-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 27774 - The KDFs either shouldn't allow importing extractable keys, or should support exportKey() #76
Comments
I do not thing symmetry should trump sanity here. The KDFs' importKey operations should make extractable=false, and neither should allow the raw state from the KDF. If you want the raw state, it can be obtained from the algorithm chaining to the KDF. |
@jimsch wrote:
|
The options here appear to be either to require |
I have a vague preference to require extractable to always be false rather than requiring support for exportKey(), but it is not a very strong preference. |
My preference would be more direct - prohibit it (extractable=false)
I don't find the argument for symmetry useful when no one knows the
positive case, but the negative case (using the KDF intermediate data) is
obvious, and it effectively becomes an alternative means to extract derived
data.
|
+1 for extractable = false |
PR #113 |
The PR looks good to me. |
I'm trying to understand the reasoning behind not allowing As far as I understand, none of the major implementations of On the other hand, there are legitimate use cases where one would want to export the KDF key. By enforcing this requirement, the ability to conveniently convert IKM into base64url (jwk) format is lost... Am I missing something? |
@beebeetles The main other way to get a KDF key is via |
@twiss I'm not sure I get your point. What is the downside of being able to do an Also, is there any reason to want to derive the KDF key using |
@beebeetles You can use ECDH to derive a KDF key. And then, if the ECDH key is non-extractable and doesn't have |
Good point.
I totally agree, but I think that is a separate issue from whether KDF keys should be allowed to be imported with
The problem is, with the current restriction that KDF keys cannot be I think the sensible solution would be to:
|
Currently, Web Crypto doesn't support importing KDF keys in JWK format either, since there isn't actually any specification for how to format those (as far as I know). So I wouldn't hold my breath for support for exporting KDF keys in that format. If all you want to do is convert the key into base64url format in some JSON object, then it's much easier to do so yourself, in JavaScript, rather than trying to get the Web Crypto API to help you with that. See MDN on Base64, for example. |
Good to know. Thanks! :) |
Frankly with these pointless restrictions the API is completely terrible. I've figured out what I needed but I recommend you take a hard look into it and improve it because it causes crazy waste of time. Or at least improve the documentation. |
Bug 27774:
There is currently an awkward interaction for how import/export works for the KDFd (PBKDF2, HKDF, Concat-KDF):
I think the most consistent behavior would be to simply define exportKey() operation for these algorithms. Let callers specify extractable=false if they want to forbid extractability, and keep the API working in a predictable manner.
Alternately maybe extractable=true should be forbidden during key import. However that feels kludgey in its own way.
Other suggestions?
The text was updated successfully, but these errors were encountered: