Established the key_ops attribute of jwk to equivalent the usages attribute of crucial. Established the ext attribute of jwk to equivalent the [[extractable]] interior slot of key. Enable outcome be the result of changing jwk to an ECMAScript Object, as described by [WebIDL]. Otherwise:
Let outcome be the result of carrying out the encrypt Procedure specified by normalizedAlgorithm applying algorithm, wrappingKey as key and bytes as plaintext. Or else:
Complete any key import measures defined by other applicable specifications, passing format, spki and acquiring namedCurve and crucial. If an mistake occured or there won't be any applicable technical specs, throw a DataError. If namedCurve is defined, and not equivalent towards the namedCurve member of normalizedAlgorithm, throw a DataError. If the general public essential value isn't a valid place on the Elliptic Curve discovered via the namedCurve member of normalizedAlgorithm toss a DataError.
If an mistake happened, return a Guarantee rejected with normalizedAlgorithm. Let guarantee be a fresh Assure. Return assure and asynchronously perform the remaining methods. If the following steps or referenced techniques say to throw an error, reject promise Together with the returned mistake and then terminate the algorithm. Enable end result be the CryptoKey object that outcomes from performing the import critical Procedure specified by normalizedAlgorithm making use of keyData, algorithm, structure, extractable and usages. If the [[style]] inner slot of result's "mystery" or "non-public" and usages is vacant, then throw a SyntaxError. Established the [[extractable]] interior slot of result to extractable. Established the [[usages]] inner slot of consequence for the normalized value of usages. Solve guarantee with consequence.
If plaintext is not really a many of sixty four bits in duration, then throw an OperationError. Permit ciphertext be the result of performing The important thing Wrap Procedure explained in Part 2.
Allow jwk be a completely new JsonWebKey dictionary. Established the kty attribute of jwk on the string "oct". Established the k attribute of jwk to become a string containing the raw octets of The real key represented by [[tackle]] internal slot of crucial, encoded Based on Part six.four of JSON World-wide-web Algorithms. If your size attribute of key is 128:
throw a DataError. If usages is non-vacant and the "use" industry of jwk is existing and isn't "enc", then toss a DataError. When the "key_ops" area of jwk is existing, which is invalid In line with the requirements of JSON Web Key or isn't going to have all of the specified usages values, then throw a DataError.
Any time a user agent is required to get a structured clone of the CryptoKey item, it must run the subsequent measures. Enable enter and memory be the corresponding inputs described by the internal structured cloning algorithm, wherever input signifies a CryptoKey object to generally be cloned. Permit output be a freshly built CryptoKey object. Permit the [[form]], [[extractable]], [[algorithm]], and [[usages]] inside slots of output be established to the results of invoking The interior structured clone algorithm recursively over the corresponding inside slots of enter, With all the slot contents as the new "enter" argument and memory as The brand new "memory" argument.
The wrapKey method needs possibly the encrypt or wrapKey operation for your wrapping algorithm and the exportKey operation for the wrapped critical algorithm.
Otherwise, If your duration member of normalizedAlgorithm is non-zero: Enable length be equal to the size member of normalizedAlgorithm. Normally:
When invoked, the importKey system Will have to execute the subsequent steps: Let structure, algorithm, extractable and usages, look at here be the structure, algorithm, extractable and keyUsages parameters passed to your importKey approach, respectively. If structure is equivalent to the string "raw", "pkcs8", or "spki": Should the keyData parameter passed into the importKey process is usually a JsonWebKey dictionary, toss a TypeError. Let keyData be the result of getting a duplicate with the bytes held with the keyData parameter passed towards the importKey process. If format is equal to the string "jwk": If your keyData parameter handed on the importKey strategy is not really a JsonWebKey dictionary, throw a TypeError. Allow keyData be the keyData parameter handed to the importKey process. Enable normalizedAlgorithm be the results of normalizing an algorithm, with alg established to algorithm and op established to "importKey".
If usages is made up of an entry which is not "signal" or "validate", then toss a SyntaxError. Produce an RSA crucial pair, as defined in [RFC3447], with RSA modulus duration equal towards the modulusLength member of normalizedAlgorithm and RSA general public exponent equivalent on the publicExponent member of normalizedAlgorithm. If executing the Procedure brings about an error, then toss an OperationError. Permit algorithm be a completely new RsaHashedKeyAlgorithm dictionary. Established the identify attribute of algorithm to "RSA-PSS". Established the modulusLength attribute of algorithm to equivalent the modulusLength member of normalizedAlgorithm. Set the publicExponent attribute of algorithm to equivalent the publicExponent member of normalizedAlgorithm. Set the hash attribute of algorithm to equal the hash member of normalizedAlgorithm. Permit publicKey be a whole new CryptoKey associated with the pertinent global object of this [HTML], and symbolizing the public important of the generated critical pair.
Other technical specs may specify using supplemental hash algorithms with HMAC. This kind of specs must determine the digest operation for the extra hash algorithms and critical import methods and crucial export ways for HMAC. 29.2. Registration
When invoked, generateKey Need to carry out the next steps: Permit algorithm, extractable and usages be the algorithm, extractable and keyUsages parameters passed into the generateKey method, respectively. Enable normalizedAlgorithm be the results of normalizing an algorithm, with alg set to algorithm and op established to "generateKey". If an error happened, return a Assure turned down with normalizedAlgorithm.