Bug 23728, Bug 24878, Bug 25436 - Formally specify the algorithm normalization process.
authorRyan Sleevi <sleevi@google.com>
Mon, 16 Jun 2014 00:00:00 -0700
changeset 203 71498804a64d
parent 202 7a79e816e31b
child 204 ee10c81e1141
Bug 23728, Bug 24878, Bug 25436 - Formally specify the algorithm normalization process.

This is accomplished through reviving the concept of 'registered algorithms', for the
purpose of explicitly defining how conversion from ECMAScript objects to IDL types
takes place.

This allows individual algorithms to eliminate common boilerplate, as well as make
sure that handling for (optional fields, CryptoOperationData) are consistently
adhered to.

It's a step further into treating algorithms as "internal objects" with state, which
is to allow for greater extensibility (by describing lookups in internal maps),
so that new algorithms do not need to update the 'main' specification.

In the course of this, two changes were made, neither of which fundamentally alters
the API in a way that users can distinguish - the introduction of a typedef called
HashAlgorithmIdentifier that is an AlgorithmIdentifier, and simply used for specifying
how nested hash algorithms work (which are a sort of special case), and the restructuring
of the algorithms section to better explain and explore these concepts.
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Mon Jun 16 00:00:00 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml	Mon Jun 16 00:00:00 2014 -0700
@@ -925,8 +925,9 @@
           specify the desired operation.
         </p>
         <x:codeblock language="idl">
-<span class="comment">// TBD: <a href="http://www.w3.org/2012/webcrypto/track/issues/28">ISSUE-28</a></span>
-typedef (<a href="#dfn-Algorithm">Algorithm</a> or DOMString) <dfn id="dfn-AlgorithmIdentifier">AlgorithmIdentifier</dfn>;
+typedef (object or DOMString) <dfn id="dfn-AlgorithmIdentifier">AlgorithmIdentifier</dfn>;
+
+typedef <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> <dfn id="dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</dfn>;
 
 dictionary <dfn id="dfn-Algorithm">Algorithm</dfn> {
   DOMString <a href="#dfn-Algorithm-name">name</a>;
@@ -1315,6 +1316,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>encrypt</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1335,28 +1350,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>key</var> and <var>data</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the
-                  encrypt operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
                   <var>key</var> does not contain an entry that is <code>"encrypt"</code>, then <a
                   href="#concept-return-an-error">return an error</a> named <a
@@ -1406,6 +1399,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>decrypt</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1426,28 +1433,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>key</var> and <var>data</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the decrypt
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
                   <var>key</var> does not contain an entry that is <code>"decrypt"</code>, then <a
                   href="#concept-return-an-error">return an error</a> named <a
@@ -1497,6 +1482,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>sign</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1517,28 +1516,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>key</var> and <var>data</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the  sign
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
                   <var>key</var> does not contain an entry that is <code>"sign"</code>, then <a
                   href="#concept-return-an-error">return an error</a> named <a
@@ -1586,6 +1563,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>verify</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>data</var> be the result of <a href="#concept-clone-CryptoOperationData">
                   cloning the data</a> of the <code>data</code> parameter passed to the
                   <a href="#dfn-SubtleCrypto-method-verify">verify</a> method.
@@ -1613,28 +1604,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>key</var>, <var>data</var> and <var>signature</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the verify
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
                   <var>key</var> does not contain an entry that is <code>"verify"</code>, then <a
                   href="#concept-return-an-error">return an error</a> named <a
@@ -1682,6 +1651,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>digest</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1702,28 +1685,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>data</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the digest
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   Let <var>result</var> be the result of performing the digest
                   operation specified by <var>normalizedAlgorithm</var> using
                   <var>algorithm</var>, with <var>data</var>
@@ -1758,6 +1719,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>generateKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1778,28 +1753,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>extractable</var> and <var>usages</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the generate
-                  key operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If <var>usages</var> includes a value that is not a
                   <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
                   then <a href="#concept-return-an-error">return an error</a> named
@@ -1842,6 +1795,34 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>deriveKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  Let <var>normalizedDerivedKeyAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>derivedKeyType</var> and <code>op</code> set to
+                  <code>importKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedDerivedKeyAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1862,39 +1843,19 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>baseKey</var>, <var>extractable</var> and <var>usages</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the derive bits
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedDerivedKeyAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>derivedKeyType</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
+                  <var>normalizedAlgorithm</var> does not identify a <a
+                  href="#algorithms">registered algorithm</a> that supports the derive bits
+                  operation, then <a href="#concept-return-an-error">return an error</a> named <a
+                  href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                </p>
+              </li>             
               <li>
                 <p>
                   If the <a href="#dfn-Algorithm-name">name</a> member of
                   <var>normalizedDerivedKeyAlgorithm</var> does not identify a
                   <a href="#algorithms">registered algorithm</a> that supports the get key length
-                  and import key operations, then <a href="#concept-return-an-error">return an error</a> named
+                  operation, then <a href="#concept-return-an-error">return an error</a> named
                   <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
                 </p>
               </li>
@@ -1965,6 +1926,20 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>deriveBits</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -1985,28 +1960,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>baseKey</var> and <var>length</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the derive bits
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
                   <var>baseKey</var> does not contain an entry that is <code>"deriveBits"</code>,
                   then <a href="#concept-return-an-error">return an error</a> named <a
@@ -2050,6 +2003,20 @@
                 </p>
               </li>
               <li>
+                <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>importKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
                 <dl class="switch">
                   <dt>
                     If <var>format</var> is equal to the string <code>raw</code>,
@@ -2094,29 +2061,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>format</var>, <var>keyData</var>,
-                  <var>extractable</var> and <var>usages</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the import key
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If <var>format</var> is not
                   a <a href="#dfn-RecognizedKeyFormats">recognized key
                   format value</a>, then <a href="#concept-return-an-error">return an error</a> named
@@ -2186,19 +2130,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>format</var> and <var>key</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If <var>format</var> is not a
                   <a href="#dfn-RecognizedKeyFormats">recognized key
                   format value</a>, then <a href="#concept-return-an-error">return an error</a> named
@@ -2207,11 +2138,12 @@
               </li>
               <li>
                 <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the export key
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                  If the <a href="#dfn-Algorithm-name">name</a> member of of the [[<a
+                  href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+                  <var>key</var> does not identify a <a href="#algorithms">registered algorithm</a>
+                  that supports the export key operation, then <a
+                  href="#concept-return-an-error">return an error</a> named <a
+                  href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
                 </p>
               </li>
               <li>
@@ -2256,6 +2188,28 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>wrapKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>encrypt</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -2276,19 +2230,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>format</var>, <var>key</var> and <var>wrappingKey</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the <a href="#dfn-Algorithm-name">name</a> member of
                   <var>normalizedAlgorithm</var> does not identify a
                   <a href="#algorithms">registered algorithm</a> that supports the encrypt or wrap
@@ -2455,6 +2396,42 @@
               </li>
               <li>
                 <p>
+                  Let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>unwrapKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, let <var>normalizedAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>algorithm</var> and <code>op</code> set to
+                  <code>decrypt</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  Let <var>normalizedKeyAlgorithm</var> be the result of
+                  <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>, with
+                  <code>alg</code> set to <var>unwrappedKeyAlgorithm</var> and <code>op</code> set to
+                  <code>importKey</code>.
+                </p>
+              </li>
+              <li>
+                <p>
+                  If an error occurred, return a Promise rejected with
+                  <var>normalizedKeyAlgorithm</var>.
+                </p>
+              </li>
+              <li>
+                <p>
                   Let <var>promise</var> be a new Promise object and <var>resolver</var> its
                   associated resolver object.
                 </p>
@@ -2475,46 +2452,6 @@
               </li>
               <li>
                 <p>
-                  Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
-                  <var>format</var>, <var>wrappedKey</var>, <var>unwrappingKey</var>,
-                  <var>extractable</var> and <var>usages</var>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the unwrap key or
-                  decrypt
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  Let <var>normalizedKeyAlgorithm</var> be the result of
-                  <a href="#dfn-normalize-to-type">normalizing</a> <var>unwrappedKeyAlgorithm</var>
-                  to <a href="#dfn-Algorithm">Algorithm</a>.
-                </p>
-              </li>
-              <li>
-                <p>
-                  If the <a href="#dfn-Algorithm-name">name</a> member of
-                  <var>normalizedKeyAlgorithm</var> does not identify a
-                  <a href="#algorithms">registered algorithm</a> that supports the importKey
-                  operation, then <a href="#concept-return-an-error">return an error</a> named
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </p>
-              </li>
-              <li>
-                <p>
                   If the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
                   <var>unwrappingKey</var> does not contain an entry that is
                   <code>"unwrapKey"</code>, then <a href="#concept-return-an-error">return an
@@ -2774,6 +2711,488 @@
 
       <div id="algorithms" class="section">
         <h2>Algorithms</h2>
+        <div id="algorithm-overview" class="section">
+          <h3>Overview</h3>
+          <p class="norm">This section is non-normative.</p>
+          <p>
+            In addition to providing a common interface to perform cryptographic operations, by
+            way of the <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface, this specification
+            also provides descriptions for a variety of algorithms that authors may wish to use and
+            that User Agents may choose to implement. This includes a selection of commonly-deployed
+            symmetric and asymmetric algorithms, key derivation mechanisms, and methods for wrapping
+            and unwrapping keys. Further, this specification defines a process to allow additional
+            specifications to introduce additional cryptographic algorithms.
+          </p>
+        </div>
+
+        <div id="algorithm-concepts" class="section">
+          <h3>Concepts</h3>
+          <div id="algorithm-concepts-naming" class="section">
+            <h4>Naming</h4>
+            <p>
+              Every cryptographic algorithm defined for use with the Web Cryptography API
+              <span class="RFC2119">MUST</span> have a unique name, referred to as its
+              <dfn id="recognized-algorithm-name">recognized algorithm name</dfn>, such that no
+              other specification defines the same case-sensitive string for use with the
+              Web Cryptography API.
+            </p>
+          </div>
+          <div id="algorithm-concepts-operations" class="section">
+            <h4>Supported Operations</h4>
+            <p>
+              Every cryptographic algorithm defined for use with the Web Cryptography API has a list
+              of <dfn id="supported-operation">supported operations</dfn>, which are a set of
+              sub-algorithms to be invoked by the <a href="#dfn-SubtleCrypto">SubtleCrypto</a>
+              interface in order to perform the desired cryptographic operation. This specification
+              makes use of the following operations:
+            </p>
+            <ul>
+              <li>encrypt</li>
+              <li>decrypt</li>
+              <li>sign</li>
+              <li>verify</li>
+              <li>deriveBits</li>
+              <li>wrapKey</li>
+              <li>unwrapKey</li>
+              <li>generateKey</li>
+              <li>importKey</li>
+              <li>exportKey</li>
+              <li>getLength</li>
+            </ul>
+            <p>
+              If a given algorithm specification does not list a particular operation as supported,
+              or explicitly lists an operation as not-supported, then the User Agent
+              <span class="RFC2119">MUST</span> behave as if the invocation of the sub-algorithm
+              threw a NotSupportedError.
+            </p>
+          </div>
+          <div id="algorithm-concepts-normalization" class="section">
+            <h4>Normalization</h4>
+            <p>
+              Every cryptographic algorithm defined for use with the Web Cryptography API <span
+              class="RFC2119">MUST</span> define, for every <a href="#supported-operation">
+              supported operation</a>, the IDL type to use for <a
+              href="#concept-algorithm-normalization">algorithm normalization</a>, as well as the
+              IDL type or types of the return values of the sub-algorithms.
+            </p>
+          </div>
+        </div>
+
+        <div id="algorithm-conventions" class="section">
+          <h3>Specification Conventions</h3>
+          <p>
+            Every cryptographic algorithm definition within this specification employs the following
+            specification conventions. A section, titled <em>"Registration"</em>, will include the
+            <a href="#recognized-algorithm-name">recognized algorithm name</a>. Additionally, it
+            includes a table, which will list each of the <a href="#supported-operation">supported
+            operations</a> as rows, identified by the <em>Operation</em> column. The contents of the
+            <em>Parameters</em> column for a given row will contain the IDL type to use for <a
+            href="#concept-algorithm-normalization">algorithm normalization</a> for that operation,
+            and the contents of the <em>Result</em> column for that row indicate the IDL type that
+            results from performing the supported operation.
+          </p>
+          <p>
+            If a conforming User Agent implements an algorithm, it
+            <span class="RFC2119">MUST</span> implement all of the <a href="#supported-operation">
+            supported operations</a> and <span class="RFC2119">MUST</span> return the IDL type
+            specified.
+          </p>
+          <p>
+            Additionally, upon initialization, conforming User Agents must perform the
+            <a href="#concept-define-an-algorithm">define an algorithm</a> steps for each of
+            the supported operations, registering their IDL parameter type as indicated.
+          </p>
+        </div>
+      
+        <div id="algorithm-normalizing" class="section">
+          <h3>Algorithm Normalization</h3>
+          <div id="algorithm-normalizing-description" class="section">
+            <h4>Description</h4>
+            <p class="norm">This section is non-normative</p>
+            <p>
+              The <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> typedef permits
+              algorithms to either be specified as a <a href="#dfn-DOMString">DOMString</a> or an
+              object. The usage of <a href="#dfn-DOMString">DOMString</a> is to permit authors a
+              short-hand for noting algorithms that have no parameters (e.g. SHA-1), as well as to
+              permit 'aliases' for well-known configurations of algorithms, rather than require
+              authors explicitly specify all of the parameters. The usage of object is to allow an <a
+              href="#dfn-Algorithm">Algorithm</a> (or appropriate subclass) to be specified, which
+              contains all of the associated parameters for an object.
+            </p>
+            <p>
+              Because of this, it's necessary to define the algorithm for converting an <a
+              href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> into an appropriate dictionary
+              that is usable with this API. This algorithm must be extensible, so as to allow new
+              cryptographic algorithms to be added, and consistent, so that Web IDL type mapping can
+              occur before any control is returned to the calling script, which would potentially
+              allow the mutation of parameters or the script environment.
+            </p>
+          </div>
+
+          <div id="algorithm-normalizing-internal" class="section">
+            <h4>Internal State Objects</h4>
+            <p>
+              This specification makes use of an internal object,
+              [[<dfn id="dfn-supportedAlgorithms">supportedAlgorithms</dfn>]]. This internal object is
+              not exposed to applications.
+            </p>
+            <p>
+              Because this value is not exposed to applications, the exact type is not specified.
+              It is only required to behave as an associative container of key/value pairs, where
+              comparisons of keys are performed in a case-sensitive manner.
+            </p>
+            <p>
+              The initial contents of this internal object are as follows:
+            </p>
+            <ol>
+              <li>
+                <p>
+                  For each value, <var>v</var> in the List of <a
+                  href="#supported-operation">supported operations</a>, perform the following:
+                </p>
+                <ol>
+                  <li>
+                    Initialize a new associative container, <var>container</var>
+                  </li>
+                  <li>
+                    Set the <code>aliases</code> key of <var>container</var> to a new associative
+                    container.
+                  </li>
+                  <li>
+                    Set the <code>algorithms</code> key of <var>container</var> to a new associative
+                    container.
+                  </li>
+                  <li>
+                    Set the <var>v</var> key of the internal object to <var>container</var>.
+                  </li>
+                </ol>
+              </li>
+            </ol>
+          </div>
+
+          <div id="algorithm-normalizing-define-an-algorithm" class="section">
+            <h4>Defining an Algorithm</h4>
+            <p>
+              The <dfn id="concept-define-an-algorithm">define an algorithm</dfn> algorithm is used
+              by specification authors to indicate how a user agent should normalize arguments for a
+              particular algorithm. Its input is an algorithm name <var>alg</var>, represented as a
+              DOMString, operation name <var>op</var>, represented as a DOMString, and desired IDL
+              dictionary type <var>type</var>. The algorithm behaves as follows:
+            </p>
+            <ol>
+              <li>
+                Let <var>algorithmsAndAliases</var> be the associative container stored at the
+                <var>op</var> key of [[<a href="#dfn-supportedAlgorithms">supportedAlgorithms</a>]].
+              </li>
+              <li>
+                Let <var>registeredAlgorithms</var> be the value of the <code>algorithms</code> key of
+                <var>algorithmsAndAliases</var>.
+              </li>
+              <li>
+                Set the <var>alg</var> key of <var>registeredAlgorithms</var> to the IDL dictionary
+                type <var>type</var>.
+              </li>
+            </ol>
+          </div>
+
+          <div id="algorithm-normalizing-define-an-alias" class="section">
+            <h4>Defining an Alias</h4>
+            <p>
+              The <dfn id="concept-define-an-alias">define an alias</dfn> algorithm is used by
+              specification authors to indicate how a user agent should normalize aliases for
+              particular algorithms. Its input is an algorithm alias <var>alg</var>, represented as
+              a DOMString, operation name <var>op</var>, represented as a DOMString, and internal
+              IDL object <var>default</var>. The algorithm behaves as follows:
+            </p>
+            <ol>
+              <li>
+                Let <var>algorithmsAndAliases</var> be the associative container stored at the
+                <var>op</var> key of [[<a href="#dfn-supportedAlgorithms">supportedAlgorithms</a>]].
+              </li>
+              <li>
+                Let <var>registeredAlgorithms</var> be the value of the <code>algorithms</code> key of
+                <var>algorithmsAndAliases</var>.
+              </li>
+              <li>
+                Set the <var>alg</var> key of <var>registeredAlgorithms</var> to <var>default</var>.
+              </li>
+            </ol>
+          </div>
+
+          <div id="algorithm-normalizing-normalize-an-algorithm" class="section">
+            <h4>Normalizing an algorithm</h4>
+            <p>
+              The <dfn id="dfn-normalize-an-algorithm">normalize an algorithm</dfn> algorithm defines
+              a process for coercing inputs to a targeted IDL dictionary type, after Web IDL
+              conversion has occurred. It is designed to be extensible, to allow future specifications
+              to define additional algorithms, as well as safe for use with Promises. Its input is an
+              operation name <var>op</var> and an <a
+              href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> <var>alg</var>. Its output is
+              either an IDL dictionary type or an error. It behaves as follows:
+            </p>
+            <dl class="switch">
+              <dt>If <var>alg</var> is an instance of a DOMString:</dt>
+              <dd>
+                <ol>
+                  <li>
+                    Let <var>algorithmsAndAliases</var> be the associative container stored at the
+                    <code>op</code> key of [[<a
+                    href="#dfn-supportedAlgorithms">supportedAlgorithms</a>]].
+                  </li>
+                  <li>
+                    If <var>algorithmAndAliases</var> is <code>undefined</code>, return a
+                    new <code>NotSupportedError</code> and terminate this algorithm.
+                  </li>
+                  <li>
+                    Let <var>registeredAliases</var> be the associative container stored at the
+                    <code>aliases</code> key of <var>algorithmsAndAliases</var>.
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>
+                        If the <var>alg</var> key of <var>registeredAliases</var> is
+                        <code>undefined</code>:
+                      </dt>
+                      <dd>
+                        Return the result of running the <a
+                        href="#dfn-normalize-an-algorithm">normalize an algorithm</a> algorithm, with
+                        the <code>alg</code> set to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+                        dictionary whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is
+                        <var>alg</var>, and with the <code>op</code> set to <var>op</var>.
+                      </dd>
+                      <dt>Otherwise:</dt>
+                      <dd>
+                        Return the internal IDL object stored in the <var>alg</var> key of
+                        <var>registeredAliases</var>.
+                      </dd>
+                    </dl>
+                  </li>
+                </ol>
+              </dd>
+              <dt>If <var>alg</var> is an IDL object:</dt>
+              <dd>
+                <ol>
+                  <li>
+                    Let <var>algorithmsAndAliases</var> be the associative container stored at the
+                    <code>op</code> key of [[<a
+                    href="#dfn-supportedAlgorithms">supportedAlgorithms</a>]].
+                  </li>
+                  <li>
+                    If <var>algorithmAndAliases</var> is <code>undefined</code>, return a
+                    new <code>NotSupportedError</code> and terminate this algorithm.
+                  </li>
+                  <li>
+                    Let <var>registeredAlgorithms</var> be the associative container stored at the
+                    <code>algorithms</code> key of <var>algorithmsAndAliases</var>.
+                  </li>
+                  <li>
+                    Let <var>initialAlg</var> be the result of converting the ECMAScript object
+                    represented by <var>alg</var> to the IDL dictionary type <a
+                    href="#dfn-Algorithm">Algorithm</a>, as defined by [<a href="#WebIDL">WEBIDL</a>].
+                  </li>
+                  <li>
+                    If an error occurred, return the error and terminate this algorithm.
+                  </li>
+                  <li>
+                    If the <a href="#dfn-Algorithm-name">name</a> attribute of <var>initialAlg</var>
+                    is not present, return a new <code>SyntaxError</code> and terminate this
+                    algorithm.
+                  </li>
+                  <li>
+                    Let <var>algName</var> be the value of the <a href="#dfn-Algorithm-name">name</a>
+                    attribute of <var>initialAlg</var>.
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>
+                        If the <var>algName</var> key of <var>registeredAlgorithms</var> is
+                        <code>undefined</code>:
+                      </dt>
+                      <dd>
+                        Return a new <code>NotSupportedError</code> and terminate this algorithm.
+                      </dd>
+                      <dt>Otherwise:</dt>
+                      <dd>
+                        Let <var>desiredType</var> be the IDL dictionary type stored in the
+                        <var>algName</var> key of <var>registeredAlgorithms</var>.
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    Let <var>normalizedAlgorithm</var> be the result of converting the ECMAScript
+                    object represented by <var>alg</var> to the IDL dictionary type
+                    <var>desiredType</var>, as defined by [<a href="#WebIDL">WEBIDL</a>].
+                  </li>
+                  <li>
+                    If an error occurred, return the error and terminate this algorithm.
+                  </li>
+                  <li>
+                    Let <var>dictionaries</var> be a list consisting of the IDL dictionary type
+                    <var>desiredType</var> and all of <var>desiredType</var>'s inherited dictionaries,
+                    in order from least to most derived.
+                  </li>
+                  <li>
+                    <p>
+                      For each dictionary <var>dictionary</var> in <var>dictionaries</var>:
+                    </p>
+                    <ol>
+                      <li>
+                        <p>
+                          For each dictionary member <var>member</var> declared on
+                          <var>dictionary</var>, in order:
+                        </p>
+                        <ol>
+                          <li>
+                            If <var>member</var> is not nullable, and is not present, return a new
+                            <code>SyntaxError</code> and terminate this algorithm.
+                          </li>
+                          <li>
+                            If <var>member</var> is nullable, and is not present, return to
+                            iterating the next dictionary member <var>member</var>, stopping further
+                            processing of this <var>member</var>.
+                          </li>
+                          <li>
+                            Let <var>key</var> be the identifier of <var>member</var>.
+                          </li>
+                          <li>
+                            Let <var>idlValue</var> be the value of the dictionary member with
+                            key name of <var>key</var> on <var>normalizedAlgorithm</var>.
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>
+                                If <var>member</var> is of the type
+                                <a href="#dfn-CryptoOperationData">CryptoOperationData</a> and is
+                                present:
+                              </dt>
+                              <dd>
+                                Set the dictionary member on <var>normalizedAlgorithm</var> with key
+                                name <var>key</var> to a <a
+                                href="#concept-clone-CryptoOperationData">clone of
+                                <var>idlValue</var></a>, replacing the current value.
+                              </dd>
+                              <dt>
+                                If <var>member</var> is of the type
+                                <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a>:
+                              </dt>
+                              <dd>
+                                Set the dictionary member on <var>normalizedAlgorithm</var> with key
+                                name <var>key</var> to the result of
+                                <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>,
+                                with the <code>alg</code> set to <var>idlValue</var> and the
+                                <code>op</code> set to <code>"digest"</code>.
+                              </dd>
+                              <dt>
+                                If <var>member</var> is of the type
+                                <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a>:
+                              </dt>
+                              <dd>
+                                Set the dictionary member on <var>normalizedAlgorithm</var> with key
+                                name <var>key</var> to the result of
+                                <a href="#dfn-normalize-an-algorithm">normalizing an algorithm</a>,
+                                with the <code>alg</code> set to <var>idlValue</var> and the
+                                <code>op</code> set to <var>op</var>.
+                              </dd>
+                            </dl>
+                          </li>
+                          <li>
+                            If an error occurred, return the error and terminate this algorithm.
+                          </li>
+                        </ol>
+                      </li>
+                    </ol>
+                  </li>
+                  <li>
+                    Return <var>normalizedAlgorithm</var>.
+                  </li>
+                </ol>
+              </dd>
+            </dl>
+          </div>
+
+        </div>
+
+        <div id="algorithm-recommendations" class="section">
+          <h3>Recommendations</h3>
+          <p class="norm">This section is non-normative.</p>
+          <div id="algorithm-recommendations-authors" class="section">
+            <h4>For Authors</h4>
+            <p>
+              As this API is meant to be extensible, in order to keep up with future developments
+              within cryptography, there are no algorithms that conforming user agents are required
+              to implement. As such, authors should check to see what algorithms are currently
+              recommended and supported by implementations.
+            </p>
+            <p>
+              As highlighted in the <a href="#security-considerations">Security Considerations</a>,
+              even cryptographic algorithms that might be considered strong for one purpose may be
+              insufficient when used with another purpose. Authors should therefore proceed with
+              extreme caution before inventing new cryptographic protocols.
+            </p>
+            <p>
+              Additionally, this specification includes several algorithms which, in their default
+              usage, can result in cryptographic vulnerabilities. While these concerns may be
+              mitigated, such as through the combination and composition with additional algorithms
+              provided by this specification, authors should proceed with caution and review the
+              relevant cryptographic literature before using a given algorithm. The inclusion of
+              algorithms within this specification is not an indicator of their suitability for any
+              or all purpose, and instead merely serve to provide as a specification for how a
+              conforming User Agent must implement the given algorithm, if it choses to implement
+              the algorithm.
+            </p>
+          </div>
+          <div id="algorithm-recommendations-implementers" class="section">
+            <h4>For Implementers</h4>
+            <p>
+              In order to promote interoperability for developers, this specification includes a
+              list of suggested algorithms. These are considered to be the most widely used
+              algorithms in practice at the time of writing, and therefore provide a good starting
+              point for initial implementations of this specification. The suggested algorithms are:
+            </p>
+            <ul>
+              <li>
+                  <a href="#hmac">HMAC</a> using <a href="#alg-sha-1">SHA-1</a>
+              </li>
+              <li>
+                  <a href="#hmac">HMAC</a> using <a href="#alg-sha-256">SHA-256</a>
+              </li>
+              <li>
+                  <a href="#rsassa-pkcs1">RSASSA-PKCS1-v1_5</a> using
+                  <a href="#alg-sha-256">SHA-1</a>
+              </li>
+              <li>
+                  <a href="#rsa-pss">RSA-PSS</a> using <a href="#alg-sha-256">SHA-256</a>
+                  and MGF1 with <a href="#alg-sha-256">SHA-256</a>.
+              </li>
+              <li>
+                  <a href="#rsa-oaep">RSA-OAEP</a> using <a href="#alg-sha-256">SHA-256</a>
+                  and MGF1 with <a href="#alg-sha-256">SHA-256</a>.
+              </li>
+              <li>
+                  <a href="#ecdsa">ECDSA</a> using <a href="#dfn-NamedCurve-p256">P-256</a>
+                  curve and <a href="#alg-sha-256">SHA-256</a>
+              </li>
+              <li><a href="#aes-cbc">AES-CBC</a></li>
+            </ul>
+          </div>
+        </div>
+      </div>
+      
+      <div id="algorithm-overview" class="section">
+        <h2>Algorithm Overview</h2>
+        <p class="norm">The following section is non-normative.</p>
+        <p>
+          The table below contains an overview of the algorithms described within this
+          specification, as well as the set of operations the algorithm may be used with.
+        </p>
+        <p class="note">
+          Application developers and script authors should not interpret this table as a
+          recommendation for the use of particular algorithms. Instead, it simply documents what
+          operations are supported. Authors should refer to the <a
+          href="#security-developers">Security considerations for authors</a> section of this
+          document to better understand the risks and concerns that may arise when using certain
+          algorithms.
+        </p>
         <div class="ednote">
           <p>
             Note: All algorithms listed should be considered as "features at risk",
@@ -2787,13558 +3206,12677 @@
             altered in future revisions.
           </p>
         </div>
-        <div id="algorithms-index" class="section">
-          <h3>Registered algorithms</h3>
+        <table>
+          <thead>
+            <tr>
+              <th>Algorithm name</th>
+              <th scope="col">encrypt</th>
+              <th scope="col">decrypt</th>
+              <th scope="col">sign</th>
+              <th scope="col">verify</th>
+              <th scope="col">digest</th>
+              <th scope="col">generateKey</th>
+              <th scope="col">deriveKey</th>
+              <th scope="col">deriveBits</th>
+              <th scope="col">importKey</th>
+              <th scope="col">exportKey</th>
+              <th scope="col">wrapKey</th>
+              <th scope="col">unwrapKey</th>
+            </tr>
+          </thead>
+          <tbody>
+            <tr>
+              <td><a href="#rsassa-pkcs1">RSASSA-PKCS1-v1_5</a></td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#rsa-pss">RSA-PSS</a></td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#rsa-oaep">RSA-OAEP</a></td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td /> 
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+            </tr>
+            <tr>
+              <td><a href="#ecdsa">ECDSA</a></td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#ecdh">ECDH</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#aes-ctr">AES-CTR</a></td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+            </tr>
+            <tr>
+              <td><a href="#aes-cbc">AES-CBC</a></td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+            </tr>
+            <tr>
+              <td><a href="#aes-cmac">AES-CMAC</a></td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#aes-gcm">AES-GCM</a></td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+            </tr>
+            <tr>
+              <td><a href="#aes-cfb">AES-CFB</a></td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+            </tr>
+            <tr>
+              <td><a href="#aes-kw">AES-KW</a></td>
+              <td></td>
+              <td></td>
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+            </tr>
+            <tr>
+              <td><a href="#hmac">HMAC</a></td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#dh">DH</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#sha">SHA-1</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#sha">SHA-256</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#sha">SHA-384</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#sha">SHA-512</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#concatkdf">CONCAT</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#hkdf-ctr">HKDF-CTR</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+            <tr>
+              <td><a href="#pbkdf2">PBKDF2</a></td>
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td />
+              <td>&#10004;</td>
+              <td>&#10004;</td>
+              <td />
+              <td />
+              <td />
+              <td />
+            </tr>
+          </tbody>
+        </table>
+      </div>
+
+      <div id="rsassa-pkcs1" class="section">
+        <h3>RSASSA-PKCS1-v1_5</h3>
+        <div id="rsassa-pkcs1-description" class="section">
+          <h4>Description</h4>
+          <p>
+            The <code>"RSASSA-PKCS1-v1_5"</code> algorithm identifier is used to perform
+            signing and verification using the RSASSA-PKCS1-v1_5 algorithm specified in
+            [<cite><a href="#RFC3447">RFC3447</a></cite>].
+          </p>
+        </div>
+        <div id="rsassa-pkcs1-registration" class="section">
+          <h4>Registration</h4>
+          <p>
+            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
+            this algorithm is <code>"RSASSA-PKCS1-v1_5"</code>.
+          </p>
           <table>
             <thead>
               <tr>
-                <th>Algorithm name</th>
-                <th scope="col">encrypt</th>
-                <th scope="col">decrypt</th>
-                <th scope="col">sign</th>
-                <th scope="col">verify</th>
-                <th scope="col">digest</th>
-                <th scope="col">generateKey</th>
-                <th scope="col">deriveKey</th>
-                <th scope="col">deriveBits</th>
-                <th scope="col">importKey</th>
-                <th scope="col">exportKey</th>
-                <th scope="col">wrapKey</th>
-                <th scope="col">unwrapKey</th>
+                <th><a href="#supported-operations">Operation</a></th>
+                <th><a href="#algorithm-specific-params">Parameters</a></th>
+                <th><a href="#algorithm-result">Result</a></th>
               </tr>
             </thead>
             <tbody>
               <tr>
-                <td><a href="#rsassa-pkcs1">RSASSA-PKCS1-v1_5</a></td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#rsa-pss">RSA-PSS</a></td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#rsa-oaep">RSA-OAEP</a></td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td /> 
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-              </tr>
-              <tr>
-                <td><a href="#ecdsa">ECDSA</a></td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#ecdh">ECDH</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#aes-ctr">AES-CTR</a></td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-              </tr>
-              <tr>
-                <td><a href="#aes-cbc">AES-CBC</a></td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-              </tr>
-              <tr>
-                <td><a href="#aes-cmac">AES-CMAC</a></td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#aes-gcm">AES-GCM</a></td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-              </tr>
-              <tr>
-                <td><a href="#aes-cfb">AES-CFB</a></td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-              </tr>
-              <tr>
-                <td><a href="#aes-kw">AES-KW</a></td>
-                <td></td>
-                <td></td>
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-              </tr>
-              <tr>
-                <td><a href="#hmac">HMAC</a></td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#dh">DH</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#sha">SHA-1</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#sha">SHA-256</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#sha">SHA-384</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#sha">SHA-512</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#concatkdf">CONCAT</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#hkdf-ctr">HKDF-CTR</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
-              </tr>
-              <tr>
-                <td><a href="#pbkdf2">PBKDF2</a></td>
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td />
-                <td>&#10004;</td>
-                <td>&#10004;</td>
-                <td />
-                <td />
-                <td />
-                <td />
+                <td>sign</td>
+                <td>None</td>
+                <td>ArrayBuffer</td>
+              </tr>
+              <tr>
+                <td>verify</td>
+                <td>None</td>
+                <td>boolean</td>
+              </tr>
+              <tr>
+                <td>generateKey</td>
+                <td><a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a></td>
+                <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
+              </tr>
+              <tr>
+                <td>importKey</td>
+                <td><a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a></td>
+                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
+              </tr>
+              <tr>
+                <td>exportKey</td>
+                <td>None</td>
+                <td>object</td>
               </tr>
             </tbody>
           </table>
         </div>
-        <div id="recommended-algorithms" class="section">
-          <h3>Recommended algorithms</h3>
-          <p class="norm">This section is non-normative</p>
-          <p>
-            As the API is meant to be extensible in order to keep up with future developments within
-            cryptography and to provide flexibility, there are no strictly required algorithms. Thus
-            users of this API should check to see what algorithms are currently recommended and
-            supported by implementations. As highlighted in the <a href="#security">Security
-            Considerations</a>, even strong cryptographic algorithms may be combined in insecure
-            ways. Users should therefore proceed with extreme caution when inventing new
-            cryptographic protocols.
-          </p>
-          <p>
-            Implementers should carefully review their support for different algorithms based on the
-            evolving state of the cryptographic literature. It is expected that the set of
-            widely-accepted algorithms will change over time as new advances are made.
-          </p>
-          <p>
-            With the above caveats in mind, in order to promote interoperability for developers,
-            this specification includes a list of suggested algorithms. These are considered to be
-            the most widely used algorithms in practice at the time of writing, and therefore
-            provide a good starting point for initial implementations of this specification. The
-            suggested algorithms are:
-          </p>
-          <ul>
-            <li>
-                <a href="#hmac">HMAC</a> using <a href="#alg-sha-1">SHA-1</a>
-            </li>
-            <li>
-                <a href="#hmac">HMAC</a> using <a href="#alg-sha-256">SHA-256</a>
-            </li>
-            <li>
-                <a href="#rsassa-pkcs1">RSASSA-PKCS1-v1_5</a> using
-                <a href="#alg-sha-256">SHA-1</a>
-            </li>
-            <li>
-                <a href="#rsa-pss">RSA-PSS</a> using <a href="#alg-sha-256">SHA-256</a>
-                and MGF1 with <a href="#alg-sha-256">SHA-256</a>.
-            </li>
-            <li>
-                <a href="#rsa-oaep">RSA-OAEP</a> using <a href="#alg-sha-256">SHA-256</a>
-                and MGF1 with <a href="#alg-sha-256">SHA-256</a>.
-            </li>
-            <li>
-                <a href="#ecdsa">ECDSA</a> using <a href="#dfn-NamedCurve-p256">P-256</a>
-                curve and <a href="#alg-sha-256">SHA-256</a>
-            </li>
-            <li><a href="#aes-cbc">AES-CBC</a></li>
-          </ul>
-          <p>
-            To see the results of test-cases between implementations, please see the [@@Upcoming]
-            Web Cryptography Test Cases Working Group.
-          </p>
-        </div>
-        <div id="defining-an-algorithm" class="section">
-          <h3>Defining an algorithm</h3>
-          <p>
-            Each algorithm that is to be exposed via the Web Cryptography API
-            <span class="RFC2119">SHOULD</span> be registered via the Web Cryptography working group,
-            and <span class="RFC2119">MUST</span> include all of the following details. Algorithms
-            that are not registered via these means, but are exposed via this API,
-            <span class="RFC2119">MUST</span> be processed as if the sections had been defined.
-          </p>
-          <div id="recognized-algorithm-name" class="section">
-            <h4>Recognized algorithm name</h4>
-            <p>
-              Each registered algorithm <span class="RFC2119">MUST</span> have a canonical name
-              for which applications can refer to the algorithm. The canonical name
-              <span class="RFC2119">MUST</span> contain only ASCII characters and
-              <span class="RFC2119">MUST NOT</span> equal any other canonical name or
-              <a href="#dfn-algorithm-alias">algorithm alias</a> when every character in both names
-              are converted to lower case.
-            </p>
-          </div>
-          <div id="supported-operations" class="section">
-            <h4>Supported operations</h4>
-            <p>
-              Each registered algorithm <span class="RFC2119">MUST</span> define the operations
-              that it supports.
-            </p>
-          </div>
-          <div id="algorithm-specific-params" class="section">
-            <h4>Algorithm-specific parameters</h4>
-            <p>
-              Each registered algorithm <span class="RFC2119">MUST</span> define the expected
-              parameters, if any, that should be exposed via the <a href="#dfn-Algorithm">Algorithm</a>
-              dictionary for every <a href="#supported-operations">supported operation</a>.
-            </p>
-          </div>
-          <div id="algorithm-result" class="section">
-            <h4>Algorithm results</h4>
-            <p>
-              Each registered algorithm <span class="RFC2119">MUST</span> define the contents
-              of the result of performing the underlying cryptographic operation for every
-              <a href="#supported-operations">supported operation</a>.
-            </p>
-          </div>
-          <div id="algorithm-alias" class="section">
-            <h4><dfn id="dfn-algorithm-alias">Algorithm aliases</dfn></h4>
-            <p>
-              Each registered algorithm <span class="RFC2119">MAY</span> define one or more aliases
-              that may define a fully normalized <a href="#dfn-Algorithm">Algorithm</a> object.
-            </p>
-            <p>
-              Each algorithm alias <span class="RFC2119">MUST</span> follow the same naming rules
-              as the <a href="#recognized-algorithm-name">recognized algorithm name</a>.
-            </p>
-          </div>
-        </div>
-
-        <div id="rsassa-pkcs1" class="section">
-          <h3>RSASSA-PKCS1-v1_5</h3>
-          <div id="rsassa-pkcs1-description" class="section">
-            <h4>Description</h4>
-            <p>
-              The <code>"RSASSA-PKCS1-v1_5"</code> algorithm identifier is used to perform
-              signing and verification using the RSASSA-PKCS1-v1_5 algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>].
-            </p>
-          </div>
-          <div id="rsassa-pkcs1-registration" class="section">
-            <h4>Registration</h4>
-            <p>
-              The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-              this algorithm is <code>"RSASSA-PKCS1-v1_5"</code>.
-            </p>
-            <table>
-              <thead>
-                <tr>
-                  <th><a href="#supported-operations">Operation</a></th>
-                  <th><a href="#algorithm-specific-params">Parameters</a></th>
-                  <th><a href="#algorithm-result">Result</a></th>
-                </tr>
-              </thead>
-              <tbody>
-                <tr>
-                  <td>sign</td>
-                  <td>None</td>
-                  <td>ArrayBuffer</td>
-                </tr>
-                <tr>
-                  <td>verify</td>
-                  <td>None</td>
-                  <td>boolean</td>
-                </tr>
-                <tr>
-                  <td>generateKey</td>
-                  <td><a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a></td>
-                  <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
-                </tr>
-                <tr>
-                  <td>importKey</td>
-                  <td><a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a></td>
-                  <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-                </tr>
-                <tr>
-                  <td>exportKey</td>
-                  <td>None</td>
-                  <td>object</td>
-                </tr>
-              </tbody>
-            </table>
-          </div>
-          <div id="RsaHashedKeyGenParams-dictionary" class="section">
-            <h4>RsaHashedKeyGenParams dictionary</h4>
-            <x:codeblock language="idl">
+        <div id="RsaHashedKeyGenParams-dictionary" class="section">
+          <h4>RsaHashedKeyGenParams dictionary</h4>
+          <x:codeblock language="idl">
 dictionary <dfn id="dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</dfn> : <a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a> {
-  <span class="comment">// The hash algorithm to use</span> 
-  <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> <dfn id="dfn-RsaHashedKeyGenParams-hash">hash</dfn>;
-};
-            </x:codeblock>
-          </div>
-          <div id="RsaHashedKeyAlgorithm-dictionary" class="section">
-            <h4>RsaHashedKeyAlgorithm dictionary</h4>
-            <x:codeblock language="idl">
-dictionary <dfn id="dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</dfn> : <a href="#dfn-RsaKeyAlgorithm">RsaKeyAlgorithm</a> {
-  <span class="comment">// The hash algorithm that is used with this key</span>
-  <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> <dfn id="dfn-RsaHashedKeyAlgorithm-hash">hash</dfn>;
-};
-            </x:codeblock>
-          </div>
-          <div id="RsaHashedImportParams-dictionary" class="section">
-            <h4>RsaHashedImportParams dictionary</h4>
-            <x:codeblock language="idl">
-dictionary <dfn id="dfn-RsaHashedImportParams">RsaHashedImportParams</dfn> {
-  <span class="comment">// The hash algorithm to use</span>
-  <a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> <dfn id="dfn-RsaHashedImportParams-hash">hash</dfn>;
+<span class="comment">// The hash algorithm to use</span> 
+<a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-RsaHashedKeyGenParams-hash">hash</dfn>;
 };
-            </x:codeblock>
-            <div class="ednote">
-              <p>
-                Should this be folded into RsaHashedKeyGenParams and rely on the optional nature of the
-                dictionary fields?
-              </p>
-            </div>
-          </div>
-          <div id="rsassa-pkcs1-operations" class="section">
-            <h4>Operations</h4>
-            <dl>
-              <dt>Sign</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>key</var> is not <code>"private"</code>, then <a
-                      href="#concept-return-an-error">return an error</a> named <a
-                      href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Perform the signature generation operation defined in Section 8.2 of [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>] with the key represented by the [[<a
-                      href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                      as the signer's private key and the <a
-                      href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
-                      <var>M</var> and using the hash function specified in the <a
-                      href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the [[<a
-                      href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>key</var> as the Hash option for the EMSA-PKCS1-v1_5 encoding method.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>signature</var> be the value <var>S</var> that results from
-                      performing the operation.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Verify</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>key</var> is not <code>"public"</code>, then <a
-                      href="#concept-return-an-error">return an error</a> named <a
-                      href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Perform the signature verification operation defined in Section 8.2 of
-                      [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by the
-                      [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                      <var>key</var> as the signer's RSA public key and the <a
-                      href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
-                      <var>M</var> and the <a href="#concept-contents-of-arraybuffer">contents of
-                      <var>signature</var></a> as <var>S</var> and using the hash function specified
-                      in the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                      [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>key</var> as the Hash option for the EMSA-PKCS1-v1_5 encoding method.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>result</var> be a boolean with value true if the
-                      result of the operations was "valid signature" and a boolean with value
-                      false otherwise.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-              <dt>Generate Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of
-                      <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
-                      in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If <var>usages</var> contains an entry which is not
-                       <code>"sign"</code> or <code>"verify"</code>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-DataError"><code>DataError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Generate an RSA key pair, as defined in [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
-                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> attribute of
-                      <var>normalizedAlgorithm</var> and RSA public exponent equal to the
-                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> attribute of
-                      <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If generation of the key pair fails,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>algorithm</var> be a new
-                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
-                      dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                      <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the
-                      <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                      attribute of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
-                      attribute of <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the
-                      <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                      attribute of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
-                      attribute of <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                      of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
-                      <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object representing the public key of the generated key pair.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>publicKey</var> to <code>"public"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                      slot of <var>publicKey</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                      slot of <var>publicKey</var> to true.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                      <var>publicKey</var> to be the <a href="#concept-usage-intersection">usage
-                      intersection</a> of <var>usages</var> and <code>[ "verify" ]</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object representing the private key of the generated key pair.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>privateKey</var> to <code>"private"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                      slot of <var>privateKey</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                      slot of <var>privateKey</var> to <var>extractable</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                      <var>privateKey</var> to be the <a href="#concept-usage-intersection">usage
-                      intersection</a> of <var>usages</var> and <code>[ "sign" ]</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
-                      dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
-                      of <var>result</var> to be <var>publicKey</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
-                      of <var>result</var> to be <var>privateKey</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Return the result of converting <var>result</var> to an ECMAScript Object, as
-                      defined by [<a href="#WebIDL">WEBIDL</a>].
-                    </p>
-                  </li>
-                </ol>
-                <div class="ednote">
-                  <p>
-                    TODO: Specify the mapping between key.algorithm.hash and the appropriate Hash
-                    functions (and back to OID).
-                  </p>
-                </div>
-              </dd>
-
-              <dt>Import Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>Let <var>keyData</var> be the key data to be imported.</p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a
-                      href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
-                      <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
-                      an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <dl class="switch">
-                      <dt>If <var>format</var> is <code>"spki"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>spki</var> be the result of running the
-                              <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
-                              algorithm over <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>alg</var> be the <code>algorithm</code> object identifier
-                              field of the <code>algorithm</code> AlgorithmIdentifier field of
-                              <var>spki</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
-                                OID defined in Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha1WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-1</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha256WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-256</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha384WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-384</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha512WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-512</code>.
-                                </p>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set <var>hash</var> to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>publicKey</var> be the result of performing the <a
-                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
-                              algorithm, with <var>data</var> as the
-                              <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
-                              <var>structure</var> as the <code>RSAPublicKey</code> structure
-                              specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
-                              <var>exactData</var> set to true.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                              object that represents the RSA public key identified by
-                              <var>publicKey</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> to <code>"public"</code>
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>privateKeyInfo</var> be the result of running the
-                              <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
-                              algorithm over <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>alg</var> be the <code>algorithm</code> object identifier
-                              field of the <code>privateKeyAlgorithm</code>
-                              PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
-                                OID defined in Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha1WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-1</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha256WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-256</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha384WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-384</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>sha512WithRSAEncryption</code> OID defined in Section A.2.4 of
-                                <a href="#RFC3279">RFC 3279</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-512</code>.
-                                </p>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set <var>hash</var> to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>rsaPrivateKey</var> be the result of performing the <a
-                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
-                              algorithm, with <var>data</var> as the
-                              <code>privateKey</code> field of <var>privateKeyInfo</var>,
-                              <var>structure</var> as the <code>RSAPrivateKey</code> structure
-                              specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
-                              <var>exactData</var> set to true.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                              object that represents the RSA private key identified by
-                              <var>rsaPrivateKey</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> to <code>"private"</code>
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                              dictionary represented by <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"kty"</code> field of <var>jwk</var> is not a
-                              case-sensitive string match to <code>"RSA"</code>,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                              not a case-sensitive string match to <code>"enc"</code>,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                              is invalid according to the requirements of
-                              <a href="#jwk">JSON Web Key</a> or
-                              does not contain all of the specified <var>usages</var> values,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a be a string whose initial value is
-                              undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If the <code>"alg"</code> field of <var>jwk</var> is not
-                                present:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"RS1"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-1</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"RS256"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-256</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"RS384"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-384</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"RS512"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-512</code>.
-                                </p>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      If <var>jwk</var> does not meet the requirements of
-                                      Section 6.3.2 of <a href="#jwa">JSON Web
-                                      Algorithms</a>,
-                                      then <a href="#concept-return-an-error">return an error</a> named
-                                      <a href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>key</var> be a new <a
-                                      href="#dfn-CryptoKey">CryptoKey</a> object that represents the
-                                      RSA private key identified by interpreting <var>jwk</var>
-                                      according to Section 6.3.2 of <a href="#jwa"> JSON Web
-                                      Algorithms</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
-                                      internal slot of <var>key</var> to <code>"private"</code>
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      If <var>jwk</var> does not meet the requirements of Section
-                                      6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>key</var> be a new <a
-                                      href="#dfn-CryptoKey">CryptoKey</a> object that represents the
-                                      RSA public key identified by interpreting <var>jwk</var>
-                                      according to Section 6.3.1 of <a href="#jwa"> JSON Web
-                                      Algorithms</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
-                                      internal slot of <var>key</var> to <code>"public"</code>
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                            </dl>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>Otherwise:</dt>
-                      <dd>
-                        <a href="#concept-return-an-error">Return an error</a> named
-                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                      </dd>
-                    </dl>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>algorithm</var> be a new
-                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a> dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                      <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                      attribute of <var>algorithm</var> to the length, in bits, of the RSA public
-                      modulus.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                      attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
-                      representation of the RSA public exponent.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
-                      <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
-                      whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                      slot of <var>key</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>Return <var>key</var>.</p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Export Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      Let <var>key</var> be the key to be exported.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If the underlying cryptographic key material represented by the [[<a
-                      href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                      cannot be accessed, then <a href="#concept-return-an-error">return an
-                      error</a> named <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <dl class="switch">
-                      <dt>If <var>format</var> is <code>"spki"</code></dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is not <code>"public"</code>, then <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>data</var> be the result of <a
-                              href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
-                              subjectPublicKeyInfo</a> with the following properties:
-                            </p>
-                            <ul>
-                              <li>
-                                <p>
-                                  Set the <var>algorithm</var> field to an
-                                  <code>AlgorithmIdentifier</code> ASN.1 type with the following
-                                  properties:
-                                </p>
-                                <ul>
-                                  <li>
-                                    <p>
-                                      Set the <var>algorithm</var> field to the OID
-                                      <code>1.2.840.113549.1.1</code>
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the <var>params</var> field to the ASN.1 type NULL.
-                                    </p>
-                                  </li>
-                                </ul>
-                              </li>
-                              <li>
-                                <p>
-                                  Set the <var>subjectPublicKey</var> field to the result of
-                                  DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
-                                  in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
-                                  represents the RSA public key represented by the [[<a
-                                  href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                                  <var>key</var>
-                                </p>
-                              </li>
-                            </ul>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                              <var>data</var>.
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is not <code>"private"</code>, then <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>data</var> be the result of <a
-                              href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
-                              with the following properties:
-                            </p>
-                            <ul>
-                              <li>
-                                <p>
-                                  Set the <var>version</var> field to 0.
-                                </p>
-                              </li>
-                              <li>
-                                <p>
-                                  Set the <var>privateKeyAlgorithm</var> field to a
-                                  <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
-                                  following properties:
-                                </p>
-                                <ul>
-                                  <li>
-                                    <p>
-                                      Set the <var>algorithm</var> field to the OID
-                                      <code>1.2.840.113549.1.1</code>
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the <var>params</var> field to the ASN.1 type NULL.
-                                    </p>
-                                  </li>
-                                </ul>
-                              </li>
-                              <li>
-                                <p>
-                                  Set the <var>privateKey</var> field to the result of DER-encoding
-                                  an <code>RSAPrivateKey</code> ASN.1 type, as defined in <a
-                                  href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that represents the
-                                  RSA private key represented by the [[<a
-                                  href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                                  <var>key</var>
-                                </p>
-                                <div class="ednote">
-                                  <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
-                                  this field should be <em>BER</em> encoded in Section 5 (as a "for
-                                  example"). However, to avoid requiring WebCrypto implementations
-                                  support BER-encoding and BER-decoding, only <em>DER</em> encodings
-                                  are produced or accepted.
-                                </div>
-                              </li>
-                            </ul>                              
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                              <var>data</var>.
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                      <dd>
-                        <ul>
-                          <li>
-                            <p>Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary.</p>
-                          </li>
-                          <li>
-                            <p>Set the <code>kty</code> attribute of <var>jwk</var> to the string
-                            <code>"RSA"</code>.</p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
-                              attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
-                              attribute of <var>key</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>RS1</code>.
-                                </p>
-                              </dd>
-                              <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>RS256</code>.
-                                </p>
-                              </dd>
-                              <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>RS384</code>.
-                                </p>
-                              </dd>
-                              <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>RS512</code>.
-                                </p>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                            <code>RSA1_5</code>.</p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the attributes <code>n</code> and <code>e</code> of <var>jwk</var>
-                              according to the corresponding definitions in <a href="#jwa">JSON Web
-                              Algorithms</a>, Section 6.3.1.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                                of <var>key</var> is <code>"private"</code>:
-                              </dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      Set the attributes named <code>d</code>, <code>p</code>,
-                                      <code>q</code>, <code>dp</code>, <code>dq</code>, and
-                                      <code>qi</code> of <var>jwk</var> according to the
-                                      corresponding definitions in <a href="#jwa">JSON Web
-                                      Algorithms</a>, Section 6.3.2.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the underlying RSA private key represented by the [[<a
-                                      href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
-                                      of <var>key</var> is represented by more than two primes, set
-                                      the attribute named <code>oth</code> of <var>jwk</var>
-                                      according to the corresponding definition in <a
-                                      href="#jwa">JSON Web Algorithms</a>, Section 6.3.2.7
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              Set the <code>key_ops</code> attribute of <var>jwk</var> to the <a
-                              href="#dfn-CryptoKey-usages">usages</a> attribute of <var>key</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the <code>ext</code> attribute of <var>jwk</var> to the [[<a
-                              href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
-                              of <var>key</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>result</var> be the result of converting <var>jwk</var>
-                              to an ECMAScript Object, as defined by [<a href="#WebIDL">WEBIDL</a>].
-                            </p>
-                          </li>
-                        </ul>
-                      </dd>
-                      <dt>Otherwise</dt>
-                      <dd>
-                        <p>
-                          <a href="#concept-return-an-error">Return an error</a> named
-                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                        </p>
-                      </dd>
-                    </dl>
-                  </li>
-                  <li>
-                    <p>
-                      Return <var>result</var>.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-            </dl>
-          </div>
-        </div>
-
-        <div id="rsa-pss" class="section">
-          <h3>RSA-PSS</h3>
-          <div id="rsa-pss-description" class="section">
-            <h4>Description</h4>
+          </x:codeblock>
+        </div>
+        <div id="RsaHashedKeyAlgorithm-dictionary" class="section">
+          <h4>RsaHashedKeyAlgorithm dictionary</h4>
+          <x:codeblock language="idl">
+dictionary <dfn id="dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</dfn> : <a href="#dfn-RsaKeyAlgorithm">RsaKeyAlgorithm</a> {
+<span class="comment">// The hash algorithm that is used with this key</span>
+<a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> <dfn id="dfn-RsaHashedKeyAlgorithm-hash">hash</dfn>;
+};
+          </x:codeblock>
+        </div>
+        <div id="RsaHashedImportParams-dictionary" class="section">
+          <h4>RsaHashedImportParams dictionary</h4>
+          <x:codeblock language="idl">
+dictionary <dfn id="dfn-RsaHashedImportParams">RsaHashedImportParams</dfn> {
+<span class="comment">// The hash algorithm to use</span>
+<a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-RsaHashedImportParams-hash">hash</dfn>;
+};
+          </x:codeblock>
+          <div class="ednote">
             <p>
-              The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
-              and verification using the RSASSA-PSS algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
-              formula MGF1.
+              Should this be folded into RsaHashedKeyGenParams and rely on the optional nature of the
+              dictionary fields?
             </p>
           </div>
-          <div id="rsa-pss-registration" class="section">
-            <h4>Registration</h4>
-            <p>
-              The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-              this algorithm is <code>"RSA-PSS"</code>.
-            </p>
-            <table>
-              <thead>
-                <tr>
-                  <th><a href="#supported-operations">Operation</a></th>
-                  <th><a href="#algorithm-specific-params">Parameters</a></th>
-                  <th><a href="#algorithm-result">Result</a></th>
-                </tr>
-              </thead>
-              <tbody>
-                <tr>
-                  <td>sign</td>
-                  <td><a href="#dfn-RsaPssParams">RsaPssParams</a></td>
-                  <td>ArrayBuffer</td>
-                </tr>
-                <tr>
-                  <td>verify</td>
-                  <td><a href="#dfn-RsaPssParams">RsaPssParams</a></td>
-                  <td>boolean</td>
-                </tr>
-                <tr>
-                  <td>generateKey</td>
-                  <td><a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a></td>
-                  <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
-                </tr>
-                <tr>
-                  <td>importKey</td>
-                  <td><a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a></td>
-                  <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-                </tr>
-                <tr>
-                  <td>exportKey</td>
-                  <td>None</td>
-                  <td>object</td>
-                </tr>
-              </tbody>
-            </table>
-          </div>
-          <div id="RsaPssParams-dictionary" class="section">
-            <h4>RsaPssParams dictionary</h4>
-            <x:codeblock language="idl">
-dictionary <dfn id="dfn-RsaPssParams">RsaPssParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-  <span class="comment">// The desired length of the random salt</span>
-  [EnforceRange] unsigned long <dfn id="dfn-RsaPssParams-saltLength">saltLength</dfn>;
-};
-            </x:codeblock>
-          </div>
-          <div id="rsa-pss-operations" class="section">
-            <h4>Operations</h4>
-            <dl>
-              <dt>Sign</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>key</var> is not <code>"private"</code>, then <a
-                      href="#concept-return-an-error">return an error</a> named <a
-                      href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
-                      present in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Perform the signature generation operation defined in Section 8.1 of [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>] with the key represented by the [[<a
-                      href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                      as the signer's private key, <var>K</var>, and the <a
-                      href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
-                      the message to be signed, <var>M</var>, and using the hash function specified
-                      by the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                      [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>key</var> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the <a
-                      href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
-                      <var>normalizedAlgorithm</var> as the salt length option for the
-                      EMM-PSS-ENCODE operation.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
-                      signature, S, that results from performing the operation.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Verify</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>key</var> is not <code>"public"</code>, then <a
-                      href="#concept-return-an-error">return an error</a> named <a
-                      href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaPssParams">RsaPssParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
-                      present in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Perform the signature verification operation defined in Section 8.1 of
-                      [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by the
-                      [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                      <var>key</var> as the signer's RSA public key and the <a
-                      href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
-                      <var>M</var> and <a href="#concept-contents-of-arraybuffer">the contents of
-                      <var>signature</var></a> as <var>S</var> and using the hash function specified
-                      by the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
-                      [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>key</var> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the <a
-                      href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
-                      <var>normalizedAlgorithm</var> as the salt length option for the
-                      EMSA-PSS-VERIFY operation.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>result</var> be a boolean with value true if the
-                      result of the operation was "valid signature" and a boolean with value
-                      false otherwise.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Generate Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of
-                      <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
-                      in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If <var>usages</var> contains an entry which is not
-                      <code>"sign"</code> or <code>"verify"</code>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Generate an RSA key pair, as defined in [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
-                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
-                      <var>normalizedAlgorithm</var> and RSA public exponent equal to the
-                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
-                      <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>algorithm</var> be a new
-                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
-                      dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                      <var>algorithm</var> to <code>"RSA-PSS"</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the
-                      <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                      attribute of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
-                      member of <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the
-                      <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                      attribute of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
-                      member of <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                      of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
-                      <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object representing the public key of the generated key pair.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>publicKey</var> to <code>"public"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                      slot of <var>publicKey</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                      slot of <var>publicKey</var> to true.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                      <var>publicKey</var> to be the <a href="#concept-usage-intersection">usage
-                      intersection</a> of <var>usages</var> and <code>[ "verify" ]</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object representing the private key of the generated key pair.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>privateKey</var> to <code>"private"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                      slot of <var>privateKey</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                      slot of <var>privateKey</var> to <var>extractable</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                      <var>privateKey</var> to be the <a href="#concept-usage-intersection">usage
-                      intersection</a> of <var>usages</var> and <code>[ "sign" ]</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
-                      dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
-                      of <var>result</var> to <var>publicKey</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
-                      of <var>result</var> to <var>privateKey</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Return the result of converting <var>result</var> to an ECMAScript Object,
-                      as defined by [<a href="#WebIDL">WEBIDL</a>].
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Import Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>Let <var>keyData</var> be the key data to be imported.</p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a
-                      href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
-                      <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
-                      an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <dl class="switch">
-                      <dt>If <var>format</var> is <code>"spki"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>spki</var> be the result of running the
-                              <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
-                              algorithm over <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>alg</var> be the <code>algorithm</code> object identifier
-                              field of the <code>algorithm</code> AlgorithmIdentifier field of
-                              <var>spki</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
-                                OID defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the
-                                <code>id-RSASSA-PSS</code> OID defined in
-                                <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      Let <var>params</var> be the ASN.1 structure contained within
-                                      the <code>parameters</code> field of the <code>algorithm</code>
-                                      AlgorithmIdentifier field of <var>spki</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If <var>params</var> is not defined, or is not an instance of
-                                      the <code>RSASSA-PSS-params</code> ASN.1 type defined in
-                                      <a href="#RFC3447">RFC3447</a>,
-                                      <a href="#concept-return-an-error">return an error</a> named
-                                      <a href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
-                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <dl class="switch">
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-1</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-256</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-384</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-512</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>Otherwise:</dt>
-                                      <dd>
-                                        <p>
-                                          <a href="#concept-return-an-error">Return an error</a> named
-                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                        </p>
-                                      </dd>
-                                    </dl>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>algorithm</code> object identifier field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      equivalent to the OID <code>id-mgf1</code> defined in <a
-                                      href="#RFC3447">RFC 3447</a>, <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>parameters</code> field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
-                                      identical in content to the <code>hashAlglorithm</code> field of
-                                      <var>params</var>, <a href="#concept-return-an-error">return an
-                                      error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set <var>hash</var> to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>publicKey</var> be the result of performing the <a
-                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
-                              algorithm, with <var>data</var> as the
-                              <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
-                              <var>structure</var> as the <code>RSAPublicKey</code> structure
-                              specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
-                              <var>exactData</var> set to true.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                              object that represents the RSA public key identified by
-                              <var>publicKey</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> to <code>"public"</code>
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>privateKeyInfo</var> be the result of running the
-                              <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
-                              algorithm over <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing, then <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>alg</var> be the <code>algorithm</code> object identifier
-                              field of the <code>privateKeyAlgorithm</code>
-                              PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
-                                OID defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>id-RSASSA-PSS</code> OID
-                                defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      Let <var>params</var> be the ASN.1 structure contained within
-                                      the <code>parameters</code> field of the
-                                      <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
-                                      field of <var>privateKeyInfo</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If <var>params</var> is not defined, or is not an instance of
-                                      the <code>RSASSA-PSS-params</code> ASN.1 type defined in
-                                      <a href="#RFC3447">RFC3447</a>,
-                                      <a href="#concept-return-an-error">return an error</a> named
-                                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
-                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <dl class="switch">
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-1</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-256</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-384</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-512</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>Otherwise:</dt>
-                                      <dd>
-                                        <p>
-                                          <a href="#concept-return-an-error">Return an error</a> named
-                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                        </p>
-                                      </dd>
-                                    </dl>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>algorithm</code> object identifier field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      equivalent to the OID <code>id-mgf1</code> defined in <a
-                                      href="#RFC3447">RFC 3447</a>, <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>parameters</code> field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
-                                      identical in content to the <code>hashAlglorithm</code> field of
-                                      <var>params</var>, <a href="#concept-return-an-error">return an
-                                      error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set <var>hash</var> to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>rsaPrivateKey</var> be the result of performing the <a
-                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
-                              algorithm, with <var>data</var> as the
-                              <code>privateKey</code> field of <var>privateKeyInfo</var>,
-                              <var>structure</var> as the <code>RSAPrivateKey</code> structure
-                              specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
-                              <var>exactData</var> set to true.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                              object that represents the RSA private key identified by
-                              <var>rsaPrivateKey</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> to <code>"private"</code>
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                              dictionary represented by <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"kty"</code> field of <var>jwk</var> is not a
-                              case-sensitive string match to <code>"RSA"</code>,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                              not a case-sensitive string match to <code>"enc"</code>,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                              is invalid according to the requirements of
-                              <a href="#jwk">JSON Web Key</a> or
-                              does not contain all of the specified <var>usages</var> values,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a be a string whose initial value is
-                              undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If the <code>"alg"</code> field of <var>jwk</var> is not
-                                present:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"PS1"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-1</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"PS256"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-256</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"PS384"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-384</code>.
-                                </p>
-                              </dd>
-                              <dt>
-                                If the <code>"alg"</code> field is equal to the string
-                                <code>"PS512"</code>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be the string <code>SHA-512</code>.
-                                </p>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      If <var>jwk</var> does not meet the requirements of
-                                      Section 6.3.2 of <a href="#jwa">JSON Web
-                                      Algorithms</a>,
-                                      then <a href="#concept-return-an-error">return an error</a> named
-                                      <a href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>key</var> be a new <a
-                                      href="#dfn-CryptoKey">CryptoKey</a> object that represents the
-                                      RSA private key identified by interpreting <var>jwk</var>
-                                      according to Section 6.3.2 of <a href="#jwa"> JSON Web
-                                      Algorithms</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
-                                      internal slot of <var>key</var> to <code>"private"</code>
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      If <var>jwk</var> does not meet the requirements of Section
-                                      6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>key</var> be a new <a
-                                      href="#dfn-CryptoKey">CryptoKey</a> object that represents the
-                                      RSA public key identified by interpreting <var>jwk</var>
-                                      according to Section 6.3.1 of <a href="#jwa"> JSON Web
-                                      Algorithms</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
-                                      internal slot of <var>key</var> to <code>"public"</code>
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                            </dl>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>Otherwise:</dt>
-                      <dd>
+        </div>
+        <div id="rsassa-pkcs1-operations" class="section">
+          <h4>Operations</h4>
+          <dl>
+            <dt>Sign</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>key</var> is not <code>"private"</code>, then <a
+                    href="#concept-return-an-error">return an error</a> named <a
+                    href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Perform the signature generation operation defined in Section 8.2 of [<cite><a
+                    href="#RFC3447">RFC3447</a></cite>] with the key represented by the [[<a
+                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
+                    as the signer's private key and the <a
+                    href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
+                    <var>M</var> and using the hash function specified in the <a
+                    href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the [[<a
+                    href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+                    <var>key</var> as the Hash option for the EMSA-PKCS1-v1_5 encoding method.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If performing the operation results in an error,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>signature</var> be the value <var>S</var> that results from
+                    performing the operation.
+                  </p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Verify</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>key</var> is not <code>"public"</code>, then <a
+                    href="#concept-return-an-error">return an error</a> named <a
+                    href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Perform the signature verification operation defined in Section 8.2 of
+                    [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by the
+                    [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
+                    <var>key</var> as the signer's RSA public key and the <a
+                    href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
+                    <var>M</var> and the <a href="#concept-contents-of-arraybuffer">contents of
+                    <var>signature</var></a> as <var>S</var> and using the hash function specified
+                    in the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                    [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+                    <var>key</var> as the Hash option for the EMSA-PKCS1-v1_5 encoding method.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If performing the operation results in an error,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>result</var> be a boolean with value true if the
+                    result of the operations was "valid signature" and a boolean with value
+                    false otherwise.
+                  </p>
+                </li>
+              </ol>
+            </dd>
+            <dt>Generate Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    If <var>usages</var> contains an entry which is not
+                     <code>"sign"</code> or <code>"verify"</code>,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-DataError"><code>DataError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Generate an RSA key pair, as defined in [<cite><a
+                    href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
+                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> attribute of
+                    <var>normalizedAlgorithm</var> and RSA public exponent equal to the
+                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> attribute of
+                    <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If generation of the key pair fails,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>algorithm</var> be a new
+                    <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+                    dictionary.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                    <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the
+                    <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                    attribute of <var>algorithm</var> to equal the
+                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+                    attribute of <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the
+                    <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                    attribute of <var>algorithm</var> to equal the
+                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+                    attribute of <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                    of <var>algorithm</var> to equal the
+                    <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
+                    <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                    object representing the public key of the generated key pair.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>publicKey</var> to <code>"public"</code>
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+                    slot of <var>publicKey</var> to <var>algorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
+                    slot of <var>publicKey</var> to true.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
+                    <var>publicKey</var> to be the <a href="#concept-usage-intersection">usage
+                    intersection</a> of <var>usages</var> and <code>[ "verify" ]</code>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                    object representing the private key of the generated key pair.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>privateKey</var> to <code>"private"</code>
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+                    slot of <var>privateKey</var> to <var>algorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
+                    slot of <var>privateKey</var> to <var>extractable</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
+                    <var>privateKey</var> to be the <a href="#concept-usage-intersection">usage
+                    intersection</a> of <var>usages</var> and <code>[ "sign" ]</code>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
+                    dictionary.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
+                    of <var>result</var> to be <var>publicKey</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
+                    of <var>result</var> to be <var>privateKey</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Return the result of converting <var>result</var> to an ECMAScript Object, as
+                    defined by [<a href="#WebIDL">WEBIDL</a>].
+                  </p>
+                </li>
+              </ol>
+              <div class="ednote">
+                <p>
+                  TODO: Specify the mapping between key.algorithm.hash and the appropriate Hash
+                  functions (and back to OID).
+                </p>
+              </div>
+            </dd>
+
+            <dt>Import Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>Let <var>keyData</var> be the key data to be imported.</p>
+                </li>
+                <li>
+                  <dl class="switch">
+                    <dt>If <var>format</var> is <code>"spki"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            Let <var>spki</var> be the result of running the
+                            <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
+                            algorithm over <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be a string whose initial value is undefined.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>alg</var> be the <code>algorithm</code> object identifier
+                            field of the <code>algorithm</code> AlgorithmIdentifier field of
+                            <var>spki</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                              OID defined in Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be undefined.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha1WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-1</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha256WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-256</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha384WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-384</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha512WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-512</code>.
+                              </p>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
+                                <a href="#dfn-DataError"><code>DataError</code></a>.
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            If <var>hash</var> is defined, and is not equal to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>, <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set <var>hash</var> to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>publicKey</var> be the result of performing the <a
+                            href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                            algorithm, with <var>data</var> as the
+                            <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
+                            <var>structure</var> as the <code>RSAPublicKey</code> structure
+                            specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
+                            <var>exactData</var> set to true.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                            object that represents the RSA public key identified by
+                            <var>publicKey</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> to <code>"public"</code>
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            Let <var>privateKeyInfo</var> be the result of running the
+                            <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
+                            algorithm over <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be a string whose initial value is undefined.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>alg</var> be the <code>algorithm</code> object identifier
+                            field of the <code>privateKeyAlgorithm</code>
+                            PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                              OID defined in Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be undefined.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha1WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-1</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha256WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-256</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha384WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-384</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>sha512WithRSAEncryption</code> OID defined in Section A.2.4 of
+                              <a href="#RFC3279">RFC 3279</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-512</code>.
+                              </p>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
+                                <a href="#dfn-DataError"><code>DataError</code></a>.
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            If <var>hash</var> is defined, and is not equal to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>, <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set <var>hash</var> to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>rsaPrivateKey</var> be the result of performing the <a
+                            href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                            algorithm, with <var>data</var> as the
+                            <code>privateKey</code> field of <var>privateKeyInfo</var>,
+                            <var>structure</var> as the <code>RSAPrivateKey</code> structure
+                            specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
+                            <var>exactData</var> set to true.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                            object that represents the RSA private key identified by
+                            <var>rsaPrivateKey</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> to <code>"private"</code>
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
+                            dictionary represented by <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"kty"</code> field of <var>jwk</var> is not a
+                            case-sensitive string match to <code>"RSA"</code>,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"enc"</code>,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+                            is invalid according to the requirements of
+                            <a href="#jwk">JSON Web Key</a> or
+                            does not contain all of the specified <var>usages</var> values,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be a be a string whose initial value is
+                            undefined.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If the <code>"alg"</code> field of <var>jwk</var> is not
+                              present:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be undefined.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"RS1"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-1</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"RS256"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-256</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"RS384"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-384</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"RS512"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-512</code>.
+                              </p>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
+                                <a href="#dfn-DataError"><code>DataError</code></a>.
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    If <var>jwk</var> does not meet the requirements of
+                                    Section 6.3.2 of <a href="#jwa">JSON Web
+                                    Algorithms</a>,
+                                    then <a href="#concept-return-an-error">return an error</a> named
+                                    <a href="#dfn-DataError"><code>DataError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Let <var>key</var> be a new <a
+                                    href="#dfn-CryptoKey">CryptoKey</a> object that represents the
+                                    RSA private key identified by interpreting <var>jwk</var>
+                                    according to Section 6.3.2 of <a href="#jwa"> JSON Web
+                                    Algorithms</a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
+                                    internal slot of <var>key</var> to <code>"private"</code>
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    If <var>jwk</var> does not meet the requirements of Section
+                                    6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
+                                    href="#concept-return-an-error">return an error</a> named <a
+                                    href="#dfn-DataError"><code>DataError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Let <var>key</var> be a new <a
+                                    href="#dfn-CryptoKey">CryptoKey</a> object that represents the
+                                    RSA public key identified by interpreting <var>jwk</var>
+                                    according to Section 6.3.1 of <a href="#jwa"> JSON Web
+                                    Algorithms</a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
+                                    internal slot of <var>key</var> to <code>"public"</code>
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                          </dl>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>Otherwise:</dt>
+                    <dd>
+                      <a href="#concept-return-an-error">Return an error</a> named
+                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                    </dd>
+                  </dl>
+                </li>
+                <li>
+                  <p>
+                    Let <var>algorithm</var> be a new
+                    <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a> dictionary.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                    <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                    attribute of <var>algorithm</var> to the length, in bits, of the RSA public
+                    modulus.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                    attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
+                    representation of the RSA public exponent.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
+                    <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+                    whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+                    slot of <var>key</var> to <var>algorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>Return <var>key</var>.</p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Export Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    Let <var>key</var> be the key to be exported.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If the underlying cryptographic key material represented by the [[<a
+                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
+                    cannot be accessed, then <a href="#concept-return-an-error">return an
+                    error</a> named <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <dl class="switch">
+                    <dt>If <var>format</var> is <code>"spki"</code></dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> is not <code>"public"</code>, then <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>data</var> be the result of <a
+                            href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
+                            subjectPublicKeyInfo</a> with the following properties:
+                          </p>
+                          <ul>
+                            <li>
+                              <p>
+                                Set the <var>algorithm</var> field to an
+                                <code>AlgorithmIdentifier</code> ASN.1 type with the following
+                                properties:
+                              </p>
+                              <ul>
+                                <li>
+                                  <p>
+                                    Set the <var>algorithm</var> field to the OID
+                                    <code>1.2.840.113549.1.1</code>
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the <var>params</var> field to the ASN.1 type NULL.
+                                  </p>
+                                </li>
+                              </ul>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <var>subjectPublicKey</var> field to the result of
+                                DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
+                                in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
+                                represents the RSA public key represented by the [[<a
+                                href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
+                                <var>key</var>
+                              </p>
+                            </li>
+                          </ul>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
+                            <var>data</var>.
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> is not <code>"private"</code>, then <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>data</var> be the result of <a
+                            href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+                            with the following properties:
+                          </p>
+                          <ul>
+                            <li>
+                              <p>
+                                Set the <var>version</var> field to 0.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <var>privateKeyAlgorithm</var> field to a
+                                <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
+                                following properties:
+                              </p>
+                              <ul>
+                                <li>
+                                  <p>
+                                    Set the <var>algorithm</var> field to the OID
+                                    <code>1.2.840.113549.1.1</code>
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the <var>params</var> field to the ASN.1 type NULL.
+                                  </p>
+                                </li>
+                              </ul>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <var>privateKey</var> field to the result of DER-encoding
+                                an <code>RSAPrivateKey</code> ASN.1 type, as defined in <a
+                                href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that represents the
+                                RSA private key represented by the [[<a
+                                href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
+                                <var>key</var>
+                              </p>
+                              <div class="ednote">
+                                <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
+                                this field should be <em>BER</em> encoded in Section 5 (as a "for
+                                example"). However, to avoid requiring WebCrypto implementations
+                                support BER-encoding and BER-decoding, only <em>DER</em> encodings
+                                are produced or accepted.
+                              </div>
+                            </li>
+                          </ul>                              
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
+                            <var>data</var>.
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                    <dd>
+                      <ul>
+                        <li>
+                          <p>Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
+                          dictionary.</p>
+                        </li>
+                        <li>
+                          <p>Set the <code>kty</code> attribute of <var>jwk</var> to the string
+                          <code>"RSA"</code>.</p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
+                            attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
+                            attribute of <var>key</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
+                            <dd>
+                              <p>
+                                Set the <code>alg</code> attribute of <var>jwk</var> to the string
+                                <code>RS1</code>.
+                              </p>
+                            </dd>
+                            <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
+                            <dd>
+                              <p>
+                                Set the <code>alg</code> attribute of <var>jwk</var> to the string
+                                <code>RS256</code>.
+                              </p>
+                            </dd>
+                            <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
+                            <dd>
+                              <p>
+                                Set the <code>alg</code> attribute of <var>jwk</var> to the string
+                                <code>RS384</code>.
+                              </p>
+                            </dd>
+                            <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
+                            <dd>
+                              <p>
+                                Set the <code>alg</code> attribute of <var>jwk</var> to the string
+                                <code>RS512</code>.
+                              </p>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
+                                <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>Set the <code>alg</code> attribute of <var>jwk</var> to the string
+                          <code>RSA1_5</code>.</p>
+                        </li>
+                        <li>
+                          <p>
+                            Set the attributes <code>n</code> and <code>e</code> of <var>jwk</var>
+                            according to the corresponding definitions in <a href="#jwa">JSON Web
+                            Algorithms</a>, Section 6.3.1.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                              of <var>key</var> is <code>"private"</code>:
+                            </dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    Set the attributes named <code>d</code>, <code>p</code>,
+                                    <code>q</code>, <code>dp</code>, <code>dq</code>, and
+                                    <code>qi</code> of <var>jwk</var> according to the
+                                    corresponding definitions in <a href="#jwa">JSON Web
+                                    Algorithms</a>, Section 6.3.2.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    If the underlying RSA private key represented by the [[<a
+                                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
+                                    of <var>key</var> is represented by more than two primes, set
+                                    the attribute named <code>oth</code> of <var>jwk</var>
+                                    according to the corresponding definition in <a
+                                    href="#jwa">JSON Web Algorithms</a>, Section 6.3.2.7
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            Set the <code>key_ops</code> attribute of <var>jwk</var> to the <a
+                            href="#dfn-CryptoKey-usages">usages</a> attribute of <var>key</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set the <code>ext</code> attribute of <var>jwk</var> to the [[<a
+                            href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
+                            of <var>key</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>result</var> be the result of converting <var>jwk</var>
+                            to an ECMAScript Object, as defined by [<a href="#WebIDL">WEBIDL</a>].
+                          </p>
+                        </li>
+                      </ul>
+                    </dd>
+                    <dt>Otherwise</dt>
+                    <dd>
+                      <p>
                         <a href="#concept-return-an-error">Return an error</a> named
                         <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                      </dd>
-                    </dl>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>algorithm</var> be a new
-                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a> dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                      <var>algorithm</var> to <code>"RSA-PSS"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                      attribute of <var>algorithm</var> to the length, in bits, of the RSA public
-                      modulus.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                      attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
-                      representation of the RSA public exponent.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
-                      <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
-                      whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                      slot of <var>key</var> to <var>algorithm</var>
-                    </p>
-                  </li>
-                  <li>
-                    <p>Return <var>key</var>.</p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Export Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      Let <var>key</var> be the key to be exported.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If the underlying cryptographic key material represented by the [[<a
-                      href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                      cannot be accessed, then <a href="#concept-return-an-error">return an
-                      error</a> named <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <dl class="switch">
-                      <dt>If <var>format</var> is <code>"spki"</code></dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is not <code>"public"</code>, then <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>data</var> be the result of <a
-                              href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
-                              subjectPublicKeyInfo</a> with the following properties:
-                            </p>
-                            <ul>
-                              <li>
-                                <p>
-                                  Set the <var>algorithm</var> field to an
-                                  <code>AlgorithmIdentifier</code> ASN.1 type with the following
-                                  properties:
-                                </p>
-                                <ul>
-                                  <li>
-                                    <p>
-                                      Set the <var>algorithm</var> field to the OID
-                                      <code>id-RSASSA-PSS</code> defined in
-                                      <a href="#RFC3447">RFC 3447</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the <var>params</var> field to an instance of the
-                                      <code>RSASSA-PSS-params</code> ASN.1 type with the following
-                                      properties:
-                                    </p>
-                                    <ul>
-                                      <li>
-                                        <p>
-                                          Set the <var>hashAlgorithm</var> field to an instance of
-                                          the <code>HashAlgorithm</code> ASN.1 type with the
-                                          following properties:
-                                        </p>
-                                        <dl class="switch">
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-1</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha1</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-256</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha256</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-384</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha384</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-512</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha512</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                        </dl>
-                                      </li>
-                                      <li>
-                                        <p>
-                                          Set the <var>maskGenAlgorithm</var> field to an instance
-                                          of the <code>MaskGenAlgorithm</code> ASN.1 type with the
-                                          following properties:
-                                        </p>
-                                        <ul>
-                                          <li>
-                                            <p>
-                                              Set the <var>algorithm</var> field to the OID
-                                              <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
-                                              3447</a>.
-                                            </p>
-                                          </li>
-                                          <li>
-                                            <p>
-                                              Set the <var>params</var> field to an instance of the
-                                              <code>HashAlgorithm</code> ASN.1 type that is
-                                              identical to the <var>hashAlgorithm</var> field.
-                                            </p>
-                                          </li>
-                                        </ul>
-                                      </li>
-                                      <li>
-                                        <p>
-                                          Set the <var>saltLength</var> field to the length in
-                                          octets of the digest algorithm identified by the <a
-                                          href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
-                                          href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                                          of the [[<a
-                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                          internal slot of <var>key</var>.
-                                        </p>
-                                      </li>
-                                    </ul>
-                                  </li>
-                                </ul>
-                              </li>
-                              <li>
-                                <p>
-                                  Set the <var>subjectPublicKey</var> field to the result of
-                                  DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
-                                  in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
-                                  represents the RSA public key represented by the [[<a
-                                  href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                                  <var>key</var>
-                                </p>
-                              </li>
-                            </ul>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                              <var>data</var>.
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is not <code>"private"</code>, then <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>data</var> be the result of <a
-                              href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
-                              with the following properties:
-                            </p>
-                            <ul>
-                              <li>
-                                <p>
-                                  Set the <var>version</var> field to 0.
-                                </p>
-                              </li>
-                              <li>
-                                <p>
-                                  Set the <var>privateKeyAlgorithm</var> field to an
-                                  <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
-                                  following properties:
-                                </p>
-                                <ul>
-                                  <li>
-                                    <p>
-                                      Set the <var>algorithm</var> field to the OID
-                                      <code>id-RSASSA-PSS</code> defined in
-                                      <a href="#RFC3447">RFC 3447</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the <var>params</var> field to an instance of the
-                                      <code>RSASSA-PSS-params</code> ASN.1 type with the following
-                                      properties:
-                                    </p>
-                                    <ul>
-                                      <li>
-                                        <p>
-                                          Set the <var>hashAlgorithm</var> field to an instance of
-                                          the <code>HashAlgorithm</code> ASN.1 type with the
-                                          following properties:
-                                        </p>
-                                        <dl class="switch">
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-1</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha1</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-256</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha256</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-384</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha384</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                          <dt>
-                                            If the <a href="#dfn-KeyAlgorithm-name">name</a>
-                                            attribute of the <a
-                                            href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
-                                            the [[<a
-                                            href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                            internal slot of <var>key</var> is <code>SHA-512</code>:
-                                          </dt>
-                                          <dd>
-                                            <p>
-                                              Set the <var>algorithm</var> object identifier to the
-                                              OID <code>id-sha512</code> defined in <a
-                                              href="#RFC3447">RFC 3447</a>.
-                                            </p>
-                                          </dd>
-                                        </dl>
-                                      </li>
-                                      <li>
-                                        <p>
-                                          Set the <var>maskGenAlgorithm</var> field to an instance
-                                          of the <code>MaskGenAlgorithm</code> ASN.1 type with the
-                                          following properties:
-                                        </p>
-                                        <ul>
-                                          <li>
-                                            <p>
-                                              Set the <var>algorithm</var> field to the OID
-                                              <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
-                                              3447</a>.
-                                            </p>
-                                          </li>
-                                          <li>
-                                            <p>
-                                              Set the <var>params</var> field to an instance of the
-                                              <code>HashAlgorithm</code> ASN.1 type that is
-                                              identical to the <var>hashAlgorithm</var> field.
-                                            </p>
-                                          </li>
-                                        </ul>
-                                      </li>
-                                      <li>
-                                        <p>
-                                          Set the <var>saltLength</var> field to the length in
-                                          octets of the digest algorithm identified by the <a
-                                          href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
-                                          href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                                          of the [[<a
-                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                          internal slot of <var>key</var>.
-                                        </p>
-                                      </li>
-                                    </ul>
-                                  </li>
-                                </ul>
-                              </li>
-                              <li>
-                                <p>
-                                  Set the <var>privateKey</var> field to the result of DER-encoding
-                                  an <code>RSAPrivateKey</code> ASN.1 type, as defined in <a
-                                  href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that represents the
-                                  RSA private key represented by the [[<a
-                                  href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                                  <var>key</var>
-                                </p>
-                                <div class="ednote">
-                                  <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
-                                  this field should be <em>BER</em> encoded in Section 5 (as a "for
-                                  example"). However, to avoid requiring WebCrypto implementations
-                                  support BER-encoding and BER-decoding, only <em>DER</em> encodings
-                                  are produced or accepted.
-                                </div>
-                              </li>
-                            </ul>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                              <var>data</var>.
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                      <dd>
-                        <ul>
-                          <li>
-                            <p>Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a> dictionary.</p>
-                          </li>
-                          <li>
-                            <p>Set the <code>kty</code> attribute of <var>jwk</var> to the string
-                            <code>"RSA"</code>.</p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be the <a href="#dfn-KeyAlgorithm-name">name</a>
-                              attribute of the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
-                              attribute of the [[<a
-                              href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                              <var>key</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>If <var>hash</var> is <code>SHA-1</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>PS1</code>.
-                                </p>
-                              </dd>
-                              <dt>If <var>hash</var> is <code>SHA-256</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>PS256</code>.
-                                </p>
-                              </dd>
-                              <dt>If <var>hash</var> is <code>SHA-384</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>PS384</code>.
-                                </p>
-                              </dd>
-                              <dt>If <var>hash</var> is <code>SHA-512</code>:</dt>
-                              <dd>
-                                <p>
-                                  Set the <code>alg</code> attribute of <var>jwk</var> to the string
-                                  <code>PS512</code>.
-                                </p>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              Set the attributes <code>n</code> and <code>e</code> of <var>jwk</var>
-                              according to the corresponding definitions in <a href="#jwa">JSON Web
-                              Algorithms</a>, Section 6.3.1.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                                <var>key</var> is <code>"private"</code>:
-                              </dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      Set the attributes named <code>d</code>, <code>p</code>,
-                                      <code>q</code>, <code>dp</code>, <code>dq</code>, and
-                                      <code>qi</code> of <var>jwk</var> according to the
-                                      corresponding definitions in <a href="#jwa">JSON Web
-                                      Algorithms</a>, Section 6.3.2.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the underlying RSA private key represented by the [[<a
-                                      href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
-                                      of <var>key</var> is represented by more than two primes, set
-                                      the attribute named <code>oth</code> of <var>jwk</var>
-                                      according to the corresponding definition in <a
-                                      href="#jwa">JSON Web Algorithms</a>, Section 6.3.2.7
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              Set the <code>key_ops</code> attribute of <var>jwk</var> to the <a
-                              href="#dfn-CryptoKey-usages">usages</a> attribute of <var>key</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the <code>ext</code> attribute of <var>jwk</var> to the [[<a
-                              href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
-                              of <var>key</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>result</var> be the result of converting <var>jwk</var>
-                              to an ECMAScript Object, as defined by [<a href="#WebIDL">WEBIDL</a>].
-                            </p>
-                          </li>
-                        </ul>
-                      </dd>
-                      <dt>Otherwise</dt>
-                      <dd>
-                        <p>
-                          <a href="#concept-return-an-error">Return an error</a> named
-                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                        </p>
-                      </dd>
-                    </dl>
-                  </li>
-                  <li>
-                    <p>
-                      Return <var>result</var>.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-            </dl>
-          </div>
-        </div>
-
-        <div id="rsa-oaep" class="section">
-          <h3>RSA-OAEP</h3>
-          <div id="rsa-oaep-description" class="section">
-            <h4>Description</h4>
-            <p>
-              The <code>"RSA-OAEP"</code> algorithm identifier is used to perform encryption
-              and decryption ordering to the RSAES-OAEP algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask
-              generation function MGF1.
-            </p>
-          </div>
-          <div id="rsa-oaep-registration" class="section">
-            <h4>Registration</h4>
-            <p>
-              The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-              this algorithm is <code>"RSA-OAEP"</code>.
-            </p>
-            <table>
-              <thead>
-                <tr>
-                  <th><a href="#supported-operations">Operation</a></th>
-                  <th><a href="#algorithm-specific-params">Parameters</a></th>
-                  <th><a href="#algorithm-result">Result</a></th>
-                </tr>
-              </thead>
-              <tbody>
-                <tr>
-                  <td>encrypt</td>
-                  <td><a href="#dfn-RsaOaepParams">RsaOaepParams</a></td>
-                  <td>ArrayBuffer</td>
-                </tr>
-                <tr>
-                  <td>decrypt</td>
-                  <td><a href="#dfn-RsaOaepParams">RsaOaepParams</a></td>
-                  <td>ArrayBuffer</td>
-                </tr>
-                <tr>
-                  <td>generateKey</td>
-                  <td><a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a></td>
-                  <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
-                </tr>
-                <tr>
-                  <td>importKey</td>
-                  <td><a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a></td>
-                  <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-                </tr>
-                <tr>
-                  <td>exportKey</td>
-                  <td>None</td>
-                  <td>object</td>
-                </tr>
-              </tbody>
-            </table>
-          </div>
-
-          <div id="rsa-oaep-params" class="section">
-            <h4>RsaOaepParams dictionary</h4>
-            <x:codeblock language="idl">
-dictionary <dfn id="dfn-RsaOaepParams">RsaOaepParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-  <span class="comment">// The optional label/application data to associate with the message</span>
-  CryptoOperationData? <dfn id="dfn-RsaOaepParams-label">label</dfn>;
+                      </p>
+                    </dd>
+                  </dl>
+                </li>
+                <li>
+                  <p>
+                    Return <var>result</var>.
+                  </p>
+                </li>
+              </ol>
+            </dd>
+          </dl>
+        </div>
+      </div>
+
+      <div id="rsa-pss" class="section">
+        <h3>RSA-PSS</h3>
+        <div id="rsa-pss-description" class="section">
+          <h4>Description</h4>
+          <p>
+            The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
+            and verification using the RSASSA-PSS algorithm specified in
+            [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
+            formula MGF1.
+          </p>
+        </div>
+        <div id="rsa-pss-registration" class="section">
+          <h4>Registration</h4>
+          <p>
+            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
+            this algorithm is <code>"RSA-PSS"</code>.
+          </p>
+          <table>
+            <thead>
+              <tr>
+                <th><a href="#supported-operations">Operation</a></th>
+                <th><a href="#algorithm-specific-params">Parameters</a></th>
+                <th><a href="#algorithm-result">Result</a></th>
+              </tr>
+            </thead>
+            <tbody>
+              <tr>
+                <td>sign</td>
+                <td><a href="#dfn-RsaPssParams">RsaPssParams</a></td>
+                <td>ArrayBuffer</td>
+              </tr>
+              <tr>
+                <td>verify</td>
+                <td><a href="#dfn-RsaPssParams">RsaPssParams</a></td>
+                <td>boolean</td>
+              </tr>
+              <tr>
+                <td>generateKey</td>
+                <td><a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a></td>
+                <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
+              </tr>
+              <tr>
+                <td>importKey</td>
+                <td><a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a></td>
+                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
+              </tr>
+              <tr>
+                <td>exportKey</td>
+                <td>None</td>
+                <td>object</td>
+              </tr>
+            </tbody>
+          </table>
+        </div>
+        <div id="RsaPssParams-dictionary" class="section">
+          <h4>RsaPssParams dictionary</h4>
+          <x:codeblock language="idl">
+dictionary <dfn id="dfn-RsaPssParams">RsaPssParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
+<span class="comment">// The desired length of the random salt</span>
+[EnforceRange] unsigned long <dfn id="dfn-RsaPssParams-saltLength">saltLength</dfn>;
 };
-            </x:codeblock>
-          </div>
-          <div id="rsa-oaep-operations" class="section">
-            <h4>Operations</h4>
-            <dl>
-              <dt>Encrypt</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of <var>key</var>
-                      is not <code>"public"</code>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaOaepParams">RsaOaepParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a href="#dfn-RsaOaepParams">RsaOaepParams</a> are
-                      not present in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Perform the encryption operation defined in Section 7.1 of [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
-                      as the recipient's RSA public key, the <a
-                      href="#concept-contents-of-arraybuffer">contents of <var>plaintext</var></a>
-                      as the message to be encrypted, <var>M</var> and the <a
-                      href="#concept-contents-of-arraybuffer">contents of</a> <a
-                      href="#dfn-RsaOaepParams-label">label</a> member of
-                      <var>normalizedAlgorithm</var> as the label, <var>L</var>, and with the hash
-                      function specified by the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
-                      attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>key</var> as the Hash option and MGF1 (defined in Section B.2.1 of
-                      [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>ciphertext</var> be a new <code>ArrayBuffer</code>
-                      containing the value <var>C</var> that results from performing the
-                      operation.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-              <dt>Decrypt</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of <var>key</var>
-                      is not <code>"private"</code>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaOaepParams">RsaOaepParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a href="#dfn-RsaOaepParams">RsaOaepParams</a> are
-                      not present in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Perform the decryption operation defined in Section 7.1 of [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var>
-                      as the recipient's RSA private key, the <a
-                      href="#concept-contents-of-arraybuffer">contents of <var>ciphertext</var></a>
-                      as the ciphertext to be decrypted, C, and the <a
-                      href="#concept-contents-of-arraybuffer">contents of</a> the <a
-                      href="#dfn-RsaOaepParams-label">label</a> member of
-                      <var>normalizedAlgorithm</var> as the label, <var>L</var>, and with the hash
-                      function specified by the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a>
-                      attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>key</var> as the Hash option and MGF1 (defined in Section B.2.1 of
-                      [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>plaintext</var> be a new <code>ArrayBuffer</code>
-                      containing the value <var>M</var> that results from performing the
-                      operation.
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-              <dt>Generate Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#dfn-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of
-                      <a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
-                      in <var>normalizedAlgorithm</var>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If <var>usages</var> contains an entry which is not
-                      <code>"encrypt"</code>, <code>"decrypt</code>,
-                      <code>wrapKey</code> or <code>unwrapKey</code>,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Generate an RSA key pair, as defined in [<cite><a
-                      href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
-                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
-                      <var>normalizedAlgorithm</var> and RSA public exponent equal to the
-                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
-                      <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If performing the operation results in an error,
-                      then <a href="#concept-return-an-error">return an error</a> named
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>algorithm</var> be a new
-                      <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
-                      object.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                      <var>algorithm</var> to <code>"RSA-OAEP"</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the
-                      <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
-                      attribute of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
-                      member of <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the
-                      <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
-                      attribute of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
-                      member of <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
-                      of <var>algorithm</var> to equal the
-                      <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
-                      <var>normalizedAlgorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object representing the public key of the generated key pair.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>publicKey</var> to <code>"public"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>publicKey</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot of
-                      <var>publicKey</var> to true.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                      <var>publicKey</var> to be the
-                      <a href="#concept-usage-intersection">usage intersection</a> of
-                      <var>usages</var> and <code>[ "encrypt", "wrapKey" ]</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object representing the private key of the generated key pair.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                      <var>privateKey</var> to <code>"private"</code>
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                      <var>privateKey</var> to <var>algorithm</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot of
-                      <var>privateKey</var> to <var>extractable</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                      <var>privateKey</var> to be the
-                      <a href="#concept-usage-intersection">usage intersection</a> of
-                      <var>usages</var> and <code>[ "decrypt", "unwrapKey" ]</code>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
-                      dictionary.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
-                      of <var>result</var> to be <var>publicKey</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
-                      of <var>result</var> to be <var>privateKey</var>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      Return the result of converting <var>result</var> to an ECMAScript Object, as
-                      defined by [<a href="#WebIDL">WEBIDL</a>].
-                    </p>
-                  </li>
-                </ol>
-              </dd>
-
-              <dt>Import Key</dt>
-              <dd>
-                <ol>
-                  <li>
-                    <p>Let <var>keyData</var> be the key data to be imported.</p>
-                  </li>
-                  <li>
-                    <p>
-                      Let <var>normalizedAlgorithm</var> be the result of
-                      <a href="#concept-normalize-to-type">normalizing</a> <var>algorithm</var>
-                      to <a href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a>.
-                    </p>
-                  </li>
-                  <li>
-                    <p>
-                      If any of the members of <a
-                      href="#dfn-RsaHashedImportParams">RsaHashedImportParams</a> are not present in
-                      <var>normalizedAlgorithm</var> then <a href="#concept-return-an-error">return
-                      an error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                    </p>
-                  </li>
-                  <li>
-                    <dl class="switch">
-                      <dt>If <var>format</var> is <code>"spki"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>spki</var> be the result of running the
-                              <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
-                              algorithm over <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>alg</var> be the <code>algorithm</code> object identifier
-                              field of the <code>algorithm</code> AlgorithmIdentifier field of
-                              <var>spki</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
-                                OID defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>id-RSAES-OAEP</code>
-                                OID defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      Let <var>params</var> be the ASN.1 structure contained within
-                                      the <code>parameters</code> field of the <code>algorithm</code>
-                                      AlgorithmIdentifier field of <var>spki</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If <var>params</var> is not defined, or is not an instance of
-                                      the <code>RSAES-OAEP-params</code> ASN.1 type defined in
-                                      <a href="#RFC3447">RFC3447</a>,
-                                      <a href="#concept-return-an-error">return an error</a> named
-                                      <a href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
-                                      within the <code>hashAlgorithm</code> field of <var>params</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <dl class="switch">
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-1</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-256</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-384</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-512</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>Otherwise:</dt>
-                                      <dd>
-                                        <p>
-                                          <a href="#concept-return-an-error">Return an error</a> named
-                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                        </p>
-                                      </dd>
-                                    </dl>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>algorithm</code> object identifier field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      equivalent to the OID <code>id-mgf1</code> defined in <a
-                                      href="#RFC3447">RFC 3447</a>, <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>parameters</code> field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
-                                      identical in content to the <code>hashAlglorithm</code> field of
-                                      <var>params</var>, <a href="#concept-return-an-error">return an
-                                      error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set <var>hash</var> to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>publicKey</var> be the result of performing the <a
-                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
-                              algorithm, with <var>data</var> as the
-                              <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
-                              <var>structure</var> as the <code>RSAPublicKey</code> structure
-                              specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
-                              <var>exactData</var> set to true.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                              object that represents the RSA public key identified by
-                              <var>publicKey</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                              <var>key</var> to <code>"public"</code>
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>privateKeyInfo</var> be the result of running the
-                              <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
-                              algorithm over <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing, then <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>alg</var> be the <code>algorithm</code> object identifier
-                              field of the <code>privateKeyAlgorithm</code>
-                              PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
-                                OID defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <p>
-                                  Let <var>hash</var> be undefined.
-                                </p>
-                              </dd>
-                              <dt>
-                                If <var>alg</var> is equivalent to the <code>id-RSAES-OAEP</code>
-                                OID defined in <a href="#RFC3447">RFC 3447</a>:
-                              </dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      Let <var>params</var> be the ASN.1 structure contained within
-                                      the <code>parameters</code> field of the
-                                      <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
-                                      field of <var>privateKeyInfo</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If <var>params</var> is not defined, or is not an instance of
-                                      the <code>RSAES-OAEP-params</code> ASN.1 type defined in <a
-                                      href="#RFC3447">RFC3447</a>, <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
-                                      within the <code>hashAlgorithm</code> field of
-                                      <var>params</var>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <dl class="switch">
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
-                                        OID defined in <a href="#RFC3447">RFC 3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-1</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the
-                                        <code>id-sha256</code> OID defined in <a href="#RFC3447">RFC
-                                        3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-256</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the
-                                        <code>id-sha384</code> OID defined in <a href="#RFC3447">RFC
-                                        3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-384</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>
-                                        If the <code>algorithm</code> object identifier field of
-                                        <var>hashAlg</var> is equivalent to the
-                                        <code>id-sha512</code> OID defined in <a href="#RFC3447">RFC
-                                        3447</a>:
-                                      </dt>
-                                      <dd>
-                                        <p>
-                                          Set <var>hash</var> to the string <code>SHA-512</code>.
-                                        </p>
-                                      </dd>
-                                      <dt>Otherwise:</dt>
-                                      <dd>
-                                        <p>
-                                          <a href="#concept-return-an-error">Return an error</a> named
-                                          <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                        </p>
-                                      </dd>
-                                    </dl>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>algorithm</code> object identifier field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      equivalent to the OID <code>id-mgf1</code> defined in <a
-                                      href="#RFC3447">RFC 3447</a>, <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      If the <code>parameters</code> field of the
-                                      <code>maskGenAlgorithm</code> field of <var>params</var> is not
-                                      an instance of the <code>HashAlgorithm</code> ASN.1 type that is
-                                      identical in content to the <code>hashAlglorithm</code> field of
-                                      <var>params</var>, <a href="#concept-return-an-error">return an
-                                      error</a> named <a
-                                      href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <p>
-                                  <a href="#concept-return-an-error">Return an error</a> named
-                                  <a href="#dfn-DataError"><code>DataError</code></a>.
-                                </p>
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set <var>hash</var> to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>rsaPrivateKey</var> be the result of performing the <a
-                              href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
-                              algorithm, with <var>data</var> as the
-                              <code>privateKey</code> field of <var>privateKeyInfo</var>,
-                              <var>structure</var> as the <code>RSAPrivateKey</code> structure
-                              specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
-                              <var>exactData</var> set to true.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If an error occurred while parsing,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
-                              object that represents the RSA private key identified by
-                              <var>rsaPrivateKey</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                              <var>key</var> to <code>"private"</code>
-                            </p>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                      <dd>
-                        <ol>
-                          <li>
-                            <p>
-                              Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                              dictionary represented by <var>keyData</var>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"kty"</code> field of <var>jwk</var> is not a
-                              case-sensitive string match to <code>"RSA"</code>,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                              not a case-sensitive string match to <code>"enc"</code>,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                              is invalid according to the requirements of
-                              <a href="#jwk">JSON Web Key</a> or
-                              does not contain all of the specified <var>usages</var> values,
-                              then <a href="#concept-return-an-error">return an error</a> named
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <p>
-                              Let <var>hash</var> be a string whose initial value is undefined.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>If the <code>alg</code> field of <var>jwk</var> is not present:</dt>
-                              <dd>Let <var>hash</var> be undefined.</dd>
-                              <dt>
-                                If the <code>alg</code> field of <var>jwk</var> is equal to
-                                <code>RSA-OAEP</code>:
-                              </dt>
-                              <dd>Let <var>hash</var> be the string <code>SHA-1</code>.</dd>
-                              <dt>
-                                If the <code>alg</code> field of <var>jwk</var> is equal to
-                                <code>RSA-OAEP-256</code>:
-                              </dt>
-                              <dd>Let <var>hash</var> be the string <code>SHA-256</code>.</dd>
-                              <dt>
-                                If the <code>alg</code> field of <var>jwk</var> is equal to
-                                <code>RSA-OAEP-384</code>:
-                              </dt>
-                              <dd>Let <var>hash</var> be the string <code>SHA-384</code>.</dd>
-                              <dt>
-                                If the <code>alg</code> field of <var>jwk</var> is equal to
-                                <code>RSA-OAEP-512</code>:
-                              </dt>
-                              <dd>Let <var>hash</var> be the string <code>SHA-512</code>.</dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <a href="#concept-return-an-error">return an error</a> named
+          </x:codeblock>
+        </div>
+        <div id="rsa-pss-operations" class="section">
+          <h4>Operations</h4>
+          <dl>
+            <dt>Sign</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>key</var> is not <code>"private"</code>, then <a
+                    href="#concept-return-an-error">return an error</a> named <a
+                    href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Perform the signature generation operation defined in Section 8.1 of [<cite><a
+                    href="#RFC3447">RFC3447</a></cite>] with the key represented by the [[<a
+                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
+                    as the signer's private key, <var>K</var>, and the <a
+                    href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
+                    the message to be signed, <var>M</var>, and using the hash function specified
+                    by the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                    [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+                    <var>key</var> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a
+                    href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the <a
+                    href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+                    <var>normalizedAlgorithm</var> as the salt length option for the
+                    EMM-PSS-ENCODE operation.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If performing the operation results in an error,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>signature</var> be a new <code>ArrayBuffer</code> containing the
+                    signature, S, that results from performing the operation.
+                  </p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Verify</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>key</var> is not <code>"public"</code>, then <a
+                    href="#concept-return-an-error">return an error</a> named <a
+                    href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Perform the signature verification operation defined in Section 8.1 of
+                    [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by the
+                    [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
+                    <var>key</var> as the signer's RSA public key and the <a
+                    href="#concept-contents-of-arraybuffer">contents of <var>message</var></a> as
+                    <var>M</var> and <a href="#concept-contents-of-arraybuffer">the contents of
+                    <var>signature</var></a> as <var>S</var> and using the hash function specified
+                    by the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of the
+                    [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+                    <var>key</var> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a
+                    href="#RFC3447">RFC3447</a></cite>]) as the MGF option and the <a
+                    href="#dfn-RsaPssParams-saltLength">saltLength</a> member of
+                    <var>normalizedAlgorithm</var> as the salt length option for the
+                    EMSA-PSS-VERIFY operation.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If performing the operation results in an error,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>result</var> be a boolean with value true if the
+                    result of the operation was "valid signature" and a boolean with value
+                    false otherwise.
+                  </p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Generate Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    If <var>usages</var> contains an entry which is not
+                    <code>"sign"</code> or <code>"verify"</code>,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Generate an RSA key pair, as defined in [<cite><a
+                    href="#RFC3447">RFC3447</a></cite>], with RSA modulus length equal to the
+                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a> member of
+                    <var>normalizedAlgorithm</var> and RSA public exponent equal to the
+                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> member of
+                    <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If performing the operation results in an error,
+                    then <a href="#concept-return-an-error">return an error</a> named
+                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>algorithm</var> be a new
+                    <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+                    dictionary.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                    <var>algorithm</var> to <code>"RSA-PSS"</code>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the
+                    <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                    attribute of <var>algorithm</var> to equal the
+                    <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+                    member of <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the
+                    <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                    attribute of <var>algorithm</var> to equal the
+                    <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+                    member of <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                    of <var>algorithm</var> to equal the
+                    <a href="#dfn-RsaHashedKeyGenParams">hash</a> member of
+                    <var>normalizedAlgorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                    object representing the public key of the generated key pair.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>publicKey</var> to <code>"public"</code>
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+                    slot of <var>publicKey</var> to <var>algorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
+                    slot of <var>publicKey</var> to true.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
+                    <var>publicKey</var> to be the <a href="#concept-usage-intersection">usage
+                    intersection</a> of <var>usages</var> and <code>[ "verify" ]</code>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                    object representing the private key of the generated key pair.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+                    <var>privateKey</var> to <code>"private"</code>
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+                    slot of <var>privateKey</var> to <var>algorithm</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
+                    slot of <var>privateKey</var> to <var>extractable</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
+                    <var>privateKey</var> to be the <a href="#concept-usage-intersection">usage
+                    intersection</a> of <var>usages</var> and <code>[ "sign" ]</code>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
+                    dictionary.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
+                    of <var>result</var> to <var>publicKey</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
+                    of <var>result</var> to <var>privateKey</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Return the result of converting <var>result</var> to an ECMAScript Object,
+                    as defined by [<a href="#WebIDL">WEBIDL</a>].
+                  </p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Import Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>Let <var>keyData</var> be the key data to be imported.</p>
+                </li>
+                <li>
+                  <dl class="switch">
+                    <dt>If <var>format</var> is <code>"spki"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            Let <var>spki</var> be the result of running the
+                            <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
+                            algorithm over <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be a string whose initial value is undefined.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>alg</var> be the <code>algorithm</code> object identifier
+                            field of the <code>algorithm</code> AlgorithmIdentifier field of
+                            <var>spki</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                              OID defined in <a href="#RFC3447">RFC 3447</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be undefined.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the
+                              <code>id-RSASSA-PSS</code> OID defined in
+                              <a href="#RFC3447">RFC 3447</a>:
+                            </dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    Let <var>params</var> be the ASN.1 structure contained within
+                                    the <code>parameters</code> field of the <code>algorithm</code>
+                                    AlgorithmIdentifier field of <var>spki</var>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    If <var>params</var> is not defined, or is not an instance of
+                                    the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+                                    <a href="#RFC3447">RFC3447</a>,
+                                    <a href="#concept-return-an-error">return an error</a> named
+                                    <a href="#dfn-DataError"><code>DataError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+                                    within the <code>hashAlgorithm</code> field of <var>params</var>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <dl class="switch">
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-1</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-256</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-384</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-512</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>Otherwise:</dt>
+                                    <dd>
+                                      <p>
+                                        <a href="#concept-return-an-error">Return an error</a> named
+                                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                      </p>
+                                    </dd>
+                                  </dl>
+                                </li>
+                                <li>
+                                  <p>
+                                    If the <code>algorithm</code> object identifier field of the
+                                    <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                    equivalent to the OID <code>id-mgf1</code> defined in <a
+                                    href="#RFC3447">RFC 3447</a>, <a
+                                    href="#concept-return-an-error">return an error</a> named <a
+                                    href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    If the <code>parameters</code> field of the
+                                    <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                    an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+                                    identical in content to the <code>hashAlglorithm</code> field of
+                                    <var>params</var>, <a href="#concept-return-an-error">return an
+                                    error</a> named <a
+                                    href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
                                 <a href="#dfn-DataError"><code>DataError</code></a>.
-                              </dd>
-                            </dl>
-                          </li>
-                          <li>
-                            <p>
-                              If <var>hash</var> is defined, and is not equal to the <a
-                              href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
-                              href="#dfn-RsaHashedImportParams-hash">hash</a> member of
-                              <var>normalizedAlgorithm</var>, <a
-                              href="#concept-return-an-error">return an error</a> named <a
-                              href="#dfn-DataError"><code>DataError</code></a>.
-                            </p>
-                          </li>
-                          <li>
-                            <dl class="switch">
-                              <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      If <var>jwk</var> does not meet the requirements of Section
-                                      6.3.2 of <a href="#jwa">JSON Web Algorithms</a>, then <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>key</var> be a new <a
-                                      href="#dfn-CryptoKey">CryptoKey</a> object that represents the
-                                      RSA private key identified by interpreting <var>jwk</var>
-                                      according to Section 6.3.2 of <a href="#jwa"> JSON Web
-                                      Algorithms</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                                      <var>key</var> to <code>"private"</code>
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                              <dt>Otherwise:</dt>
-                              <dd>
-                                <ol>
-                                  <li>
-                                    <p>
-                                      If <var>jwk</var> does not meet the requirements of Section
-                                      6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
-                                      href="#concept-return-an-error">return an error</a> named <a
-                                      href="#dfn-DataError"><code>DataError</code></a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Let <var>key</var> be a new <a
-                                      href="#dfn-CryptoKey">CryptoKey</a> object that represents the
-                                      RSA public key identified by interpreting <var>jwk</var>
-                                      according to Section 6.3.1 of <a href="#jwa"> JSON Web
-                                      Algorithms</a>.
-                                    </p>
-                                  </li>
-                                  <li>
-                                    <p>
-                                      Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                                      <var>key</var> to <code>"public"</code>
-                                    </p>
-                                  </li>
-                                </ol>
-                              </dd>
-                            </dl>
-                          </li>
-                        </ol>
-                      </dd>
-                      <dt>Otherwise:</dt>
-                      <dd>
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            If <var>hash</var> is defined, and is not equal to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>, <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set <var>hash</var> to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>publicKey</var> be the result of performing the <a
+                            href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                            algorithm, with <var>data</var> as the
+                            <code>subjectPublicKeyInfo</code> field of <var>spki</var>,
+                            <var>structure</var> as the <code>RSAPublicKey</code> structure
+                            specified in Section A.1.1 of <a href="#RFC3447">RFC 3447</a>, and
+                            <var>exactData</var> set to true.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                            object that represents the RSA public key identified by
+                            <var>publicKey</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> to <code>"public"</code>
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            Let <var>privateKeyInfo</var> be the result of running the
+                            <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
+                            algorithm over <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing, then <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be a string whose initial value is undefined.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>alg</var> be the <code>algorithm</code> object identifier
+                            field of the <code>privateKeyAlgorithm</code>
+                            PrivateKeyAlgorithmIdentifier field of <var>privateKeyInfo</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If <var>alg</var> is equivalent to the <code>rsaEncryption</code>
+                              OID defined in <a href="#RFC3447">RFC 3447</a>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be undefined.
+                              </p>
+                            </dd>
+                            <dt>
+                              If <var>alg</var> is equivalent to the <code>id-RSASSA-PSS</code> OID
+                              defined in <a href="#RFC3447">RFC 3447</a>:
+                            </dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    Let <var>params</var> be the ASN.1 structure contained within
+                                    the <code>parameters</code> field of the
+                                    <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier
+                                    field of <var>privateKeyInfo</var>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    If <var>params</var> is not defined, or is not an instance of
+                                    the <code>RSASSA-PSS-params</code> ASN.1 type defined in
+                                    <a href="#RFC3447">RFC3447</a>,
+                                    <a href="#concept-return-an-error">return an error</a> named
+                                    <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Let <var>hashAlg</var> be the AlgorithmIdentifier ASN.1 type
+                                    within the <code>hashAlgorithm</code> field of <var>params</var>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <dl class="switch">
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha1</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-1</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha256</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-256</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha384</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-384</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>
+                                      If the <code>algorithm</code> object identifier field of
+                                      <var>hashAlg</var> is equivalent to the <code>id-sha512</code>
+                                      OID defined in <a href="#RFC3447">RFC 3447</a>:
+                                    </dt>
+                                    <dd>
+                                      <p>
+                                        Set <var>hash</var> to the string <code>SHA-512</code>.
+                                      </p>
+                                    </dd>
+                                    <dt>Otherwise:</dt>
+                                    <dd>
+                                      <p>
+                                        <a href="#concept-return-an-error">Return an error</a> named
+                                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                      </p>
+                                    </dd>
+                                  </dl>
+                                </li>
+                                <li>
+                                  <p>
+                                    If the <code>algorithm</code> object identifier field of the
+                                    <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                    equivalent to the OID <code>id-mgf1</code> defined in <a
+                                    href="#RFC3447">RFC 3447</a>, <a
+                                    href="#concept-return-an-error">return an error</a> named <a
+                                    href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    If the <code>parameters</code> field of the
+                                    <code>maskGenAlgorithm</code> field of <var>params</var> is not
+                                    an instance of the <code>HashAlgorithm</code> ASN.1 type that is
+                                    identical in content to the <code>hashAlglorithm</code> field of
+                                    <var>params</var>, <a href="#concept-return-an-error">return an
+                                    error</a> named <a
+                                    href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
+                                <a href="#dfn-DataError"><code>DataError</code></a>.
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            If <var>hash</var> is defined, and is not equal to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>, <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set <var>hash</var> to the <a
+                            href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
+                            href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+                            <var>normalizedAlgorithm</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>rsaPrivateKey</var> be the result of performing the <a
+                            href="#concept-parse-an-asn1-structure">parse an ASN.1 structure</a>
+                            algorithm, with <var>data</var> as the
+                            <code>privateKey</code> field of <var>privateKeyInfo</var>,
+                            <var>structure</var> as the <code>RSAPrivateKey</code> structure
+                            specified in Section A.1.2 of <a href="#RFC3447">RFC 3447</a>, and
+                            <var>exactData</var> set to true.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If an error occurred while parsing,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a>
+                            object that represents the RSA private key identified by
+                            <var>rsaPrivateKey</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> to <code>"private"</code>
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
+                            dictionary represented by <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"kty"</code> field of <var>jwk</var> is not a
+                            case-sensitive string match to <code>"RSA"</code>,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"enc"</code>,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+                            is invalid according to the requirements of
+                            <a href="#jwk">JSON Web Key</a> or
+                            does not contain all of the specified <var>usages</var> values,
+                            then <a href="#concept-return-an-error">return an error</a> named
+                            <a href="#dfn-DataError"><code>DataError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>hash</var> be a be a string whose initial value is
+                            undefined.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>
+                              If the <code>"alg"</code> field of <var>jwk</var> is not
+                              present:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be undefined.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"PS1"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-1</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"PS256"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-256</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"PS384"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-384</code>.
+                              </p>
+                            </dd>
+                            <dt>
+                              If the <code>"alg"</code> field is equal to the string
+                              <code>"PS512"</code>:
+                            </dt>
+                            <dd>
+                              <p>
+                                Let <var>hash</var> be the string <code>SHA-512</code>.
+                              </p>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <p>
+                                <a href="#concept-return-an-error">Return an error</a> named
+                                <a href="#dfn-DataError"><code>DataError</code></a>.
+                              </p>
+                            </dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>If the <code>"d"</code> field of <var>jwk</var> is present:</dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    If <var>jwk</var> does not meet the requirements of
+                                    Section 6.3.2 of <a href="#jwa">JSON Web
+                                    Algorithms</a>,
+                                    then <a href="#concept-return-an-error">return an error</a> named
+                                    <a href="#dfn-DataError"><code>DataError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Let <var>key</var> be a new <a
+                                    href="#dfn-CryptoKey">CryptoKey</a> object that represents the
+                                    RSA private key identified by interpreting <var>jwk</var>
+                                    according to Section 6.3.2 of <a href="#jwa"> JSON Web
+                                    Algorithms</a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
+                                    internal slot of <var>key</var> to <code>"private"</code>
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                            <dt>Otherwise:</dt>
+                            <dd>
+                              <ol>
+                                <li>
+                                  <p>
+                                    If <var>jwk</var> does not meet the requirements of Section
+                                    6.3.1 of <a href="#jwa">JSON Web Algorithms</a>, then <a
+                                    href="#concept-return-an-error">return an error</a> named <a
+                                    href="#dfn-DataError"><code>DataError</code></a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Let <var>key</var> be a new <a
+                                    href="#dfn-CryptoKey">CryptoKey</a> object that represents the
+                                    RSA public key identified by interpreting <var>jwk</var>
+                                    according to Section 6.3.1 of <a href="#jwa"> JSON Web
+                                    Algorithms</a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]]
+                                    internal slot of <var>key</var> to <code>"public"</code>
+                                  </p>
+                                </li>
+                              </ol>
+                            </dd>
+                          </dl>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>Otherwise:</dt>
+                    <dd>
+                      <a href="#concept-return-an-error">Return an error</a> named
+                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+                    </dd>
+                  </dl>
+                </li>
+                <li>
+                  <p>
+                    Let <var>algorithm</var> be a new
+                    <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a> dictionary.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+                    <var>algorithm</var> to <code>"RSA-PSS"</code>
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+                    attribute of <var>algorithm</var> to the length, in bits, of the RSA public
+                    modulus.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+                    attribute of <var>algorithm</var> to the <a href="#dfn-BigInteger">BigInteger</a>
+                    representation of the RSA public exponent.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
+                    <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
+                    whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+                    slot of <var>key</var> to <var>algorithm</var>
+                  </p>
+                </li>
+                <li>
+                  <p>Return <var>key</var>.</p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Export Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                    Let <var>key</var> be the key to be exported.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                    If the underlying cryptographic key material represented by the [[<a
+                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
+                    cannot be accessed, then <a href="#concept-return-an-error">return an
+                    error</a> named <a href="#dfn-OperationError"><code>OperationError</code></a>.
+                  </p>
+                </li>
+                <li>
+                  <dl class="switch">
+                    <dt>If <var>format</var> is <code>"spki"</code></dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> is not <code>"public"</code>, then <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>data</var> be the result of <a
+                            href="#dfn-encode-a-subjectPublicKeyInfo">encoding a
+                            subjectPublicKeyInfo</a> with the following properties:
+                          </p>
+                          <ul>
+                            <li>
+                              <p>
+                                Set the <var>algorithm</var> field to an
+                                <code>AlgorithmIdentifier</code> ASN.1 type with the following
+                                properties:
+                              </p>
+                              <ul>
+                                <li>
+                                  <p>
+                                    Set the <var>algorithm</var> field to the OID
+                                    <code>id-RSASSA-PSS</code> defined in
+                                    <a href="#RFC3447">RFC 3447</a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the <var>params</var> field to an instance of the
+                                    <code>RSASSA-PSS-params</code> ASN.1 type with the following
+                                    properties:
+                                  </p>
+                                  <ul>
+                                    <li>
+                                      <p>
+                                        Set the <var>hashAlgorithm</var> field to an instance of
+                                        the <code>HashAlgorithm</code> ASN.1 type with the
+                                        following properties:
+                                      </p>
+                                      <dl class="switch">
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-1</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha1</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-256</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha256</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-384</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha384</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-512</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha512</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                      </dl>
+                                    </li>
+                                    <li>
+                                      <p>
+                                        Set the <var>maskGenAlgorithm</var> field to an instance
+                                        of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+                                        following properties:
+                                      </p>
+                                      <ul>
+                                        <li>
+                                          <p>
+                                            Set the <var>algorithm</var> field to the OID
+                                            <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+                                            3447</a>.
+                                          </p>
+                                        </li>
+                                        <li>
+                                          <p>
+                                            Set the <var>params</var> field to an instance of the
+                                            <code>HashAlgorithm</code> ASN.1 type that is
+                                            identical to the <var>hashAlgorithm</var> field.
+                                          </p>
+                                        </li>
+                                      </ul>
+                                    </li>
+                                    <li>
+                                      <p>
+                                        Set the <var>saltLength</var> field to the length in
+                                        octets of the digest algorithm identified by the <a
+                                        href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+                                        href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                                        of the [[<a
+                                        href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                        internal slot of <var>key</var>.
+                                      </p>
+                                    </li>
+                                  </ul>
+                                </li>
+                              </ul>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <var>subjectPublicKey</var> field to the result of
+                                DER-encoding an <code>RSAPublicKey</code> ASN.1 type, as defined
+                                in <a href="#RFC3447">RFC 3447</a>, Appendix A.1.1, that
+                                represents the RSA public key represented by the [[<a
+                                href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
+                                <var>key</var>
+                              </p>
+                            </li>
+                          </ul>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
+                            <var>data</var>.
+                          </p>
+                        </li>
+                      </ol>
+                    </dd>
+                    <dt>If <var>format</var> is <code>"pkcs8"</code>:</dt>
+                    <dd>
+                      <ol>
+                        <li>
+                          <p>
+                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
+                            of <var>key</var> is not <code>"private"</code>, then <a
+                            href="#concept-return-an-error">return an error</a> named <a
+                            href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>data</var> be the result of <a
+                            href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+                            with the following properties:
+                          </p>
+                          <ul>
+                            <li>
+                              <p>
+                                Set the <var>version</var> field to 0.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <var>privateKeyAlgorithm</var> field to an
+                                <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 type with the
+                                following properties:
+                              </p>
+                              <ul>
+                                <li>
+                                  <p>
+                                    Set the <var>algorithm</var> field to the OID
+                                    <code>id-RSASSA-PSS</code> defined in
+                                    <a href="#RFC3447">RFC 3447</a>.
+                                  </p>
+                                </li>
+                                <li>
+                                  <p>
+                                    Set the <var>params</var> field to an instance of the
+                                    <code>RSASSA-PSS-params</code> ASN.1 type with the following
+                                    properties:
+                                  </p>
+                                  <ul>
+                                    <li>
+                                      <p>
+                                        Set the <var>hashAlgorithm</var> field to an instance of
+                                        the <code>HashAlgorithm</code> ASN.1 type with the
+                                        following properties:
+                                      </p>
+                                      <dl class="switch">
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-1</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha1</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-256</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha256</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-384</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha384</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                        <dt>
+                                          If the <a href="#dfn-KeyAlgorithm-name">name</a>
+                                          attribute of the <a
+                                          href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+                                          the [[<a
+                                          href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                          internal slot of <var>key</var> is <code>SHA-512</code>:
+                                        </dt>
+                                        <dd>
+                                          <p>
+                                            Set the <var>algorithm</var> object identifier to the
+                                            OID <code>id-sha512</code> defined in <a
+                                            href="#RFC3447">RFC 3447</a>.
+                                          </p>
+                                        </dd>
+                                      </dl>
+                                    </li>
+                                    <li>
+                                      <p>
+                                        Set the <var>maskGenAlgorithm</var> field to an instance
+                                        of the <code>MaskGenAlgorithm</code> ASN.1 type with the
+                                        following properties:
+                                      </p>
+                                      <ul>
+                                        <li>
+                                          <p>
+                                            Set the <var>algorithm</var> field to the OID
+                                            <code>id-mgf1</code> defined in <a href="#RFC3447">RFC
+                                            3447</a>.
+                                          </p>
+                                        </li>
+                                        <li>
+                                          <p>
+                                            Set the <var>params</var> field to an instance of the
+                                            <code>HashAlgorithm</code> ASN.1 type that is
+                                            identical to the <var>hashAlgorithm</var> field.
+                                          </p>
+                                        </li>
+                                      </ul>
+                                    </li>
+                                    <li>
+                                      <p>
+                                        Set the <var>saltLength</var> field to the length in
+                                        octets of the digest algorithm identified by the <a
+                                        href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+                                        href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute
+                                        of the [[<a
+                                        href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+                                        internal slot of <var>key</var>.
+                                      </p>
+                                    </li>
+                                  </ul>
+                                </li>
+                              </ul>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <var>privateKey</var> field to the result of DER-encoding
+                                an <code>RSAPrivateKey</code> ASN.1 type, as defined in <a
+                                href="#RFC3447">RFC 3447</a>, Appendix A.1.2, that represents the
+                                RSA private key represented by the [[<a
+                                href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
+                                <var>key</var>
+                              </p>
+                              <div class="ednote">
+                                <a href="#RFC5208">RFC 5208</a> specifies that the encoding of
+