--- a/spec/Overview-WebCryptoAPI.xml Thu Mar 06 00:00:00 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Thu Mar 06 00:00:00 2014 -0800
@@ -4871,306 +4871,1408 @@
</div>
<div id="rsa-pss-operations" class="section">
<h4>Operations</h4>
- <dt>Sign</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"private"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>normalizedAlgorithm</var> be the result of
- <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
- to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the signature generation operation defined in Section 8.1 of [<cite><a
- href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
- as the signer's private key, <var>K</var>, and the contents of
- <var>message</var> as the message to be signed, <var>M</var>, and using the
- hash function specified by the
- <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
- as the Hash option, MGF1 (defined in Section B.2.1 of
- [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
- the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
- <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
- operation.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
- signature, S, that results from performing the operation.
- </p>
- </li>
- </ol>
- </dd>
-
- <dt>Verify</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"public"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>normalizedAlgorithm</var> be the result of
- <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
- to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the signature verification operation defined in Section 8.1 of [<cite><a
- href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
- as the signer's RSA public key and the contents of <var>message</var> as
- <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
- the hash function specified by the
- <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
- Hash option, MGF1 (defined in Section B.2.1 of
- [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
- <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
- <var>normalizedAlgorithm</var> as the salt length option for the
- EMSA-PSS-VERIFY operation.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a boolean with value true if the
- result of the operation was "valid signature" and a boolean with value
- false otherwise.
- </p>
- </li>
- </ol>
- </dd>
-
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>normalizedAlgorithm</var> be the result of
- <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
- to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
- </p>
- </li>
- <li>
- <p>
- If any of the members of
- <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>usages</var> contains an entry which is not
- <code>"sign"</code> or <code>"verify"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate an RSA key pair, as defined in [<cite><a
- href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
- <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
- <var>normalizedAlgorithm</var> and RSA public exponent equal to the
- <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"RSA-PSS"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
- member of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
- member of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
- of <var>algorithm</var> to equal the
- <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the public key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
- to <code>"public"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
- <var>publicKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
- <var>publicKey</var> to true.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> attribute of
- <var>publicKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "verify" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the private key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
- to <code>"private"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
- <var>privateKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
- <var>privateKey</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> attribute of
- <var>privateKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "sign" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
- of <var>result</var> to be <var>publicKey</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
- of <var>result</var> to be <var>privateKey</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd></dd>
- <dt>Export Key</dt>
- <dd></dd>
- </div>
-
- <div class="ednote">
- <p>
- TODO: Specify the mapping between key.algorithm.hash and the appropriate Hash
- functions (and back to OID).
- </p>
+ <dl>
+ <dt>Sign</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+ is not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the signature generation operation defined in Section 8.1 of [<cite><a
+ href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+ as the signer's private key, <var>K</var>, and the contents of
+ <var>message</var> as the message to be signed, <var>M</var>, and using the
+ hash function specified by the
+ <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+ <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
+ as the Hash option, MGF1 (defined in Section B.2.1 of
+ [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
+ the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+ <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
+ operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
+ signature, S, that results from performing the operation.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Verify</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+ is not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the signature verification operation defined in Section 8.1 of [<cite><a
+ href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+ as the signer's RSA public key and the contents of <var>message</var> as
+ <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
+ the hash function specified by the
+ <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+ <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
+ Hash option, MGF1 (defined in Section B.2.1 of
+ [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
+ <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+ <var>normalizedAlgorithm</var> as the salt length option for the
+ EMSA-PSS-VERIFY operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be a boolean with value true if the
+ result of the operation was "valid signature" and a boolean with value
+ false otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Generate Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>usages</var> contains an entry which is not
+ <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Generate an RSA key pair, as defined in [<cite><a
+ href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
+ <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
+ <var>normalizedAlgorithm</var> and RSA public exponent equal to the
+ <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"RSA-PSS"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+ attribute of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+ member of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+ attribute of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+ member of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+ of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the public key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
+ to <code>"public"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>publicKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+ <var>publicKey</var> to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> attribute of
+ <var>publicKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "verify" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the private key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
+ to <code>"private"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>privateKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+ <var>privateKey</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> attribute of
+ <var>privateKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "sign" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
+ of <var>result</var> to be <var>publicKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
+ of <var>result</var> to be <var>privateKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Import Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of <a
+ href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
+ <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
+ an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"spki"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>spki</var> be the result of running the
+ <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be a string whose initial value is undefined.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>alg</var> be the <code>algorithm</code> object identifier
+ field of the <code>algorithm</code> AlgorithmIdentifier field of
+ <var>spki</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be undefined.
+ </p>
+ </dd>
+ <dt>
+ If <var>alg</var> is equivalent to the
+ <code>id-RSASSA-PSS</code> OID defined in
+ <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>params</var> be the ASN.1 structure contained within
+ the <code>parameters</code> field of the <code>algorithm</code>
+ AlgorithmIdentifier field of <var>spki</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>params</var> is not defined, or is not an instance of
+ the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+ <a href="#RFC3447">RFC3447</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+ within the <code>hashAlgorithm</code> field of <var>params</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-1</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-256</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-384</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If the <code>algorithm</code> object identifier field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ equivalent to the OID <code>id-mgf1</code> defined in <a
+ href="#RFC3447">RFC 3447</a>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>parameters</code> field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+ identical in content to the <code>hashAlglorithm</code> field of
+ <var>params</var>, <a href="#concept-return-an-error">return an
+ error</a> named <a
+ href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If <var>hash</var> is defined, and is not equal to the <a
+ href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+ href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>hash</var> to the <a
+ href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+ href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>publicKey</var> be the result of performing the <a
+ href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+ algorithm, with <var>data</var> as the
+ <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
+ <var>structure</var> as the <code>RSAPublicKey</code> structure
+ specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
+ <var>exactData</var> set to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+ represents the RSA public key identified by <var>publicKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+ to <code>"public"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>privateKeyInfo</var> be the result of running the
+ <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be a string whose initial value is undefined.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>alg</var> be the <code>algorithm</code> object identifier
+ field of the <code>privateKeyAlgorithm</code>
+ PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be undefined.
+ </p>
+ </dd>
+ <dt>
+ If <var>alg</var> is equivalent to the <code>id-RSASSA-PSS</code> OID
+ defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>params</var> be the ASN.1 structure contained within
+ the <code>parameters</code> field of the
+ <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
+ field of <var>privateKeyInfo</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>params</var> is not defined, or is not an instance of
+ the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+ <a href="#RFC3447">RFC3447</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+ within the <code>hashAlgorithm</code> field of <var>params</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-1</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-256</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-384</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If the <code>algorithm</code> object identifier field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ equivalent to the OID <code>id-mgf1</code> defined in <a
+ href="#RFC3447">RFC 3447</a>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>parameters</code> field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+ identical in content to the <code>hashAlglorithm</code> field of
+ <var>params</var>, <a href="#concept-return-an-error">return an
+ error</a> named <a
+ href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If <var>hash</var> is defined, and is not equal to the <a
+ href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+ href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>hash</var> to the <a
+ href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+ href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>rsaPrivateKey</var> be the result of performing the <a
+ href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+ algorithm, with <var>data</var> as the
+ <code>privateKey</code> field of <var>privateKeyInfo</var>,
+ <var>structure</var> as the <code>RSAPrivateKey</code> structure
+ specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
+ <var>exactData</var> set to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+ represents the RSA private key identified by <var>rsaPrivateKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+ to <code>"private"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>jwk</var> be the result of running the
+ <a href="#concept-parse-a-jwk">parse a jwk</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"kty"</code> field of <var>jwk</var> is not a
+ case-sensitive string match to <code>"RSA"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"use"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+ is invalid according to the requirements of
+ <a href="#jwk">JSON Web Key</a> or
+ does not contain all of the specified <var>usages</var> values,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be a be a string whose initial value is
+ undefined.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <code>"alg"</code> field of <var>jwk</var> is not
+ present:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be undefined.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS1"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-1</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS256"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-256</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS384"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-384</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS512"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>jwk</var> does not meet the requirements of
+ Section 6.3.2 of <a href="#jwa">JSON Web
+ Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+ that represents the RSA private key identified by interpreting
+ <var>jwk</var> according to Section 6.3.2 of <a href="#jwa">
+ JSON Web Algorithms</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of
+ <var>key</var> to <code>"private"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>jwk</var> does not meet the requirements of Section
+ 6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+ that represents the RSA public key identified by interpreting
+ <var>jwk</var> according to Section 6.3.1 of <a href="#jwa">
+ JSON Web Algorithms</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of
+ <var>key</var> to <code>"public"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"RSA-PSS"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+ attribute of <var>algorithm</var> to the length, in bits, of the RSA public
+ modulus.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+ attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
+ representation of the RSA public exponent.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
+ <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+ whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>key</var> to <var>algorithm</var>
+ </p>
+ </li>
+ <li>
+ <p>Return <var>key</var>.</p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Export Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>key</var> be the key to be exported.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"spki"</code></dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of <a
+ href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
+ subjectPublicKeyInfo</a> with the following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to an
+ <code>AlgorithmIdentifier</code> ASN.1 type with the following
+ properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-RSASSA-PSS</code> defined in
+ <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>RSASSA-PSS-params</code> ASN.1 type with the following
+ properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>hashAlgorithm</var> field to an instance of
+ the <code>HashAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-1</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha1</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-256</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha256</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-384</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha384</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-512</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha512</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <var>maskGenAlgorithm</var> field to an instance
+ of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+ 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>HashAlgorithm</code> ASN.1 type that is
+ identical to the <var>hashAlgorithm</var> field.
+ </p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>saltLength</var> field to the length in
+ octets of the digest algorithm identified by the <a
+ href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+ of the <a href="#dfn-Key-algorithm">algorithm</a>
+ attribute of <var>key</var>.
+ </p>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>subjectPublicKey</var> field to the result of
+ DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
+ in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
+ represents the RSA public key identified by <var>key</var>
+ </p>
+ </li>
+ </ul>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+ not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of <a
+ href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ with the following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>version</var> field to 0.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>privateKeyAlgorithm</var> field to an
+ <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
+ following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-RSASSA-PSS</code> defined in
+ <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>RSASSA-PSS-params</code> ASN.1 type with the following
+ properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>hashAlgorithm</var> field to an instance of
+ the <code>HashAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-1</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha1</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-256</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha256</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-384</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha384</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-512</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha512</code> defined in <a
+ href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <var>maskGenAlgorithm</var> field to an instance
+ of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+ 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>HashAlgorithm</code> ASN.1 type that is
+ identical to the <var>hashAlgorithm</var> field.
+ </p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>saltLength</var> field to the length in
+ octets of the digest algorithm identified by the <a
+ href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+ href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+ of the <a href="#dfn-Key-algorithm">algorithm</a>
+ attribute of <var>key</var>.
+ </p>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>privateKey</var> field to the result of
+ DER-encoding an <code>RSAPrivateKey</code> ASN.1 type, as defined
+ in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that
+ represents the RSA private key identified by <var>key</var>
+ </p>
+ <div class="ednote">
+ <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
+ this field should be <em>BER</em> encoded in Section 5 (as a "for
+ example"). However, to avoid requiring WebCrypto implementations
+ support BER-encoding and BER-decoding, only <em>DER</em> encodings
+ are produced or accepted.
+ </div>
+ </li>
+ </ul>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <ul>
+ <li>
+ <p>Let <var>jwk</var> be a new internal object.</p>
+ </li>
+ <li>
+ <p>Set the <code>kty</code> field of <var>jwk</var> to the string
+ <code>"RSA"</code>.</p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
+ attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS1</code>.
+ </p>
+ </dd>
+ <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS256</code>.
+ </p>
+ </dd>
+ <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS384</code>.
+ </p>
+ </dd>
+ <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the fields <code>n</code> and <code>e</code> of <var>jwk</var>
+ according to the corresponding definitions in <a href="#JWA">JSON Web
+ Algorithms</a>, Section 6.3.1.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+ is <code>"private"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Set the fields named <code>d</code>, <code>p</code>,
+ <code>q</code>, <code>dp</code>, <code>dq</code>, and
+ <code>qi</code> of <var>jwk</var> according to the
+ corresponding definitions in <a href="#JWA">JSON Web
+ Algorithms</a>, Section 6.3.2.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the underlying RSA private key represented by
+ <var>key</var> is represented by more than two primes, set the
+ field named <code>oth</code> of <var>jwk</var> according to
+ the corresponding definition in <a href="#JWA">JSON Web
+ Algorithms</a>, Section 6.3.2.7
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <code>key_ops</code> field of <var>jwk</var> to the <a
+ href="#dfn-Key-usages">usages</a> attribute of <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>ext</code> field of <var>jwk</var> to the <a
+ href="#dfn-Key-extractable">extractable</a> attribute of
+ <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>stringifiedJwk</var> be the result of encoding
+ <var>jwk</var> according to the grammar specified in Section 15.12 of
+ <a href="#ECMA-262">ECMA262</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the UTF-8 encoding of
+ <var>stringifiedJwk</var>.
+ </p>
+ </li>
+ </ul>
+ </dd>
+ <dt>Otherwise</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>data</var> be a new <code>ArrayBuffer</code> containing
+ <var>result</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>data</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</div>
</div>
--- a/spec/Overview.html Thu Mar 06 00:00:00 2014 -0800
+++ b/spec/Overview.html Thu Mar 06 00:00:00 2014 -0800
@@ -28,7 +28,7 @@
<link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
<body>
- <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>6 March 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
+ <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>7 March 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
(see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document&resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
<div class="section">
@@ -56,7 +56,7 @@
report can be found in the <a href="http://www.w3.org/TR/">W3C technical
reports index</a> at http://www.w3.org/TR/.
</em></p><p>
- This document is the 6 March 2014 <b>Editor’s Draft</b> of the
+ This document is the 7 March 2014 <b>Editor’s Draft</b> of the
<cite>Web Cryptography API</cite> specification.
Please send comments about this document to
@@ -4847,303 +4847,1354 @@
</div>
<div id="rsa-pss-operations" class="section">
<h4>18.6.4. Operations</h4>
- <dt>Sign</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"private"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>normalizedAlgorithm</var> be the result of
- <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
- to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the signature generation operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
- as the signer's private key, <var>K</var>, and the contents of
- <var>message</var> as the message to be signed, <var>M</var>, and using the
- hash function specified by the
- <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
- as the Hash option, MGF1 (defined in Section B.2.1 of
- [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
- the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
- <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
- operation.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
- signature, S, that results from performing the operation.
- </p>
- </li>
- </ol>
- </dd>
-
- <dt>Verify</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"public"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>normalizedAlgorithm</var> be the result of
- <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
- to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the signature verification operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
- as the signer's RSA public key and the contents of <var>message</var> as
- <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
- the hash function specified by the
- <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
- Hash option, MGF1 (defined in Section B.2.1 of
- [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
- <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
- <var>normalizedAlgorithm</var> as the salt length option for the
- EMSA-PSS-VERIFY operation.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a boolean with value true if the
- result of the operation was "valid signature" and a boolean with value
- false otherwise.
- </p>
- </li>
- </ol>
- </dd>
-
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>normalizedAlgorithm</var> be the result of
- <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
- to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
- </p>
- </li>
- <li>
- <p>
- If any of the members of
- <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>usages</var> contains an entry which is not
- <code>"sign"</code> or <code>"verify"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate an RSA key pair, as defined in [<cite><a href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
- <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
- <var>normalizedAlgorithm</var> and RSA public exponent equal to the
- <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"RSA-PSS"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
- member of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
- member of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
- of <var>algorithm</var> to equal the
- <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the public key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
- to <code>"public"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
- <var>publicKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
- <var>publicKey</var> to true.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> attribute of
- <var>publicKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "verify" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the private key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
- to <code>"private"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
- <var>privateKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
- <var>privateKey</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> attribute of
- <var>privateKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "sign" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
- of <var>result</var> to be <var>publicKey</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
- of <var>result</var> to be <var>privateKey</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd></dd>
- <dt>Export Key</dt>
- <dd></dd>
- </div>
-
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- TODO: Specify the mapping between key.algorithm.hash and the appropriate Hash
- functions (and back to OID).
- </p>
+ <dl>
+ <dt>Sign</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+ is not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the signature generation operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+ as the signer's private key, <var>K</var>, and the contents of
+ <var>message</var> as the message to be signed, <var>M</var>, and using the
+ hash function specified by the
+ <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+ <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>
+ as the Hash option, MGF1 (defined in Section B.2.1 of
+ [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and
+ the <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+ <var>normalizedAlgorithm</var> as the salt length option for the EMM-PSS-ENCODE
+ operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
+ signature, S, that results from performing the operation.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Verify</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+ is not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the signature verification operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
+ as the signer's RSA public key and the contents of <var>message</var> as
+ <var>M</var> and the contents of <var>signature</var> as <var>S</var> and using
+ the hash function specified by the
+ <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+ <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var> as the
+ Hash option, MGF1 (defined in Section B.2.1 of
+ [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the
+ <a href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+ <var>normalizedAlgorithm</var> as the salt length option for the
+ EMSA-PSS-VERIFY operation.
+ </p>
+ </li>
+ <li>
+ <p>
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be a boolean with value true if the
+ result of the operation was "valid signature" and a boolean with value
+ false otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Generate Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>usages</var> contains an entry which is not
+ <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Generate an RSA key pair, as defined in [<cite><a href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
+ <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
+ <var>normalizedAlgorithm</var> and RSA public exponent equal to the
+ <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"RSA-PSS"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+ attribute of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+ member of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+ attribute of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+ member of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+ of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the public key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
+ to <code>"public"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>publicKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+ <var>publicKey</var> to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> attribute of
+ <var>publicKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "verify" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the private key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of <var>privateKey</var>
+ to <code>"private"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>privateKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> attribute of
+ <var>privateKey</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> attribute of
+ <var>privateKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "sign" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-publicKey">publicKey</a> attribute
+ of <var>result</var> to be <var>publicKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-privateKey">privateKey</a> attribute
+ of <var>result</var> to be <var>privateKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Import Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
+ <p>
+ Let <var>normalizedAlgorithm</var> be the result of
+ <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
+ to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If any of the members of <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
+ <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
+ an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"spki"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>spki</var> be the result of running the
+ <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be a string whose initial value is undefined.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>alg</var> be the <code>algorithm</code> object identifier
+ field of the <code>algorithm</code> AlgorithmIdentifier field of
+ <var>spki</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be undefined.
+ </p>
+ </dd>
+ <dt>
+ If <var>alg</var> is equivalent to the
+ <code>id-RSASSA-PSS</code> OID defined in
+ <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>params</var> be the ASN.1 structure contained within
+ the <code>parameters</code> field of the <code>algorithm</code>
+ AlgorithmIdentifier field of <var>spki</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>params</var> is not defined, or is not an instance of
+ the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+ <a href="#RFC3447">RFC3447</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+ within the <code>hashAlgorithm</code> field of <var>params</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-1</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-256</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-384</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If the <code>algorithm</code> object identifier field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ equivalent to the OID <code>id-mgf1</code> defined in <a href="#RFC3447">RFC 3447</a>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>parameters</code> field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+ identical in content to the <code>hashAlglorithm</code> field of
+ <var>params</var>, <a href="#concept-return-an-error">return an
+ error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>publicKey</var> be the result of performing the <a href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+ algorithm, with <var>data</var> as the
+ <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
+ <var>structure</var> as the <code>RSAPublicKey</code> structure
+ specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
+ <var>exactData</var> set to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+ represents the RSA public key identified by <var>publicKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+ to <code>"public"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>privateKeyInfo</var> be the result of running the
+ <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be a string whose initial value is undefined.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>alg</var> be the <code>algorithm</code> object identifier
+ field of the <code>privateKeyAlgorithm</code>
+ PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be undefined.
+ </p>
+ </dd>
+ <dt>
+ If <var>alg</var> is equivalent to the <code>id-RSASSA-PSS</code> OID
+ defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>params</var> be the ASN.1 structure contained within
+ the <code>parameters</code> field of the
+ <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
+ field of <var>privateKeyInfo</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>params</var> is not defined, or is not an instance of
+ the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+ <a href="#RFC3447">RFC3447</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+ within the <code>hashAlgorithm</code> field of <var>params</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-1</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-256</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-384</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>algorithm</code> object identifier field of
+ <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+ OID defined in <a href="#RFC3447">RFC 3447</a>:
+ </dt>
+ <dd>
+ <p>
+ Set <var>hash</var> to the string <code>SHA-512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If the <code>algorithm</code> object identifier field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ equivalent to the OID <code>id-mgf1</code> defined in <a href="#RFC3447">RFC 3447</a>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>parameters</code> field of the
+ <code>maskGenAlgorithm</code> field of <var>params</var> is not
+ an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+ identical in content to the <code>hashAlglorithm</code> field of
+ <var>params</var>, <a href="#concept-return-an-error">return an
+ error</a> named <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>rsaPrivateKey</var> be the result of performing the <a href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+ algorithm, with <var>data</var> as the
+ <code>privateKey</code> field of <var>privateKeyInfo</var>,
+ <var>structure</var> as the <code>RSAPrivateKey</code> structure
+ specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
+ <var>exactData</var> set to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object that
+ represents the RSA private key identified by <var>rsaPrivateKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of <var>key</var>
+ to <code>"private"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>jwk</var> be the result of running the
+ <a href="#concept-parse-a-jwk">parse a jwk</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"kty"</code> field of <var>jwk</var> is not a
+ case-sensitive string match to <code>"RSA"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"use"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+ is invalid according to the requirements of
+ <a href="#jwk">JSON Web Key</a> or
+ does not contain all of the specified <var>usages</var> values,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be a be a string whose initial value is
+ undefined.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <code>"alg"</code> field of <var>jwk</var> is not
+ present:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be undefined.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS1"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-1</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS256"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-256</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS384"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-384</code>.
+ </p>
+ </dd>
+ <dt>
+ If the <code>"alg"</code> field is equal to the string
+ <code>"PS512"</code>:
+ </dt>
+ <dd>
+ <p>
+ Let <var>hash</var> be the string <code>SHA-512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>jwk</var> does not meet the requirements of
+ Section 6.3.2 of <a href="#jwa">JSON Web
+ Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+ that represents the RSA private key identified by interpreting
+ <var>jwk</var> according to Section 6.3.2 of <a href="#jwa">
+ JSON Web Algorithms</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of
+ <var>key</var> to <code>"private"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>jwk</var> does not meet the requirements of Section
+ 6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-Key">Key</a> object
+ that represents the RSA public key identified by interpreting
+ <var>jwk</var> according to Section 6.3.1 of <a href="#jwa">
+ JSON Web Algorithms</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> attribute of
+ <var>key</var> to <code>"public"</code>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"RSA-PSS"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+ attribute of <var>algorithm</var> to the length, in bits, of the RSA public
+ modulus.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+ attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
+ representation of the RSA public exponent.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
+ <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+ whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>key</var> to <var>algorithm</var>
+ </p>
+ </li>
+ <li>
+ <p>Return <var>key</var>.</p>
+ </li>
+ </ol>
+ </dd>
+
+ <dt>Export Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>key</var> be the key to be exported.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"spki"</code></dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of <a href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
+ subjectPublicKeyInfo</a> with the following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to an
+ <code>AlgorithmIdentifier</code> ASN.1 type with the following
+ properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-RSASSA-PSS</code> defined in
+ <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>RSASSA-PSS-params</code> ASN.1 type with the following
+ properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>hashAlgorithm</var> field to an instance of
+ the <code>HashAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-1</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-256</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-384</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-512</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <var>maskGenAlgorithm</var> field to an instance
+ of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+ 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>HashAlgorithm</code> ASN.1 type that is
+ identical to the <var>hashAlgorithm</var> field.
+ </p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>saltLength</var> field to the length in
+ octets of the digest algorithm identified by the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+ of the <a href="#dfn-Key-algorithm">algorithm</a>
+ attribute of <var>key</var>.
+ </p>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>subjectPublicKey</var> field to the result of
+ DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
+ in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
+ represents the RSA public key identified by <var>key</var>
+ </p>
+ </li>
+ </ul>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
+ not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of <a href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ with the following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>version</var> field to 0.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>privateKeyAlgorithm</var> field to an
+ <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
+ following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-RSASSA-PSS</code> defined in
+ <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>RSASSA-PSS-params</code> ASN.1 type with the following
+ properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>hashAlgorithm</var> field to an instance of
+ the <code>HashAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-1</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-256</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-384</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var> is <code>SHA-512</code>:
+ </dt>
+ <dd>
+ <p>
+ Set the <var>algorithm</var> object identifier to the
+ OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <var>maskGenAlgorithm</var> field to an instance
+ of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+ following properties:
+ </p>
+ <ul>
+ <li>
+ <p>
+ Set the <var>algorithm</var> field to the OID
+ <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+ 3447</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field to an instance of the
+ <code>HashAlgorithm</code> ASN.1 type that is
+ identical to the <var>hashAlgorithm</var> field.
+ </p>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>saltLength</var> field to the length in
+ octets of the digest algorithm identified by the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+ of the <a href="#dfn-Key-algorithm">algorithm</a>
+ attribute of <var>key</var>.
+ </p>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li>
+ <p>
+ Set the <var>privateKey</var> field to the result of
+ DER-encoding an <code>RSAPrivateKey</code> ASN.1 type, as defined
+ in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that
+ represents the RSA private key identified by <var>key</var>
+ </p>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
+ this field should be <em>BER</em> encoded in Section 5 (as a "for
+ example"). However, to avoid requiring WebCrypto implementations
+ support BER-encoding and BER-decoding, only <em>DER</em> encodings
+ are produced or accepted.
+ </div>
+ </li>
+ </ul>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <ul>
+ <li>
+ <p>Let <var>jwk</var> be a new internal object.</p>
+ </li>
+ <li>
+ <p>Set the <code>kty</code> field of <var>jwk</var> to the string
+ <code>"RSA"</code>.</p>
+ </li>
+ <li>
+ <p>
+ Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
+ attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
+ attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute
+ of <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS1</code>.
+ </p>
+ </dd>
+ <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS256</code>.
+ </p>
+ </dd>
+ <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS384</code>.
+ </p>
+ </dd>
+ <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
+ <dd>
+ <p>
+ Set the <code>alg</code> field of <var>jwk</var> to the string
+ <code>PS512</code>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the fields <code>n</code> and <code>e</code> of <var>jwk</var>
+ according to the corresponding definitions in <a href="#JWA">JSON Web
+ Algorithms</a>, Section 6.3.1.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
+ is <code>"private"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Set the fields named <code>d</code>, <code>p</code>,
+ <code>q</code>, <code>dp</code>, <code>dq</code>, and
+ <code>qi</code> of <var>jwk</var> according to the
+ corresponding definitions in <a href="#JWA">JSON Web
+ Algorithms</a>, Section 6.3.2.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the underlying RSA private key represented by
+ <var>key</var> is represented by more than two primes, set the
+ field named <code>oth</code> of <var>jwk</var> according to
+ the corresponding definition in <a href="#JWA">JSON Web
+ Algorithms</a>, Section 6.3.2.7
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <code>key_ops</code> field of <var>jwk</var> to the <a href="#dfn-Key-usages">usages</a> attribute of <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>ext</code> field of <var>jwk</var> to the <a href="#dfn-Key-extractable">extractable</a> attribute of
+ <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>stringifiedJwk</var> be the result of encoding
+ <var>jwk</var> according to the grammar specified in Section 15.12 of
+ <a href="#ECMA-262">ECMA262</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the UTF-8 encoding of
+ <var>stringifiedJwk</var>.
+ </p>
+ </li>
+ </ul>
+ </dd>
+ <dt>Otherwise</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>data</var> be a new <code>ArrayBuffer</code> containing
+ <var>result</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>data</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</div>
</div>