Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explicitly set CryptoKey.type to "secret" in AES and HMAC operations #378

Merged
merged 2 commits into from
Oct 25, 2024

Conversation

BenWiederhake
Copy link
Collaborator

@BenWiederhake BenWiederhake commented Oct 25, 2024

Closes #376

This maps de-facto behavior of most (if not all) implementors, and is already strongly suggested by other parts of the spec: https://w3c.github.io/webcrypto/#dom-keytype

This is already tested as part of WPT: https://github.com/web-platform-tests/wpt/blob/272064ebf9a3d313a2d4db8bb9ce2790648aa162/WebCryptoAPI/generateKey/successes.js#L70


Preview | Diff

These are strongly suggested to be 'secret' anyway, per this description:
https://w3c.github.io/webcrypto/#dom-keytype

However, it seems wiser to define this explicitly, instead of hoping for the best.
These are strongly suggested to be 'secret' anyway, per this description:
https://w3c.github.io/webcrypto/#dom-keytype

However, it seems wiser to define this explicitly, instead of hoping for the best.
@BenWiederhake
Copy link
Collaborator Author

Ah, I'm not part of the "Web Application Security Working Group", and as such, the IPR-bot refuses to acknowledge me. Makes sense.

This PR is a non-substantive change because it contains "Changes that do not functionally affect interpretation of the document" https://www.w3.org/policies/process/#class-2

@w3cbot
Copy link

w3cbot commented Oct 25, 2024

BenWiederhake marked as non substantive for IPR from ash-nazg.

Copy link
Member

@twiss twiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks!

For the future, you should be able to join the WebAppSec WG just by clicking a button on https://www.w3.org/groups/wg/webappsec/, I think :)

@twiss twiss merged commit d278fcb into w3c:main Oct 25, 2024
2 checks passed
github-actions bot added a commit that referenced this pull request Oct 25, 2024
…378)

SHA: d278fcb
Reason: push, by twiss

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@BenWiederhake BenWiederhake deleted the dev-cryptokey-fields branch October 25, 2024 10:33
@BenWiederhake
Copy link
Collaborator Author

Fantastic! I thought that surely with such a long and important name there would be a long list of requirements and such.

Good to know, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

AES importKey never sets the key's [[type]] internal slot
3 participants