| Index: content/child/webcrypto/platform_crypto_nss.cc
|
| diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
|
| index 13f5735bcc1c4354b3b8c19c6a5e9cc882af4dd7..f6c46593bf3144d2e80dedd3564ec23a11157e03 100644
|
| --- a/content/child/webcrypto/platform_crypto_nss.cc
|
| +++ b/content/child/webcrypto/platform_crypto_nss.cc
|
| @@ -1153,7 +1153,11 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
|
| }
|
| const CK_FLAGS operation_flags_mask =
|
| CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP;
|
| - const PK11AttrFlags attribute_flags = 0; // Default all PK11_ATTR_ flags.
|
| +
|
| + // The private key must be marked as insensitive and extractable, otherwise it
|
| + // cannot later be exported in unencrypted form or structured-cloned.
|
| + const PK11AttrFlags attribute_flags =
|
| + PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE;
|
|
|
| // Note: NSS does not generate an sec_public_key if the call below fails,
|
| // so there is no danger of a leaked sec_public_key.
|
|
|
Chromium Code Reviews
Issue 213423007:
[webcrypto] Fix a bug where generated RSA private keys couldn't be exported. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src