Specified in section 20.

I wrote a simple test that erred:

const crypto = require("webcrypto");
var iv = crypto.getRandomValues(new Uint8Array(16))
console.log(iv)

turns out I should do this:

const crypto = require("webcrypto");
var iv = crypto.crypto.getRandomValues(new Uint8Array(16))
console.log(iv)

compared to the straightforward interface provided by trust-webcrypto

const crypto = require("@trust/webcrypto");
var iv = crypto.getRandomValues(new Uint8Array(16))
console.log(iv)

I think it's more intuitive to provide crypto object directly.

Specified in section 21.

There is a sizable test suite for WebCrypto in https://github.com/web-platform-tests/wpt/tree/master/WebCryptoAPI.

We have some infrastructure for running WPT in https://github.com/nodejs/node/tree/master/test/wpt and https://github.com/nodejs/node/blob/master/test/common/wpt.js

List of web-platform-tests that seem to fail due to bugs in web-platform-tests:

• derive_bits_keys/hkdf.js: Tests that illegal hash function names throw a NotSupportedError, but seems to miss the required BufferSource info, leading to a TypeError instead of a NotSupportedError according to WebIDL.
• derive_bits_keys/hkdf.js: Tests that passing null as the length throws a TypeError, but WebIDL allows passing null and interprets it as 0, so it should likely be an OperationError instead.

It seems like this package doesn't publish on the npm. When I try to install via git, yarn add git://github.com/nodejs/webcrypto --ignore-scripts -D, it reports error Can't add undefined: invalid package version undefined.

In ecdsa.js, it seems like importKey is ignoring the JWK parameter and import the key as a buffer therefore throw an error

Generated RSA keys correctly set key.algorithm to an object with modulusLength and publicExponent properties. However, imported RSA keys are missing these properties since there is no easy way to determine them based on a KeyObject.

This could also be solved via nodejs/node#26854.

This won't be possible (without manually parsing DER) as long as node does not provide an API to extract relevant fields from keys and to construct keys from said fields.

Previous discussion in nodejs/node#26854.

Specified in section 29.

Specified in section 23.

WebCrypto requires implementations to be able to distinguish between the OIDs rsaEncryption, sha1WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, id-RSAES-OAEP and id-RSASSA-PSS, and for the last two, we even need access to the ASN.1 parameters.

This is currently not possible using the KeyObject API.

Specified in section 24.

Specified in section 22.

I was going through various .travis.ymls in the org, and I spotted that the one here does not include v14 - but I can also see that this repo is now using Github Actions - shall I open a PR to remove .travis.yml?

Or should the .travis.yml be updated to include v14?

In the browser the developer may choose to generate a key pair and store these object instances in Indexed DB and recall these at any point in the future. Like so there's no way to retrieve the private key value, ever.

What are the extractable: false options for the node implementation?