Summary
When calling createTDF or createZTDF without explicitly specifying wrappingKeyAlgorithm, the SDK logs a confusing warning:
Mismatched wrapping key algorithm: [rsa:2048] is not requested type, [undefined]
Encryption succeeds — the SDK correctly uses whatever algorithm the KAS provides — but the warning is misleading and alarming to users.
Cause
In tdf3/src/client/index.ts, wrappingKeyAlgorithm is destructured from the options object. When not provided, it's undefined. The comparison at line ~286:
if (kasPublicKey.algorithm !== wrappingKeyAlgorithm) {
console.warn(`Mismatched wrapping key algorithm: [${kasPublicKey.algorithm}] is not requested type, [${wrappingKeyAlgorithm}]`);
}...fires because "rsa:2048" !== undefined.
Suggested fix
Skip the warning when wrappingKeyAlgorithm is not specified:
if (wrappingKeyAlgorithm && kasPublicKey.algorithm !== wrappingKeyAlgorithm) {Context
Found while testing the JS/TypeScript SDK quickstart guide (opentdf/docs#241).
Summary
When calling
createTDForcreateZTDFwithout explicitly specifyingwrappingKeyAlgorithm, the SDK logs a confusing warning:Encryption succeeds — the SDK correctly uses whatever algorithm the KAS provides — but the warning is misleading and alarming to users.
Cause
In
tdf3/src/client/index.ts,wrappingKeyAlgorithmis destructured from the options object. When not provided, it'sundefined. The comparison at line ~286:...fires because
"rsa:2048" !== undefined.Suggested fix
Skip the warning when
wrappingKeyAlgorithmis not specified:Context
Found while testing the JS/TypeScript SDK quickstart guide (opentdf/docs#241).