41 lines
1.4 KiB
JavaScript
41 lines
1.4 KiB
JavaScript
import { JOSENotSupported } from '../util/errors.js';
|
|
export async function generateSecret(alg, options) {
|
|
let length;
|
|
let algorithm;
|
|
let keyUsages;
|
|
switch (alg) {
|
|
case 'HS256':
|
|
case 'HS384':
|
|
case 'HS512':
|
|
length = parseInt(alg.slice(-3), 10);
|
|
algorithm = { name: 'HMAC', hash: `SHA-${length}`, length };
|
|
keyUsages = ['sign', 'verify'];
|
|
break;
|
|
case 'A128CBC-HS256':
|
|
case 'A192CBC-HS384':
|
|
case 'A256CBC-HS512':
|
|
length = parseInt(alg.slice(-3), 10);
|
|
return crypto.getRandomValues(new Uint8Array(length >> 3));
|
|
case 'A128KW':
|
|
case 'A192KW':
|
|
case 'A256KW':
|
|
length = parseInt(alg.slice(1, 4), 10);
|
|
algorithm = { name: 'AES-KW', length };
|
|
keyUsages = ['wrapKey', 'unwrapKey'];
|
|
break;
|
|
case 'A128GCMKW':
|
|
case 'A192GCMKW':
|
|
case 'A256GCMKW':
|
|
case 'A128GCM':
|
|
case 'A192GCM':
|
|
case 'A256GCM':
|
|
length = parseInt(alg.slice(1, 4), 10);
|
|
algorithm = { name: 'AES-GCM', length };
|
|
keyUsages = ['encrypt', 'decrypt'];
|
|
break;
|
|
default:
|
|
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
}
|
|
return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);
|
|
}
|