Add JSON Web Key section
authorMark Watson <watsonm@netflix.com>
Mon, 09 Dec 2013 18:15:02 -0800
changeset 80 f3240a7d89f2
parent 79 dffe14c6052a
child 81 07b333881f7d
Add JSON Web Key section
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Fri Aug 30 08:09:32 2013 -0500
+++ b/spec/Overview-WebCryptoAPI.xml	Mon Dec 09 18:15:02 2013 -0800
@@ -780,6 +780,130 @@
           </div>
         </div>
 
+        <div id="key-interface-jwk" class="section">
+        
+            <h3>Representation using JSON Web Key</h3>
+            <p>
+                The <a href="#dfn-KeyFormat">KeyFormat</a> value <code>jwk</code> enables <a href="#dfn-Key">Key</a> objects to be imported or exported in <a href="#jwk">JSON Web Key</a> format.
+            </p>
+            <p>
+                This specification defines additional <a href="#jwk">JSON Web Key</a> attributes and attribute values that may be used for this purpose as follows:
+                <ul>
+                    <li>Additional <code>alg</code> names for algorithms supported by WebCrypto not already defined for <a href="#jwk">JSON Web Key</a></li>
+                    <li>Additional <code>use</code> values for WebCrypto usages, enabling multiple specific usages to be associated with a key</li>
+                    <li>A new <code>ext</code> attribute providing the value of the <a href="#dfn-Key">Key</a>'s <a href="#dfn-Key-extractable">extractable</a> attribute.</li>
+                </ul>
+
+            </p>
+            <div id="key-interface-jwk-algorithms" class="section">
+                <h4>JSON Web Key algorithm names for WebCrypto algorithms</h4>
+                <p>
+                    This specification defines additional <a href="#jwk">JSON Web Key</a> algorithm names associated with WebCrypto algorithms as listed in the following table:
+                </p>
+                <table>
+                    <thead>
+                        <tr>
+                            <td>WebCrypto Algorithm</td>
+                            <td>Key Size (bits)</td>
+                            <td>JWK <code>alg</code> value</td>
+                        </tr>
+                    
+                    </thead>
+                    <tbody>
+                        <tr>
+                            <td>AES-CTR</td>
+                            <td>128</td>
+                            <td><code>A128CTR</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CTR</td>
+                            <td>192</td>
+                            <td><code>A192CTR</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CTR</td>
+                            <td>256</td>
+                            <td><code>A256CTR</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CBC</td>
+                            <td>128</td>
+                            <td><code>A128CBC</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CBC</td>
+                            <td>192</td>
+                            <td><code>A192CBC</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CBC</td>
+                            <td>256</td>
+                            <td><code>A256CBC</code></td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+            <div id="key-interface-jwk-use" class="section">
+                <h4>JSON Web Key <code>use</code> attribute</h4>
+                <p>
+                    This specification defines additional values for the <a href="#jwk">JSON Web Key</a> attribute <code>use</code> that enable accurate representation of <a href="#dfn-Key-usages">KeyUsage</a> values.
+                </p>
+
+                <table>
+                    <thead>
+                        <tr>
+                            <td>WebCrypto <a href="#dfn-Key-usages">KeyUsage</a> value</td>
+                            <td>Value in <a href="#jwk">JSON Web Key</a> <code>use</code> string</td>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <tr>
+                            <td><code>encrypt</code></td>
+                            <td><code>enconly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>decrypt</code></td>
+                            <td><code>deconly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>sign</code></td>
+                            <td><code>sigonly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>verify</code></td>
+                            <td><code>vfyonly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>deriveKey</code></td>
+                            <td><code>drvkey</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>deriveBits</code></td>
+                            <td><code>drvbits</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>wrapKey</code></td>
+                            <td><code>wrap</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>unwrapKey</code></td>
+                            <td><code>unwrap</code></td>
+                        </tr>
+                    </tbody>
+                </table>
+                <p>
+                    The <a href="#jwk">JSON Web Key</a> <code>use</code> value may contain a single registered value or a comma-separated list of distinct values, with no whitespace.
+
+                    Note that with these definitions, the <a href="#jwk">JSON Web Key</a> <code>use</code> value <code>enc</code> is equivalent to the value <code>enconly,deconly,wrap,unwrap</code> and the value <code>sig</code> is equivalent to the value <code>sigonly,vfyonly</code>.
+                </p>
+            </div>
+            <div id="key-interface-jwk-ext" class="section">
+                <h4>JSON Web Key <code>ext</code> attribute</h4>
+                <p>
+                This specification defines a new <a href="#jwk">JSON Web Key</a> attribute <code>ext</code> that enables the value of the <a href="#dfn-Key-extractable">extractable</a> attribute of a <a href="#dfn-Key">Key</a> to be included in a <a href="#jwk">JSON Web Key</a> object. The <code>ext</code> attribute SHALL have a Boolean value.
+                </p>
+            </div>
+        </div>
       </div>
 
       <div id="crypto-interface" class="section">
--- a/spec/Overview.html	Fri Aug 30 08:09:32 2013 -0500
+++ b/spec/Overview.html	Mon Dec 09 18:15:02 2013 -0800
@@ -28,7 +28,7 @@
   <link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
 
   <body>
-    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>30 August 2013</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editor:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
+    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>9 December 2013</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editor:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
     (see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document&amp;resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> &copy; view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>&reg;</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
 
     <div class="section">
@@ -56,7 +56,7 @@
         report can be found in the <a href="http://www.w3.org/TR/">W3C technical
           reports index</a> at http://www.w3.org/TR/.
       </em></p><p>
-        This document is the 30 August 2013 <b>Editor’s Draft</b> of the
+        This document is the 9 December 2013 <b>Editor’s Draft</b> of the
         <cite>Web Cryptography API</cite> specification.
       
       Please send comments about this document to
@@ -136,7 +136,7 @@
 
     <div id="toc">
       <h2>Table of Contents</h2>
-      <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#crypto-interface">12. Crypto interface</a></li><li><a href="#subtlecrypto-interface">13. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">13.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">13.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">13.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">13.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">13.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">13.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">13.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">13.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">13.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">13.2.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">13.2.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">13.2.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">13.2.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">13.2.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">14. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">14.1. Description</a></li></ul></li><li><a href="#big-integer">15. BigInteger</a></li><li><a href="#keypair">16. KeyPair</a></li><li><a href="#algorithms">17. Algorithms</a><ul><li><a href="#algorithms-index">17.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">17.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">17.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">17.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">17.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">17.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">17.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">17.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">17.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">17.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">17.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">17.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">17.4.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">17.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">17.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">17.5.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">17.5.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">17.5.4. Operations</a></li></ul></li><li><a href="#rsa-pss">17.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">17.6.1. Description</a></li><li><a href="#rsa-pss-registration">17.6.2. Registration</a></li><li><a href="#rsa-pss-params">17.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">17.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">17.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">17.7.1. Description</a></li><li><a href="#rsa-oaep-registration">17.7.2. Registration</a></li><li><a href="#rsa-oaep-params">17.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">17.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">17.8. ECDSA</a><ul><li><a href="#ecdsa-description">17.8.1. Description</a></li><li><a href="#ecdsa-registration">17.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">17.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">17.8.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">17.8.5. Operations</a></li></ul></li><li><a href="#ecdh">17.9. ECDH</a><ul><li><a href="#ecdh-description">17.9.1. Description</a></li><li><a href="#ecdh-registration">17.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">17.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">17.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">17.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">17.10.1. Description</a></li><li><a href="#aes-ctr-registration">17.10.2. Registration</a></li><li><a href="#aes-ctr-params">17.10.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">17.10.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">17.10.5. Operations</a></li></ul></li><li><a href="#aes-cbc">17.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">17.11.1. Description</a></li><li><a href="#aes-cbc-registration">17.11.2. Registration</a></li><li><a href="#aes-cbc-params">17.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">17.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">17.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">17.12.1. Description</a></li><li><a href="#aes-cmac-registration">17.12.2. Registration</a></li><li><a href="#aes-cmac-operations">17.12.3. Operations</a></li></ul></li><li><a href="#aes-gcm">17.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">17.13.1. Description</a></li><li><a href="#aes-gcm-registration">17.13.2. Registration</a></li><li><a href="#aes-gcm-params">17.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">17.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">17.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">17.14.1. Description</a></li><li><a href="#aes-cfb-registration">17.14.2. Registration</a></li><li><a href="#aes-cfb-params">17.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">17.14.4. Operations</a></li></ul></li><li><a href="#hmac">17.15. HMAC</a><ul><li><a href="#hmac-description">17.15.1. Description</a></li><li><a href="#hmac-registration">17.15.2. Registration</a></li><li><a href="#hmac-params">17.15.3. HmacParams dictionary</a></li><li><a href="#hmac-key-params">17.15.4. HmacKeyParams dictionary</a></li><li><a href="#hmac-operations">17.15.5. Operations</a></li></ul></li><li><a href="#dh">17.16. Diffie-Hellman</a><ul><li><a href="#dh-description">17.16.1. Description</a></li><li><a href="#dh-registration">17.16.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">17.16.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">17.16.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">17.16.5. Operations</a></li></ul></li><li><a href="#sha">17.17. SHA</a><ul><li><a href="#sha-description">17.17.1. Description</a></li><li><a href="#sha-registration">17.17.2. Registration</a></li><li><a href="#sha-operations">17.17.3. Operations</a></li></ul></li><li><a href="#concatkdf">17.18. Concat KDF</a><ul><li><a href="#concatkdf-description">17.18.1. Description</a></li><li><a href="#concatkdf-registration">17.18.2. Registration</a></li><li><a href="#concat-params">17.18.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">17.18.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">17.19. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">17.19.1. Description</a></li><li><a href="#hkdf-ctr-registration">17.19.2. Registration</a></li><li><a href="#hkdf-ctr-params">17.19.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">17.19.4. Operations</a></li></ul></li><li><a href="#pbkdf2">17.20. PBKDF2</a><ul><li><a href="#pbkdf2-description">17.20.1. Description</a></li><li><a href="#pbkdf2-registration">17.20.2. Registration</a></li><li><a href="#pbkdf2-params">17.20.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">17.20.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">18. Algorithm normalizing rules</a></li><li><a href="#examples-section">19. JavaScript Example Code</a><ul><li><a href="#examples-signing">19.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">19.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">20. Acknowledgements</a></li><li><a href="#references">21. References</a><ul><li><a href="#normative-references">21.1. Normative References</a></li><li><a href="#informative-references">21.2. Informative References</a></li></ul></li></ul></div>
+      <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li><li><a href="#key-interface-jwk">11.4. Representation using JSON Web Key</a><ul><li><a href="#key-interface-jwk-algorithms">11.4.1. JSON Web Key algorithm names for WebCrypto algorithms</a></li><li><a href="#key-interface-jwk-use">11.4.2. JSON Web Key use attribute</a></li><li><a href="#key-interface-jwk-ext">11.4.3. JSON Web Key ext attribute</a></li></ul></li></ul></li><li><a href="#crypto-interface">12. Crypto interface</a></li><li><a href="#subtlecrypto-interface">13. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">13.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">13.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">13.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">13.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">13.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">13.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">13.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">13.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">13.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">13.2.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">13.2.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">13.2.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">13.2.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">13.2.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">14. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">14.1. Description</a></li></ul></li><li><a href="#big-integer">15. BigInteger</a></li><li><a href="#keypair">16. KeyPair</a></li><li><a href="#algorithms">17. Algorithms</a><ul><li><a href="#algorithms-index">17.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">17.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">17.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">17.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">17.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">17.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">17.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">17.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">17.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">17.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">17.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">17.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">17.4.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">17.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">17.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">17.5.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">17.5.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">17.5.4. Operations</a></li></ul></li><li><a href="#rsa-pss">17.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">17.6.1. Description</a></li><li><a href="#rsa-pss-registration">17.6.2. Registration</a></li><li><a href="#rsa-pss-params">17.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">17.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">17.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">17.7.1. Description</a></li><li><a href="#rsa-oaep-registration">17.7.2. Registration</a></li><li><a href="#rsa-oaep-params">17.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">17.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">17.8. ECDSA</a><ul><li><a href="#ecdsa-description">17.8.1. Description</a></li><li><a href="#ecdsa-registration">17.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">17.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">17.8.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">17.8.5. Operations</a></li></ul></li><li><a href="#ecdh">17.9. ECDH</a><ul><li><a href="#ecdh-description">17.9.1. Description</a></li><li><a href="#ecdh-registration">17.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">17.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">17.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">17.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">17.10.1. Description</a></li><li><a href="#aes-ctr-registration">17.10.2. Registration</a></li><li><a href="#aes-ctr-params">17.10.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">17.10.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">17.10.5. Operations</a></li></ul></li><li><a href="#aes-cbc">17.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">17.11.1. Description</a></li><li><a href="#aes-cbc-registration">17.11.2. Registration</a></li><li><a href="#aes-cbc-params">17.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">17.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">17.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">17.12.1. Description</a></li><li><a href="#aes-cmac-registration">17.12.2. Registration</a></li><li><a href="#aes-cmac-operations">17.12.3. Operations</a></li></ul></li><li><a href="#aes-gcm">17.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">17.13.1. Description</a></li><li><a href="#aes-gcm-registration">17.13.2. Registration</a></li><li><a href="#aes-gcm-params">17.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">17.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">17.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">17.14.1. Description</a></li><li><a href="#aes-cfb-registration">17.14.2. Registration</a></li><li><a href="#aes-cfb-params">17.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">17.14.4. Operations</a></li></ul></li><li><a href="#hmac">17.15. HMAC</a><ul><li><a href="#hmac-description">17.15.1. Description</a></li><li><a href="#hmac-registration">17.15.2. Registration</a></li><li><a href="#hmac-params">17.15.3. HmacParams dictionary</a></li><li><a href="#hmac-key-params">17.15.4. HmacKeyParams dictionary</a></li><li><a href="#hmac-operations">17.15.5. Operations</a></li></ul></li><li><a href="#dh">17.16. Diffie-Hellman</a><ul><li><a href="#dh-description">17.16.1. Description</a></li><li><a href="#dh-registration">17.16.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">17.16.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">17.16.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">17.16.5. Operations</a></li></ul></li><li><a href="#sha">17.17. SHA</a><ul><li><a href="#sha-description">17.17.1. Description</a></li><li><a href="#sha-registration">17.17.2. Registration</a></li><li><a href="#sha-operations">17.17.3. Operations</a></li></ul></li><li><a href="#concatkdf">17.18. Concat KDF</a><ul><li><a href="#concatkdf-description">17.18.1. Description</a></li><li><a href="#concatkdf-registration">17.18.2. Registration</a></li><li><a href="#concat-params">17.18.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">17.18.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">17.19. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">17.19.1. Description</a></li><li><a href="#hkdf-ctr-registration">17.19.2. Registration</a></li><li><a href="#hkdf-ctr-params">17.19.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">17.19.4. Operations</a></li></ul></li><li><a href="#pbkdf2">17.20. PBKDF2</a><ul><li><a href="#pbkdf2-description">17.20.1. Description</a></li><li><a href="#pbkdf2-registration">17.20.2. Registration</a></li><li><a href="#pbkdf2-params">17.20.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">17.20.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">18. Algorithm normalizing rules</a></li><li><a href="#examples-section">19. JavaScript Example Code</a><ul><li><a href="#examples-signing">19.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">19.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">20. Acknowledgements</a></li><li><a href="#references">21. References</a><ul><li><a href="#normative-references">21.1. Normative References</a></li><li><a href="#informative-references">21.2. Informative References</a></li></ul></li></ul></div>
     </div>
 
     <div id="sections">
@@ -793,6 +793,130 @@
           </div>
         </div>
 
+        <div id="key-interface-jwk" class="section">
+        
+            <h3>11.4. Representation using JSON Web Key</h3>
+            <p>
+                The <a href="#dfn-KeyFormat">KeyFormat</a> value <code>jwk</code> enables <a href="#dfn-Key">Key</a> objects to be imported or exported in <a href="#jwk">JSON Web Key</a> format.
+            </p>
+            <p>
+                This specification defines additional <a href="#jwk">JSON Web Key</a> attributes and attribute values that may be used for this purpose as follows:
+                <ul>
+                    <li>Additional <code>alg</code> names for algorithms supported by WebCrypto not already defined for <a href="#jwk">JSON Web Key</a></li>
+                    <li>Additional <code>use</code> values for WebCrypto usages, enabling multiple specific usages to be associated with a key</li>
+                    <li>A new <code>ext</code> attribute providing the value of the <a href="#dfn-Key">Key</a>'s <a href="#dfn-Key-extractable">extractable</a> attribute.</li>
+                </ul>
+
+            </p>
+            <div id="key-interface-jwk-algorithms" class="section">
+                <h4>11.4.1. JSON Web Key algorithm names for WebCrypto algorithms</h4>
+                <p>
+                    This specification defines additional <a href="#jwk">JSON Web Key</a> algorithm names associated with WebCrypto algorithms as listed in the following table:
+                </p>
+                <table>
+                    <thead>
+                        <tr>
+                            <td>WebCrypto Algorithm</td>
+                            <td>Key Size (bits)</td>
+                            <td>JWK <code>alg</code> value</td>
+                        </tr>
+                    
+                    </thead>
+                    <tbody>
+                        <tr>
+                            <td>AES-CTR</td>
+                            <td>128</td>
+                            <td><code>A128CTR</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CTR</td>
+                            <td>192</td>
+                            <td><code>A192CTR</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CTR</td>
+                            <td>256</td>
+                            <td><code>A256CTR</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CBC</td>
+                            <td>128</td>
+                            <td><code>A128CBC</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CBC</td>
+                            <td>192</td>
+                            <td><code>A192CBC</code></td>
+                        </tr>
+                        <tr>
+                            <td>AES-CBC</td>
+                            <td>256</td>
+                            <td><code>A256CBC</code></td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+            <div id="key-interface-jwk-use" class="section">
+                <h4>11.4.2. JSON Web Key <code>use</code> attribute</h4>
+                <p>
+                    This specification defines additional values for the <a href="#jwk">JSON Web Key</a> attribute <code>use</code> that enable accurate representation of <a href="#dfn-Key-usages">KeyUsage</a> values.
+                </p>
+
+                <table>
+                    <thead>
+                        <tr>
+                            <td>WebCrypto <a href="#dfn-Key-usages">KeyUsage</a> value</td>
+                            <td>Value in <a href="#jwk">JSON Web Key</a> <code>use</code> string</td>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <tr>
+                            <td><code>encrypt</code></td>
+                            <td><code>enconly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>decrypt</code></td>
+                            <td><code>deconly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>sign</code></td>
+                            <td><code>sigonly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>verify</code></td>
+                            <td><code>vfyonly</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>deriveKey</code></td>
+                            <td><code>drvkey</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>deriveBits</code></td>
+                            <td><code>drvbits</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>wrapKey</code></td>
+                            <td><code>wrap</code></td>
+                        </tr>
+                        <tr>
+                            <td><code>unwrapKey</code></td>
+                            <td><code>unwrap</code></td>
+                        </tr>
+                    </tbody>
+                </table>
+                <p>
+                    The <a href="#jwk">JSON Web Key</a> <code>use</code> value may contain a single registered value or a comma-separated list of distinct values, with no whitespace.
+
+                    Note that with these definitions, the <a href="#jwk">JSON Web Key</a> <code>use</code> value <code>enc</code> is equivalent to the value <code>enconly,deconly,wrap,unwrap</code> and the value <code>sig</code> is equivalent to the value <code>sigonly,vfyonly</code>.
+                </p>
+            </div>
+            <div id="key-interface-jwk-ext" class="section">
+                <h4>11.4.3. JSON Web Key <code>ext</code> attribute</h4>
+                <p>
+                This specification defines a new <a href="#jwk">JSON Web Key</a> attribute <code>ext</code> that enables the value of the <a href="#dfn-Key-extractable">extractable</a> attribute of a <a href="#dfn-Key">Key</a> to be included in a <a href="#jwk">JSON Web Key</a> object. The <code>ext</code> attribute SHALL have a Boolean value.
+                </p>
+            </div>
+        </div>
       </div>
 
       <div id="crypto-interface" class="section">