--- a/spec/Overview-WebCryptoAPI.xml Wed Feb 26 13:43:45 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Wed Feb 26 17:56:54 2014 -0800
@@ -1992,7 +1992,8 @@
<li>
<p>
If <var>normalizedDerivedKeyAlgorithm</var> does not describe a
- <a href="#algorithms">registered algorithm</a>, terminate this algorithm
+ <a href="#algorithms">registered algorithm</a> that supports the import
+ derived key operation, terminate this algorithm
with an error.
</p>
</li>
@@ -2017,10 +2018,24 @@
</li>
<li>
<p>
- Let <var>result</var> be the result of executing the derive key operation
+ Let <var>length</var> be the result of executing the derived key length
+ algorithm specified by <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>secret</var> be the result of executing the derive bits operation
specified by <var>normalizedAlgorithm</var> using
- <var>key</var>, <var>normalizedDerivedKeyAlgorithm</var>, <var>extractable</var>
- and <var>usages</var>.
+ <var>key</var> and <var>length</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of executing the import key operation
+ specified by <var>normalizedDerivedKeyAlgorithm</var> using <code>"raw"</code> as
+ <var>format</var>, <var>secret</var> as <var>keyData</var>,
+ <var>normalizedDerivedKeyAlgorithm</var> as <var>normalizedAlgorithm</var>,
+ <var>extractable</var> and <var>usages</var>.
</p>
</li>
<li>
@@ -2105,7 +2120,8 @@
</li>
<li>
<p>
- Let <var>result</var> be the result of executing the derive bits operation
+ Let <var>result</var> be a new <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ containing the result of executing the derive bits operation
specified by <var>normalizedAlgorithm</var> using <var>baseKey</var> and
<var>length</var>.
</p>
@@ -5027,14 +5043,9 @@
<td><a href="#dfn-KeyPair">KeyPair</a></td>
</tr>
<tr>
- <td>deriveKey</td>
- <td><a href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a></td>
- <td><a href="#dfn-Key">Key</a></td>
- </tr>
- <tr>
<td>deriveBits</td>
<td><a href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a></td>
- <td><a href="#dfn-ArrayBuffer">ArrayBuffer</a></td>
+ <td>Octet string</td>
</tr>
<tr>
<td>importKey</td>
@@ -5208,57 +5219,6 @@
</li>
</ol>
</dd>
- <dt>Derive Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a
- href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- Perform the ECDH primitive specified in <a href="#X9.63">X9.63</a> Section 5.4.1
- with <var>key</var> as the EC private key <var>d</var> and the
- <a href="#dfn-EcdhKeyDeriveParams-public">public</a> property of
- <var>normalizedAlgorithm</var> as the EC public key <var>Q</var>.
- <dl class="switch">
- <dt>If performing the operation results in an error:</dt>
- <dd>Terminate this algorithm with an error.</dd>
- <dt>Otherwise:</dt>
- <dd>Let <var>result</var> be the output of the ECDH primitive.</dd>
- </dl>
- </p>
- </li>
- <div class="note">
- Note: <a href="#X9.63">X9.63</a> Section 5.4.2 and <a href="#SP800-56A">NIST SP
- 800-56A</a> Section 5.7.1.2 specify a modified ECDH primitive that multiplies the
- shared secret value by the cofactor of the curve. The cofactor of the NIST
- recommended curves P-256, P-384, and P-521 is 1, so the standard and modified ECDH
- primitives are equivalent for those curves.
- </div>
- </ol>
- <div class="ednote">
- <p>
- TODO: Define how the finite field member <var>result</var> is converted to a bit
- string.
- </p>
- <p>
- TODO: Define how a key for algorithm <var>normalizedDerivedKeyAlgorithm</var> is
- derived from a bit string.
- </p>
- </div>
- </dd>
<dt>Derive Bits</dt>
<dd>
<ol>
@@ -5287,17 +5247,26 @@
<dt>If performing the operation results in an error:</dt>
<dd>Terminate this algorithm with an error.</dd>
<dt>Otherwise:</dt>
- <dd>Let <var>result</var> be the output of the ECDH primitive.</dd>
+ <dd>Let <var>secret</var> be the result of applying the field element to
+ octet string comversion defined in Section ? of <a href="#X9.63">X9.63</a>
+ to the output of the ECDH primitive.</dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <p>
+ <dl class="switch">
+ <dt>
+ If the length of <var>secret</var> in bits is less than
+ <var>length</var>:
+ </dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
</dl>
</p>
</li>
</ol>
- <div class="ednote">
- <p>
- TODO: Define how the finite field member <var>result</var> is converted to a bit
- string.
- </p>
- </div>
</dd>
</div>
</div>
@@ -5353,6 +5322,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -5393,6 +5367,16 @@
};
</x:codeblock>
</div>
+ <div id="aes-derivedkey-params" class="section">
+ <h4>AesDerivedKeyParams dictionary</h4>
+ <x:codeblock language="idl">
+dictionary <dfn id="dfn-AesDerivedKeyParams">AesDerivedKeyParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
+ <span class="comment">// The length, in bits, of the key.</span>
+ [EnforceRange] unsigned short <dfn id="dfn-AesDerivedKeyParams-length">length</dfn>;
+};
+ </x:codeblock>
+ </div>
+
<div id="aes-ctr-operations" class="section">
<h4>Operations</h4>
<dl>
@@ -5824,6 +5808,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -5887,6 +5897,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -6331,6 +6346,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -6391,7 +6432,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
-
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -6766,6 +6811,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -6821,6 +6892,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -7337,6 +7413,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -7393,6 +7495,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -7814,6 +7921,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -7869,7 +8002,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
-
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -8253,6 +8390,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -8307,6 +8470,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-HmacDerivedKeyParams">HmacDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -8329,7 +8497,7 @@
</x:codeblock>
</div>
<div id="hmac-keygen-params" class="section">
- <h4>HmacKeyParams dictionary</h4>
+ <h4>HmacKeyGenParams dictionary</h4>
<x:codeblock language="idl">
dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -8341,6 +8509,17 @@
};
</x:codeblock>
</div>
+ <div id="hmac-derivedkey-params" class="section">
+ <h4>HmacDerivedKeyParams dictionary</h4>
+ <x:codeblock language="idl">
+dictionary <dfn id="dfn-HmacKeyGenParams">HmacDerivedKeyParams</dfn> : <a href="#dfn-HmacImportParams">HmacImportParams</a> {
+ <span class="comment">// The length (in bytes) of the key to generate. If unspecified, the
+ // recommended length will be used, which is the size of the associated hash function's block
+ // size.</span>
+ unsigned long length;
+};
+ </x:codeblock>
+ </div>
<div id="hmac-operations" class="section">
<h4>Operations</h4>
<dl>
@@ -8903,6 +9082,47 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-HmacImportParams-hash">hash</a> property is
+ not present in <var>normalizedDerivedKeyAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-HmacDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not present:
+ </dt>
+ <dd>
+ Let <var>length</var> be the block size in bytes of the hash function
+ identified by the <a href="#dfn-HmacImportParams-hash">hash</a> property
+ of <var>normalizedDerivedKeyAlgorithm</var>.
+ </dd>
+ <dt>
+ Otherwise, if the <a href="#dfn-HmacDerivedKeyParams-length">length</a>
+ property of <var>normalizedDerivedKeyAlgorithm</var> is non-zero:
+ </dt>
+ <dd>
+ Let <var>length</var> be equal to the
+ <a href="#dfn-HmacDerivedKeyParams-length">length</a>
+ property of <var>normalizedDerivedKeyAlgorithm</var>.
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Return <var>length</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -8937,14 +9157,9 @@
<td><a href="#dfn-KeyPair">KeyPair</a></td>
</tr>
<tr>
- <td>deriveKey</td>
- <td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
- <td><a href="#dfn-Key">Key</a></td>
- </tr>
- <tr>
<td>deriveBits</td>
<td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
- <td><a href="#dfn-ArrayBuffer">ArrayBuffer</a></td>
+ <td>Octet string</td>
</tr>
<tr>
<td>importKey</td>
@@ -9155,49 +9370,6 @@
</li>
</ol>
</dd>
- <dt>Derive Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a
- href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- Perform the Diffie Hellman Phase II algorithm as specified in
- Section 8 of [<a href="#PKCS3">PKCS #3</a>]
- with <var>key</var> as the DH private value <var>x</var> and the
- <a href="#dfn-DhKeyDeriveParams-public">public</a> property of
- <var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
- <dl class="switch">
- <dt>If performing the operation results in an error:</dt>
- <dd>Terminate this algorithm with an error.</dd>
- <dt>Otherwise:</dt>
- <dd>
- Let <var>result</var> be the output of the DH Phase II, <var>SK</var>
- </dd>
- </dl>
- </p>
- </li>
- </ol>
- <div class="ednote">
- <p>
- TODO: Define how a key for algorithm <var>normalizedDerivedKeyAlgorithm</var> is
- derived from a the secret value <var>SK</var>.
- </p>
- </div>
- </dd>
<dt>Derive Bits</dt>
<dd>
<ol>
@@ -9228,14 +9400,22 @@
<dd>Terminate this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>
- Let <var>result</var> be the output of the DH Phase II, <var>SK</var>.
+ Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
</dd>
</dl>
</p>
</li>
<li>
<p>
- Return a new ArrayBuffer containing <var>result</var>
+ <dl class="switch">
+ <dt>
+ If the length of <var>secret</var> in bits is less than
+ <var>length</var>:
+ </dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
+ </dl>
</p>
</li>
</ol>
--- a/spec/Overview.html Wed Feb 26 13:43:45 2014 -0800
+++ b/spec/Overview.html Wed Feb 26 17:56:54 2014 -0800
@@ -44,7 +44,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 38 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 35 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -134,7 +134,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-interface">11. KeyAlgorithm interface</a><ul><li><a href="#key-algorithm-interface-description">11.1. Description</a></li><li><a href="#key-algorithm-interface-members">11.2. KeyAlgorithm interface members</a></li></ul></li><li><a href="#key-interface">12. Key interface</a><ul><li><a href="#key-interface-description">12.1. Description</a></li><li><a href="#key-interface-types">12.2. Key interface data types</a></li><li><a href="#key-interface-members">12.3. Key interface members</a></li><li><a href="#key-interface-clone">12.4. Structured clone algorithm</a></li></ul></li><li><a href="#crypto-interface">13. Crypto interface</a></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">15. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">15.1. Description</a></li></ul></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. KeyPair</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-index">18.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">18.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">18.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">18.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">18.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">18.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">18.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">18.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">18.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">18.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">18.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">18.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-interface">18.4.4. RsaKeyAlgorithm interface</a></li><li><a href="#rsaes-pkcs1-operations">18.4.5. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">18.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">18.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">18.5.2. Registration</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">18.5.3. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-interface">18.5.4. RsaHashedKeyAlgorithm interface</a></li><li><a href="#RsaHashedImportParams-dictionary">18.5.5. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">18.5.6. Operations</a></li></ul></li><li><a href="#rsa-pss">18.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">18.6.1. Description</a></li><li><a href="#rsa-pss-registration">18.6.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">18.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">18.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">18.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">18.7.1. Description</a></li><li><a href="#rsa-oaep-registration">18.7.2. Registration</a></li><li><a href="#rsa-oaep-params">18.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">18.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">18.8. ECDSA</a><ul><li><a href="#ecdsa-description">18.8.1. Description</a></li><li><a href="#ecdsa-registration">18.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">18.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyAlgorithm-interface">18.8.4. </a></li><li><a href="#EcKeyGenParams-dictionary">18.8.5. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">18.8.6. Operations</a></li></ul></li><li><a href="#ecdh">18.9. ECDH</a><ul><li><a href="#ecdh-description">18.9.1. Description</a></li><li><a href="#ecdh-registration">18.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">18.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">18.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">18.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">18.10.1. Description</a></li><li><a href="#aes-ctr-registration">18.10.2. Registration</a></li><li><a href="#aes-ctr-params">18.10.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-interface">18.10.4. </a></li><li><a href="#aes-keygen-params">18.10.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">18.10.6. Operations</a></li></ul></li><li><a href="#aes-cbc">18.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">18.11.1. Description</a></li><li><a href="#aes-cbc-registration">18.11.2. Registration</a></li><li><a href="#aes-cbc-params">18.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">18.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">18.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">18.12.1. Description</a></li><li><a href="#aes-cmac-registration">18.12.2. Registration</a></li><li><a href="#aes-cmac-operations">18.12.3. Operations</a></li></ul></li><li><a href="#aes-gcm">18.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">18.13.1. Description</a></li><li><a href="#aes-gcm-registration">18.13.2. Registration</a></li><li><a href="#aes-gcm-params">18.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">18.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">18.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">18.14.1. Description</a></li><li><a href="#aes-cfb-registration">18.14.2. Registration</a></li><li><a href="#aes-cfb-params">18.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">18.14.4. Operations</a></li></ul></li><li><a href="#aes-kw">18.15. AES-KW</a><ul><li><a href="#aes-kw-description">18.15.1. Description</a></li><li><a href="#aes-kw-registration">18.15.2. Registration</a></li><li><a href="#aes-kw-operations">18.15.3. Operations</a></li></ul></li><li><a href="#hmac">18.16. HMAC</a><ul><li><a href="#hmac-description">18.16.1. Description</a></li><li><a href="#hmac-registration">18.16.2. Registration</a></li><li><a href="#hmac-importparams">18.16.3. HmacImportParams dictionary</a></li><li><a href="#hmac-keyalgorithm">18.16.4. HmacKeyAlgorithm interface</a></li><li><a href="#hmac-keygen-params">18.16.5. HmacKeyParams dictionary</a></li><li><a href="#hmac-operations">18.16.6. Operations</a></li></ul></li><li><a href="#dh">18.17. Diffie-Hellman</a><ul><li><a href="#dh-description">18.17.1. Description</a></li><li><a href="#dh-registration">18.17.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">18.17.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">18.17.4. DhKeyAlgorithm interface</a></li><li><a href="#dh-DhKeyDeriveParams">18.17.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">18.17.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">18.17.7. Operations</a></li></ul></li><li><a href="#sha">18.18. SHA</a><ul><li><a href="#sha-description">18.18.1. Description</a></li><li><a href="#sha-registration">18.18.2. Registration</a></li><li><a href="#sha-operations">18.18.3. Operations</a></li></ul></li><li><a href="#concatkdf">18.19. Concat KDF</a><ul><li><a href="#concatkdf-description">18.19.1. Description</a></li><li><a href="#concatkdf-registration">18.19.2. Registration</a></li><li><a href="#concat-params">18.19.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">18.19.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">18.20. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">18.20.1. Description</a></li><li><a href="#hkdf-ctr-registration">18.20.2. Registration</a></li><li><a href="#hkdf-ctr-params">18.20.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">18.20.4. Operations</a></li></ul></li><li><a href="#pbkdf2">18.21. PBKDF2</a><ul><li><a href="#pbkdf2-description">18.21.1. Description</a></li><li><a href="#pbkdf2-registration">18.21.2. Registration</a></li><li><a href="#pbkdf2-params">18.21.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">18.21.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">19. Algorithm normalizing rules</a></li><li><a href="#examples-section">20. JavaScript Example Code</a><ul><li><a href="#examples-signing">20.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">20.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">21. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">21.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">21.2. JSON Web Key Parameters Registry</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-interface">11. KeyAlgorithm interface</a><ul><li><a href="#key-algorithm-interface-description">11.1. Description</a></li><li><a href="#key-algorithm-interface-members">11.2. KeyAlgorithm interface members</a></li></ul></li><li><a href="#key-interface">12. Key interface</a><ul><li><a href="#key-interface-description">12.1. Description</a></li><li><a href="#key-interface-types">12.2. Key interface data types</a></li><li><a href="#key-interface-members">12.3. Key interface members</a></li><li><a href="#key-interface-clone">12.4. Structured clone algorithm</a></li></ul></li><li><a href="#crypto-interface">13. Crypto interface</a></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">15. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">15.1. Description</a></li></ul></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. KeyPair</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-index">18.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">18.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">18.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">18.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">18.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">18.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">18.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">18.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">18.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">18.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">18.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">18.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-interface">18.4.4. RsaKeyAlgorithm interface</a></li><li><a href="#rsaes-pkcs1-operations">18.4.5. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">18.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">18.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">18.5.2. Registration</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">18.5.3. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-interface">18.5.4. RsaHashedKeyAlgorithm interface</a></li><li><a href="#RsaHashedImportParams-dictionary">18.5.5. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">18.5.6. Operations</a></li></ul></li><li><a href="#rsa-pss">18.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">18.6.1. Description</a></li><li><a href="#rsa-pss-registration">18.6.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">18.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">18.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">18.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">18.7.1. Description</a></li><li><a href="#rsa-oaep-registration">18.7.2. Registration</a></li><li><a href="#rsa-oaep-params">18.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">18.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">18.8. ECDSA</a><ul><li><a href="#ecdsa-description">18.8.1. Description</a></li><li><a href="#ecdsa-registration">18.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">18.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyAlgorithm-interface">18.8.4. </a></li><li><a href="#EcKeyGenParams-dictionary">18.8.5. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">18.8.6. Operations</a></li></ul></li><li><a href="#ecdh">18.9. ECDH</a><ul><li><a href="#ecdh-description">18.9.1. Description</a></li><li><a href="#ecdh-registration">18.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">18.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">18.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">18.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">18.10.1. Description</a></li><li><a href="#aes-ctr-registration">18.10.2. Registration</a></li><li><a href="#aes-ctr-params">18.10.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-interface">18.10.4. </a></li><li><a href="#aes-keygen-params">18.10.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">18.10.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">18.10.7. Operations</a></li></ul></li><li><a href="#aes-cbc">18.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">18.11.1. Description</a></li><li><a href="#aes-cbc-registration">18.11.2. Registration</a></li><li><a href="#aes-cbc-params">18.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">18.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">18.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">18.12.1. Description</a></li><li><a href="#aes-cmac-registration">18.12.2. Registration</a></li><li><a href="#aes-cmac-operations">18.12.3. Operations</a></li></ul></li><li><a href="#aes-gcm">18.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">18.13.1. Description</a></li><li><a href="#aes-gcm-registration">18.13.2. Registration</a></li><li><a href="#aes-gcm-params">18.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">18.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">18.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">18.14.1. Description</a></li><li><a href="#aes-cfb-registration">18.14.2. Registration</a></li><li><a href="#aes-cfb-params">18.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">18.14.4. Operations</a></li></ul></li><li><a href="#aes-kw">18.15. AES-KW</a><ul><li><a href="#aes-kw-description">18.15.1. Description</a></li><li><a href="#aes-kw-registration">18.15.2. Registration</a></li><li><a href="#aes-kw-operations">18.15.3. Operations</a></li></ul></li><li><a href="#hmac">18.16. HMAC</a><ul><li><a href="#hmac-description">18.16.1. Description</a></li><li><a href="#hmac-registration">18.16.2. Registration</a></li><li><a href="#hmac-importparams">18.16.3. HmacImportParams dictionary</a></li><li><a href="#hmac-keyalgorithm">18.16.4. HmacKeyAlgorithm interface</a></li><li><a href="#hmac-keygen-params">18.16.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-derivedkey-params">18.16.6. HmacDerivedKeyParams dictionary</a></li><li><a href="#hmac-operations">18.16.7. Operations</a></li></ul></li><li><a href="#dh">18.17. Diffie-Hellman</a><ul><li><a href="#dh-description">18.17.1. Description</a></li><li><a href="#dh-registration">18.17.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">18.17.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">18.17.4. DhKeyAlgorithm interface</a></li><li><a href="#dh-DhKeyDeriveParams">18.17.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">18.17.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">18.17.7. Operations</a></li></ul></li><li><a href="#sha">18.18. SHA</a><ul><li><a href="#sha-description">18.18.1. Description</a></li><li><a href="#sha-registration">18.18.2. Registration</a></li><li><a href="#sha-operations">18.18.3. Operations</a></li></ul></li><li><a href="#concatkdf">18.19. Concat KDF</a><ul><li><a href="#concatkdf-description">18.19.1. Description</a></li><li><a href="#concatkdf-registration">18.19.2. Registration</a></li><li><a href="#concat-params">18.19.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">18.19.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">18.20. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">18.20.1. Description</a></li><li><a href="#hkdf-ctr-registration">18.20.2. Registration</a></li><li><a href="#hkdf-ctr-params">18.20.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">18.20.4. Operations</a></li></ul></li><li><a href="#pbkdf2">18.21. PBKDF2</a><ul><li><a href="#pbkdf2-description">18.21.1. Description</a></li><li><a href="#pbkdf2-registration">18.21.2. Registration</a></li><li><a href="#pbkdf2-params">18.21.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">18.21.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">19. Algorithm normalizing rules</a></li><li><a href="#examples-section">20. JavaScript Example Code</a><ul><li><a href="#examples-signing">20.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">20.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">21. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">21.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">21.2. JSON Web Key Parameters Registry</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
</div>
<div id="sections">
@@ -2000,7 +2000,8 @@
<li>
<p>
If <var>normalizedDerivedKeyAlgorithm</var> does not describe a
- <a href="#algorithms">registered algorithm</a>, terminate this algorithm
+ <a href="#algorithms">registered algorithm</a> that supports the import
+ derived key operation, terminate this algorithm
with an error.
</p>
</li>
@@ -2025,10 +2026,23 @@
</li>
<li>
<p>
- Let <var>result</var> be the result of executing the derive key operation
+ Let <var>length</var> be the result of executing the derived key length
+ algorithm specified by <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>secret</var> be the result of executing the derive bits operation
specified by <var>normalizedAlgorithm</var> using
- <var>key</var>, <var>normalizedDerivedKeyAlgorithm</var>, <var>extractable</var>
- and <var>usages</var>.
+ <var>key</var> and <var>length</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be the result of executing the import key operation
+ specified by <var>normalizedDerivedKeyAlgorithm</var> using <code>"raw"</code> as
+ <var>format</var>, <var>secret</var> as <var>keyData</var>,
+ <var>extractable</var> and <var>usages</var>.
</p>
</li>
<li>
@@ -2113,7 +2127,8 @@
</li>
<li>
<p>
- Let <var>result</var> be the result of executing the derive bits operation
+ Let <var>result</var> be a new <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ containing the result of executing the derive bits operation
specified by <var>normalizedAlgorithm</var> using <var>baseKey</var> and
<var>length</var>.
</p>
@@ -5021,14 +5036,9 @@
<td><a href="#dfn-KeyPair">KeyPair</a></td>
</tr>
<tr>
- <td>deriveKey</td>
- <td><a href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a></td>
- <td><a href="#dfn-Key">Key</a></td>
- </tr>
- <tr>
<td>deriveBits</td>
<td><a href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a></td>
- <td><a href="#dfn-ArrayBuffer">ArrayBuffer</a></td>
+ <td>Octet string</td>
</tr>
<tr>
<td>importKey</td>
@@ -5202,56 +5212,6 @@
</li>
</ol>
</dd>
- <dt>Derive Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- Perform the ECDH primitive specified in <a href="#X9.63">X9.63</a> Section 5.4.1
- with <var>key</var> as the EC private key <var>d</var> and the
- <a href="#dfn-EcdhKeyDeriveParams-public">public</a> property of
- <var>normalizedAlgorithm</var> as the EC public key <var>Q</var>.
- <dl class="switch">
- <dt>If performing the operation results in an error:</dt>
- <dd>Terminate this algorithm with an error.</dd>
- <dt>Otherwise:</dt>
- <dd>Let <var>result</var> be the output of the ECDH primitive.</dd>
- </dl>
- </p>
- </li>
- <div class="note"><div class="noteHeader">Note</div>
- Note: <a href="#X9.63">X9.63</a> Section 5.4.2 and <a href="#SP800-56A">NIST SP
- 800-56A</a> Section 5.7.1.2 specify a modified ECDH primitive that multiplies the
- shared secret value by the cofactor of the curve. The cofactor of the NIST
- recommended curves P-256, P-384, and P-521 is 1, so the standard and modified ECDH
- primitives are equivalent for those curves.
- </div>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- TODO: Define how the finite field member <var>result</var> is converted to a bit
- string.
- </p>
- <p>
- TODO: Define how a key for algorithm <var>normalizedDerivedKeyAlgorithm</var> is
- derived from a bit string.
- </p>
- </div>
- </dd>
<dt>Derive Bits</dt>
<dd>
<ol>
@@ -5279,17 +5239,26 @@
<dt>If performing the operation results in an error:</dt>
<dd>Terminate this algorithm with an error.</dd>
<dt>Otherwise:</dt>
- <dd>Let <var>result</var> be the output of the ECDH primitive.</dd>
+ <dd>Let <var>secret</var> be the result of applying the field element to
+ octet string comversion defined in Section ? of <a href="#X9.63">X9.63</a>
+ to the output of the ECDH primitive.</dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <p>
+ <dl class="switch">
+ <dt>
+ If the length of <var>secret</var> in bits is less than
+ <var>length</var>:
+ </dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
</dl>
</p>
</li>
</ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- TODO: Define how the finite field member <var>result</var> is converted to a bit
- string.
- </p>
- </div>
</dd>
</div>
</div>
@@ -5345,6 +5314,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -5385,8 +5359,18 @@
};
</code></pre></div></div>
</div>
+ <div id="aes-derivedkey-params" class="section">
+ <h4>18.10.6. AesDerivedKeyParams dictionary</h4>
+ <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
+dictionary <dfn id="dfn-AesDerivedKeyParams">AesDerivedKeyParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
+ <span class="comment">// The length, in bits, of the key.</span>
+ [EnforceRange] unsigned short <dfn id="dfn-AesDerivedKeyParams-length">length</dfn>;
+};
+ </code></pre></div></div>
+ </div>
+
<div id="aes-ctr-operations" class="section">
- <h4>18.10.6. Operations</h4>
+ <h4>18.10.7. Operations</h4>
<dl>
<dt>Encrypt</dt>
<dd>
@@ -5816,6 +5800,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -5879,6 +5889,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -6323,6 +6338,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -6383,7 +6424,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
-
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -6758,6 +6803,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -6813,6 +6884,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -7329,6 +7405,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -7385,6 +7487,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -7806,6 +7913,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -7861,7 +7994,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
-
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -8245,6 +8382,32 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of
+ <a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
+ <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
+ error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -8299,6 +8462,11 @@
<td>None</td>
<td>ArrayBuffer</td>
</tr>
+ <tr>
+ <td>derived key length</td>
+ <td><a href="#dfn-HmacDerivedKeyParams">HmacDerivedKeyParams</a></td>
+ <td>Integer</td>
+ </tr>
</tbody>
</table>
</div>
@@ -8321,7 +8489,7 @@
</code></pre></div></div>
</div>
<div id="hmac-keygen-params" class="section">
- <h4>18.16.5. HmacKeyParams dictionary</h4>
+ <h4>18.16.5. HmacKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -8333,8 +8501,19 @@
};
</code></pre></div></div>
</div>
+ <div id="hmac-derivedkey-params" class="section">
+ <h4>18.16.6. HmacDerivedKeyParams dictionary</h4>
+ <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
+dictionary <dfn id="dfn-HmacKeyGenParams">HmacDerivedKeyParams</dfn> : <a href="#dfn-HmacImportParams">HmacImportParams</a> {
+ <span class="comment">// The length (in bytes) of the key to generate. If unspecified, the
+ // recommended length will be used, which is the size of the associated hash function's block
+ // size.</span>
+ unsigned long length;
+};
+ </code></pre></div></div>
+ </div>
<div id="hmac-operations" class="section">
- <h4>18.16.6. Operations</h4>
+ <h4>18.16.7. Operations</h4>
<dl>
<dt>Sign</dt>
<dd>
@@ -8895,6 +9074,47 @@
</li>
</ol>
</dd>
+ <dt>Derived key length</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If the <a href="#dfn-HmacImportParams-hash">hash</a> property is
+ not present in <var>normalizedDerivedKeyAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-HmacDerivedKeyParams-length">length</a> property of
+ <var>normalizedDerivedKeyAlgorithm</var> is not present:
+ </dt>
+ <dd>
+ Let <var>length</var> be the block size in bytes of the hash function
+ identified by the <a href="#dfn-HmacImportParams-hash">hash</a> property
+ of <var>normalizedDerivedKeyAlgorithm</var>.
+ </dd>
+ <dt>
+ Otherwise, if the <a href="#dfn-HmacDerivedKeyParams-length">length</a>
+ property of <var>normalizedDerivedKeyAlgorithm</var> is non-zero:
+ </dt>
+ <dd>
+ Let <var>length</var> be equal to the
+ <a href="#dfn-HmacDerivedKeyParams-length">length</a>
+ property of <var>normalizedDerivedKeyAlgorithm</var>.
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Return <var>length</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</div>
</div>
@@ -8929,14 +9149,9 @@
<td><a href="#dfn-KeyPair">KeyPair</a></td>
</tr>
<tr>
- <td>deriveKey</td>
- <td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
- <td><a href="#dfn-Key">Key</a></td>
- </tr>
- <tr>
<td>deriveBits</td>
<td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
- <td><a href="#dfn-ArrayBuffer">ArrayBuffer</a></td>
+ <td>Octet string</td>
</tr>
<tr>
<td>importKey</td>
@@ -9147,48 +9362,6 @@
</li>
</ol>
</dd>
- <dt>Derive Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If any of the members of <a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- Perform the Diffie Hellman Phase II algorithm as specified in
- Section 8 of [<a href="#PKCS3">PKCS #3</a>]
- with <var>key</var> as the DH private value <var>x</var> and the
- <a href="#dfn-DhKeyDeriveParams-public">public</a> property of
- <var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
- <dl class="switch">
- <dt>If performing the operation results in an error:</dt>
- <dd>Terminate this algorithm with an error.</dd>
- <dt>Otherwise:</dt>
- <dd>
- Let <var>result</var> be the output of the DH Phase II, <var>SK</var>
- </dd>
- </dl>
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- TODO: Define how a key for algorithm <var>normalizedDerivedKeyAlgorithm</var> is
- derived from a the secret value <var>SK</var>.
- </p>
- </div>
- </dd>
<dt>Derive Bits</dt>
<dd>
<ol>
@@ -9218,14 +9391,22 @@
<dd>Terminate this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>
- Let <var>result</var> be the output of the DH Phase II, <var>SK</var>.
+ Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
</dd>
</dl>
</p>
</li>
<li>
<p>
- Return a new ArrayBuffer containing <var>result</var>
+ <dl class="switch">
+ <dt>
+ If the length of <var>secret</var> in bits is less than
+ <var>length</var>:
+ </dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
+ </dl>
</p>
</li>
</ol>