Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly set CryptoKey.type to "secret" in AES and HMAC operations #378

Merged
merged 2 commits into from
Oct 25, 2024
Merged

Explicitly set CryptoKey.type to "secret" in AES and HMAC operations #378

merged 2 commits into from
Oct 25, 2024

Conversation

BenWiederhake
Copy link
Collaborator

@BenWiederhake BenWiederhake commented Oct 25, 2024
edited by pr-preview bot
Loading

Closes #376

This maps de-facto behavior of most (if not all) implementors, and is already strongly suggested by other parts of the spec: https://w3c.github.io/webcrypto/#dom-keytype

This is already tested as part of WPT: https://github.com/web-platform-tests/wpt/blob/272064ebf9a3d313a2d4db8bb9ce2790648aa162/WebCryptoAPI/generateKey/successes.js#L70

Preview | Diff

@BenWiederhake
Set CryptoKey.type to "secret" in AES and HMAC during generateKey
420bb94 
These are strongly suggested to be 'secret' anyway, per this description:
https://w3c.github.io/webcrypto/#dom-keytype

However, it seems wiser to define this explicitly, instead of hoping for the best.
@BenWiederhake
Set CryptoKey.type to "secret" in AES and HMAC during importKey
e8e4655 
These are strongly suggested to be 'secret' anyway, per this description:
https://w3c.github.io/webcrypto/#dom-keytype

However, it seems wiser to define this explicitly, instead of hoping for the best.
@BenWiederhake
Copy link
Collaborator Author

Ah, I'm not part of the "Web Application Security Working Group", and as such, the IPR-bot refuses to acknowledge me. Makes sense.

This PR is a non-substantive change because it contains "Changes that do not functionally affect interpretation of the document" https://www.w3.org/policies/process/#class-2

@w3cbot
Copy link

w3cbot commented Oct 25, 2024

BenWiederhake marked as non substantive for IPR from ash-nazg.

twiss
twiss approved these changes Oct 25, 2024
View reviewed changes
Copy link
Member

@twiss twiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks!

For the future, you should be able to join the WebAppSec WG just by clicking a button on https://www.w3.org/groups/wg/webappsec/, I think :)

@twiss twiss merged commit d278fcb into w3c:main Oct 25, 2024
2 checks passed
github-actions bot added a commit that referenced this pull request Oct 25, 2024
@BenWiederhake @github-actions
Explicitly set CryptoKey.type to "secret" in AES and HMAC operations (#…
823b7cc 
…378)

SHA: d278fcb
Reason: push, by twiss

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@BenWiederhake BenWiederhake deleted the dev-cryptokey-fields branch October 25, 2024 10:33
@BenWiederhake
Copy link
Collaborator Author

Fantastic! I thought that surely with such a long and important name there would be a long list of requirements and such.

Good to know, thank you!

@BenWiederhake BenWiederhake mentioned this pull request Oct 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twiss twiss twiss approved these changes

Assignees
No one assigned
Labels
editorial
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AES importKey never sets the key's [[type]] internal slot
3 participants
@BenWiederhake @w3cbot @twiss