Commits on Dec 6, 2023

1. Support generating ECDSA keys in a trusted execution environment …

   This adds support for generating ECDSA keys in a trusted execution
   environment (TEE) that can be used for signing and verification. Such
   keys are generated in the TEE and never leave it.
   
   Because the keys are generated in the TEE, the keys themselves cannot be
   exported. Instead, a handle to the key is exported. The handle can be
   used to import the key and use it for signing and verification, but not
   to extract the key itself.
   
   A new `options` parameter is added to `crypto.subtle.generateKey()`. It
   has two optional properties: `inTee` and `usageRequiresAuth`. `inTee` is
   a boolean that indicates whether the key should be generated in a TEE.
   `usageRequiresAuth` is also a boolean that indicates whether the key can
   only be used when the user has authenticated.
   
   An example of how to generate and use a key in a TEE is added to the
   `crypto-sign` snippet. The snippet now contains two examples: one for
   generating and using keys in the normal way, and one for generating and
   using keys in a TEE. The `crypto-sign` snippets now also demonstrate
   exporting and importing keys.

   

   cpetrov committed Dec 6, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for d43e7d3
   • Browse repository at this point

   Copy the full SHA

   d43e7d3 View commit details

   Browse the repository at this point in the history