This bug affects the recently added algorithm Ed25519, but also other algorithms. In the case of the former one, according to the Secure Curves spec [1], if the kty field is not present or incorrect, we should throw a DataError exception. > If the kty field of jwk is not "OKP", then throw a DataError. On the other hand, the Web Cryptography specification states something similar for other algorithms: * In case of the RSA-* [2][3][4] algorithms: > If the "kty" field of jwk is not a case-sensitive string match to "RSA", then throw a DataError. * In case of the EC* [5][6] algorithms: > If the "kty" field of jwk is not "EC", then throw a DataError. * In case of the AES-* [7][8][9][10] algorithms: > If the "kty" field of jwk is not "oct", then throw a DataError. * In case of the HMAC [11] algorithm: > If the "kty" field of jwk is not "oct", then throw a DataError. [1] https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations [2] https://www.w3.org/TR/WebCryptoAPI/#rsassa-pkcs1-operations [3] https://www.w3.org/TR/WebCryptoAPI/#rsa-pss-operations [4] https://www.w3.org/TR/WebCryptoAPI/#rsa-oaep-operations [5] https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations [6] https://www.w3.org/TR/WebCryptoAPI/#ecdh-operations [7] https://www.w3.org/TR/WebCryptoAPI/#aes-ctr-operations [8] https://www.w3.org/TR/WebCryptoAPI/#aes-cbc-operations [9] https://www.w3.org/TR/WebCryptoAPI/#aes-gcm-operations [10] https://www.w3.org/TR/WebCryptoAPI/#aes-kw-operations [11] https://www.w3.org/TR/WebCryptoAPI/#hmac-operations