importJsonWebKey static method
Import HmacSecretKey
from JSON Web Key.
The jwk
should be given as Map, String, List the same way
jsonDecode from dart:convert
represents decoded JSON values.
The hash algorithm to be used is specified by hash
.
JSON Web Keys imported using HmacSecretKey.importJsonWebKey must
have "kty": "oct"
, and the hash
given must match the hash algorithm
implied by the "alg"
property of the imported jwk
.
For importing a JWK with:
"alg": "HS1"
use Hash.sha1 (SHA-1 is weak),"alg": "HS256"
use Hash.sha256,"alg": "HS384"
use Hash.sha384, and,"alg": "HS512"
use Hash.sha512.
If specified the "use"
property of the imported jwk
must be
"use": "sig"
.
Throws FormatException if jwk
is invalid.
Example
import 'package:webcrypto/webcrypto.dart';
import 'dart:convert' show jsonEncode, jsonDecode;
// JSON Web Key as a string containing JSON.
final jwk = '{"kty": "oct", "alg": "HS256", "k": ...}';
// Import secret key from decoded JSON.
final key = await HmacSecretKey.importJsonWebKey(
jsonDecode(jwk),
Hash.sha256, // Must match the hash used the JWK key "alg"
);
// Export the key (print it in same format as it was given).
Map<String, dynamic> keyData = await key.exportJsonWebKey();
print(jsonEncode(keyData));
Implementation
static Future<HmacSecretKey> importJsonWebKey(
// TODO: Determine if the "alg" property can be omitted, and update documentation accordingly
// also make tests covering cases where "alg" is omitted.
// TODO: Determine if there is any restrictions on "use" and "key_ops".
Map<String, dynamic> jwk,
// TODO: Discuss if hash parameter is really necessary, it's in the JWK.
// Presumably webcrypto requires as a sanity check. Notice, that this
// should be consistent with other JWK imports, where we specify curve
// or other parameters. Either we read from JWK, or we verify that
// what is in the JWK matches what is also given.
// Note. it's not yet clear if JWK always contains key parameters.
Hash hash, {
int? length,
}) {
/*
TODO: Validate these in the native implememtation
// These limitations are given in Web Cryptography Spec:
// https://www.w3.org/TR/WebCryptoAPI/#hmac-operations
if (length != null && length > keyData.length * 8) {
throw ArgumentError.value(
length, 'length', 'must be less than number of bits in keyData');
}
if (length != null && length <= (keyData.length - 1) * 8) {
throw ArgumentError.value(
length,
'length',
'must be greater than number of bits in keyData - 8, you can attain '
'the same effect by removing bytes from keyData',
);
}*/
return impl.hmacSecretKey_importJsonWebKey(jwk, hash, length: length);
}