS1-v1_5</code></td>
- <td><code>SHA-256</code></td>
- <td><code>RS256</code></td>
- </tr>
- <tr>
- <td><code>RSASSA-PKCS1-v1_5</code></td>
- <td><code>SHA-384</code></td>
- <td><code>RS384</code></td>
- </tr>
- <tr>
- <td><code>RSASSA-PKCS1-v1_5</code></td>
- <td><code>SHA-512</code></td>
- <td><code>RS512</code></td>
- </tr>
- <tr>
- <td><code>RSA-PSS</code></td>
- <td><code>SHA-256</code></td>
- <td><code>PS256</code></td>
- </tr>
- <tr>
- <td><code>RSA-PSS</code></td>
- <td><code>SHA-384</code></td>
- <td><code>PS384</code></td>
- </tr>
- <tr>
- <td><code>RSA-PSS</code></td>
- <td><code>SHA-512</code></td>
- <td><code>PS512</code></td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>WebCrypto <code>Key.algorithm.namedCurve</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>ECDSA</code></td>
- <td><code>P-256</code></td>
- <td><code>ES256</code></td>
- </tr>
- <tr>
- <td><code>ECDSA</code></td>
- <td><code>P-384</code></td>
- <td><code>ES384</code></td>
- </tr>
- <tr>
- <td><code>ECDSA</code></td>
- <td><code>P-512</code></td>
- <td><code>ES512</code></td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="key-interface-jwk-mapping-use" class="section">
- <h5>Mapping of usages</h5>
- <p>
- When exporting a WebCrypto <a href="#dfn-Key">Key</a> in JWK format, the value of
- the <a href="#dfn-Key">Key</a>.usages array shall be copied into the JWK
- <code>key_ops</code> member where each WebCrypto <a href="#dfn-KeyUsage">KeyUsage</a>
- value maps to the JWK <code>key_ops</code> value of the same name. The
- <code>use</code> member shall not be present.
- </p>
- <p>
- When importing a JWK format key into a WebCrypto <a href="#dfn-Key">Key</a> object,
- if the <code>key_ops</code> member is present then the WebCrypto
- <a href="#dfn-KeyUsage">KeyUsages</a> specified by this JWK shall be equal to the
- values listed in <code>key_ops</code> where each JWK <code>key_ops</code> value
- maps to the WebCrypto <a href="#dfn-KeyUsage">KeyUsage</a> value of the same name,
- except that unrecognized values SHALL be ignored. If the <code>key_ops</code>
- member is not present and the <code>use</code> member is present, then the
- WebCrypto <a href="#dfn-KeyUsage">KeyUsages</a> specified by this JWK shall be as
- specified in the following table:
- </p>
- <table>
- <thead>
- <tr>
- <td>JWK <code>use</code> value</td>
- <td>WebCrypto Key.usages value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>enc</code></td>
- <td><code>[ "encrypt", "decrypt", "wrapKey", "unwrapKey" ]</code></td>
- </tr>
- <tr>
- <td><code>sig</code></td>
- <td><code>[ "sign", "verify" ]</code></td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="key-interface-jwk-mapping-ext" class="section">
- <h5>Mapping of extractable</h5>
- <p>
- When exporting a WebCrypto <a href="#dfn-Key">Key</a> in JWK format, the value of
- the JWK <code>ext</code> attribute shall be <code>true</code>.
- </p>
- <p>
- When importing a JWK format key into a WebCrypto <a href="#dfn-Key">Key</a> object,
- if the <code>ext</code> member is present then the WebCrypto
- <a href="#dfn-Key-extractable">extractable</a> value specified by this JWK shall
- be equal to the <code>ext</code> member value.
- </p>
- </div>
- </div>
- </div>
</div>
<div id="crypto-interface" class="section">
@@ -6077,5 +5748,765 @@
</div>
</div>
</div>
+
+ <div id="appendices">
+ <div id="jwk-mapping" class="section">
+ <h2>Mapping between JSON Web Key / JSON Web Algorithm</h2>
+ <p class="norm">
+ The following section is non-normative. Refer to algorithm-specific sections for the
+ normative requirements of importing and exporting JWK.
+ </p>
+ <div id="jwk-mapping-alg" class="section">
+ <h3>Algorithm mappings</h3>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">JSON Web Key</th>
+ <th scope="col">AlgorithmIdentifier</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "RSA1_5" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSAES-PKCS1-V1_5" }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "RS256" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSASSA-PKCS1-v1_5",
+ hash: { name: "SHA-256" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "RS384" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSASSA-PKCS1-v1_5",
+ hash: { name: "SHA-384" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "RS512" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSASSA-PKCS1-v1_5",
+ hash: { name: "SHA-512" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "PS256" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSA-PSS",
+ hash: { name: "SHA-256" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "PS384" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSA-PSS",
+ hash: { name: "SHA-384" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "RSA",
+ alg: "PS512" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "RSA-PSS",
+ hash: { name: "SHA-512" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "EC",
+ alg: "ES256" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "ECDSA",
+ namedCurve: "P-256"
+ hash: { name: "SHA-256" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "EC",
+ alg: "ES384" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "ECDSA",
+ namedCurve: "P-384"
+ hash: { name: "SHA-384" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "EC",
+ alg: "ES512" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "ECDSA",
+ namedCurve: "P-521"
+ hash: { name: "SHA-512" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128CTR" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CTR",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192CTR" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CTR",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256CTR" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CTR",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128CBC" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CBC",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192CBC" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CBC",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256CBC" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CBC",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128KW" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-KW",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192KW" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-KW",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256KW" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-KW",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128GCM" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-GCM",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192GCM" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-GCM",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256GCM" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-GCM",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128GCMKW" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-GCM",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192GCMKW" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-GCM",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256GCMKW" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-GCM",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128CMAC" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CMAC",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192CMAC" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CMAC",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256CMAC" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CMAC",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A128CFB" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CFB",
+ length: 128 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A192CFB" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CFB",
+ length: 192 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "A256CFB" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "AES-CFB",
+ length: 256 }
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "HS1" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "HMAC",
+ hash: { name: "SHA-1" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "HS224" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "HMAC",
+ hash: { name: "SHA-224" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "HS256" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "HMAC",
+ hash: { name: "SHA-256" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "HS384" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "HMAC",
+ hash: { name: "SHA-384" }
+}
+</x:codeblock>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<x:codeblock language="es">
+{ kty: "oct",
+ alg: "HS512" }
+</x:codeblock>
+ </td>
+ <td>
+<x:codeblock language="es">
+{ name: "HMAC",
+ hash: "SHA-512" }
+</x:codeblock>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="ednote">
+ <p>Should the following be specified.</p>
+ <ul>
+ <li><p>RSASSA-PKCS1-v1_5 with SHA-1</p></li>
+ <li><p>RSA-PSS with SHA-1</p></li>
+ <li><p>RSA-OAEP needs specifiers for the hash algorithms.</p></li>
+ <li><p>ECDSA with SHA-1</p></li>
+ <li>
+ <p>
+ ECDSA where the curve (P-256, P-384, P-521) is not aligned with the hash (SHA-256,
+ SHA-384, SHA-512)
+ </p>
+ </li>
+ </ul>
+ </div>
+ </div>
+ <div id="jwk-mapping-usage" class="section">
+ <h3>Usage mapping</h3>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">JWK <code>use</code> value</th>
+ <th scope="col"><a href="#dfn-KeyUsage">KeyUsage</a>s</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><code>enc</code></td>
+ <td><code>["encrypt", "decrypt", "wrapKey", "unwrapKey"]</code></td>
+ </tr>
+ <tr>
+ <td><code>sig</code></td>
+ <td><code>["sign","verify"]</code></td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </div>
+ <div id="spki-mapping" class="section">
+ <h2>Mapping between Algorithm and SubjectPublicKeyInfo</h2>
+ <p class="norm">
+ The following section is non-normative. Refer to algorithm-specific sections for the
+ normative requirements of importing and exporting SPKI.
+ </p>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">Algorithm OID</th>
+ <th scope="col">subjectPublicKey ASN.1 structure</th>
+ <th scope="col">AlgorithmIdentifier</th>
+ <th scope="col">Reference</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>rsaEncryption (1.2.840.113549.1.1.1)</td>
+ <td>RSAPublicKey</td>
+ <td>
+ <code>"RSAES-PKCS1-v1_5"</code>,
+ <code>"RSASSA-PKCS1-v1_5"</code>,
+ <code>"RSA-PSS"</code>, or
+ <code>"RSA-OAEP"</code>
+ </td>
+ <td>
+ <a href="#RFC3279">RFC 3279</a>,
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5756">RFC 5756</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSASSA-PSS (1.2.840.113549.1.1.10)</td>
+ <td>RSAPublicKey</td>
+ <td><code>"RSA-PSS"</code></td>
+ <td>
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5756">RFC 5756</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSAES-OAEP (1.2.840.113549.1.1.7)</td>
+ <td>RSAPublicKey</td>
+ <td><code>"RSA-OAEP"</code></td>
+ <td>
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5756">RFC 5756</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-ecPublicKey (1.2.840.10045.2.1)</td>
+ <td>ECPoint</td>
+ <td><code>"ECDH"</code> or <code>"ECDSA"</code></td>
+ <td><a href="#RFC5480">RFC 5480</a></td>
+ </tr>
+ <tr>
+ <td>id-ecDH (1.3.132.112)</td>
+ <td>ECPoint</td>
+ <td><code>"ECDH"</code></td>
+ <td><a href="#RFC5480">RFC 5480</a></td>
+ </tr>
+ <tr>
+ <td>id-dsa (1.2.840.10040.4.1)</td>
+ <td>DSAPublicKey</td>
+ <td><code>"DSA"</code></td>
+ <td><a href="#RFC3279">RFC 3279</a></td>
+ </tr>
+ <tr>
+ <td>dhpublicnumber (1.2.840.10046.2.1)</td>
+ <td>DHPublicKey</td>
+ <td><code>"DH"</code></td>
+ <td><a href="#RFC3279">RFC 3279</a></td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="ednote">
+ <p>
+ The handling of "id-RSASSA-PSS" and "id-RSAES-OAEP" are tricky.
+ <a href="#RFC5756">RFC 5756</a> recommends implementations should not include parameters
+ when PSS is used with a subjectPublicKeyInfo, and MUST NOT include parameters when OAEP
+ is used. However, when OAEP is used as part of a key transport (as an AlgorithmIdentifier),
+ implementations MUST include the parameters.
+ </p>
+ <p>
+ The natural conflict is in deciding when a key is being exported as part of a
+ subjectPublicKeyInfo (which is what "spki" implies) and when it's being used as an
+ algorithmIdentifier for transport.
+ </p>
+ </div>
+ </div>
+ <div id="pkcs8-mapping" class="section">
+ <h2>Mapping between Algorithm and PKCS#8 PrivateKeyInfo</h2>
+ <p class="norm">
+ The following section is non-normative. Refer to algorithm-specific sections for the
+ normative requirements of importing and exporting PKCS#8 PrivateKeyInfo.
+ </p>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">privateKeyAlgorithm</th>
+ <th scope="col">privateKey format</th>
+ <th scope="col">AlgorithmIdentifier</th>
+ <th scope="col">Reference</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>rsaEncryption (1.2.840.113549.1.1.1)</td>
+ <td>RSAPrivateKey</td>
+ <td>
+ <code>"RSAES-PKCS1-v1_5"</code>,
+ <code>"RSASSA-PKCS1-v1_5"</code>,
+ <code>"RSA-PSS"</code>, or
+ <code>"RSA-OAEP"</code>
+ </td>
+ <td>
+ <a href="#RFC3447">RFC 3447</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSASSA-PSS (1.2.840.113549.1.1.10)</td>
+ <td>RSAPrivateKey</td>
+ <td><code>"RSA-PSS"</code></td>
+ <td>
+ <a href="#RFC3447">RFC 3447</a>,
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSAES-OAEP (1.2.840.113549.1.1.7)</td>
+ <td>RSAPrivateKey</td>
+ <td><code>"RSA-OAEP"</code></td>
+ <td>
+ <a href="#RFC3447">RFC 3447</a>,
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-ecPublicKey (1.2.840.10045.2.1)</td>
+ <td>ECPrivateKey</td>
+ <td><code>"ECDH"</code> or <code>"ECDSA"</code></td>
+ <td>
+ <a href="#RFC5480">RFC 5480</a>,
+ <a href="#RFC5915">RFC 5915</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-ecDH (1.3.132.112)</td>
+ <td>ECPrivateKey</td>
+ <td><code>"ECDH"</code></td>
+ <td>
+ <a href="#RFC5480">RFC 5480</a>,
+ <a href="#RFC5915">RFC 5915</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-dsa (1.2.840.10040.4.1)</td>
+ <td>INTEGER</td>
+ <td><code>"DSA"</code></td>
+ <td><a href="#RFC5958">RFC 5958</a></td>
+ </tr>
+ <tr>
+ <td>dhpublicnumber (1.2.840.10046.2.1)</td>
+ <td>INTEGER</td>
+ <td><code>"DH"</code></td>
+ <td><a href="#RFC5958">RFC 5958</a></td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="ednote">
+ <p>
+ There does not appear to be a normative reference for a DH key being encoded as an
+ INTEGER. Only RFC 5958 seems to mention this.
+ </p>
+ </div>
+ </div>
+ </div>
</body>
</html>
--- a/spec/Overview.html Thu Feb 13 00:00:00 2014 -0800
+++ b/spec/Overview.html Thu Feb 13 00:00:00 2014 -0800
@@ -44,7 +44,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 18 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 21 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -134,7 +134,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-types">11.2. Key interface data types</a></li><li><a href="#key-interface-members">11.3. Key interface members</a></li><li><a href="#key-interface-clone">11.4. Structured clone algorithm</a></li><li><a href="#key-interface-jwk">11.5. Representation using JSON Web Key</a><ul><li><a href="#key-interface-jwk-extensions">11.5.1. Extensions to JSON Web Key</a><ul><li><a href="#key-interface-jwk-algorithms">11.5.1.1. JSON Web Key algorithm names for WebCrypto algorithms</a></li><li><a href="#key-interface-jwk-ext">11.5.1.2. JSON Web Key ext attribute</a></li></ul></li><li><a href="#key-interface-jwk-mapping">11.5.2. Mapping between WebCrypto and JSON Web Key</a><ul><li><a href="#key-interface-jwk-mapping-alg">11.5.2.1. Mapping of algorithms</a></li><li><a href="#key-interface-jwk-mapping-use">11.5.2.2. Mapping of usages</a></li><li><a href="#key-interface-jwk-mapping-ext">11.5.2.3. Mapping of extractable</a></li></ul></li></ul></li></ul></li><li><a href="#crypto-interface">12. Crypto interface</a></li><li><a href="#subtlecrypto-interface">13. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">13.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">13.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">13.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">13.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">13.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">13.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">13.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">13.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">13.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">13.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">13.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">13.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">13.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">13.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">13.3.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">14. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">14.1. Description</a></li></ul></li><li><a href="#big-integer">15. BigInteger</a></li><li><a href="#keypair">16. KeyPair</a></li><li><a href="#algorithms">17. Algorithms</a><ul><li><a href="#algorithms-index">17.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">17.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">17.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">17.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">17.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">17.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">17.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">17.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">17.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">17.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">17.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">17.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">17.4.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">17.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">17.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">17.5.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">17.5.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">17.5.4. Operations</a></li></ul></li><li><a href="#rsa-pss">17.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">17.6.1. Description</a></li><li><a href="#rsa-pss-registration">17.6.2. Registration</a></li><li><a href="#rsa-pss-params">17.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">17.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">17.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">17.7.1. Description</a></li><li><a href="#rsa-oaep-registration">17.7.2. Registration</a></li><li><a href="#rsa-oaep-params">17.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">17.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">17.8. ECDSA</a><ul><li><a href="#ecdsa-description">17.8.1. Description</a></li><li><a href="#ecdsa-registration">17.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">17.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">17.8.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">17.8.5. Operations</a></li></ul></li><li><a href="#ecdh">17.9. ECDH</a><ul><li><a href="#ecdh-description">17.9.1. Description</a></li><li><a href="#ecdh-registration">17.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">17.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">17.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">17.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">17.10.1. Description</a></li><li><a href="#aes-ctr-registration">17.10.2. Registration</a></li><li><a href="#aes-ctr-params">17.10.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">17.10.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">17.10.5. Operations</a></li></ul></li><li><a href="#aes-cbc">17.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">17.11.1. Description</a></li><li><a href="#aes-cbc-registration">17.11.2. Registration</a></li><li><a href="#aes-cbc-params">17.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">17.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">17.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">17.12.1. Description</a></li><li><a href="#aes-cmac-registration">17.12.2. Registration</a></li><li><a href="#aes-cmac-operations">17.12.3. Operations</a></li></ul></li><li><a href="#aes-gcm">17.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">17.13.1. Description</a></li><li><a href="#aes-gcm-registration">17.13.2. Registration</a></li><li><a href="#aes-gcm-params">17.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">17.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">17.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">17.14.1. Description</a></li><li><a href="#aes-cfb-registration">17.14.2. Registration</a></li><li><a href="#aes-cfb-params">17.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">17.14.4. Operations</a></li></ul></li><li><a href="#aes-kw">17.15. AES-KW</a><ul><li><a href="#aes-kw-description">17.15.1. Description</a></li><li><a href="#aes-kw-registration">17.15.2. Registration</a></li><li><a href="#aes-kw-operations">17.15.3. Operations</a></li></ul></li><li><a href="#hmac">17.16. HMAC</a><ul><li><a href="#hmac-description">17.16.1. Description</a></li><li><a href="#hmac-registration">17.16.2. Registration</a></li><li><a href="#hmac-params">17.16.3. HmacParams dictionary</a></li><li><a href="#hmac-key-params">17.16.4. HmacKeyParams dictionary</a></li><li><a href="#hmac-operations">17.16.5. Operations</a></li></ul></li><li><a href="#dh">17.17. Diffie-Hellman</a><ul><li><a href="#dh-description">17.17.1. Description</a></li><li><a href="#dh-registration">17.17.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">17.17.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">17.17.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">17.17.5. Operations</a></li></ul></li><li><a href="#sha">17.18. SHA</a><ul><li><a href="#sha-description">17.18.1. Description</a></li><li><a href="#sha-registration">17.18.2. Registration</a></li><li><a href="#sha-operations">17.18.3. Operations</a></li></ul></li><li><a href="#concatkdf">17.19. Concat KDF</a><ul><li><a href="#concatkdf-description">17.19.1. Description</a></li><li><a href="#concatkdf-registration">17.19.2. Registration</a></li><li><a href="#concat-params">17.19.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">17.19.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">17.20. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">17.20.1. Description</a></li><li><a href="#hkdf-ctr-registration">17.20.2. Registration</a></li><li><a href="#hkdf-ctr-params">17.20.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">17.20.4. Operations</a></li></ul></li><li><a href="#pbkdf2">17.21. PBKDF2</a><ul><li><a href="#pbkdf2-description">17.21.1. Description</a></li><li><a href="#pbkdf2-registration">17.21.2. Registration</a></li><li><a href="#pbkdf2-params">17.21.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">17.21.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">18. Algorithm normalizing rules</a></li><li><a href="#examples-section">19. JavaScript Example Code</a><ul><li><a href="#examples-signing">19.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">19.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">20. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">20.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">20.2. JSON Web Key Parameters Registry</a></li></ul></li><li><a href="#acknowledgements-section">21. Acknowledgements</a></li><li><a href="#references">22. References</a><ul><li><a href="#normative-references">22.1. Normative References</a></li><li><a href="#informative-references">22.2. Informative References</a></li></ul></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-types">11.2. Key interface data types</a></li><li><a href="#key-interface-members">11.3. Key interface members</a></li><li><a href="#key-interface-clone">11.4. Structured clone algorithm</a></li></ul></li><li><a href="#crypto-interface">12. Crypto interface</a></li><li><a href="#subtlecrypto-interface">13. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">13.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">13.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">13.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">13.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">13.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">13.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">13.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">13.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">13.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">13.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">13.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">13.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">13.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">13.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">13.3.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">14. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">14.1. Description</a></li></ul></li><li><a href="#big-integer">15. BigInteger</a></li><li><a href="#keypair">16. KeyPair</a></li><li><a href="#algorithms">17. Algorithms</a><ul><li><a href="#algorithms-index">17.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">17.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">17.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">17.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">17.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">17.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">17.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">17.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">17.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">17.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">17.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">17.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">17.4.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">17.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">17.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">17.5.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">17.5.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">17.5.4. Operations</a></li></ul></li><li><a href="#rsa-pss">17.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">17.6.1. Description</a></li><li><a href="#rsa-pss-registration">17.6.2. Registration</a></li><li><a href="#rsa-pss-params">17.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">17.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">17.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">17.7.1. Description</a></li><li><a href="#rsa-oaep-registration">17.7.2. Registration</a></li><li><a href="#rsa-oaep-params">17.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">17.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">17.8. ECDSA</a><ul><li><a href="#ecdsa-description">17.8.1. Description</a></li><li><a href="#ecdsa-registration">17.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">17.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">17.8.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">17.8.5. Operations</a></li></ul></li><li><a href="#ecdh">17.9. ECDH</a><ul><li><a href="#ecdh-description">17.9.1. Description</a></li><li><a href="#ecdh-registration">17.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">17.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">17.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">17.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">17.10.1. Description</a></li><li><a href="#aes-ctr-registration">17.10.2. Registration</a></li><li><a href="#aes-ctr-params">17.10.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">17.10.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">17.10.5. Operations</a></li></ul></li><li><a href="#aes-cbc">17.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">17.11.1. Description</a></li><li><a href="#aes-cbc-registration">17.11.2. Registration</a></li><li><a href="#aes-cbc-params">17.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">17.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">17.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">17.12.1. Description</a></li><li><a href="#aes-cmac-registration">17.12.2. Registration</a></li><li><a href="#aes-cmac-operations">17.12.3. Operations</a></li></ul></li><li><a href="#aes-gcm">17.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">17.13.1. Description</a></li><li><a href="#aes-gcm-registration">17.13.2. Registration</a></li><li><a href="#aes-gcm-params">17.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">17.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">17.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">17.14.1. Description</a></li><li><a href="#aes-cfb-registration">17.14.2. Registration</a></li><li><a href="#aes-cfb-params">17.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">17.14.4. Operations</a></li></ul></li><li><a href="#aes-kw">17.15. AES-KW</a><ul><li><a href="#aes-kw-description">17.15.1. Description</a></li><li><a href="#aes-kw-registration">17.15.2. Registration</a></li><li><a href="#aes-kw-operations">17.15.3. Operations</a></li></ul></li><li><a href="#hmac">17.16. HMAC</a><ul><li><a href="#hmac-description">17.16.1. Description</a></li><li><a href="#hmac-registration">17.16.2. Registration</a></li><li><a href="#hmac-params">17.16.3. HmacParams dictionary</a></li><li><a href="#hmac-key-params">17.16.4. HmacKeyParams dictionary</a></li><li><a href="#hmac-operations">17.16.5. Operations</a></li></ul></li><li><a href="#dh">17.17. Diffie-Hellman</a><ul><li><a href="#dh-description">17.17.1. Description</a></li><li><a href="#dh-registration">17.17.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">17.17.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">17.17.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">17.17.5. Operations</a></li></ul></li><li><a href="#sha">17.18. SHA</a><ul><li><a href="#sha-description">17.18.1. Description</a></li><li><a href="#sha-registration">17.18.2. Registration</a></li><li><a href="#sha-operations">17.18.3. Operations</a></li></ul></li><li><a href="#concatkdf">17.19. Concat KDF</a><ul><li><a href="#concatkdf-description">17.19.1. Description</a></li><li><a href="#concatkdf-registration">17.19.2. Registration</a></li><li><a href="#concat-params">17.19.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">17.19.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">17.20. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">17.20.1. Description</a></li><li><a href="#hkdf-ctr-registration">17.20.2. Registration</a></li><li><a href="#hkdf-ctr-params">17.20.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">17.20.4. Operations</a></li></ul></li><li><a href="#pbkdf2">17.21. PBKDF2</a><ul><li><a href="#pbkdf2-description">17.21.1. Description</a></li><li><a href="#pbkdf2-registration">17.21.2. Registration</a></li><li><a href="#pbkdf2-params">17.21.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">17.21.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">18. Algorithm normalizing rules</a></li><li><a href="#examples-section">19. JavaScript Example Code</a><ul><li><a href="#examples-signing">19.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">19.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">20. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">20.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">20.2. JSON Web Key Parameters Registry</a></li></ul></li><li><a href="#acknowledgements-section">21. Acknowledgements</a></li><li><a href="#references">22. References</a><ul><li><a href="#normative-references">22.1. Normative References</a></li><li><a href="#informative-references">22.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
</div>
<div id="sections">
@@ -786,7 +786,7 @@
</code></pre></div></div>
<div id="key-interface-description" class="section">
<h3>11.1. Description</h3>
- <span class="normative">This section is non-normative</span>
+ <p class="norm">This section is non-normative</p>
<p>
This specification provides a uniform interface for many different kinds of keying
material managed by the user agent. This may include keys that have been generated by
@@ -893,333 +893,6 @@
<code>Key</code> object.
</div>
</div>
-
- <div id="key-interface-jwk" class="section">
- <h3>11.5. Representation using JSON Web Key</h3>
- <p>
- The <a href="#dfn-KeyFormat">KeyFormat</a> value <code>jwk</code> enables <a href="#dfn-Key">Key</a> objects to be imported or exported in <a href="#jwk">JSON Web
- Key</a> format.
- </p>
- <p>
- This specification defines additional <a href="#jwk">JSON Web Key</a> attributes and
- attribute values that may be used for this purpose as follows:
- <ul>
- <li>
- Additional <code>alg</code> names for algorithms supported by WebCrypto not already
- defined for <a href="#jwk">JSON Web Key</a>
- </li>
- <li>
- A new <code>ext</code> attribute providing the value of the <a href="#dfn-Key">Key</a>'s <a href="#dfn-Key-extractable">extractable</a> attribute.
- </li>
- </ul>
- </p>
- <div id="key-interface-jwk-extensions" class="section">
- <h4>11.5.1. Extensions to JSON Web Key</h4>
- <div id="key-interface-jwk-algorithms" class="section">
- <h5>11.5.1.1. JSON Web Key algorithm names for WebCrypto algorithms</h5>
- <p>
- This specification defines additional <a href="#jwk">JSON Web Key</a> algorithm names:
- <code>A128CTR</code>,
- <code>A192CTR</code>,
- <code>A256CTR</code>,
- <code>A128CBC</code>,
- <code>A192CBC</code>,
- <code>A256CBC</code>,
- <code>A128CMAC</code>,
- <code>A192CMAC</code>,
- <code>A256CMAC</code>,
- <code>A128CFB</code>,
- <code>A192CFB</code>,
- <code>A256CFB</code>,
- <code>HS1</code>,
- <code>HS224</code>.
- These are associated with WebCrypto algorithms as defined in the mapping tables
- below.
- </p>
- </div>
- <div id="key-interface-jwk-ext" class="section">
- <h5>11.5.1.2. JSON Web Key <code>ext</code> attribute</h5>
- <p>
- This specification defines a new <a href="#jwk">JSON Web Key</a> attribute
- <code>ext</code> that enables the value of the
- <a href="#dfn-Key-extractable">extractable</a> attribute of a
- <a href="#dfn-Key">Key</a> to be included in a <a href="#jwk">JSON Web Key</a>
- object. The <code>ext</code> attribute SHALL have a Boolean value.
- </p>
- </div>
- </div>
- <div id="key-interface-jwk-mapping" class="section">
- <h4>11.5.2. Mapping between WebCrypto and JSON Web Key</h4>
- <p>
- This section defines the mapping between WebCrypto <a href="#dfn-Key">Key</a>
- objects and <a href="#jwk">JSON Web Key</a> objects.
- </p>
- <div id="key-interface-jwk-mapping-alg" class="section">
- <h5>11.5.2.1. Mapping of algorithms</h5>
- <p>
- The JSON Web Key <code>alg</code> member shall be mapped to / from the
- <code>name</code>, <code>length</code> and <code>hash</code> members of the
- <code>algorithm</code> attribute of the Key object according to the following
- tables:
- </p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>RSAES-PKCS1-V1_5</code></td>
- <td><code>RSA1_5</code></td>
- </tr>
- <tr>
- <td><code>RSA-OAEP</code></td>
- <td><code>RSA-OAEP</code></td>
- </tr>
- <tr>
- <td><code>ECDH</code></td>
- <td><code>ECDH-ES</code></td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>WebCrypto <code>Key.algorithm.length</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>AES-CTR</code></td>
- <td>128</td>
- <td><code>A128CTR</code></td>
- </tr>
- <tr>
- <td><code>AES-CTR</code></td>
- <td>192</td>
- <td><code>A192CTR</code></td>
- </tr>
- <tr>
- <td><code>AES-CTR</code></td>
- <td>256</td>
- <td><code>A256CTR</code></td>
- </tr>
- <tr>
- <td><code>AES-CBC</code></td>
- <td>128</td>
- <td><code>A128CBC</code></td>
- </tr>
- <tr>
- <td><code>AES-CBC</code></td>
- <td>192</td>
- <td><code>A192CBC</code></td>
- </tr>
- <tr>
- <td><code>AES-CBC</code></td>
- <td>256</td>
- <td><code>A256CBC</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>128</td>
- <td><code>A128KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>192</td>
- <td><code>A192KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>256</td>
- <td><code>A256KW</code></td>
- </tr>
- <tr>
- <td><code>AES-GCM</code></td>
- <td>128</td>
- <td><code>A128GCM</code> or <code>A128GCMKW</code></td>
- </tr>
- <tr>
- <td><code>AES-GCM</code></td>
- <td>192</td>
- <td><code>A192GCM</code> or <code>A128GCMKW</code></td>
- </tr>
- <tr>
- <td><code>AES-GCM</code></td>
- <td>256</td>
- <td><code>A256GCM</code> or <code>A128GCMKW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>128</td>
- <td><code>A128KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>192</td>
- <td><code>A192KW</code></td>
- </tr>
- <tr>
- <td><code>AES-KW</code></td>
- <td>256</td>
- <td><code>A256KW</code></td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>WebCrypto <code>Key.algorithm.hash</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-1</code></td>
- <td><code>HS1</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-224</code></td>
- <td><code>HS224</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-256</code></td>
- <td><code>HS256</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-384</code></td>
- <td><code>HS384</code></td>
- </tr>
- <tr>
- <td><code>HMAC</code></td>
- <td><code>SHA-512</code></td>
- <td><code>HS512</code></td>
- </tr>
- <tr>
- <td><code>RSASSA-PKCS1-v1_5</code></td>
- <td><code>SHA-256</code></td>
- <td><code>RS256</code></td>
- </tr>
- <tr>
- <td><code>RSASSA-PKCS1-v1_5</code></td>
- <td><code>SHA-384</code></td>
- <td><code>RS384</code></td>
- </tr>
- <tr>
- <td><code>RSASSA-PKCS1-v1_5</code></td>
- <td><code>SHA-512</code></td>
- <td><code>RS512</code></td>
- </tr>
- <tr>
- <td><code>RSA-PSS</code></td>
- <td><code>SHA-256</code></td>
- <td><code>PS256</code></td>
- </tr>
- <tr>
- <td><code>RSA-PSS</code></td>
- <td><code>SHA-384</code></td>
- <td><code>PS384</code></td>
- </tr>
- <tr>
- <td><code>RSA-PSS</code></td>
- <td><code>SHA-512</code></td>
- <td><code>PS512</code></td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <table>
- <thead>
- <tr>
- <td>WebCrypto <code>Key.algorithm.name</code></td>
- <td>WebCrypto <code>Key.algorithm.namedCurve</code></td>
- <td>JWK <code>alg</code> value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>ECDSA</code></td>
- <td><code>P-256</code></td>
- <td><code>ES256</code></td>
- </tr>
- <tr>
- <td><code>ECDSA</code></td>
- <td><code>P-384</code></td>
- <td><code>ES384</code></td>
- </tr>
- <tr>
- <td><code>ECDSA</code></td>
- <td><code>P-512</code></td>
- <td><code>ES512</code></td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="key-interface-jwk-mapping-use" class="section">
- <h5>11.5.2.2. Mapping of usages</h5>
- <p>
- When exporting a WebCrypto <a href="#dfn-Key">Key</a> in JWK format, the value of
- the <a href="#dfn-Key">Key</a>.usages array shall be copied into the JWK
- <code>key_ops</code> member where each WebCrypto <a href="#dfn-KeyUsage">KeyUsage</a>
- value maps to the JWK <code>key_ops</code> value of the same name. The
- <code>use</code> member shall not be present.
- </p>
- <p>
- When importing a JWK format key into a WebCrypto <a href="#dfn-Key">Key</a> object,
- if the <code>key_ops</code> member is present then the WebCrypto
- <a href="#dfn-KeyUsage">KeyUsages</a> specified by this JWK shall be equal to the
- values listed in <code>key_ops</code> where each JWK <code>key_ops</code> value
- maps to the WebCrypto <a href="#dfn-KeyUsage">KeyUsage</a> value of the same name,
- except that unrecognized values SHALL be ignored. If the <code>key_ops</code>
- member is not present and the <code>use</code> member is present, then the
- WebCrypto <a href="#dfn-KeyUsage">KeyUsages</a> specified by this JWK shall be as
- specified in the following table:
- </p>
- <table>
- <thead>
- <tr>
- <td>JWK <code>use</code> value</td>
- <td>WebCrypto Key.usages value</td>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><code>enc</code></td>
- <td><code>[ "encrypt", "decrypt", "wrapKey", "unwrapKey" ]</code></td>
- </tr>
- <tr>
- <td><code>sig</code></td>
- <td><code>[ "sign", "verify" ]</code></td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="key-interface-jwk-mapping-ext" class="section">
- <h5>11.5.2.3. Mapping of extractable</h5>
- <p>
- When exporting a WebCrypto <a href="#dfn-Key">Key</a> in JWK format, the value of
- the JWK <code>ext</code> attribute shall be <code>true</code>.
- </p>
- <p>
- When importing a JWK format key into a WebCrypto <a href="#dfn-Key">Key</a> object,
- if the <code>ext</code> member is present then the WebCrypto
- <a href="#dfn-Key-extractable">extractable</a> value specified by this JWK shall
- be equal to the <code>ext</code> member value.
- </p>
- </div>
- </div>
- </div>
</div>
<div id="crypto-interface" class="section">
@@ -6047,5 +5720,765 @@
</div>
</div>
</div>
+
+ <div id="appendices">
+ <div id="jwk-mapping" class="section">
+ <h2>A. Mapping between JSON Web Key / JSON Web Algorithm</h2>
+ <p class="norm">
+ The following section is non-normative. Refer to algorithm-specific sections for the
+ normative requirements of importing and exporting JWK.
+ </p>
+ <div id="jwk-mapping-alg" class="section">
+ <h3>A.1. Algorithm mappings</h3>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">JSON Web Key</th>
+ <th scope="col">AlgorithmIdentifier</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "RSA1_5" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSAES-PKCS1-V1_5" }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "RS256" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSASSA-PKCS1-v1_5",
+ hash: { name: "SHA-256" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "RS384" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSASSA-PKCS1-v1_5",
+ hash: { name: "SHA-384" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "RS512" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSASSA-PKCS1-v1_5",
+ hash: { name: "SHA-512" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "PS256" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSA-PSS",
+ hash: { name: "SHA-256" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "PS384" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSA-PSS",
+ hash: { name: "SHA-384" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "RSA",
+ alg: "PS512" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "RSA-PSS",
+ hash: { name: "SHA-512" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "EC",
+ alg: "ES256" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "ECDSA",
+ namedCurve: "P-256"
+ hash: { name: "SHA-256" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "EC",
+ alg: "ES384" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "ECDSA",
+ namedCurve: "P-384"
+ hash: { name: "SHA-384" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "EC",
+ alg: "ES512" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "ECDSA",
+ namedCurve: "P-521"
+ hash: { name: "SHA-512" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128CTR" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CTR",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192CTR" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CTR",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256CTR" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CTR",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128CBC" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CBC",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192CBC" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CBC",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256CBC" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CBC",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128KW" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-KW",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192KW" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-KW",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256KW" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-KW",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128GCM" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-GCM",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192GCM" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-GCM",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256GCM" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-GCM",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128GCMKW" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-GCM",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192GCMKW" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-GCM",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256GCMKW" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-GCM",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128CMAC" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CMAC",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192CMAC" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CMAC",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256CMAC" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CMAC",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A128CFB" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CFB",
+ length: 128 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A192CFB" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CFB",
+ length: 192 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "A256CFB" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "AES-CFB",
+ length: 256 }
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "HS1" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "HMAC",
+ hash: { name: "SHA-1" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "HS224" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "HMAC",
+ hash: { name: "SHA-224" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "HS256" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "HMAC",
+ hash: { name: "SHA-256" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "HS384" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "HMAC",
+ hash: { name: "SHA-384" }
+}
+</code></pre></div></div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ kty: "oct",
+ alg: "HS512" }
+</code></pre></div></div>
+ </td>
+ <td>
+<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
+{ name: "HMAC",
+ hash: "SHA-512" }
+</code></pre></div></div>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <p>Should the following be specified.</p>
+ <ul>
+ <li><p>RSASSA-PKCS1-v1_5 with SHA-1</p></li>
+ <li><p>RSA-PSS with SHA-1</p></li>
+ <li><p>RSA-OAEP needs specifiers for the hash algorithms.</p></li>
+ <li><p>ECDSA with SHA-1</p></li>
+ <li>
+ <p>
+ ECDSA where the curve (P-256, P-384, P-521) is not aligned with the hash (SHA-256,
+ SHA-384, SHA-512)
+ </p>
+ </li>
+ </ul>
+ </div>
+ </div>
+ <div id="jwk-mapping-usage" class="section">
+ <h3>A.2. Usage mapping</h3>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">JWK <code>use</code> value</th>
+ <th scope="col"><a href="#dfn-KeyUsage">KeyUsage</a>s</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><code>enc</code></td>
+ <td><code>["encrypt", "decrypt", "wrapKey", "unwrapKey"]</code></td>
+ </tr>
+ <tr>
+ <td><code>sig</code></td>
+ <td><code>["sign","verify"]</code></td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </div>
+ <div id="spki-mapping" class="section">
+ <h2>B. Mapping between Algorithm and SubjectPublicKeyInfo</h2>
+ <p class="norm">
+ The following section is non-normative. Refer to algorithm-specific sections for the
+ normative requirements of importing and exporting SPKI.
+ </p>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">Algorithm OID</th>
+ <th scope="col">subjectPublicKey ASN.1 structure</th>
+ <th scope="col">AlgorithmIdentifier</th>
+ <th scope="col">Reference</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>rsaEncryption (1.2.840.113549.1.1.1)</td>
+ <td>RSAPublicKey</td>
+ <td>
+ <code>"RSAES-PKCS1-v1_5"</code>,
+ <code>"RSASSA-PKCS1-v1_5"</code>,
+ <code>"RSA-PSS"</code>, or
+ <code>"RSA-OAEP"</code>
+ </td>
+ <td>
+ <a href="#RFC3279">RFC 3279</a>,
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5756">RFC 5756</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSASSA-PSS (1.2.840.113549.1.1.10)</td>
+ <td>RSAPublicKey</td>
+ <td><code>"RSA-PSS"</code></td>
+ <td>
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5756">RFC 5756</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSAES-OAEP (1.2.840.113549.1.1.7)</td>
+ <td>RSAPublicKey</td>
+ <td><code>"RSA-OAEP"</code></td>
+ <td>
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5756">RFC 5756</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-ecPublicKey (1.2.840.10045.2.1)</td>
+ <td>ECPoint</td>
+ <td><code>"ECDH"</code> or <code>"ECDSA"</code></td>
+ <td><a href="#RFC5480">RFC 5480</a></td>
+ </tr>
+ <tr>
+ <td>id-ecDH (1.3.132.112)</td>
+ <td>ECPoint</td>
+ <td><code>"ECDH"</code></td>
+ <td><a href="#RFC5480">RFC 5480</a></td>
+ </tr>
+ <tr>
+ <td>id-dsa (1.2.840.10040.4.1)</td>
+ <td>DSAPublicKey</td>
+ <td><code>"DSA"</code></td>
+ <td><a href="#RFC3279">RFC 3279</a></td>
+ </tr>
+ <tr>
+ <td>dhpublicnumber (1.2.840.10046.2.1)</td>
+ <td>DHPublicKey</td>
+ <td><code>"DH"</code></td>
+ <td><a href="#RFC3279">RFC 3279</a></td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <p>
+ The handling of "id-RSASSA-PSS" and "id-RSAES-OAEP" are tricky.
+ <a href="#RFC5756">RFC 5756</a> recommends implementations should not include parameters
+ when PSS is used with a subjectPublicKeyInfo, and MUST NOT include parameters when OAEP
+ is used. However, when OAEP is used as part of a key transport (as an AlgorithmIdentifier),
+ implementations MUST include the parameters.
+ </p>
+ <p>
+ The natural conflict is in deciding when a key is being exported as part of a
+ subjectPublicKeyInfo (which is what "spki" implies) and when it's being used as an
+ algorithmIdentifier for transport.
+ </p>
+ </div>
+ </div>
+ <div id="pkcs8-mapping" class="section">
+ <h2>C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</h2>
+ <p class="norm">
+ The following section is non-normative. Refer to algorithm-specific sections for the
+ normative requirements of importing and exporting PKCS#8 PrivateKeyInfo.
+ </p>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">privateKeyAlgorithm</th>
+ <th scope="col">privateKey format</th>
+ <th scope="col">AlgorithmIdentifier</th>
+ <th scope="col">Reference</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>rsaEncryption (1.2.840.113549.1.1.1)</td>
+ <td>RSAPrivateKey</td>
+ <td>
+ <code>"RSAES-PKCS1-v1_5"</code>,
+ <code>"RSASSA-PKCS1-v1_5"</code>,
+ <code>"RSA-PSS"</code>, or
+ <code>"RSA-OAEP"</code>
+ </td>
+ <td>
+ <a href="#RFC3447">RFC 3447</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSASSA-PSS (1.2.840.113549.1.1.10)</td>
+ <td>RSAPrivateKey</td>
+ <td><code>"RSA-PSS"</code></td>
+ <td>
+ <a href="#RFC3447">RFC 3447</a>,
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-RSAES-OAEP (1.2.840.113549.1.1.7)</td>
+ <td>RSAPrivateKey</td>
+ <td><code>"RSA-OAEP"</code></td>
+ <td>
+ <a href="#RFC3447">RFC 3447</a>,
+ <a href="#RFC4055">RFC 4055</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-ecPublicKey (1.2.840.10045.2.1)</td>
+ <td>ECPrivateKey</td>
+ <td><code>"ECDH"</code> or <code>"ECDSA"</code></td>
+ <td>
+ <a href="#RFC5480">RFC 5480</a>,
+ <a href="#RFC5915">RFC 5915</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-ecDH (1.3.132.112)</td>
+ <td>ECPrivateKey</td>
+ <td><code>"ECDH"</code></td>
+ <td>
+ <a href="#RFC5480">RFC 5480</a>,
+ <a href="#RFC5915">RFC 5915</a>,
+ <a href="#RFC5958">RFC 5958</a>
+ </td>
+ </tr>
+ <tr>
+ <td>id-dsa (1.2.840.10040.4.1)</td>
+ <td>INTEGER</td>
+ <td><code>"DSA"</code></td>
+ <td><a href="#RFC5958">RFC 5958</a></td>
+ </tr>
+ <tr>
+ <td>dhpublicnumber (1.2.840.10046.2.1)</td>
+ <td>INTEGER</td>
+ <td><code>"DH"</code></td>
+ <td><a href="#RFC5958">RFC 5958</a></td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <p>
+ There does not appear to be a normative reference for a DH key being encoded as an
+ INTEGER. Only RFC 5958 seems to mention this.
+ </p>
+ </div>
+ </div>
+ </div>
</body>
</html>