--- a/spec/Overview-WebCryptoAPI.xml Thu Nov 06 15:51:21 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Thu Nov 06 16:47:24 2014 -0800
@@ -30,8 +30,8 @@
<options xmlns='http://mcc.id.au/ns/local'>
<versions>
- <cvs href='http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html' />
- <this href='http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html' />
+ <cvs href='https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html' />
+ <this href='https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html' />
<previous href='https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html' />
<latest href='http://www.w3.org/TR/WebCryptoAPI/' />
</versions>
@@ -45,7 +45,7 @@
<affiliation>Netflix</affiliation>
</person>
</editors>
- <maturity>CR</maturity>
+ <maturity>ED</maturity>
<participate qual="STND"></participate>
</options>
</head>
@@ -74,7 +74,7 @@
<?sotd-top public-webcrypto-comments@w3.org http://lists.w3.org/Archives/Public/public-webcrypto-comments/ ?>
<p>
- This document is produced by the <a href="http://www.w3.org/2012/webcrypto">Web Cryptography
+ This document is produced by the <a href="http://www.w3.org/2012/webcrypto/">Web Cryptography
<acronym title="Working Group">WG</acronym></a> of the <acronym title="World Wide Web Consortium">W3C</acronym>.
</p>
@@ -102,7 +102,7 @@
(<a href="http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html">archive</a>)
, <a href="mailto:public-websecurity@w3.org">public-websecurity@w3.org</a>
(<a href="http://lists.w3.org/Archives/Public/public-web-security/2011Jun/0000.html">archive</a>), and
- <a href="mailto:public-identity@w3.org">public-identity@w3.org</a> (<a href="http://www.w3.org/Search/Mail/Public/search?type-index=public-identity&index-type=t&keywords=DOMCrypt&search=Search">archive</a>).
+ <a href="mailto:public-identity@w3.org">public-identity@w3.org</a> (<a href="https://www.w3.org/Search/Mail/Public/search?type-index=public-identity&index-type=t&keywords=DOMCrypt&search=Search">archive</a>).
Ongoing discussion will be on the <a href="mailto:public-webcrypto@w3.org">public-webcrypto@w3.org</a>
mailing list.
</p>
@@ -485,7 +485,7 @@
</div>
</div>
- <div id="security" class="section">
+ <div id="security-consideration" class="section">
<h2>Security considerations</h2>
<p class='norm'>This section is non-normative.</p>
<div id="security-implementers" class="section">
@@ -643,8 +643,8 @@
A <a href="#dfn-conforming-implementation">conforming user agent</a> MUST support at
least the subset of the functionality defined in HTML that this specification relies
upon; in particular, it MUST support the
- <a href="#arraybufferview">ArrayBufferView</a> typedef and the
- <a href="#structured-clone">structured clone</a> algorithm.
+ <a href="#dfn-ArrayBufferView">ArrayBufferView</a> typedef and the
+ <a href="#dfn-structured-clone">structured clone</a> algorithm.
[<a href="#HTML">HTML</a>]
</p>
</dd>
@@ -663,12 +663,14 @@
<h2>Terminology</h2>
<p>
The terms and algorithms
- <dfn id="arraybufferview">ArrayBufferView</dfn>, and
+ <dfn id="dfn-ArrayBuffer">ArrayBuffer</dfn>,
+ <dfn id="dfn-ArrayBufferView">ArrayBufferView</dfn>, and
<dfn id="structured-clone">structured clone</dfn>,
are defined by the HTML specification [<a href="#HTML">HTML</a>].
</p>
<p>
- The term <dfn id="BufferSource">BufferSource</dfn> is defined in [<cite><a href="#WebIDL">WEBIDL</a></cite>].
+ The terms <dfn id="dfn-DOMString">DOMString</dfn> and
+ <dfn id="BufferSource">BufferSource</dfn> are defined in [<cite><a href="#WebIDL">WEBIDL</a></cite>].
</p>
<p>
An <dfn id="dfn-octet-string">octet string</dfn> is an ordered sequence of zero or more
@@ -1146,7 +1148,7 @@
Every <code>CryptoKey</code> object has a set of internal slots that store information
about the key. These slots are not exposed as part of this specification; they
represent internal state that an implementation uses to implement this specification.
- The notational convention used in [<a href="#ES262">ES262</a>] is re-used here; internal
+ The notational convention used in [<a href="#ECMA-262">ECMA-262</a>] is re-used here; internal
slots are identified by names enclosed in double square brackets [[ ]].
</p>
<p>
@@ -1205,13 +1207,13 @@
<div id="cryptokey-interface-clone" class="section">
<h3>Structured clone algorithm</h3>
<p>
- When a user agent is required to obtain a <a href="#structured-clone">structured clone</a>
+ When a user agent is required to obtain a <a href="#dfn-structured-clone">structured clone</a>
of a <a href="#dfn-CryptoKey">CryptoKey</a> object, it must run the following steps.
</p>
<ol>
<li>
Let <var>input</var> and <var>memory</var> be the corresponding inputs defined by the
- <a href="#structured-clone">internal structured cloning algorithm</a>, where
+ <a href="#dfn-structured-clone">internal structured cloning algorithm</a>, where
<var>input</var> represents a <a href="#dfn-CryptoKey">CryptoKey</a> object to be
cloned.
</li>
@@ -2729,8 +2731,10 @@
<h3>Exceptions</h3>
<p>
The methods of the <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface return errors
- by rejecting the returned promise with a
- <a href="#dfn-DOMException">DOMException</a>. The following DOMException types from
+ by rejecting the returned promise with a predefined exception defined in ECMAScript
+ [<a href="#ECMA-262">ECMA-262</a>] or
+ <a href="#dfn-DOMException">DOMException</a>. The following predefined exceptions are
+ used: <dfn id="dfn-TypeError">TypeError</dfn>. The following DOMException types from
[<a href="#DOM4">DOM4</a>] are used:
</p>
<table>
@@ -2852,8 +2856,8 @@
<h2>CryptoKeyPair dictionary</h2>
<x:codeblock language="idl">
dictionary <dfn id="dfn-CryptoKeyPair">CryptoKeyPair</dfn> {
- <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKey-publicKey">publicKey</dfn>;
- <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKey-privateKey">privateKey</dfn>;
+ <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKeyPair-publicKey">publicKey</dfn>;
+ <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKeyPair-privateKey">privateKey</dfn>;
};
</x:codeblock>
<p>
@@ -2925,7 +2929,7 @@
Every cryptographic algorithm defined for use with the Web Cryptography API <span
class="RFC2119">MUST</span> define, for every <a href="#supported-operation">
supported operation</a>, the IDL type to use for <a
- href="#concept-algorithm-normalization">algorithm normalization</a>, as well as the
+ href="#algorithm-normalization">algorithm normalization</a>, as well as the
IDL type or types of the return values of the sub-algorithms.
</p>
</div>
@@ -2938,10 +2942,12 @@
specification conventions. A section, titled <em>"Registration"</em>, will include the
<a href="#recognized-algorithm-name">recognized algorithm name</a>. Additionally, it
includes a table, which will list each of the <a href="#supported-operation">supported
- operations</a> as rows, identified by the <em>Operation</em> column. The contents of the
- <em>Parameters</em> column for a given row will contain the IDL type to use for <a
- href="#concept-algorithm-normalization">algorithm normalization</a> for that operation,
- and the contents of the <em>Result</em> column for that row indicate the IDL type that
+ operations</a> as rows, identified by the <dfn id="supported-operations">Operation</dfn>
+ column. The contents of the <dfn id="algorithm-specific-params">Parameters</dfn> column
+ for a given row will contain the IDL type to use for <a
+ href="#algorithm-normalization">algorithm normalization</a> for that operation,
+ and the contents of the <dfn id="algorithm-result">Result</dfn> column for that row
+ indicate the IDL type that
results from performing the supported operation.
</p>
<p>
@@ -2957,9 +2963,9 @@
</p>
</div>
- <div id="algorithm-normalizing" class="section">
+ <div id="algorithm-normalization" class="section">
<h3>Algorithm Normalization</h3>
- <div id="algorithm-normalizing-description" class="section">
+ <div id="algorithm-normalization-description" class="section">
<h4>Description</h4>
<p class="norm">This section is non-normative</p>
<p>
@@ -2981,7 +2987,7 @@
</p>
</div>
- <div id="algorithm-normalizing-internal" class="section">
+ <div id="algorithm-normalization-internal" class="section">
<h4>Internal State Objects</h4>
<p>
This specification makes use of an internal object,
@@ -3008,7 +3014,7 @@
</ol>
</div>
- <div id="algorithm-normalizing-define-an-algorithm" class="section">
+ <div id="algorithm-normalization-define-an-algorithm" class="section">
<h4>Defining an Algorithm</h4>
<p>
The <dfn id="concept-define-an-algorithm">define an algorithm</dfn> algorithm is used
@@ -3029,7 +3035,7 @@
</ol>
</div>
- <div id="algorithm-normalizing-normalize-an-algorithm" class="section">
+ <div id="algorithm-normalization-normalize-an-algorithm" class="section">
<h4>Normalizing an algorithm</h4>
<p>
The <dfn id="dfn-normalize-an-algorithm">normalize an algorithm</dfn> algorithm defines
@@ -4112,7 +4118,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -4120,7 +4126,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a > a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -4286,7 +4292,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>hash</var>.
</p>
@@ -4294,7 +4300,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -4472,7 +4478,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>hash</var>.
</p>
@@ -4480,7 +4486,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -4722,8 +4728,7 @@
</li>
<li>
<p>
- Let <var>data</var> be the result of <a
- href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ Let <var>data</var> be the result of encoding a privateKeyInfo structure
with the following properties:
</p>
<ul>
@@ -4834,7 +4839,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-export-steps">key
export steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>key</var>
and obtaining <var>alg</var>.
</p>
@@ -4842,7 +4847,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
@@ -5390,7 +5395,7 @@
<p>
Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -5398,7 +5403,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -5627,7 +5632,7 @@
<p>
Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>hash</var>.
</p>
@@ -5635,7 +5640,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -5838,7 +5843,7 @@
<p>
Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>hash</var>.
</p>
@@ -5846,7 +5851,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -6133,7 +6138,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -6230,8 +6235,7 @@
</li>
<li>
<p>
- Let <var>data</var> be the result of <a
- href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ Let <var>data</var> be the result of encoding a privateKeyInfo structure
with the following properties:
</p>
<ul>
@@ -6338,7 +6342,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -6484,7 +6488,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -7050,9 +7054,9 @@
<ol>
<li>
<p>
- Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -7060,7 +7064,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -7290,9 +7294,9 @@
<ol>
<li>
<p>
- Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -7300,7 +7304,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -7486,7 +7490,7 @@
<p>
Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>hash</var>.
</p>
@@ -7494,7 +7498,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -7779,7 +7783,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -7865,8 +7869,7 @@
</li>
<li>
<p>
- Let <var>data</var> be the result of <a
- href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ Let <var>data</var> be the result of encoding a privateKeyInfo structure
with the following properties:
</p>
<ul>
@@ -7973,7 +7976,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -8124,7 +8127,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -8831,7 +8834,7 @@
<p>
Perform any <a href="#dfn-ecdsa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -8839,7 +8842,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -9050,7 +9053,7 @@
<p>
Perform any <a href="#dfn-ecdsa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -9058,7 +9061,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -9318,7 +9321,7 @@
<p>
Perform any <a href="#dfn-ecdsa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>key</var>.
</p>
@@ -9326,7 +9329,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -9519,7 +9522,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdsa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -9689,7 +9692,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdsa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -9823,7 +9826,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdsa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -9898,7 +9901,7 @@
<dfn id="dfn-ecdh-extended-generation-steps">ECDH generation steps</dfn>,
<dfn id="dfn-ecdh-extended-derivation-steps">ECDH derivation steps</dfn>,
<dfn id="dfn-ecdh-extended-import-steps">ECDH key import steps</dfn> and
- <dfn id="dfn-ecdh-extended-verification-steps">ECDH key export steps</dfn>.
+ <dfn id="dfn-ecdh-extended-export-steps">ECDH key export steps</dfn>.
</p>
</div>
<div id="ecdh-registration" class="section">
@@ -10356,7 +10359,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -10364,7 +10367,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10575,7 +10578,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -10583,7 +10586,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10796,7 +10799,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>key</var>.
</p>
@@ -10804,7 +10807,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10907,7 +10910,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>keyData</var>
and obtaining <var>key</var>.
</p>
@@ -10915,7 +10918,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10939,7 +10942,7 @@
</li>
<li>
<p>
- Set the <a href="#dfn-KeyAlgorithm-namedCurve">namedCurve</a>
+ Set the <a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a>
attribute of <var>algorithm</var> to equal the <a
href="#dfn-EcKeyImportParams-namedCurve">namedCurve</a> member of
<var>normalizedAlgorithm</var>.
@@ -11098,7 +11101,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -11262,7 +11265,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -11390,7 +11393,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -11463,7 +11466,7 @@
<dd>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -15156,13 +15159,13 @@
<dt>
Otherwise, if the <a href="#dfn-KeyAlgorithm-name">name</a> attribute
of <var>hash</var> is defined in
- <a href="#dfn-applicable-specifications">another applicable
+ <a href="#dfn-applicable-specification">another applicable
specification</a>:
</dt>
<dd>
Perform any <a href="#dfn-hmac-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and <var>hash</var>
and obtaining <var>hash</var>.
@@ -15224,7 +15227,7 @@
<dd>
Perform any <a href="#dfn-hmac-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and undefined
and obtaining <var>hash</var>.
@@ -15453,7 +15456,7 @@
<dt>
Otherwise, the <a href="#dfn-KeyAlgorithm-name">name</a> attribute
of <var>hash</var> is defined in
- <a href="#dfn-applicable-specifications">another applicable
+ <a href="#dfn-applicable-specification">another applicable
specification</a>:
</dt>
<dd>
@@ -15462,7 +15465,7 @@
<p>
Perform any <a href="#dfn-hmac-extended-export-steps">key
export steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and <var>key</var>
and obtaining <var>alg</var>.
</p>
@@ -15520,7 +15523,7 @@
<li>
<dl class="switch">
<dt>
- If the <a href="#dfn-HmacIMportParams-length">length</a> member of
+ If the <a href="#dfn-HmacImportParams-length">length</a> member of
<var>normalizedDerivedKeyAlgorithm</var> is not present:
</dt>
<dd>
@@ -16682,7 +16685,7 @@
<li>
<p>
Perform any <a href="#dfn-concat-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
</p>
<dl class="switch">
@@ -16837,7 +16840,7 @@
<h4>HkdfCtrParams dictionary</h4>
<x:codeblock language="idl">
dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#sha-256">SHA-256</a>)</span>
+<span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#alg-sha-256">SHA-256</a>)</span>
required <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-HkdfCtrParams-hash">hash</dfn>;
<span class="comment">// A bit string that corresponds to the label that identifies the purpose for the derived keying material.</span>
required BufferSource <dfn id="dfn-HkdfCtrParams-label">label</dfn>;
@@ -17056,7 +17059,7 @@
The <code>"PBKDF2"</code> algorithm identifier is used to
perform key derivation using the PKCS#5 password-based key
derivation function version 2.0, as defined in
- [<a href="#rfc2898">RFC2898</a>] using HMAC as the pseudo-random function,
+ [<a href="#RFC2898">RFC2898</a>] using HMAC as the pseudo-random function,
using the SHA hash functions defined
in this specification.
</p>
@@ -17147,7 +17150,7 @@
<li>
<p>
Let <var>result</var> be the result of performing the PBKDF2 operation defined
- in Section 5.2 of [<a href="#rfc2898">RFC2898</a>] using <var>prf</var> as the
+ in Section 5.2 of [<a href="#RFC2898">RFC2898</a>] using <var>prf</var> as the
pseudo-random function, <var>PRF</var>, the password represented by [[<a
href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
as the password, <var>P</var>, <a href="#concept-contents-of-arraybuffer">the
@@ -17550,7 +17553,7 @@
<p>
The <a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a>
method in the <code>Crypto</code> interface was originally proposed by Adam Barth to the
- <a href="http://wiki.whatwg.org/wiki/Crypto">WHATWG</a>.
+ <a href="https://wiki.whatwg.org/wiki/Crypto">WHATWG</a>.
</p>
</div>
<div id='references' class='section'>
@@ -17560,7 +17563,7 @@
<dl>
<dt id="DOM4">DOM4</dt>
<dd>
- <cite><a href="http://dom.spec.whatwg.org/">DOM (Living Standard)</a></cite>,
+ <cite><a href="https://dom.spec.whatwg.org/">DOM (Living Standard)</a></cite>,
A. Gregor, A. van Kesteren, Ms2ger. WHATWG.
<div class="ednote">This will be updated to W3C DOM4 once Promises are incorporated.</div>
</dd>
@@ -17581,7 +17584,7 @@
</dd>
<dt id="PKCS3">PKCS3</dt>
<dd>
- <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2126">PKCS #3: Diffie-Hellman
+ <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2126">PKCS #3: Diffie-Hellman
Key-Agreement Standard</a></cite>, RSA Laboratories.
</dd>
<dt id="RFC2119">RFC2119</dt>
@@ -17595,6 +17598,13 @@
(PKCS) #1: RSA Cryptography Specifications Version 2.1</a></cite>, J. Jonsson,
B. Kaliski. IETF.
</dd>
+ <dt id="RFC3279">RFC3279</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc3279">Algorithms and Identifiers for the
+ Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List
+ (CRL) Profile</a></cite>,
+ W. Polk, R. Housley, L. Bassham. IETF.
+ </dd>
<dt id="RFC5208">RFC5208</dt>
<dd>
<cite><a href="http://www.ietf.org/rfc/rfc5208.txt">Public-Key Cryptography Standards
@@ -17607,6 +17617,18 @@
Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a></cite>,
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. IETF.
</dd>
+ <dt id="RFC5480">RFC5480</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc5480.txt">Elliptic Curve Cryptography Subject
+ Public Key Information</a></cite>,
+ S. Turner, D. Brown, K. Yiu, R. Housley, T. Polk. IETF.
+ </dd>
+ <dt id="RFC5915">RFC5915</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc5915.txt">Elliptic Curve Private Key Structure
+ </a></cite>,
+ S. Turner, D. Brown. IETF.
+ </dd>
<dt id="WebIDL">Web IDL (Second Edition)</dt>
<dd>
<cite><a href="http://heycam.github.io/webidl/">Web IDL (Second Edition)</a></cite>,
@@ -17646,6 +17668,14 @@
</cite>,
July 2008, NIST.
</dd>
+ <dt id="X690">ITU-T Recommendation X.690 (11/08)</dt>
+ <dd>
+ <cite>
+ <a href="http://www.itu.int/rec/T-REC-X.690-200811-I/en">Information technology -
+ ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules (DER)</a>
+ </cite>, ITU-T.
+ </dd>
</dl>
</div>
<div id="informative-references" class="section">
@@ -17683,7 +17713,7 @@
</dd>
<dt id="PKCS11">PKCS11</dt>
<dd>
- <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2133">PKCS #11: Cryptographic
+ <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2133">PKCS #11: Cryptographic
Token Interface Standard</a></cite>, RSA Laboratories.
</dd>
<dt id="RFC2315">RFC 2315</dt>
@@ -17693,7 +17723,7 @@
</dd>
<dt id="RFC2898">RFC 2898</dt>
<dd>
- <cite><a href="http://tools.ietf.org/html/rfc2898">PKCS #5: Password-Based
+ <cite><a href="http://tools.ietf.org/html/RFC2898">PKCS #5: Password-Based
Cryptography Specification, Version 2.0</a></cite>, B. Kaliski. RSA Laboratories
</dd>
<dt id="RFC5705">RFC 5705</dt>
@@ -17713,6 +17743,17 @@
Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a></cite>,
J. Schaad, B. Kaliski, R. Housley. IETF.
</dd>
+ <dt id="RFC5756">RFC 5756</dt>
+ <dd>
+ <cite><a href="https://tools.ietf.org/html/rfc5756">Updates for RSAES-OAEP and
+ RSASSA-PSS Algorithm Parameters</a></cite>,
+ S. Turner, D. Brown, K. Yiu, R. Housley, T. Polk. IETF.
+ </dd>
+ <dt id="RFC5958">RFC 5958</dt>
+ <dd>
+ <cite><a href="https://tools.ietf.org/html/rfc5958">Asymmetric Key Packages</a></cite>,
+ S. Turner. IETF.
+ </dd>
<dt id="SP800-38A">NIST SP 800-38A</dt>
<dd>
<cite><a href="http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf">
--- a/spec/Overview.html Thu Nov 06 15:51:21 2014 -0800
+++ b/spec/Overview.html Thu Nov 06 16:47:24 2014 -0800
@@ -28,7 +28,7 @@
<link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
<body>
- <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>6 November 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
+ <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>6 November 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
(see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document&resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
<div class="section">
@@ -65,7 +65,7 @@
</p>
<p>
- This document is produced by the <a href="http://www.w3.org/2012/webcrypto">Web Cryptography
+ This document is produced by the <a href="http://www.w3.org/2012/webcrypto/">Web Cryptography
<acronym title="Working Group">WG</acronym></a> of the <acronym title="World Wide Web Consortium">W3C</acronym>.
</p>
@@ -93,7 +93,7 @@
(<a href="http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-May/031741.html">archive</a>)
, <a href="mailto:public-websecurity@w3.org">public-websecurity@w3.org</a>
(<a href="http://lists.w3.org/Archives/Public/public-web-security/2011Jun/0000.html">archive</a>), and
- <a href="mailto:public-identity@w3.org">public-identity@w3.org</a> (<a href="http://www.w3.org/Search/Mail/Public/search?type-index=public-identity&index-type=t&keywords=DOMCrypt&search=Search">archive</a>).
+ <a href="mailto:public-identity@w3.org">public-identity@w3.org</a> (<a href="https://www.w3.org/Search/Mail/Public/search?type-index=public-identity&index-type=t&keywords=DOMCrypt&search=Search">archive</a>).
Ongoing discussion will be on the <a href="mailto:public-webcrypto@w3.org">public-webcrypto@w3.org</a>
mailing list.
</p>
@@ -134,7 +134,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a><ul><li><a href="#extensibility">3.1. Extensibility</a></li></ul></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#concepts">5. Concepts</a><ul><li><a href="#concepts-underlying-implementation">5.1. Underlying Cryptographic Implementation</a></li><li><a href="#concepts-key-storage">5.2. Key Storage</a></li></ul></li><li><a href="#security">6. Security considerations</a><ul><li><a href="#security-implementers">6.1. Security considerations for implementers</a></li><li><a href="#security-developers">6.2. Security considerations for authors</a></li><li><a href="#security-users">6.3. Security considerations for users</a></li></ul></li><li><a href="#privacy">7. Privacy considerations</a></li><li><a href="#dependencies">8. Dependencies</a></li><li><a href="#terminology">9. Terminology</a></li><li><a href="#crypto-interface">10. Crypto interface</a><ul><li><a href="#Crypto-description">10.1. Description</a></li><li><a href="#Crypto-interface-methods">10.2. Methods and Parameters</a><ul><li><a href="#Crypto-method-getRandomValues">10.2.1. The getRandomValues method</a></li></ul></li><li><a href="#Crypto-interface-attributes">10.3. Attributes</a><ul><li><a href="#Crypto-attribute-subtle">10.3.1. The subtle attribute</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">11. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">11.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-dictionary">12. KeyAlgorithm dictionary</a><ul><li><a href="#key-algorithm-dictionary-description">12.1. Description</a></li><li><a href="#key-algorithm-dictionary-members">12.2. KeyAlgorithm dictionary members</a></li></ul></li><li><a href="#cryptokey-interface">13. CryptoKey interface</a><ul><li><a href="#cryptokey-interface-description">13.1. Description</a></li><li><a href="#cryptokey-interface-types">13.2. Key interface data types</a></li><li><a href="#cryptokey-interface-internal-slots">13.3. CryptoKey internal slots</a></li><li><a href="#cryptokey-interface-members">13.4. CryptoKey interface members</a></li><li><a href="#cryptokey-interface-clone">13.5. Structured clone algorithm</a></li></ul></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#JsonWebKey-dictionary">15. JsonWebKey dictionary</a></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. CryptoKeyPair dictionary</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#idp1019408">18.1. Overview</a></li><li><a href="#algorithm-concepts">18.2. Concepts</a><ul><li><a href="#algorithm-concepts-naming">18.2.1. Naming</a></li><li><a href="#algorithm-concepts-operations">18.2.2. Supported Operations</a></li><li><a href="#algorithm-concepts-normalization">18.2.3. Normalization</a></li></ul></li><li><a href="#algorithm-conventions">18.3. Specification Conventions</a></li><li><a href="#algorithm-normalizing">18.4. Algorithm Normalization</a><ul><li><a href="#algorithm-normalizing-description">18.4.1. Description</a></li><li><a href="#algorithm-normalizing-internal">18.4.2. Internal State Objects</a></li><li><a href="#algorithm-normalizing-define-an-algorithm">18.4.3. Defining an Algorithm</a></li><li><a href="#algorithm-normalizing-normalize-an-algorithm">18.4.4. Normalizing an algorithm</a></li></ul></li><li><a href="#algorithm-recommendations">18.5. Recommendations</a><ul><li><a href="#algorithm-recommendations-authors">18.5.1. For Authors</a></li><li><a href="#algorithm-recommendations-implementers">18.5.2. For Implementers</a></li></ul></li></ul></li><li><a href="#algorithm-overview">19. Algorithm Overview</a></li><li><a href="#rsassa-pkcs1">20. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">20.4. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-dictionary">20.5. RsaKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-dictionary">20.6. RsaHashedKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedImportParams-dictionary">20.7. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.8. Operations</a></li></ul></li><li><a href="#rsa-pss">21. RSA-PSS</a><ul><li><a href="#rsa-pss-description">21.1. Description</a></li><li><a href="#rsa-pss-registration">21.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">21.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">21.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">22. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">22.1. Description</a></li><li><a href="#rsa-oaep-registration">22.2. Registration</a></li><li><a href="#rsa-oaep-params">22.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">22.4. Operations</a></li></ul></li><li><a href="#ecdsa">23. ECDSA</a><ul><li><a href="#ecdsa-description">23.1. Description</a></li><li><a href="#ecdsa-registration">23.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">23.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">23.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-dictionary">23.5. EcKeyAlgorithm dictionary</a></li><li><a href="#EcKeyImportParams-dictionary">23.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">23.7. Operations</a></li></ul></li><li><a href="#ecdh">24. ECDH</a><ul><li><a href="#ecdh-description">24.1. Description</a></li><li><a href="#ecdh-registration">24.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.1. Description</a></li><li><a href="#aes-ctr-registration">25.2. Registration</a></li><li><a href="#aes-ctr-params">25.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-dictionary">25.4. </a></li><li><a href="#aes-keygen-params">25.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">25.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">25.7. Operations</a></li></ul></li><li><a href="#aes-cbc">26. AES-CBC</a><ul><li><a href="#aes-cbc-description">26.1. Description</a></li><li><a href="#aes-cbc-registration">26.2. Registration</a></li><li><a href="#aes-cbc-params">26.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">26.4. Operations</a></li></ul></li><li><a href="#aes-cmac">27. AES-CMAC</a><ul><li><a href="#aes-cmac-description">27.1. Description</a></li><li><a href="#aes-cmac-registration">27.2. Registration</a></li><li><a href="#aes-cmac-params">27.3. AesCmacParams dictionary</a></li><li><a href="#aes-cmac-operations">27.4. Operations</a></li></ul></li><li><a href="#aes-gcm">28. AES-GCM</a><ul><li><a href="#aes-gcm-description">28.1. Description</a></li><li><a href="#aes-gcm-registration">28.2. Registration</a></li><li><a href="#aes-gcm-params">28.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">28.4. Operations</a></li></ul></li><li><a href="#aes-cfb">29. AES-CFB</a><ul><li><a href="#aes-cfb-description">29.1. Description</a></li><li><a href="#aes-cfb-registration">29.2. Registration</a></li><li><a href="#aes-cfb-params">29.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">29.4. Operations</a></li></ul></li><li><a href="#aes-kw">30. AES-KW</a><ul><li><a href="#aes-kw-description">30.1. Description</a></li><li><a href="#aes-kw-registration">30.2. Registration</a></li><li><a href="#aes-kw-operations">30.3. Operations</a></li></ul></li><li><a href="#hmac">31. HMAC</a><ul><li><a href="#hmac-description">31.1. Description</a></li><li><a href="#hmac-registration">31.2. Registration</a></li><li><a href="#hmac-importparams">31.3. HmacImportParams dictionary</a></li><li><a href="#HmacKeyAlgorithm-dictionary">31.4. HmacKeyAlgorithm dictionary</a></li><li><a href="#hmac-keygen-params">31.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-operations">31.6. Operations</a></li></ul></li><li><a href="#dh">32. Diffie-Hellman</a><ul><li><a href="#dh-description">32.1. Description</a></li><li><a href="#dh-registration">32.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">32.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">32.4. DhKeyAlgorithm dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">32.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">32.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">32.7. Operations</a></li></ul></li><li><a href="#sha">33. SHA</a><ul><li><a href="#sha-description">33.1. Description</a></li><li><a href="#sha-registration">33.2. Registration</a></li><li><a href="#sha-operations">33.3. Operations</a></li></ul></li><li><a href="#concatkdf">34. Concat KDF</a><ul><li><a href="#concatkdf-description">34.1. Description</a></li><li><a href="#concatkdf-registration">34.2. Registration</a></li><li><a href="#concat-params">34.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">34.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">35. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">35.1. Description</a></li><li><a href="#hkdf-ctr-registration">35.2. Registration</a></li><li><a href="#hkdf-ctr-params">35.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">35.4. Operations</a></li></ul></li><li><a href="#pbkdf2">36. PBKDF2</a><ul><li><a href="#pbkdf2-description">36.1. Description</a></li><li><a href="#pbkdf2-registration">36.2. Registration</a></li><li><a href="#pbkdf2-params">36.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">36.4. Operations</a></li></ul></li><li><a href="#examples-section">37. JavaScript Example Code</a><ul><li><a href="#examples-signing">37.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">37.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">38. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">38.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">38.2. JSON Web Key Parameters Registration</a></li></ul></li><li><a href="#acknowledgements-section">39. Acknowledgements</a></li><li><a href="#references">40. References</a><ul><li><a href="#normative-references">40.1. Normative References</a></li><li><a href="#informative-references">40.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a><ul><li><a href="#extensibility">3.1. Extensibility</a></li></ul></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#concepts">5. Concepts</a><ul><li><a href="#concepts-underlying-implementation">5.1. Underlying Cryptographic Implementation</a></li><li><a href="#concepts-key-storage">5.2. Key Storage</a></li></ul></li><li><a href="#security-consideration">6. Security considerations</a><ul><li><a href="#security-implementers">6.1. Security considerations for implementers</a></li><li><a href="#security-developers">6.2. Security considerations for authors</a></li><li><a href="#security-users">6.3. Security considerations for users</a></li></ul></li><li><a href="#privacy">7. Privacy considerations</a></li><li><a href="#dependencies">8. Dependencies</a></li><li><a href="#terminology">9. Terminology</a></li><li><a href="#crypto-interface">10. Crypto interface</a><ul><li><a href="#Crypto-description">10.1. Description</a></li><li><a href="#Crypto-interface-methods">10.2. Methods and Parameters</a><ul><li><a href="#Crypto-method-getRandomValues">10.2.1. The getRandomValues method</a></li></ul></li><li><a href="#Crypto-interface-attributes">10.3. Attributes</a><ul><li><a href="#Crypto-attribute-subtle">10.3.1. The subtle attribute</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">11. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">11.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-dictionary">12. KeyAlgorithm dictionary</a><ul><li><a href="#key-algorithm-dictionary-description">12.1. Description</a></li><li><a href="#key-algorithm-dictionary-members">12.2. KeyAlgorithm dictionary members</a></li></ul></li><li><a href="#cryptokey-interface">13. CryptoKey interface</a><ul><li><a href="#cryptokey-interface-description">13.1. Description</a></li><li><a href="#cryptokey-interface-types">13.2. Key interface data types</a></li><li><a href="#cryptokey-interface-internal-slots">13.3. CryptoKey internal slots</a></li><li><a href="#cryptokey-interface-members">13.4. CryptoKey interface members</a></li><li><a href="#cryptokey-interface-clone">13.5. Structured clone algorithm</a></li></ul></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#JsonWebKey-dictionary">15. JsonWebKey dictionary</a></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. CryptoKeyPair dictionary</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-section-overview">18.1. Overview</a></li><li><a href="#algorithm-concepts">18.2. Concepts</a><ul><li><a href="#algorithm-concepts-naming">18.2.1. Naming</a></li><li><a href="#algorithm-concepts-operations">18.2.2. Supported Operations</a></li><li><a href="#algorithm-concepts-normalization">18.2.3. Normalization</a></li></ul></li><li><a href="#algorithm-conventions">18.3. Specification Conventions</a></li><li><a href="#algorithm-normalization">18.4. Algorithm Normalization</a><ul><li><a href="#algorithm-normalization-description">18.4.1. Description</a></li><li><a href="#algorithm-normalization-internal">18.4.2. Internal State Objects</a></li><li><a href="#algorithm-normalization-define-an-algorithm">18.4.3. Defining an Algorithm</a></li><li><a href="#algorithm-normalization-normalize-an-algorithm">18.4.4. Normalizing an algorithm</a></li></ul></li><li><a href="#algorithm-recommendations">18.5. Recommendations</a><ul><li><a href="#algorithm-recommendations-authors">18.5.1. For Authors</a></li><li><a href="#algorithm-recommendations-implementers">18.5.2. For Implementers</a></li></ul></li></ul></li><li><a href="#algorithm-overview">19. Algorithm Overview</a></li><li><a href="#rsassa-pkcs1">20. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">20.4. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-dictionary">20.5. RsaKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-dictionary">20.6. RsaHashedKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedImportParams-dictionary">20.7. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.8. Operations</a></li></ul></li><li><a href="#rsa-pss">21. RSA-PSS</a><ul><li><a href="#rsa-pss-description">21.1. Description</a></li><li><a href="#rsa-pss-registration">21.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">21.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">21.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">22. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">22.1. Description</a></li><li><a href="#rsa-oaep-registration">22.2. Registration</a></li><li><a href="#rsa-oaep-params">22.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">22.4. Operations</a></li></ul></li><li><a href="#ecdsa">23. ECDSA</a><ul><li><a href="#ecdsa-description">23.1. Description</a></li><li><a href="#ecdsa-registration">23.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">23.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">23.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-dictionary">23.5. EcKeyAlgorithm dictionary</a></li><li><a href="#EcKeyImportParams-dictionary">23.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">23.7. Operations</a></li></ul></li><li><a href="#ecdh">24. ECDH</a><ul><li><a href="#ecdh-description">24.1. Description</a></li><li><a href="#ecdh-registration">24.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.1. Description</a></li><li><a href="#aes-ctr-registration">25.2. Registration</a></li><li><a href="#aes-ctr-params">25.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-dictionary">25.4. </a></li><li><a href="#aes-keygen-params">25.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">25.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">25.7. Operations</a></li></ul></li><li><a href="#aes-cbc">26. AES-CBC</a><ul><li><a href="#aes-cbc-description">26.1. Description</a></li><li><a href="#aes-cbc-registration">26.2. Registration</a></li><li><a href="#aes-cbc-params">26.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">26.4. Operations</a></li></ul></li><li><a href="#aes-cmac">27. AES-CMAC</a><ul><li><a href="#aes-cmac-description">27.1. Description</a></li><li><a href="#aes-cmac-registration">27.2. Registration</a></li><li><a href="#aes-cmac-params">27.3. AesCmacParams dictionary</a></li><li><a href="#aes-cmac-operations">27.4. Operations</a></li></ul></li><li><a href="#aes-gcm">28. AES-GCM</a><ul><li><a href="#aes-gcm-description">28.1. Description</a></li><li><a href="#aes-gcm-registration">28.2. Registration</a></li><li><a href="#aes-gcm-params">28.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">28.4. Operations</a></li></ul></li><li><a href="#aes-cfb">29. AES-CFB</a><ul><li><a href="#aes-cfb-description">29.1. Description</a></li><li><a href="#aes-cfb-registration">29.2. Registration</a></li><li><a href="#aes-cfb-params">29.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">29.4. Operations</a></li></ul></li><li><a href="#aes-kw">30. AES-KW</a><ul><li><a href="#aes-kw-description">30.1. Description</a></li><li><a href="#aes-kw-registration">30.2. Registration</a></li><li><a href="#aes-kw-operations">30.3. Operations</a></li></ul></li><li><a href="#hmac">31. HMAC</a><ul><li><a href="#hmac-description">31.1. Description</a></li><li><a href="#hmac-registration">31.2. Registration</a></li><li><a href="#hmac-importparams">31.3. HmacImportParams dictionary</a></li><li><a href="#HmacKeyAlgorithm-dictionary">31.4. HmacKeyAlgorithm dictionary</a></li><li><a href="#hmac-keygen-params">31.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-operations">31.6. Operations</a></li></ul></li><li><a href="#dh">32. Diffie-Hellman</a><ul><li><a href="#dh-description">32.1. Description</a></li><li><a href="#dh-registration">32.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">32.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">32.4. DhKeyAlgorithm dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">32.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">32.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">32.7. Operations</a></li></ul></li><li><a href="#sha">33. SHA</a><ul><li><a href="#sha-description">33.1. Description</a></li><li><a href="#sha-registration">33.2. Registration</a></li><li><a href="#sha-operations">33.3. Operations</a></li></ul></li><li><a href="#concatkdf">34. Concat KDF</a><ul><li><a href="#concatkdf-description">34.1. Description</a></li><li><a href="#concatkdf-registration">34.2. Registration</a></li><li><a href="#concat-params">34.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">34.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">35. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">35.1. Description</a></li><li><a href="#hkdf-ctr-registration">35.2. Registration</a></li><li><a href="#hkdf-ctr-params">35.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">35.4. Operations</a></li></ul></li><li><a href="#pbkdf2">36. PBKDF2</a><ul><li><a href="#pbkdf2-description">36.1. Description</a></li><li><a href="#pbkdf2-registration">36.2. Registration</a></li><li><a href="#pbkdf2-params">36.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">36.4. Operations</a></li></ul></li><li><a href="#examples-section">37. JavaScript Example Code</a><ul><li><a href="#examples-signing">37.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">37.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">38. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">38.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">38.2. JSON Web Key Parameters Registration</a></li></ul></li><li><a href="#acknowledgements-section">39. Acknowledgements</a></li><li><a href="#references">40. References</a><ul><li><a href="#normative-references">40.1. Normative References</a></li><li><a href="#informative-references">40.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
</div>
<div id="sections">
@@ -493,7 +493,7 @@
</div>
</div>
- <div id="security" class="section">
+ <div id="security-consideration" class="section">
<h2>6. Security considerations</h2>
<p class="norm">This section is non-normative.</p>
<div id="security-implementers" class="section">
@@ -650,8 +650,8 @@
A <a href="#dfn-conforming-implementation">conforming user agent</a> MUST support at
least the subset of the functionality defined in HTML that this specification relies
upon; in particular, it MUST support the
- <a href="#arraybufferview">ArrayBufferView</a> typedef and the
- <a href="#structured-clone">structured clone</a> algorithm.
+ <a href="#dfn-ArrayBufferView">ArrayBufferView</a> typedef and the
+ <a href="#dfn-structured-clone">structured clone</a> algorithm.
[<a href="#HTML">HTML</a>]
</p>
</dd>
@@ -670,12 +670,14 @@
<h2>9. Terminology</h2>
<p>
The terms and algorithms
- <dfn id="arraybufferview">ArrayBufferView</dfn>, and
+ <dfn id="dfn-ArrayBuffer">ArrayBuffer</dfn>,
+ <dfn id="dfn-ArrayBufferView">ArrayBufferView</dfn>, and
<dfn id="structured-clone">structured clone</dfn>,
are defined by the HTML specification [<a href="#HTML">HTML</a>].
</p>
<p>
- The term <dfn id="BufferSource">BufferSource</dfn> is defined in [<cite><a href="#WebIDL">WEBIDL</a></cite>].
+ The terms <dfn id="dfn-DOMString">DOMString</dfn> and
+ <dfn id="BufferSource">BufferSource</dfn> are defined in [<cite><a href="#WebIDL">WEBIDL</a></cite>].
</p>
<p>
An <dfn id="dfn-octet-string">octet string</dfn> is an ordered sequence of zero or more
@@ -1151,7 +1153,7 @@
Every <code>CryptoKey</code> object has a set of internal slots that store information
about the key. These slots are not exposed as part of this specification; they
represent internal state that an implementation uses to implement this specification.
- The notational convention used in [<a href="#ES262">ES262</a>] is re-used here; internal
+ The notational convention used in [<a href="#ECMA-262">ECMA-262</a>] is re-used here; internal
slots are identified by names enclosed in double square brackets [[ ]].
</p>
<p>
@@ -1210,13 +1212,13 @@
<div id="cryptokey-interface-clone" class="section">
<h3>13.5. Structured clone algorithm</h3>
<p>
- When a user agent is required to obtain a <a href="#structured-clone">structured clone</a>
+ When a user agent is required to obtain a <a href="#dfn-structured-clone">structured clone</a>
of a <a href="#dfn-CryptoKey">CryptoKey</a> object, it must run the following steps.
</p>
<ol>
<li>
Let <var>input</var> and <var>memory</var> be the corresponding inputs defined by the
- <a href="#structured-clone">internal structured cloning algorithm</a>, where
+ <a href="#dfn-structured-clone">internal structured cloning algorithm</a>, where
<var>input</var> represents a <a href="#dfn-CryptoKey">CryptoKey</a> object to be
cloned.
</li>
@@ -2688,8 +2690,10 @@
<h3>14.4. Exceptions</h3>
<p>
The methods of the <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface return errors
- by rejecting the returned promise with a
- <a href="#dfn-DOMException">DOMException</a>. The following DOMException types from
+ by rejecting the returned promise with a predefined exception defined in ECMAScript
+ [<a href="#ECMA-262">ECMA-262</a>] or
+ <a href="#dfn-DOMException">DOMException</a>. The following predefined exceptions are
+ used: <dfn id="dfn-TypeError">TypeError</dfn>. The following DOMException types from
[<a href="#DOM4">DOM4</a>] are used:
</p>
<table>
@@ -2811,8 +2815,8 @@
<h2>17. CryptoKeyPair dictionary</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-CryptoKeyPair">CryptoKeyPair</dfn> {
- <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKey-publicKey">publicKey</dfn>;
- <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKey-privateKey">privateKey</dfn>;
+ <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKeyPair-publicKey">publicKey</dfn>;
+ <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-CryptoKeyPair-privateKey">privateKey</dfn>;
};
</code></pre></div></div>
<p>
@@ -2823,7 +2827,7 @@
<div id="algorithms" class="section">
<h2>18. Algorithms</h2>
- <div class="section">
+ <div id="algorithms-section-overview" class="section">
<h3>18.1. Overview</h3>
<p class="norm">This section is non-normative.</p>
<p>
@@ -2882,7 +2886,7 @@
<h4>18.2.3. Normalization</h4>
<p>
Every cryptographic algorithm defined for use with the Web Cryptography API <span class="RFC2119">MUST</span> define, for every <a href="#supported-operation">
- supported operation</a>, the IDL type to use for <a href="#concept-algorithm-normalization">algorithm normalization</a>, as well as the
+ supported operation</a>, the IDL type to use for <a href="#algorithm-normalization">algorithm normalization</a>, as well as the
IDL type or types of the return values of the sub-algorithms.
</p>
</div>
@@ -2895,9 +2899,11 @@
specification conventions. A section, titled <em>"Registration"</em>, will include the
<a href="#recognized-algorithm-name">recognized algorithm name</a>. Additionally, it
includes a table, which will list each of the <a href="#supported-operation">supported
- operations</a> as rows, identified by the <em>Operation</em> column. The contents of the
- <em>Parameters</em> column for a given row will contain the IDL type to use for <a href="#concept-algorithm-normalization">algorithm normalization</a> for that operation,
- and the contents of the <em>Result</em> column for that row indicate the IDL type that
+ operations</a> as rows, identified by the <dfn id="supported-operations">Operation</dfn>
+ column. The contents of the <dfn id="algorithm-specific-params">Parameters</dfn> column
+ for a given row will contain the IDL type to use for <a href="#algorithm-normalization">algorithm normalization</a> for that operation,
+ and the contents of the <dfn id="algorithm-result">Result</dfn> column for that row
+ indicate the IDL type that
results from performing the supported operation.
</p>
<p>
@@ -2913,9 +2919,9 @@
</p>
</div>
- <div id="algorithm-normalizing" class="section">
+ <div id="algorithm-normalization" class="section">
<h3>18.4. Algorithm Normalization</h3>
- <div id="algorithm-normalizing-description" class="section">
+ <div id="algorithm-normalization-description" class="section">
<h4>18.4.1. Description</h4>
<p class="norm">This section is non-normative</p>
<p>
@@ -2935,7 +2941,7 @@
</p>
</div>
- <div id="algorithm-normalizing-internal" class="section">
+ <div id="algorithm-normalization-internal" class="section">
<h4>18.4.2. Internal State Objects</h4>
<p>
This specification makes use of an internal object,
@@ -2961,7 +2967,7 @@
</ol>
</div>
- <div id="algorithm-normalizing-define-an-algorithm" class="section">
+ <div id="algorithm-normalization-define-an-algorithm" class="section">
<h4>18.4.3. Defining an Algorithm</h4>
<p>
The <dfn id="concept-define-an-algorithm">define an algorithm</dfn> algorithm is used
@@ -2982,7 +2988,7 @@
</ol>
</div>
- <div id="algorithm-normalizing-normalize-an-algorithm" class="section">
+ <div id="algorithm-normalization-normalize-an-algorithm" class="section">
<h4>18.4.4. Normalizing an algorithm</h4>
<p>
The <dfn id="dfn-normalize-an-algorithm">normalize an algorithm</dfn> algorithm defines
@@ -4048,7 +4054,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -4056,7 +4062,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -4219,7 +4225,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>hash</var>.
</p>
@@ -4227,7 +4233,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -4402,7 +4408,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>hash</var>.
</p>
@@ -4410,7 +4416,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -4639,7 +4645,7 @@
</li>
<li>
<p>
- Let <var>data</var> be the result of <a href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ Let <var>data</var> be the result of encoding a privateKeyInfo structure
with the following properties:
</p>
<ul>
@@ -4748,7 +4754,7 @@
<p>
Perform any <a href="#dfn-rsa-ssa-extended-export-steps">key
export steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>key</var>
and obtaining <var>alg</var>.
</p>
@@ -4756,7 +4762,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
@@ -5287,7 +5293,7 @@
<p>
Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -5295,7 +5301,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -5515,7 +5521,7 @@
<p>
Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>hash</var>.
</p>
@@ -5523,7 +5529,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -5719,7 +5725,7 @@
<p>
Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>hash</var>.
</p>
@@ -5727,7 +5733,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -5992,7 +5998,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -6083,7 +6089,7 @@
</li>
<li>
<p>
- Let <var>data</var> be the result of <a href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ Let <var>data</var> be the result of encoding a privateKeyInfo structure
with the following properties:
</p>
<ul>
@@ -6178,7 +6184,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -6318,7 +6324,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -6869,9 +6875,9 @@
<ol>
<li>
<p>
- Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -6879,7 +6885,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -7097,9 +7103,9 @@
<ol>
<li>
<p>
- Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>hash</var>.
</p>
@@ -7107,7 +7113,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -7286,7 +7292,7 @@
<p>
Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>hash</var>.
</p>
@@ -7294,7 +7300,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -7556,7 +7562,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -7639,7 +7645,7 @@
</li>
<li>
<p>
- Let <var>data</var> be the result of <a href="#dfn-encode-a-privateKeyInfo"> encoding a privateKeyInfo</a>
+ Let <var>data</var> be the result of encoding a privateKeyInfo structure
with the following properties:
</p>
<ul>
@@ -7734,7 +7740,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -7875,7 +7881,7 @@
<li>
<p>
Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -8570,7 +8576,7 @@
<p>
Perform any <a href="#dfn-ecdsa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -8578,7 +8584,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -8776,7 +8782,7 @@
<p>
Perform any <a href="#dfn-ecdsa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -8784,7 +8790,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -9026,7 +9032,7 @@
<p>
Perform any <a href="#dfn-ecdsa-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>key</var>.
</p>
@@ -9034,7 +9040,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -9211,7 +9217,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdsa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -9369,7 +9375,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdsa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -9499,7 +9505,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdsa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -9572,7 +9578,7 @@
<dfn id="dfn-ecdh-extended-generation-steps">ECDH generation steps</dfn>,
<dfn id="dfn-ecdh-extended-derivation-steps">ECDH derivation steps</dfn>,
<dfn id="dfn-ecdh-extended-import-steps">ECDH key import steps</dfn> and
- <dfn id="dfn-ecdh-extended-verification-steps">ECDH key export steps</dfn>.
+ <dfn id="dfn-ecdh-extended-export-steps">ECDH key export steps</dfn>.
</p>
</div>
<div id="ecdh-registration" class="section">
@@ -10016,7 +10022,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>spki</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -10024,7 +10030,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10225,7 +10231,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
and obtaining <var>namedCurve</var> and <var>key</var>.
</p>
@@ -10233,7 +10239,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10428,7 +10434,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and obtaining <var>key</var>.
</p>
@@ -10436,7 +10442,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10535,7 +10541,7 @@
<p>
Perform any <a href="#dfn-ecdh-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>keyData</var>
and obtaining <var>key</var>.
</p>
@@ -10543,7 +10549,7 @@
<li>
<p>
If an error occured or there are no
- <a href="#dfn-applicable-specifications">applicable
+ <a href="#dfn-applicable-specification">applicable
specifications</a>,
<a href="#concept-throw">throw</a> a
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -10566,7 +10572,7 @@
</li>
<li>
<p>
- Set the <a href="#dfn-KeyAlgorithm-namedCurve">namedCurve</a>
+ Set the <a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a>
attribute of <var>algorithm</var> to equal the <a href="#dfn-EcKeyImportParams-namedCurve">namedCurve</a> member of
<var>normalizedAlgorithm</var>.
</p>
@@ -10712,7 +10718,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -10864,7 +10870,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -10988,7 +10994,7 @@
<li>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -11056,7 +11062,7 @@
<dd>
<p>
Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and the
<a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> attribute of
the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
@@ -14657,13 +14663,13 @@
<dt>
Otherwise, if the <a href="#dfn-KeyAlgorithm-name">name</a> attribute
of <var>hash</var> is defined in
- <a href="#dfn-applicable-specifications">another applicable
+ <a href="#dfn-applicable-specification">another applicable
specification</a>:
</dt>
<dd>
Perform any <a href="#dfn-hmac-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and <var>hash</var>
and obtaining <var>hash</var>.
@@ -14725,7 +14731,7 @@
<dd>
Perform any <a href="#dfn-hmac-extended-import-steps">key
import steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var>, <var>jwk</var>
and undefined
and obtaining <var>hash</var>.
@@ -14949,7 +14955,7 @@
<dt>
Otherwise, the <a href="#dfn-KeyAlgorithm-name">name</a> attribute
of <var>hash</var> is defined in
- <a href="#dfn-applicable-specifications">another applicable
+ <a href="#dfn-applicable-specification">another applicable
specification</a>:
</dt>
<dd>
@@ -14958,7 +14964,7 @@
<p>
Perform any <a href="#dfn-hmac-extended-export-steps">key
export steps</a> defined by
- <a href="#dfn-applicable-specifications">other applicable
+ <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>format</var> and <var>key</var>
and obtaining <var>alg</var>.
</p>
@@ -15015,7 +15021,7 @@
<li>
<dl class="switch">
<dt>
- If the <a href="#dfn-HmacIMportParams-length">length</a> member of
+ If the <a href="#dfn-HmacImportParams-length">length</a> member of
<var>normalizedDerivedKeyAlgorithm</var> is not present:
</dt>
<dd>
@@ -16119,7 +16125,7 @@
<li>
<p>
Perform any <a href="#dfn-concat-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
+ defined by <a href="#dfn-applicable-specification">other applicable
specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
</p>
<dl class="switch">
@@ -16274,7 +16280,7 @@
<h4>35.3. HkdfCtrParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#sha-256">SHA-256</a>)</span>
+<span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#alg-sha-256">SHA-256</a>)</span>
required <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-HkdfCtrParams-hash">hash</dfn>;
<span class="comment">// A bit string that corresponds to the label that identifies the purpose for the derived keying material.</span>
required BufferSource <dfn id="dfn-HkdfCtrParams-label">label</dfn>;
@@ -16490,7 +16496,7 @@
The <code>"PBKDF2"</code> algorithm identifier is used to
perform key derivation using the PKCS#5 password-based key
derivation function version 2.0, as defined in
- [<a href="#rfc2898">RFC2898</a>] using HMAC as the pseudo-random function,
+ [<a href="#RFC2898">RFC2898</a>] using HMAC as the pseudo-random function,
using the SHA hash functions defined
in this specification.
</p>
@@ -16579,7 +16585,7 @@
<li>
<p>
Let <var>result</var> be the result of performing the PBKDF2 operation defined
- in Section 5.2 of [<a href="#rfc2898">RFC2898</a>] using <var>prf</var> as the
+ in Section 5.2 of [<a href="#RFC2898">RFC2898</a>] using <var>prf</var> as the
pseudo-random function, <var>PRF</var>, the password represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
as the password, <var>P</var>, <a href="#concept-contents-of-arraybuffer">the
contents of</a> the <a href="#dfn-Pbkdf2Params-salt">salt</a> attribute of
@@ -16975,7 +16981,7 @@
<p>
The <a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a>
method in the <code>Crypto</code> interface was originally proposed by Adam Barth to the
- <a href="http://wiki.whatwg.org/wiki/Crypto">WHATWG</a>.
+ <a href="https://wiki.whatwg.org/wiki/Crypto">WHATWG</a>.
</p>
</div>
<div id="references" class="section">
@@ -16985,7 +16991,7 @@
<dl>
<dt id="DOM4">DOM4</dt>
<dd>
- <cite><a href="http://dom.spec.whatwg.org/">DOM (Living Standard)</a></cite>,
+ <cite><a href="https://dom.spec.whatwg.org/">DOM (Living Standard)</a></cite>,
A. Gregor, A. van Kesteren, Ms2ger. WHATWG.
<div class="ednote"><div class="ednoteHeader">Editorial note</div>This will be updated to W3C DOM4 once Promises are incorporated.</div>
</dd>
@@ -17006,7 +17012,7 @@
</dd>
<dt id="PKCS3">PKCS3</dt>
<dd>
- <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2126">PKCS #3: Diffie-Hellman
+ <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2126">PKCS #3: Diffie-Hellman
Key-Agreement Standard</a></cite>, RSA Laboratories.
</dd>
<dt id="RFC2119">RFC2119</dt>
@@ -17020,6 +17026,13 @@
(PKCS) #1: RSA Cryptography Specifications Version 2.1</a></cite>, J. Jonsson,
B. Kaliski. IETF.
</dd>
+ <dt id="RFC3279">RFC3279</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc3279">Algorithms and Identifiers for the
+ Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List
+ (CRL) Profile</a></cite>,
+ W. Polk, R. Housley, L. Bassham. IETF.
+ </dd>
<dt id="RFC5208">RFC5208</dt>
<dd>
<cite><a href="http://www.ietf.org/rfc/rfc5208.txt">Public-Key Cryptography Standards
@@ -17032,6 +17045,18 @@
Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a></cite>,
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. IETF.
</dd>
+ <dt id="RFC5480">RFC5480</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc5480.txt">Elliptic Curve Cryptography Subject
+ Public Key Information</a></cite>,
+ S. Turner, D. Brown, K. Yiu, R. Housley, T. Polk. IETF.
+ </dd>
+ <dt id="RFC5915">RFC5915</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc5915.txt">Elliptic Curve Private Key Structure
+ </a></cite>,
+ S. Turner, D. Brown. IETF.
+ </dd>
<dt id="WebIDL">Web IDL (Second Edition)</dt>
<dd>
<cite><a href="http://heycam.github.io/webidl/">Web IDL (Second Edition)</a></cite>,
@@ -17071,6 +17096,14 @@
</cite>,
July 2008, NIST.
</dd>
+ <dt id="X690">ITU-T Recommendation X.690 (11/08)</dt>
+ <dd>
+ <cite>
+ <a href="http://www.itu.int/rec/T-REC-X.690-200811-I/en">Information technology -
+ ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules (DER)</a>
+ </cite>, ITU-T.
+ </dd>
</dl>
</div>
<div id="informative-references" class="section">
@@ -17108,7 +17141,7 @@
</dd>
<dt id="PKCS11">PKCS11</dt>
<dd>
- <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2133">PKCS #11: Cryptographic
+ <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2133">PKCS #11: Cryptographic
Token Interface Standard</a></cite>, RSA Laboratories.
</dd>
<dt id="RFC2315">RFC 2315</dt>
@@ -17118,7 +17151,7 @@
</dd>
<dt id="RFC2898">RFC 2898</dt>
<dd>
- <cite><a href="http://tools.ietf.org/html/rfc2898">PKCS #5: Password-Based
+ <cite><a href="http://tools.ietf.org/html/RFC2898">PKCS #5: Password-Based
Cryptography Specification, Version 2.0</a></cite>, B. Kaliski. RSA Laboratories
</dd>
<dt id="RFC5705">RFC 5705</dt>
@@ -17138,6 +17171,17 @@
Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a></cite>,
J. Schaad, B. Kaliski, R. Housley. IETF.
</dd>
+ <dt id="RFC5756">RFC 5756</dt>
+ <dd>
+ <cite><a href="https://tools.ietf.org/html/rfc5756">Updates for RSAES-OAEP and
+ RSASSA-PSS Algorithm Parameters</a></cite>,
+ S. Turner, D. Brown, K. Yiu, R. Housley, T. Polk. IETF.
+ </dd>
+ <dt id="RFC5958">RFC 5958</dt>
+ <dd>
+ <cite><a href="https://tools.ietf.org/html/rfc5958">Asymmetric Key Packages</a></cite>,
+ S. Turner. IETF.
+ </dd>
<dt id="SP800-38A">NIST SP 800-38A</dt>
<dd>
<cite><a href="http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf">