英文:
Web Crypto API: generate key pair and make only private key non-extractable
问题
Web Crypto API是否可以生成一对密钥并仅使私钥不可提取?
我想安全地存储私钥,因此我将其设置为不可提取,但我也想共享公钥。
SubtleCrypto
对象的generateKey
方法只允许同时设置两个密钥为可提取或不可提取。
是否还有其他方法可以实现这一目标?
英文:
Is it possible with the Web Crypto API to generate a key pair and make only the private key non-extractable?
I want to safely store the private key so I make it non-extractable but I also want to share the public key.
The generateKey
method of the SubtleCrypto
object only allows to make both keys either extractable or non-extractable.
Is there any other way to accomplish this?
答案1
得分: 3
SubtleCrypto
对象的generateKey
方法只能将生成的密钥要么设置为可提取,要么设置为不可提取。
这不是正确的。它只会将私钥设置为不可提取。
(async () => {
let keyPair = await window.crypto.subtle.generateKey(
{
name: "ECDSA",
namedCurve: "P-384"
},
false,
["sign", "verify"]
);
console.log(keyPair.privateKey.extractable) // false
console.log(keyPair.publicKey.extractable) // true
console.log(await window.crypto.subtle.exportKey('jwk', keyPair.publicKey))
})();
英文:
> The generateKey method of the SubtleCrypto object only allows to make
> both keys either extractable or non-extractable.
This is not true. It will only make the private key non-extractable.
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
(async ()=>{
let keyPair = await window.crypto.subtle.generateKey(
{
name: "ECDSA",
namedCurve: "P-384"
},
false,
["sign", "verify"]
);
console.log(keyPair.privateKey.extractable) // false
console.log(keyPair.publicKey.extractable) // true
console.log(await window.crypto.subtle.exportKey('jwk', keyPair.publicKey))
})();
<!-- end snippet -->
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论