Skip to content

Commit b39bfdb

Browse files
panvatwiss
panva
authored and
twiss
committed
add SLH-DSA spki/pkcs8 export
1 parent 772434d commit b39bfdb

File tree

1 file changed

+251
-0
lines changed

1 file changed

+251
-0
lines changed

index.html

Lines changed: 251 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4450,6 +4450,257 @@ <h5>Export Key</h5>
44504450
</li>
44514451
<li>
44524452
<dl class="switch">
4453+
<dt>If |format| is {{KeyFormat/"spki"}}:</dt>
4454+
<dd>
4455+
<ol>
4456+
<li>
4457+
<p>
4458+
If the <a data-cite="webcrypto#dfn-CryptoKey-slot-type">`[[type]]`</a> internal slot
4459+
of |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}.
4460+
</p>
4461+
</li>
4462+
<li>
4463+
<p>
4464+
Let |data| be an instance of the `SubjectPublicKeyInfo`
4465+
ASN.1 structure defined in [[RFC5280]]
4466+
with the following properties:
4467+
</p>
4468+
<ul>
4469+
<li>
4470+
<p>
4471+
Set the |algorithm| field to an
4472+
`AlgorithmIdentifier` ASN.1 type with the following
4473+
properties:
4474+
</p>
4475+
<ul>
4476+
<li>
4477+
<dl class="switch">
4478+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-128s`":</dt>
4479+
<dd>
4480+
<p>
4481+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-128s` (2.16.840.1.101.3.4.3.20) OID.
4482+
</p>
4483+
</dd>
4484+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-128f`":</dt>
4485+
<dd>
4486+
<p>
4487+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-128f` (2.16.840.1.101.3.4.3.21) OID.
4488+
</p>
4489+
</dd>
4490+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-192s`":</dt>
4491+
<dd>
4492+
<p>
4493+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-192s` (2.16.840.1.101.3.4.3.22) OID.
4494+
</p>
4495+
</dd>
4496+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-192f`":</dt>
4497+
<dd>
4498+
<p>
4499+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-192f` (2.16.840.1.101.3.4.3.23) OID.
4500+
</p>
4501+
</dd>
4502+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-256s`":</dt>
4503+
<dd>
4504+
<p>
4505+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-256s` (2.16.840.1.101.3.4.3.24) OID.
4506+
</p>
4507+
</dd>
4508+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-256f`":</dt>
4509+
<dd>
4510+
<p>
4511+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-256f` (2.16.840.1.101.3.4.3.25) OID.
4512+
</p>
4513+
</dd>
4514+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-128s`":</dt>
4515+
<dd>
4516+
<p>
4517+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-128s` (2.16.840.1.101.3.4.3.26) OID.
4518+
</p>
4519+
</dd>
4520+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-128f`":</dt>
4521+
<dd>
4522+
<p>
4523+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-128f` (2.16.840.1.101.3.4.3.27) OID.
4524+
</p>
4525+
</dd>
4526+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-192s`":</dt>
4527+
<dd>
4528+
<p>
4529+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-192s` (2.16.840.1.101.3.4.3.28) OID.
4530+
</p>
4531+
</dd>
4532+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-192f`":</dt>
4533+
<dd>
4534+
<p>
4535+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-192f` (2.16.840.1.101.3.4.3.29) OID.
4536+
</p>
4537+
</dd>
4538+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-256s`":</dt>
4539+
<dd>
4540+
<p>
4541+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-256s` (2.16.840.1.101.3.4.3.30) OID.
4542+
</p>
4543+
</dd>
4544+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-256f`":</dt>
4545+
<dd>
4546+
<p>
4547+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-256f` (2.16.840.1.101.3.4.3.31) OID.
4548+
</p>
4549+
</dd>
4550+
<dt>Otherwise:</dt>
4551+
<dd>
4552+
<p>
4553+
[= exception/throw =] a {{NotSupportedError}}.
4554+
</p>
4555+
</dd>
4556+
</dl>
4557+
</li>
4558+
</ul>
4559+
</li>
4560+
<li>
4561+
<p>
4562+
Set the |subjectPublicKey| field to |keyData|.
4563+
</p>
4564+
</li>
4565+
</ul>
4566+
</li>
4567+
<li>
4568+
<p>
4569+
Let |result| be the result of DER-encoding |data|.
4570+
</p>
4571+
</li>
4572+
</ol>
4573+
</dd>
4574+
<dt>If |format| is {{KeyFormat/"pkcs8"}}:</dt>
4575+
<dd>
4576+
<ol>
4577+
<li>
4578+
<p>
4579+
If the <a data-cite="webcrypto#dfn-CryptoKey-slot-type">`[[type]]`</a> internal slot
4580+
of |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}.
4581+
</p>
4582+
</li>
4583+
<li>
4584+
<p>
4585+
Let |data| be an instance of the `PrivateKeyInfo`
4586+
ASN.1 structure defined in [[RFC5208]]
4587+
with the following properties:
4588+
</p>
4589+
<ul>
4590+
<li>
4591+
<p>
4592+
Set the |version| field to `0`.
4593+
</p>
4594+
</li>
4595+
<li>
4596+
<p>
4597+
Set the |privateKeyAlgorithm| field to a
4598+
`PrivateKeyAlgorithmIdentifier` ASN.1 type with the
4599+
following properties:
4600+
</p>
4601+
<ul>
4602+
<li>
4603+
<dl class="switch">
4604+
4605+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-128s`":</dt>
4606+
<dd>
4607+
<p>
4608+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-128s` (2.16.840.1.101.3.4.3.20) OID.
4609+
</p>
4610+
</dd>
4611+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-128f`":</dt>
4612+
<dd>
4613+
<p>
4614+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-128f` (2.16.840.1.101.3.4.3.21) OID.
4615+
</p>
4616+
</dd>
4617+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-192s`":</dt>
4618+
<dd>
4619+
<p>
4620+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-192s` (2.16.840.1.101.3.4.3.22) OID.
4621+
</p>
4622+
</dd>
4623+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-192f`":</dt>
4624+
<dd>
4625+
<p>
4626+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-192f` (2.16.840.1.101.3.4.3.23) OID.
4627+
</p>
4628+
</dd>
4629+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-256s`":</dt>
4630+
<dd>
4631+
<p>
4632+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-256s` (2.16.840.1.101.3.4.3.24) OID.
4633+
</p>
4634+
</dd>
4635+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHA2-256f`":</dt>
4636+
<dd>
4637+
<p>
4638+
Set the |algorithm| object identifier to the `id-slh-dsa-sha2-256f` (2.16.840.1.101.3.4.3.25) OID.
4639+
</p>
4640+
</dd>
4641+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-128s`":</dt>
4642+
<dd>
4643+
<p>
4644+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-128s` (2.16.840.1.101.3.4.3.26) OID.
4645+
</p>
4646+
</dd>
4647+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-128f`":</dt>
4648+
<dd>
4649+
<p>
4650+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-128f` (2.16.840.1.101.3.4.3.27) OID.
4651+
</p>
4652+
</dd>
4653+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-192s`":</dt>
4654+
<dd>
4655+
<p>
4656+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-192s` (2.16.840.1.101.3.4.3.28) OID.
4657+
</p>
4658+
</dd>
4659+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-192f`":</dt>
4660+
<dd>
4661+
<p>
4662+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-192f` (2.16.840.1.101.3.4.3.29) OID.
4663+
</p>
4664+
</dd>
4665+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-256s`":</dt>
4666+
<dd>
4667+
<p>
4668+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-256s` (2.16.840.1.101.3.4.3.30) OID.
4669+
</p>
4670+
</dd>
4671+
<dt>If the {{Algorithm/name}} member of |normalizedAlgorithm| is "`SLH-DSA-SHAKE-256f`":</dt>
4672+
<dd>
4673+
<p>
4674+
Set the |algorithm| object identifier to the `id-slh-dsa-shake-256f` (2.16.840.1.101.3.4.3.31) OID.
4675+
</p>
4676+
</dd>
4677+
<dt>Otherwise:</dt>
4678+
<dd>
4679+
<p>
4680+
[= exception/throw =] a {{NotSupportedError}}.
4681+
</p>
4682+
</dd>
4683+
</dl>
4684+
</li>
4685+
</ul>
4686+
</li>
4687+
<li>
4688+
<p>
4689+
Set the |privateKey| field to the result of DER-encoding
4690+
a `OCTET STRING` ASN.1 type that represents the SLH-DSA private key represented
4691+
by the <a data-cite="webcrypto#dfn-CryptoKey-slot-handle">`[[handle]]`</a>
4692+
internal slot of |key|
4693+
</p>
4694+
</li>
4695+
</ul>
4696+
</li>
4697+
<li>
4698+
<p>
4699+
Let |result| be the result of DER-encoding |data|.
4700+
</p>
4701+
</li>
4702+
</ol>
4703+
</dd>
44534704
<dt>
44544705
If |format| is {{KeyFormat/"raw-public"}}:
44554706
</dt>

0 commit comments

Comments
 (0)