WebCrypto errors should provide context where available
Categories
(Core :: DOM: Web Crypto, enhancement, P5)
Tracking
()
People
(Reporter: kolan_n, Unassigned)
References
(Blocks 1 open bug)
Details
I use WebCrypto to decrypt a blob (key is imported from raw
, AES-CBC
, 256-bit key length).
I get a very ambiguous exception "The operation failed for an operation-specific reason" that says nothing about what exactly is wrong and how to fix that.
The exception should releal enough details.
Updated•4 years ago
|
This is required by the specification: https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-Exceptions
This is required by the specification: https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-Exceptions
It's not. The spec only standardizes some exception types. It doesn't prescribe not to inform the webapp about the nature of the exception. It doesn't say that the message in the exception must be a certain text. It doesnt say that there should be no way to see the detailed info on the 8ssue in devtools.
Ah, I see. In that case, it would be infeasible to provide more meaningful feedback, often because the underlying library doesn't (and in some cases can't) provide more context or information as to what's wrong (e.g. is the key wrong? the iv? was the ciphertext corrupted? etc.)
In that case, it would be infeasible to provide more meaningful feedback, often because the underlying library doesn't (and in some cases can't) provide more context or information as to what's wrong (e.g. is the key wrong? the iv? was the ciphertext corrupted? etc.)
In my case the error was in violation of requirements of WebCrypto spec. I have solved it by encoding own checks about WrgCrypto spec and inserted them before each call in my lib.
Qnd in the case the lib doesn't give error code ... I hope Mozilla is not doing so bad that it cannot modify the lib.
Can you be more specific about what code you ran and what violation of the spec you encountered?
IV array had a wrong length because I have made a mistake when coding a KDF. To discover that I had to manually code all the requirements described in the spec.
Thanks.
Updated•1 year ago
|
Description
•