-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 27471 - Provide even more informative text over key wrapping? #40
Comments
I do think we should note the unusual lack of guarantees around unwrapping wrapped keys, as otherwise developers may shot themselves in foot as pointed out by Graham Steel etc. earlier. Is this about right? "Wrapped keys are exported and so only extractable keys can be wrapped. Thus, unwrapped key material is extractable and it not guaranteed that usages for a key have been preserved after the key have been wrapped." |
For the export, it has extractable, but not for unwrapped. Could you hand a key to the test-suite to make sure you can unwrap a private key and maintain its un-extractability? |
I'll make a proposal. |
Please review PR #134. This issue is that a JWK marked non-extractable cannot be created by the wrapKey method, because only extractable keys can be wrapped. However, JWKs marked non-extractable that are created elsewhere can be unwrapped. |
The note added in PR #134 LGTM. That said, I don't think this behavior was ambiguous prior to the comment. |
Bug 27471 from Bugzilla:
Just noting that I removed the following pre-CR from Section 14, as we have I believe resolved that we cannot address execution environment level issues in this spec after very long debate. That being said, informative text that clarifies that unwrapping unextractable trees are hard to guarantee without special treatment that is not to be normatively expected from the text (but could be provided by implementations in theory) might be useful. I also removed the reference from the example.
Or we could just keep the remark deleted.
REMOVED:
Editorial note:
ISSUE-35:
The text was updated successfully, but these errors were encountered: