Bug 24410 - Define the import/export operations for RSA-PSS
authorRyan Sleevi <sleevi@google.com
Thu, 06 Mar 2014 00:00:00 -0800
changeset 167 102cf2326e92
parent 166 b44dc54206eb
child 168 08a556becddf
Bug 24410 - Define the import/export operations for RSA-PSS
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Thu Mar 06 00:00:00 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml	Thu Mar 06 00:00:00 2014 -0800
@@ -4871,306 +4871,1408 @@
           </div>
           <div id="rsa-pss-operations" class="section">
             <h4>Operations</h4>
-            <dt>Sign</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
-                    is not <code>"private"</code>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>normalizedAlgorithm</var> be the result of
-                    <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                    to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
-                    present in <var>normalizedAlgorithm</var>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Perform the signature generation operation defined in Section 8.1 of [<cite><a
-                    href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
-                    as the signer's private key, <var>K</var>, and the contents of
-                    <var>message</var> as the message to be signed, <var>M</var>, and using the
-                    hash function specified by the
-                    <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                    <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
-                    as the Hash option, MGF1 (defined in Section B.2.1 of
-                    [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
-                    the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
-                    <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
-                    operation.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
-                    signature, S, that results from performing the operation.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-
-            <dt>Verify</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
-                    is not <code>"public"</code>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>normalizedAlgorithm</var> be the result of
-                    <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                    to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
-                    present in <var>normalizedAlgorithm</var>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Perform the signature verification operation defined in Section 8.1 of [<cite><a
-                    href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
-                    as the signer's RSA public key and the contents of <var>message</var> as
-                    <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
-                    the hash function specified by the
-                    <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                    <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
-                    Hash option, MGF1 (defined in Section B.2.1 of
-                    [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
-                    <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
-                    <var>normalizedAlgorithm</var> as the salt length option for the
-                    EMSA-PSS-VERIFY operation.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>result</var> be a boolean with value true if the
-                    result of the operation was "valid signature" and a boolean with value
-                    false otherwise.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>normalizedAlgorithm</var> be the result of
-                    <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                    to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If any of the members of
-                    <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
-                    in <var>normalizedAlgorithm</var>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If <var>usages</var> contains an entry which is not
-                    <code>"sign"</code> or <code>"verify"</code>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate an RSA key pair, as defined in [<cite><a
-                    href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
-                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
-                    <var>normalizedAlgorithm</var> and RSA public exponent equal to the
-                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
-                    object.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"RSA-PSS"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the
-                    <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
-                    member of <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the
-                    <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
-                    member of <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                    of <var>algorithm</var> to equal the
-                    <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
-                    representing the public key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
-                    to <code>"public"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
-                    <var>publicKey</var> to be <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
-                    <var>publicKey</var> to true.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-usages">usages</a> attribute of
-                    <var>publicKey</var> to be the
-                    <a href="concept-usage-intersection">usage intersection</a> of
-                    <var>usages</var> and <code>[ "verify" ]</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
-                    representing the private key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
-                    to <code>"private"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
-                    <var>privateKey</var> to be <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
-                    <var>privateKey</var> to <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-usages">usages</a> attribute of
-                    <var>privateKey</var> to be the
-                    <a href="concept-usage-intersection">usage intersection</a> of
-                    <var>usages</var> and <code>[ "sign" ]</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
-                    object.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
-                    of <var>result</var> to be <var>publicKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
-                    of <var>result</var> to be <var>privateKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd></dd>
-            <dt>Export Key</dt>
-            <dd></dd>
-          </div>
-
-          <div class="ednote">
-            <p>
-              TODO: Specify the mapping between key.algorithm.hash and the appropriate Hash
-              functions (and back to OID).
-            </p>
+            <dl>
+              <dt>Sign</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+                      is not <code>"private"</code>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+                      present in <var>normalizedAlgorithm</var>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Perform the signature generation operation defined in Section 8.1 of [<cite><a
+                      href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+                      as the signer's private key, <var>K</var>, and the contents of
+                      <var>message</var> as the message to be signed, <var>M</var>, and using the
+                      hash function specified by the
+                      <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                      <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
+                      as the Hash option, MGF1 (defined in Section B.2.1 of
+                      [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
+                      the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+                      <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
+                      operation.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If performing the operation results in an error,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
+                      signature, S, that results from performing the operation.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Verify</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+                      is not <code>"public"</code>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+                      present in <var>normalizedAlgorithm</var>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Perform the signature verification operation defined in Section 8.1 of [<cite><a
+                      href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+                      as the signer's RSA public key and the contents of <var>message</var> as
+                      <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
+                      the hash function specified by the
+                      <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                      <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
+                      Hash option, MGF1 (defined in Section B.2.1 of
+                      [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
+                      <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+                      <var>normalizedAlgorithm</var> as the salt length option for the
+                      EMSA-PSS-VERIFY operation.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If performing the operation results in an error,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>result</var> be a boolean with value true if the
+                      result of the operation was "valid signature" and a boolean with value
+                      false otherwise.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Generate Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of
+                      <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
+                      in <var>normalizedAlgorithm</var>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>usages</var> contains an entry which is not
+                      <code>"sign"</code> or <code>"verify"</code>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Generate an RSA key pair, as defined in [<cite><a
+                      href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
+                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
+                      <var>normalizedAlgorithm</var> and RSA public exponent equal to the
+                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
+                      <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If performing the operation results in an error,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>algorithm</var> be a new
+                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+                      object.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                      <var>algorithm</var> to <code>"RSA-PSS"</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the
+                      <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                      attribute of <var>algorithm</var> to equal the
+                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+                      member of <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the
+                      <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                      attribute of <var>algorithm</var> to equal the
+                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+                      member of <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                      of <var>algorithm</var> to equal the
+                      <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
+                      <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
+                      representing the public key of the generated key pair.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
+                      to <code>"public"</code>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+                      <var>publicKey</var> to be <var>algorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+                      <var>publicKey</var> to true.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-usages">usages</a> attribute of
+                      <var>publicKey</var> to be the
+                      <a href="concept-usage-intersection">usage intersection</a> of
+                      <var>usages</var> and <code>[ "verify" ]</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
+                      representing the private key of the generated key pair.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
+                      to <code>"private"</code>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+                      <var>privateKey</var> to be <var>algorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+                      <var>privateKey</var> to <var>extractable</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-usages">usages</a> attribute of
+                      <var>privateKey</var> to be the
+                      <a href="concept-usage-intersection">usage intersection</a> of
+                      <var>usages</var> and <code>[ "sign" ]</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
+                      object.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
+                      of <var>result</var> to be <var>publicKey</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
+                      of <var>result</var> to be <var>privateKey</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return <var>result</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Import Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>Let <var>keyData</var> be the key data to be imported.</p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of <a
+                      href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
+                      <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
+                      an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"spki"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>spki</var> be the result of running the
+                              <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
+                              algorithm over <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be a string whose initial value is undefined.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>alg</var> be the <code>algorithm</code> object identifier
+                              field of the <code>algorithm</code> AlgorithmIdentifier field of
+                              <var>spki</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                                OID defined in <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be undefined.
+                                </p>
+                              </dd>
+                              <dt>
+                                If <var>alg</var> is equivalent to the
+                                <code>id-RSASSA-PSS</code> OID defined in
+                                <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      Let <var>params</var> be the ASN.1 structure contained within
+                                      the <code>parameters</code> field of the <code>algorithm</code>
+                                      AlgorithmIdentifier field of <var>spki</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If <var>params</var> is not defined, or is not an instance of
+                                      the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+                                      <a href="#RFC3447">RFC3447</a>,
+                                      <a href="#concept-return-an-error">return an error</a> named
+                                      <a href="#dfn-DataError"><code>DataError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <dl class="switch">
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-1</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-256</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-384</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-512</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>Otherwise:</dt>
+                                      <dd>
+                                        <p>
+                                          <a href="#concept-return-an-error">Return an error</a> named
+                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                        </p>
+                                      </dd>
+                                    </dl>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>algorithm</code> object identifier field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      equivalent to the OID <code>id-mgf1</code> defined in <a
+                                      href="#RFC3447">RFC 3447</a>, <a
+                                      href="#concept-return-an-error">return an error</a> named <a
+                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>parameters</code> field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+                                      identical in content to the <code>hashAlglorithm</code> field of
+                                      <var>params</var>, <a href="#concept-return-an-error">return an
+                                      error</a> named <a
+                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-DataError"><code>DataError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              If <var>hash</var> is defined, and is not equal to the <a
+                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>, <a
+                              href="#concept-return-an-error">return an error</a> named <a
+                              href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set <var>hash</var> to the <a
+                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>publicKey</var> be the result of performing the <a
+                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                              algorithm, with <var>data</var> as the
+                              <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
+                              <var>structure</var> as the <code>RSAPublicKey</code> structure
+                              specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
+                              <var>exactData</var> set to true.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+                              represents the RSA public key identified by <var>publicKey</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+                              to <code>"public"</code>
+                            </p>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>privateKeyInfo</var> be the result of running the
+                              <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
+                              algorithm over <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing, then <a
+                              href="#concept-return-an-error">return an error</a> named <a
+                              href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be a string whose initial value is undefined.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>alg</var> be the <code>algorithm</code> object identifier
+                              field of the <code>privateKeyAlgorithm</code>
+                              PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                                OID defined in <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be undefined.
+                                </p>
+                              </dd>
+                              <dt>
+                                If <var>alg</var> is equivalent to the <code>id-RSASSA-PSS</code> OID
+                                defined in <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      Let <var>params</var> be the ASN.1 structure contained within
+                                      the <code>parameters</code> field of the
+                                      <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
+                                      field of <var>privateKeyInfo</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If <var>params</var> is not defined, or is not an instance of
+                                      the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+                                      <a href="#RFC3447">RFC3447</a>,
+                                      <a href="#concept-return-an-error">return an error</a> named
+                                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <dl class="switch">
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-1</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-256</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-384</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-512</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>Otherwise:</dt>
+                                      <dd>
+                                        <p>
+                                          <a href="#concept-return-an-error">Return an error</a> named
+                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                        </p>
+                                      </dd>
+                                    </dl>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>algorithm</code> object identifier field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      equivalent to the OID <code>id-mgf1</code> defined in <a
+                                      href="#RFC3447">RFC 3447</a>, <a
+                                      href="#concept-return-an-error">return an error</a> named <a
+                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>parameters</code> field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+                                      identical in content to the <code>hashAlglorithm</code> field of
+                                      <var>params</var>, <a href="#concept-return-an-error">return an
+                                      error</a> named <a
+                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-DataError"><code>DataError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              If <var>hash</var> is defined, and is not equal to the <a
+                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>, <a
+                              href="#concept-return-an-error">return an error</a> named <a
+                              href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set <var>hash</var> to the <a
+                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>rsaPrivateKey</var> be the result of performing the <a
+                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                              algorithm, with <var>data</var> as the
+                              <code>privateKey</code> field of <var>privateKeyInfo</var>,
+                              <var>structure</var> as the <code>RSAPrivateKey</code> structure
+                              specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
+                              <var>exactData</var> set to true.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+                              represents the RSA private key identified by <var>rsaPrivateKey</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+                              to <code>"private"</code>
+                            </p>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>jwk</var> be the result of running the
+                              <a href="#concept-parse-a-jwk">parse a jwk</a>
+                              algorithm over <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the <code>"kty"</code> field of <var>jwk</var> is not a
+                              case-sensitive string match to <code>"RSA"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the <code>"use"</code> field of <var>jwk</var> is present, and is
+                              not a case-sensitive string match to <code>"enc"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+                              is invalid according to the requirements of
+                              <a href="#jwk">JSON Web Key</a> or
+                              does not contain all of the specified <var>usages</var> values,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be a be a string whose initial value is
+                              undefined.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If the <code>"alg"</code> field of <var>jwk</var> is not
+                                present:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be undefined.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS1"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-1</code>.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS256"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-256</code>.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS384"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-384</code>.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS512"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-512</code>.
+                                </p>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-DataError"><code>DataError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      If <var>jwk</var> does not meet the requirements of
+                                      Section 6.3.2 of <a href="#jwa">JSON Web
+                                      Algorithms</a>,
+                                      then <a href="#concept-return-an-error">return an error</a> named
+                                      <a href="#dfn-DataError"><code>DataError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+                                      that represents the RSA private key identified by interpreting
+                                      <var>jwk</var> according to Section 6.3.2 of <a href="#jwa">
+                                      JSON Web Algorithms</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <a href="#dfn-Key-Type">type</a> attribute of
+                                      <var>key</var> to <code>"private"</code>
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      If <var>jwk</var> does not meet the requirements of Section
+                                      6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
+                                      href="#concept-return-an-error">return an error</a> named <a
+                                      href="#dfn-DataError"><code>DataError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+                                      that represents the RSA public key identified by interpreting
+                                      <var>jwk</var> according to Section 6.3.1 of <a href="#jwa">
+                                      JSON Web Algorithms</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <a href="#dfn-Key-Type">type</a> attribute of
+                                      <var>key</var> to <code>"public"</code>
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                            </dl>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>Otherwise:</dt>
+                      <dd>
+                        <a href="#concept-return-an-error">Return an error</a> named
+                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>algorithm</var> be a new
+                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                      <var>algorithm</var> to <code>"RSA-PSS"</code>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                      attribute of <var>algorithm</var> to the length, in bits, of the RSA public
+                      modulus.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                      attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
+                      representation of the RSA public exponent.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
+                      <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+                      whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+                      <var>key</var> to <var>algorithm</var>
+                    </p>
+                  </li>
+                  <li>
+                    <p>Return <var>key</var>.</p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Export Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      Let <var>key</var> be the key to be exported.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"spki"</code></dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+                              not <code>"public"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>result</var> be the result of <a
+                              href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
+                              subjectPublicKeyInfo</a> with the following properties:
+                            </p>
+                            <ul>
+                              <li>
+                                <p>
+                                  Set the <var>algorithm</var> field to an
+                                  <code>AlgorithmIdentifier</code> ASN.1 type with the following
+                                  properties:
+                                </p>
+                                <ul>
+                                  <li>
+                                    <p>
+                                      Set the <var>algorithm</var> field to the OID
+                                      <code>id-RSASSA-PSS</code> defined in
+                                      <a href="#RFC3447">RFC 3447</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <var>params</var> field to an instance of the
+                                      <code>RSASSA-PSS-params</code> ASN.1 type with the following
+                                      properties:
+                                    </p>
+                                    <ul>
+                                      <li>
+                                        <p>
+                                          Set the <var>hashAlgorithm</var> field to an instance of
+                                          the <code>HashAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <dl class="switch">
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-1</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha1</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-256</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha256</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-384</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha384</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-512</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha512</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                        </dl>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>maskGenAlgorithm</var> field to an instance
+                                          of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <ul>
+                                          <li>
+                                            <p>
+                                              Set the <var>algorithm</var> field to the OID
+                                              <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+                                              3447</a>.
+                                            </p>
+                                          </li>
+                                          <li>
+                                            <p>
+                                              Set the <var>params</var> field to an instance of the
+                                              <code>HashAlgorithm</code> ASN.1 type that is
+                                              identical to the <var>hashAlgorithm</var> field.
+                                            </p>
+                                          </li>
+                                        </ul>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>saltLength</var> field to the length in
+                                          octets of the digest algorithm identified by the <a
+                                          href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                                          of the <a href="#dfn-Key-algorithm">algorithm</a>
+                                          attribute of <var>key</var>.
+                                        </p>
+                                      </li>
+                                    </ul>
+                                  </li>
+                                </ul>
+                              </li>
+                              <li>
+                                <p>
+                                  Set the <var>subjectPublicKey</var> field to the result of
+                                  DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
+                                  in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
+                                  represents the RSA public key identified by <var>key</var>
+                                </p>
+                              </li>
+                            </ul>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+                              not <code>"private"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>result</var> be the result of <a
+                              href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+                              with the following properties:
+                            </p>
+                            <ul>
+                              <li>
+                                <p>
+                                  Set the <var>version</var> field to 0.
+                                </p>
+                              </li>
+                              <li>
+                                <p>
+                                  Set the <var>privateKeyAlgorithm</var> field to an
+                                  <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
+                                  following properties:
+                                </p>
+                                <ul>
+                                  <li>
+                                    <p>
+                                      Set the <var>algorithm</var> field to the OID
+                                      <code>id-RSASSA-PSS</code> defined in
+                                      <a href="#RFC3447">RFC 3447</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <var>params</var> field to an instance of the
+                                      <code>RSASSA-PSS-params</code> ASN.1 type with the following
+                                      properties:
+                                    </p>
+                                    <ul>
+                                      <li>
+                                        <p>
+                                          Set the <var>hashAlgorithm</var> field to an instance of
+                                          the <code>HashAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <dl class="switch">
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-1</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha1</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-256</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha256</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-384</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha384</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a
+                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-512</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha512</code> defined in <a
+                                              href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                        </dl>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>maskGenAlgorithm</var> field to an instance
+                                          of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <ul>
+                                          <li>
+                                            <p>
+                                              Set the <var>algorithm</var> field to the OID
+                                              <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+                                              3447</a>.
+                                            </p>
+                                          </li>
+                                          <li>
+                                            <p>
+                                              Set the <var>params</var> field to an instance of the
+                                              <code>HashAlgorithm</code> ASN.1 type that is
+                                              identical to the <var>hashAlgorithm</var> field.
+                                            </p>
+                                          </li>
+                                        </ul>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>saltLength</var> field to the length in
+                                          octets of the digest algorithm identified by the <a
+                                          href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                                          of the <a href="#dfn-Key-algorithm">algorithm</a>
+                                          attribute of <var>key</var>.
+                                        </p>
+                                      </li>
+                                    </ul>
+                                  </li>
+                                </ul>
+                              </li>
+                              <li>
+                                <p>
+                                  Set the <var>privateKey</var> field to the result of
+                                  DER-encoding an <code>RSAPrivateKey</code> ASN.1 type, as defined
+                                  in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that
+                                  represents the RSA private key identified by <var>key</var>
+                                </p>
+                                <div class="ednote">
+                                  <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
+                                  this field should be <em>BER</em> encoded in Section 5 (as a "for
+                                  example"). However, to avoid requiring WebCrypto implementations
+                                  support BER-encoding and BER-decoding, only <em>DER</em> encodings
+                                  are produced or accepted.
+                                </div>
+                              </li>
+                            </ul>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <ul>
+                          <li>
+                            <p>Let <var>jwk</var> be a new internal object.</p>
+                          </li>
+                          <li>
+                            <p>Set the <code>kty</code> field of <var>jwk</var> to the string
+                            <code>"RSA"</code>.</p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
+                              attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
+                              attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                              of <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS1</code>.
+                                </p>
+                              </dd>
+                              <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS256</code>.
+                                </p>
+                              </dd>
+                              <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS384</code>.
+                                </p>
+                              </dd>
+                              <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS512</code>.
+                                </p>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              Set the fields <code>n</code> and <code>e</code> of <var>jwk</var>
+                              according to the corresponding definitions in <a href="#JWA">JSON Web
+                              Algorithms</a>, Section 6.3.1.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+                                is <code>"private"</code>:
+                              </dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      Set the fields named <code>d</code>, <code>p</code>,
+                                      <code>q</code>, <code>dp</code>, <code>dq</code>, and
+                                      <code>qi</code> of <var>jwk</var> according to the
+                                      corresponding definitions in <a href="#JWA">JSON Web
+                                      Algorithms</a>, Section 6.3.2.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the underlying RSA private key represented by
+                                      <var>key</var> is represented by more than two primes, set the
+                                      field named <code>oth</code> of <var>jwk</var> according to
+                                      the corresponding definition in <a href="#JWA">JSON Web
+                                      Algorithms</a>, Section 6.3.2.7
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>key_ops</code> field of <var>jwk</var> to the <a
+                              href="#dfn-Key-usages">usages</a> attribute of <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>ext</code> field of <var>jwk</var> to the <a
+                              href="#dfn-Key-extractable">extractable</a> attribute of
+                              <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>stringifiedJwk</var> be the result of encoding
+                              <var>jwk</var> according to the grammar specified in Section 15.12 of
+                              <a href="#ECMA-262">ECMA262</a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>result</var> be the UTF-8 encoding of
+                              <var>stringifiedJwk</var>.
+                            </p>
+                          </li>
+                        </ul>
+                      </dd>
+                      <dt>Otherwise</dt>
+                      <dd>
+                        <p>
+                          <a href="#concept-return-an-error">Return an error</a> named
+                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                        </p>
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>data</var> be a new <code>ArrayBuffer</code> containing
+                      <var>result</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return <var>data</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+            </dl>
           </div>
         </div>
 
--- a/spec/Overview.html	Thu Mar 06 00:00:00 2014 -0800
+++ b/spec/Overview.html	Thu Mar 06 00:00:00 2014 -0800
@@ -28,7 +28,7 @@
   <link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
 
   <body>
-    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>6 March 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
+    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>7 March 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
     (see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document&amp;resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> &copy; view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>&reg;</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
 
     <div class="section">
@@ -56,7 +56,7 @@
         report can be found in the <a href="http://www.w3.org/TR/">W3C technical
           reports index</a> at http://www.w3.org/TR/.
       </em></p><p>
-        This document is the 6 March 2014 <b>Editor’s Draft</b> of the
+        This document is the 7 March 2014 <b>Editor’s Draft</b> of the
         <cite>Web Cryptography API</cite> specification.
       
       Please send comments about this document to
@@ -4847,303 +4847,1354 @@
           </div>
           <div id="rsa-pss-operations" class="section">
             <h4>18.6.4. Operations</h4>
-            <dt>Sign</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
-                    is not <code>"private"</code>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>normalizedAlgorithm</var> be the result of
-                    <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                    to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
-                    present in <var>normalizedAlgorithm</var>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Perform the signature generation operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
-                    as the signer's private key, <var>K</var>, and the contents of
-                    <var>message</var> as the message to be signed, <var>M</var>, and using the
-                    hash function specified by the
-                    <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                    <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
-                    as the Hash option, MGF1 (defined in Section B.2.1 of
-                    [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
-                    the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
-                    <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
-                    operation.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
-                    signature, S, that results from performing the operation.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-
-            <dt>Verify</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
-                    is not <code>"public"</code>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>normalizedAlgorithm</var> be the result of
-                    <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                    to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
-                    present in <var>normalizedAlgorithm</var>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Perform the signature verification operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
-                    as the signer's RSA public key and the contents of <var>message</var> as
-                    <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
-                    the hash function specified by the
-                    <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                    <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
-                    Hash option, MGF1 (defined in Section B.2.1 of
-                    [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
-                    <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
-                    <var>normalizedAlgorithm</var> as the salt length option for the
-                    EMSA-PSS-VERIFY operation.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>result</var> be a boolean with value true if the
-                    result of the operation was "valid signature" and a boolean with value
-                    false otherwise.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>normalizedAlgorithm</var> be the result of
-                    <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                    to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If any of the members of
-                    <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
-                    in <var>normalizedAlgorithm</var>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If <var>usages</var> contains an entry which is not
-                    <code>"sign"</code> or <code>"verify"</code>,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate an RSA key pair, as defined in [<cite><a href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
-                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
-                    <var>normalizedAlgorithm</var> and RSA public exponent equal to the
-                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error,
-                    then <a href="#concept-return-an-error">return an error</a> named
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
-                    object.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"RSA-PSS"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the
-                    <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
-                    member of <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the
-                    <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
-                    member of <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                    of <var>algorithm</var> to equal the
-                    <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
-                    representing the public key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
-                    to <code>"public"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
-                    <var>publicKey</var> to be <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
-                    <var>publicKey</var> to true.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-usages">usages</a> attribute of
-                    <var>publicKey</var> to be the
-                    <a href="concept-usage-intersection">usage intersection</a> of
-                    <var>usages</var> and <code>[ "verify" ]</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
-                    representing the private key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
-                    to <code>"private"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
-                    <var>privateKey</var> to be <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
-                    <var>privateKey</var> to <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Key-usages">usages</a> attribute of
-                    <var>privateKey</var> to be the
-                    <a href="concept-usage-intersection">usage intersection</a> of
-                    <var>usages</var> and <code>[ "sign" ]</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
-                    object.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
-                    of <var>result</var> to be <var>publicKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
-                    of <var>result</var> to be <var>privateKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd></dd>
-            <dt>Export Key</dt>
-            <dd></dd>
-          </div>
-
-          <div class="ednote"><div class="ednoteHeader">Editorial note</div>
-            <p>
-              TODO: Specify the mapping between key.algorithm.hash and the appropriate Hash
-              functions (and back to OID).
-            </p>
+            <dl>
+              <dt>Sign</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+                      is not <code>"private"</code>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+                      present in <var>normalizedAlgorithm</var>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Perform the signature generation operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+                      as the signer's private key, <var>K</var>, and the contents of
+                      <var>message</var> as the message to be signed, <var>M</var>, and using the
+                      hash function specified by the
+                      <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                      <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
+                      as the Hash option, MGF1 (defined in Section B.2.1 of
+                      [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
+                      the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+                      <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
+                      operation.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If performing the operation results in an error,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
+                      signature, S, that results from performing the operation.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Verify</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+                      is not <code>"public"</code>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+                      present in <var>normalizedAlgorithm</var>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Perform the signature verification operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+                      as the signer's RSA public key and the contents of <var>message</var> as
+                      <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
+                      the hash function specified by the
+                      <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                      <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
+                      Hash option, MGF1 (defined in Section B.2.1 of
+                      [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
+                      <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+                      <var>normalizedAlgorithm</var> as the salt length option for the
+                      EMSA-PSS-VERIFY operation.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If performing the operation results in an error,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>result</var> be a boolean with value true if the
+                      result of the operation was "valid signature" and a boolean with value
+                      false otherwise.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Generate Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of
+                      <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
+                      in <var>normalizedAlgorithm</var>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>usages</var> contains an entry which is not
+                      <code>"sign"</code> or <code>"verify"</code>,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Generate an RSA key pair, as defined in [<cite><a href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
+                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
+                      <var>normalizedAlgorithm</var> and RSA public exponent equal to the
+                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
+                      <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If performing the operation results in an error,
+                      then <a href="#concept-return-an-error">return an error</a> named
+                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>algorithm</var> be a new
+                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+                      object.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                      <var>algorithm</var> to <code>"RSA-PSS"</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the
+                      <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                      attribute of <var>algorithm</var> to equal the
+                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+                      member of <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the
+                      <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                      attribute of <var>algorithm</var> to equal the
+                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+                      member of <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                      of <var>algorithm</var> to equal the
+                      <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
+                      <var>normalizedAlgorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
+                      representing the public key of the generated key pair.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
+                      to <code>"public"</code>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+                      <var>publicKey</var> to be <var>algorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+                      <var>publicKey</var> to true.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-usages">usages</a> attribute of
+                      <var>publicKey</var> to be the
+                      <a href="concept-usage-intersection">usage intersection</a> of
+                      <var>usages</var> and <code>[ "verify" ]</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
+                      representing the private key of the generated key pair.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
+                      to <code>"private"</code>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+                      <var>privateKey</var> to be <var>algorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+                      <var>privateKey</var> to <var>extractable</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-usages">usages</a> attribute of
+                      <var>privateKey</var> to be the
+                      <a href="concept-usage-intersection">usage intersection</a> of
+                      <var>usages</var> and <code>[ "sign" ]</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
+                      object.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
+                      of <var>result</var> to be <var>publicKey</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
+                      of <var>result</var> to be <var>privateKey</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return <var>result</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Import Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>Let <var>keyData</var> be the key data to be imported.</p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>normalizedAlgorithm</var> be the result of
+                      <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
+                      to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
+                      <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
+                      an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"spki"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>spki</var> be the result of running the
+                              <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
+                              algorithm over <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be a string whose initial value is undefined.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>alg</var> be the <code>algorithm</code> object identifier
+                              field of the <code>algorithm</code> AlgorithmIdentifier field of
+                              <var>spki</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                                OID defined in <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be undefined.
+                                </p>
+                              </dd>
+                              <dt>
+                                If <var>alg</var> is equivalent to the
+                                <code>id-RSASSA-PSS</code> OID defined in
+                                <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      Let <var>params</var> be the ASN.1 structure contained within
+                                      the <code>parameters</code> field of the <code>algorithm</code>
+                                      AlgorithmIdentifier field of <var>spki</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If <var>params</var> is not defined, or is not an instance of
+                                      the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+                                      <a href="#RFC3447">RFC3447</a>,
+                                      <a href="#concept-return-an-error">return an error</a> named
+                                      <a href="#dfn-DataError"><code>DataError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <dl class="switch">
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-1</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-256</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-384</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-512</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>Otherwise:</dt>
+                                      <dd>
+                                        <p>
+                                          <a href="#concept-return-an-error">Return an error</a> named
+                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                        </p>
+                                      </dd>
+                                    </dl>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>algorithm</code> object identifier field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      equivalent to the OID <code>id-mgf1</code> defined in <a href="#RFC3447">RFC 3447</a>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>parameters</code> field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+                                      identical in content to the <code>hashAlglorithm</code> field of
+                                      <var>params</var>, <a href="#concept-return-an-error">return an
+                                      error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-DataError"><code>DataError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>publicKey</var> be the result of performing the <a href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                              algorithm, with <var>data</var> as the
+                              <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
+                              <var>structure</var> as the <code>RSAPublicKey</code> structure
+                              specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
+                              <var>exactData</var> set to true.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+                              represents the RSA public key identified by <var>publicKey</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+                              to <code>"public"</code>
+                            </p>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>privateKeyInfo</var> be the result of running the
+                              <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
+                              algorithm over <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be a string whose initial value is undefined.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>alg</var> be the <code>algorithm</code> object identifier
+                              field of the <code>privateKeyAlgorithm</code>
+                              PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                                OID defined in <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be undefined.
+                                </p>
+                              </dd>
+                              <dt>
+                                If <var>alg</var> is equivalent to the <code>id-RSASSA-PSS</code> OID
+                                defined in <a href="#RFC3447">RFC 3447</a>:
+                              </dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      Let <var>params</var> be the ASN.1 structure contained within
+                                      the <code>parameters</code> field of the
+                                      <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
+                                      field of <var>privateKeyInfo</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If <var>params</var> is not defined, or is not an instance of
+                                      the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+                                      <a href="#RFC3447">RFC3447</a>,
+                                      <a href="#concept-return-an-error">return an error</a> named
+                                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <dl class="switch">
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-1</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-256</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-384</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>
+                                        If the <code>algorithm</code> object identifier field of
+                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                      </dt>
+                                      <dd>
+                                        <p>
+                                          Set <var>hash</var> to the string <code>SHA-512</code>.
+                                        </p>
+                                      </dd>
+                                      <dt>Otherwise:</dt>
+                                      <dd>
+                                        <p>
+                                          <a href="#concept-return-an-error">Return an error</a> named
+                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                        </p>
+                                      </dd>
+                                    </dl>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>algorithm</code> object identifier field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      equivalent to the OID <code>id-mgf1</code> defined in <a href="#RFC3447">RFC 3447</a>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the <code>parameters</code> field of the
+                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+                                      identical in content to the <code>hashAlglorithm</code> field of
+                                      <var>params</var>, <a href="#concept-return-an-error">return an
+                                      error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-DataError"><code>DataError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                              <var>normalizedAlgorithm</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>rsaPrivateKey</var> be the result of performing the <a href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                              algorithm, with <var>data</var> as the
+                              <code>privateKey</code> field of <var>privateKeyInfo</var>,
+                              <var>structure</var> as the <code>RSAPrivateKey</code> structure
+                              specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
+                              <var>exactData</var> set to true.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If an error occurred while parsing,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+                              represents the RSA private key identified by <var>rsaPrivateKey</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+                              to <code>"private"</code>
+                            </p>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>jwk</var> be the result of running the
+                              <a href="#concept-parse-a-jwk">parse a jwk</a>
+                              algorithm over <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the <code>"kty"</code> field of <var>jwk</var> is not a
+                              case-sensitive string match to <code>"RSA"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the <code>"use"</code> field of <var>jwk</var> is present, and is
+                              not a case-sensitive string match to <code>"enc"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+                              is invalid according to the requirements of
+                              <a href="#jwk">JSON Web Key</a> or
+                              does not contain all of the specified <var>usages</var> values,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-DataError"><code>DataError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be a be a string whose initial value is
+                              undefined.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If the <code>"alg"</code> field of <var>jwk</var> is not
+                                present:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be undefined.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS1"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-1</code>.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS256"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-256</code>.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS384"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-384</code>.
+                                </p>
+                              </dd>
+                              <dt>
+                                If the <code>"alg"</code> field is equal to the string
+                                <code>"PS512"</code>:
+                              </dt>
+                              <dd>
+                                <p>
+                                  Let <var>hash</var> be the string <code>SHA-512</code>.
+                                </p>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-DataError"><code>DataError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      If <var>jwk</var> does not meet the requirements of
+                                      Section 6.3.2 of <a href="#jwa">JSON Web
+                                      Algorithms</a>,
+                                      then <a href="#concept-return-an-error">return an error</a> named
+                                      <a href="#dfn-DataError"><code>DataError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+                                      that represents the RSA private key identified by interpreting
+                                      <var>jwk</var> according to Section 6.3.2 of <a href="#jwa">
+                                      JSON Web Algorithms</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <a href="#dfn-Key-Type">type</a> attribute of
+                                      <var>key</var> to <code>"private"</code>
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      If <var>jwk</var> does not meet the requirements of Section
+                                      6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+                                      that represents the RSA public key identified by interpreting
+                                      <var>jwk</var> according to Section 6.3.1 of <a href="#jwa">
+                                      JSON Web Algorithms</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <a href="#dfn-Key-Type">type</a> attribute of
+                                      <var>key</var> to <code>"public"</code>
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                            </dl>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>Otherwise:</dt>
+                      <dd>
+                        <a href="#concept-return-an-error">Return an error</a> named
+                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>algorithm</var> be a new
+                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                      <var>algorithm</var> to <code>"RSA-PSS"</code>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                      attribute of <var>algorithm</var> to the length, in bits, of the RSA public
+                      modulus.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                      attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
+                      representation of the RSA public exponent.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
+                      <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+                      whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+                      <var>key</var> to <var>algorithm</var>
+                    </p>
+                  </li>
+                  <li>
+                    <p>Return <var>key</var>.</p>
+                  </li>
+                </ol>
+              </dd>
+
+              <dt>Export Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      Let <var>key</var> be the key to be exported.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"spki"</code></dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+                              not <code>"public"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>result</var> be the result of <a href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
+                              subjectPublicKeyInfo</a> with the following properties:
+                            </p>
+                            <ul>
+                              <li>
+                                <p>
+                                  Set the <var>algorithm</var> field to an
+                                  <code>AlgorithmIdentifier</code> ASN.1 type with the following
+                                  properties:
+                                </p>
+                                <ul>
+                                  <li>
+                                    <p>
+                                      Set the <var>algorithm</var> field to the OID
+                                      <code>id-RSASSA-PSS</code> defined in
+                                      <a href="#RFC3447">RFC 3447</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <var>params</var> field to an instance of the
+                                      <code>RSASSA-PSS-params</code> ASN.1 type with the following
+                                      properties:
+                                    </p>
+                                    <ul>
+                                      <li>
+                                        <p>
+                                          Set the <var>hashAlgorithm</var> field to an instance of
+                                          the <code>HashAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <dl class="switch">
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-1</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-256</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-384</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-512</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                        </dl>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>maskGenAlgorithm</var> field to an instance
+                                          of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <ul>
+                                          <li>
+                                            <p>
+                                              Set the <var>algorithm</var> field to the OID
+                                              <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+                                              3447</a>.
+                                            </p>
+                                          </li>
+                                          <li>
+                                            <p>
+                                              Set the <var>params</var> field to an instance of the
+                                              <code>HashAlgorithm</code> ASN.1 type that is
+                                              identical to the <var>hashAlgorithm</var> field.
+                                            </p>
+                                          </li>
+                                        </ul>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>saltLength</var> field to the length in
+                                          octets of the digest algorithm identified by the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                                          of the <a href="#dfn-Key-algorithm">algorithm</a>
+                                          attribute of <var>key</var>.
+                                        </p>
+                                      </li>
+                                    </ul>
+                                  </li>
+                                </ul>
+                              </li>
+                              <li>
+                                <p>
+                                  Set the <var>subjectPublicKey</var> field to the result of
+                                  DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
+                                  in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
+                                  represents the RSA public key identified by <var>key</var>
+                                </p>
+                              </li>
+                            </ul>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+                              not <code>"private"</code>,
+                              then <a href="#concept-return-an-error">return an error</a> named
+                              <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>result</var> be the result of <a href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+                              with the following properties:
+                            </p>
+                            <ul>
+                              <li>
+                                <p>
+                                  Set the <var>version</var> field to 0.
+                                </p>
+                              </li>
+                              <li>
+                                <p>
+                                  Set the <var>privateKeyAlgorithm</var> field to an
+                                  <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
+                                  following properties:
+                                </p>
+                                <ul>
+                                  <li>
+                                    <p>
+                                      Set the <var>algorithm</var> field to the OID
+                                      <code>id-RSASSA-PSS</code> defined in
+                                      <a href="#RFC3447">RFC 3447</a>.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      Set the <var>params</var> field to an instance of the
+                                      <code>RSASSA-PSS-params</code> ASN.1 type with the following
+                                      properties:
+                                    </p>
+                                    <ul>
+                                      <li>
+                                        <p>
+                                          Set the <var>hashAlgorithm</var> field to an instance of
+                                          the <code>HashAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <dl class="switch">
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-1</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-256</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-384</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                          <dt>
+                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                            the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                                            of <var>key</var> is <code>SHA-512</code>:
+                                          </dt>
+                                          <dd>
+                                            <p>
+                                              Set the <var>algorithm</var> object identifier to the
+                                              OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
+                                            </p>
+                                          </dd>
+                                        </dl>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>maskGenAlgorithm</var> field to an instance
+                                          of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+                                          following properties:
+                                        </p>
+                                        <ul>
+                                          <li>
+                                            <p>
+                                              Set the <var>algorithm</var> field to the OID
+                                              <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+                                              3447</a>.
+                                            </p>
+                                          </li>
+                                          <li>
+                                            <p>
+                                              Set the <var>params</var> field to an instance of the
+                                              <code>HashAlgorithm</code> ASN.1 type that is
+                                              identical to the <var>hashAlgorithm</var> field.
+                                            </p>
+                                          </li>
+                                        </ul>
+                                      </li>
+                                      <li>
+                                        <p>
+                                          Set the <var>saltLength</var> field to the length in
+                                          octets of the digest algorithm identified by the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                                          of the <a href="#dfn-Key-algorithm">algorithm</a>
+                                          attribute of <var>key</var>.
+                                        </p>
+                                      </li>
+                                    </ul>
+                                  </li>
+                                </ul>
+                              </li>
+                              <li>
+                                <p>
+                                  Set the <var>privateKey</var> field to the result of
+                                  DER-encoding an <code>RSAPrivateKey</code> ASN.1 type, as defined
+                                  in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that
+                                  represents the RSA private key identified by <var>key</var>
+                                </p>
+                                <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+                                  <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
+                                  this field should be <em>BER</em> encoded in Section 5 (as a "for
+                                  example"). However, to avoid requiring WebCrypto implementations
+                                  support BER-encoding and BER-decoding, only <em>DER</em> encodings
+                                  are produced or accepted.
+                                </div>
+                              </li>
+                            </ul>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <ul>
+                          <li>
+                            <p>Let <var>jwk</var> be a new internal object.</p>
+                          </li>
+                          <li>
+                            <p>Set the <code>kty</code> field of <var>jwk</var> to the string
+                            <code>"RSA"</code>.</p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
+                              attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
+                              attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+                              of <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS1</code>.
+                                </p>
+                              </dd>
+                              <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS256</code>.
+                                </p>
+                              </dd>
+                              <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS384</code>.
+                                </p>
+                              </dd>
+                              <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
+                              <dd>
+                                <p>
+                                  Set the <code>alg</code> field of <var>jwk</var> to the string
+                                  <code>PS512</code>.
+                                </p>
+                              </dd>
+                              <dt>Otherwise:</dt>
+                              <dd>
+                                <p>
+                                  <a href="#concept-return-an-error">Return an error</a> named
+                                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                </p>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              Set the fields <code>n</code> and <code>e</code> of <var>jwk</var>
+                              according to the corresponding definitions in <a href="#JWA">JSON Web
+                              Algorithms</a>, Section 6.3.1.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+                                is <code>"private"</code>:
+                              </dt>
+                              <dd>
+                                <ol>
+                                  <li>
+                                    <p>
+                                      Set the fields named <code>d</code>, <code>p</code>,
+                                      <code>q</code>, <code>dp</code>, <code>dq</code>, and
+                                      <code>qi</code> of <var>jwk</var> according to the
+                                      corresponding definitions in <a href="#JWA">JSON Web
+                                      Algorithms</a>, Section 6.3.2.
+                                    </p>
+                                  </li>
+                                  <li>
+                                    <p>
+                                      If the underlying RSA private key represented by
+                                      <var>key</var> is represented by more than two primes, set the
+                                      field named <code>oth</code> of <var>jwk</var> according to
+                                      the corresponding definition in <a href="#JWA">JSON Web
+                                      Algorithms</a>, Section 6.3.2.7
+                                    </p>
+                                  </li>
+                                </ol>
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>key_ops</code> field of <var>jwk</var> to the <a href="#dfn-Key-usages">usages</a> attribute of <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>ext</code> field of <var>jwk</var> to the <a href="#dfn-Key-extractable">extractable</a> attribute of
+                              <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>stringifiedJwk</var> be the result of encoding
+                              <var>jwk</var> according to the grammar specified in Section 15.12 of
+                              <a href="#ECMA-262">ECMA262</a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>result</var> be the UTF-8 encoding of
+                              <var>stringifiedJwk</var>.
+                            </p>
+                          </li>
+                        </ul>
+                      </dd>
+                      <dt>Otherwise</dt>
+                      <dd>
+                        <p>
+                          <a href="#concept-return-an-error">Return an error</a> named
+                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                        </p>
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>data</var> be a new <code>ArrayBuffer</code> containing
+                      <var>result</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return <var>data</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+            </dl>
           </div>
         </div>