-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test importing spki and pkcs8 keys with algorithm-specific OIDs #307
Comments
@twiss when you say "test", do you mean adding wpts or testing the existing implementations whether they actually support importing these OIDs? I'm happy to test this in the implementations but my gut tells me the browsers only support Similar to #305 if we observe these OIDs are commonly not supported, should we suggest updating the language to only mention the two common OIDs? Or make their support optional so that users don't have the expectation of them being supported in every implementation. |
I meant the former, but the latter is also a good question. I somewhat assumed that at least some implementations would support it, because I've seen some implementations accept broken keys with the algorithm-specific OIDs (with NULL parameters) in some cases, so I assumed they would accept well-formed keys (with the proper parameters) too. But it would be great if you could test this assumption indeed. Here are some test cases with broken keys: await Promise.allSettled([
crypto.subtle.importKey('spki', new Uint8Array([48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 10, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 176, 94, 197, 119, 0, 9, 176, 157, 182, 83, 98, 110, 116, 159, 12, 68, 229, 187, 156, 15, 25, 135, 178, 126, 31, 180, 227, 189, 109, 93, 237, 54, 143, 201, 48, 81, 82, 126, 125, 170, 91, 26, 51, 131, 42, 207, 218, 45, 139, 86, 113, 173, 7, 195, 230, 106, 74, 13, 7, 210, 77, 226, 85, 95, 99, 96, 55, 227, 182, 25, 10, 119, 85, 68, 101, 98, 38, 75, 127, 208, 219, 52, 93, 232, 228, 132, 6, 88, 246, 254, 105, 71, 162, 179, 241, 162, 99, 186, 13, 71, 241, 86, 47, 142, 125, 233, 255, 92, 94, 37, 168, 146, 108, 106, 242, 129, 127, 80, 231, 54, 33, 135, 197, 72, 220, 52, 147, 91, 68, 96, 164, 78, 103, 87, 244, 62, 20, 145, 202, 72, 111, 161, 145, 99, 122, 90, 106, 63, 42, 4, 196, 226, 67, 134, 213, 221, 250, 238, 145, 46, 243, 143, 59, 115, 168, 3, 21, 145, 58, 60, 210, 5, 154, 251, 199, 36, 70, 67, 224, 167, 165, 112, 204, 249, 88, 22, 40, 40, 233, 107, 216, 255, 176, 244, 230, 177, 232, 52, 7, 22, 105, 114, 155, 178, 201, 140, 145, 84, 96, 139, 66, 94, 69, 7, 166, 87, 245, 167, 92, 210, 218, 118, 187, 196, 170, 135, 120, 53, 119, 72, 39, 190, 46, 196, 38, 187, 189, 203, 67, 51, 81, 201, 214, 65, 126, 164, 70, 152, 168, 172, 119, 93, 213, 138, 208, 227, 2, 3, 1, 0, 1]), { name: 'RSA-PSS', hash: 'SHA-256' }, true, ['verify']),
crypto.subtle.importKey('pkcs8', new Uint8Array([48, 130, 4, 189, 2, 1, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 10, 5, 0, 4, 130, 4, 167, 48, 130, 4, 163, 2, 1, 0, 2, 130, 1, 1, 0, 176, 94, 197, 119, 0, 9, 176, 157, 182, 83, 98, 110, 116, 159, 12, 68, 229, 187, 156, 15, 25, 135, 178, 126, 31, 180, 227, 189, 109, 93, 237, 54, 143, 201, 48, 81, 82, 126, 125, 170, 91, 26, 51, 131, 42, 207, 218, 45, 139, 86, 113, 173, 7, 195, 230, 106, 74, 13, 7, 210, 77, 226, 85, 95, 99, 96, 55, 227, 182, 25, 10, 119, 85, 68, 101, 98, 38, 75, 127, 208, 219, 52, 93, 232, 228, 132, 6, 88, 246, 254, 105, 71, 162, 179, 241, 162, 99, 186, 13, 71, 241, 86, 47, 142, 125, 233, 255, 92, 94, 37, 168, 146, 108, 106, 242, 129, 127, 80, 231, 54, 33, 135, 197, 72, 220, 52, 147, 91, 68, 96, 164, 78, 103, 87, 244, 62, 20, 145, 202, 72, 111, 161, 145, 99, 122, 90, 106, 63, 42, 4, 196, 226, 67, 134, 213, 221, 250, 238, 145, 46, 243, 143, 59, 115, 168, 3, 21, 145, 58, 60, 210, 5, 154, 251, 199, 36, 70, 67, 224, 167, 165, 112, 204, 249, 88, 22, 40, 40, 233, 107, 216, 255, 176, 244, 230, 177, 232, 52, 7, 22, 105, 114, 155, 178, 201, 140, 145, 84, 96, 139, 66, 94, 69, 7, 166, 87, 245, 167, 92, 210, 218, 118, 187, 196, 170, 135, 120, 53, 119, 72, 39, 190, 46, 196, 38, 187, 189, 203, 67, 51, 81, 201, 214, 65, 126, 164, 70, 152, 168, 172, 119, 93, 213, 138, 208, 227, 2, 3, 1, 0, 1, 2, 130, 1, 0, 72, 158, 237, 61, 223, 149, 29, 213, 2, 162, 248, 239, 180, 51, 93, 16, 237, 107, 63, 137, 244, 32, 44, 189, 195, 254, 110, 155, 171, 241, 181, 223, 246, 122, 135, 219, 164, 85, 19, 23, 87, 37, 197, 186, 39, 161, 168, 27, 130, 185, 24, 91, 127, 204, 9, 15, 16, 232, 166, 164, 208, 142, 246, 74, 45, 152, 11, 203, 70, 74, 175, 69, 141, 165, 120, 253, 93, 249, 78, 106, 200, 39, 154, 215, 111, 104, 113, 88, 166, 115, 1, 20, 143, 8, 250, 224, 187, 161, 123, 32, 121, 93, 220, 125, 22, 153, 136, 29, 23, 98, 248, 51, 58, 83, 27, 1, 121, 83, 237, 176, 27, 68, 85, 86, 119, 221, 106, 34, 198, 81, 222, 242, 79, 42, 137, 210, 151, 126, 44, 200, 40, 253, 135, 122, 108, 186, 100, 58, 150, 227, 121, 181, 105, 61, 127, 227, 245, 136, 222, 83, 19, 144, 23, 98, 166, 164, 174, 100, 162, 243, 28, 56, 243, 26, 63, 197, 182, 137, 249, 150, 219, 232, 204, 161, 86, 66, 169, 29, 179, 101, 216, 46, 244, 3, 113, 53, 51, 30, 165, 23, 48, 106, 103, 122, 18, 171, 134, 243, 73, 32, 195, 159, 253, 88, 171, 44, 16, 222, 56, 246, 87, 29, 69, 98, 146, 98, 79, 141, 145, 49, 223, 144, 233, 245, 24, 38, 21, 253, 45, 3, 56, 163, 249, 70, 98, 166, 171, 117, 152, 243, 237, 139, 121, 145, 151, 169, 2, 129, 129, 0, 216, 228, 237, 147, 206, 117, 1, 50, 70, 30, 77, 53, 231, 14, 43, 201, 187, 214, 147, 179, 209, 110, 126, 101, 67, 134, 171, 222, 100, 222, 62, 166, 236, 170, 63, 157, 200, 249, 134, 81, 217, 32, 85, 38, 154, 119, 37, 11, 19, 201, 252, 46, 145, 253, 136, 134, 173, 85, 136, 217, 213, 125, 229, 144, 166, 71, 160, 64, 173, 244, 202, 119, 48, 129, 236, 145, 161, 166, 43, 143, 125, 8, 202, 193, 26, 217, 27, 140, 159, 98, 205, 167, 238, 176, 124, 83, 75, 113, 169, 80, 50, 183, 41, 236, 191, 168, 36, 80, 59, 90, 56, 37, 47, 72, 17, 45, 9, 57, 89, 46, 133, 120, 220, 186, 49, 9, 118, 45, 2, 129, 129, 0, 208, 43, 101, 123, 142, 130, 107, 251, 100, 49, 54, 37, 113, 88, 125, 59, 133, 19, 15, 89, 230, 100, 245, 33, 135, 123, 86, 187, 202, 49, 241, 220, 163, 237, 85, 34, 253, 32, 76, 136, 161, 254, 91, 49, 75, 232, 77, 92, 245, 69, 68, 171, 145, 184, 224, 68, 58, 250, 195, 86, 14, 35, 44, 241, 193, 254, 190, 203, 108, 169, 61, 97, 234, 10, 239, 89, 173, 49, 81, 105, 140, 173, 74, 243, 223, 187, 167, 22, 23, 154, 230, 88, 119, 86, 115, 129, 244, 218, 137, 26, 74, 171, 242, 19, 85, 97, 154, 111, 24, 30, 254, 4, 67, 42, 254, 205, 171, 82, 37, 158, 254, 104, 47, 53, 26, 21, 93, 79, 2, 129, 128, 11, 51, 223, 213, 135, 143, 97, 141, 112, 51, 182, 119, 55, 68, 243, 28, 11, 88, 172, 238, 87, 189, 230, 71, 98, 178, 125, 4, 18, 159, 172, 10, 193, 36, 149, 254, 151, 87, 212, 9, 60, 54, 192, 79, 43, 33, 70, 71, 137, 49, 32, 150, 99, 49, 254, 48, 62, 153, 177, 100, 214, 243, 22, 189, 94, 233, 74, 44, 173, 15, 124, 185, 165, 70, 192, 170, 80, 248, 29, 61, 223, 14, 106, 50, 137, 41, 119, 147, 206, 211, 178, 157, 158, 229, 124, 182, 108, 170, 37, 61, 160, 48, 247, 184, 99, 185, 210, 142, 86, 82, 117, 157, 238, 16, 65, 218, 218, 164, 28, 168, 27, 122, 191, 163, 218, 78, 139, 205, 2, 129, 128, 96, 55, 238, 204, 81, 110, 143, 34, 191, 136, 207, 146, 54, 245, 195, 204, 195, 17, 176, 66, 201, 111, 88, 174, 138, 196, 195, 174, 65, 35, 28, 187, 243, 57, 59, 228, 212, 67, 29, 156, 249, 227, 107, 155, 57, 142, 194, 83, 121, 58, 239, 38, 174, 80, 89, 184, 175, 218, 64, 119, 130, 73, 87, 248, 214, 198, 60, 194, 34, 19, 135, 191, 190, 66, 23, 167, 199, 153, 200, 27, 149, 94, 116, 10, 141, 27, 91, 123, 166, 165, 126, 90, 221, 174, 35, 237, 169, 147, 105, 83, 177, 184, 16, 72, 71, 106, 185, 203, 39, 199, 11, 122, 68, 225, 150, 172, 209, 199, 66, 132, 94, 235, 33, 6, 214, 107, 145, 153, 2, 129, 129, 0, 174, 40, 94, 12, 190, 3, 157, 254, 92, 138, 182, 205, 88, 120, 153, 192, 63, 182, 171, 11, 235, 30, 115, 54, 106, 216, 95, 65, 72, 189, 38, 11, 202, 201, 249, 110, 75, 55, 68, 20, 80, 186, 248, 150, 23, 5, 195, 5, 5, 15, 179, 161, 8, 83, 86, 187, 28, 228, 41, 103, 76, 48, 53, 122, 97, 19, 40, 214, 170, 60, 160, 51, 104, 72, 46, 22, 210, 110, 27, 119, 247, 133, 226, 112, 39, 146, 167, 41, 156, 54, 73, 6, 26, 198, 102, 67, 83, 244, 20, 47, 216, 74, 121, 47, 13, 118, 186, 146, 201, 19, 14, 218, 153, 207, 72, 233, 254, 140, 191, 111, 15, 25, 99, 13, 39, 8, 71, 175]), { name: 'RSA-PSS', hash: 'SHA-256' }, true, ['sign']),
crypto.subtle.importKey('spki', new Uint8Array([48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 7, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 221, 98, 33, 140, 115, 83, 88, 147, 196, 47, 75, 241, 134, 248, 177, 116, 220, 9, 5, 200, 152, 33, 155, 252, 81, 129, 205, 44, 117, 27, 255, 129, 183, 81, 40, 200, 183, 68, 89, 4, 105, 232, 220, 212, 74, 205, 61, 6, 209, 166, 186, 72, 123, 236, 191, 144, 179, 68, 155, 152, 253, 7, 155, 51, 166, 183, 3, 17, 114, 79, 26, 47, 63, 177, 174, 226, 238, 254, 203, 134, 120, 79, 83, 122, 67, 98, 221, 38, 38, 188, 184, 49, 179, 225, 45, 86, 3, 47, 97, 85, 23, 98, 199, 18, 105, 187, 233, 230, 5, 147, 72, 226, 41, 144, 174, 198, 105, 107, 135, 239, 19, 62, 116, 17, 196, 143, 240, 151, 119, 132, 230, 149, 206, 63, 195, 234, 71, 71, 83, 33, 219, 68, 226, 53, 133, 152, 18, 44, 76, 42, 229, 1, 230, 147, 133, 74, 227, 109, 147, 196, 71, 35, 234, 18, 153, 50, 80, 79, 205, 65, 184, 12, 202, 25, 238, 182, 231, 152, 4, 97, 42, 193, 15, 164, 78, 8, 144, 24, 70, 78, 201, 34, 14, 1, 123, 220, 191, 225, 53, 184, 48, 95, 14, 206, 17, 0, 45, 198, 237, 246, 7, 92, 248, 86, 62, 36, 247, 95, 202, 121, 168, 100, 107, 76, 175, 228, 115, 91, 27, 80, 137, 244, 131, 200, 135, 52, 225, 239, 50, 135, 238, 223, 57, 75, 78, 31, 8, 84, 9, 225, 27, 180, 54, 242, 160, 35, 2, 3, 1, 0, 1]), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['encrypt']),
crypto.subtle.importKey('pkcs8', new Uint8Array([48, 130, 4, 190, 2, 1, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 7, 5, 0, 4, 130, 4, 168, 48, 130, 4, 164, 2, 1, 0, 2, 130, 1, 1, 0, 221, 98, 33, 140, 115, 83, 88, 147, 196, 47, 75, 241, 134, 248, 177, 116, 220, 9, 5, 200, 152, 33, 155, 252, 81, 129, 205, 44, 117, 27, 255, 129, 183, 81, 40, 200, 183, 68, 89, 4, 105, 232, 220, 212, 74, 205, 61, 6, 209, 166, 186, 72, 123, 236, 191, 144, 179, 68, 155, 152, 253, 7, 155, 51, 166, 183, 3, 17, 114, 79, 26, 47, 63, 177, 174, 226, 238, 254, 203, 134, 120, 79, 83, 122, 67, 98, 221, 38, 38, 188, 184, 49, 179, 225, 45, 86, 3, 47, 97, 85, 23, 98, 199, 18, 105, 187, 233, 230, 5, 147, 72, 226, 41, 144, 174, 198, 105, 107, 135, 239, 19, 62, 116, 17, 196, 143, 240, 151, 119, 132, 230, 149, 206, 63, 195, 234, 71, 71, 83, 33, 219, 68, 226, 53, 133, 152, 18, 44, 76, 42, 229, 1, 230, 147, 133, 74, 227, 109, 147, 196, 71, 35, 234, 18, 153, 50, 80, 79, 205, 65, 184, 12, 202, 25, 238, 182, 231, 152, 4, 97, 42, 193, 15, 164, 78, 8, 144, 24, 70, 78, 201, 34, 14, 1, 123, 220, 191, 225, 53, 184, 48, 95, 14, 206, 17, 0, 45, 198, 237, 246, 7, 92, 248, 86, 62, 36, 247, 95, 202, 121, 168, 100, 107, 76, 175, 228, 115, 91, 27, 80, 137, 244, 131, 200, 135, 52, 225, 239, 50, 135, 238, 223, 57, 75, 78, 31, 8, 84, 9, 225, 27, 180, 54, 242, 160, 35, 2, 3, 1, 0, 1, 2, 130, 1, 0, 87, 224, 1, 237, 28, 65, 243, 33, 4, 120, 185, 174, 111, 162, 251, 221, 165, 17, 183, 199, 254, 11, 41, 61, 168, 164, 219, 106, 80, 58, 2, 219, 220, 134, 76, 168, 15, 135, 3, 198, 170, 187, 146, 28, 122, 108, 169, 82, 177, 153, 122, 204, 22, 212, 204, 221, 133, 43, 48, 144, 51, 175, 247, 61, 51, 105, 229, 191, 225, 29, 225, 8, 236, 65, 125, 103, 250, 242, 12, 155, 157, 217, 239, 10, 211, 0, 197, 67, 197, 144, 151, 148, 179, 16, 40, 204, 193, 138, 231, 25, 189, 164, 169, 220, 119, 55, 238, 10, 46, 32, 94, 135, 215, 115, 228, 204, 65, 64, 59, 190, 252, 102, 135, 240, 29, 147, 253, 45, 133, 18, 123, 27, 171, 149, 217, 147, 162, 150, 55, 211, 247, 138, 176, 49, 154, 86, 188, 226, 134, 25, 133, 234, 40, 154, 146, 203, 50, 4, 84, 31, 122, 189, 0, 69, 135, 225, 20, 0, 183, 37, 191, 67, 78, 118, 202, 207, 157, 157, 198, 108, 137, 231, 147, 134, 75, 145, 130, 192, 225, 56, 43, 153, 32, 197, 221, 59, 233, 89, 163, 212, 27, 242, 179, 15, 189, 77, 82, 78, 100, 180, 142, 245, 237, 194, 174, 241, 87, 25, 175, 32, 56, 231, 152, 214, 217, 197, 56, 243, 70, 60, 77, 176, 29, 57, 43, 243, 78, 209, 104, 157, 248, 39, 63, 80, 56, 47, 149, 109, 12, 203, 159, 116, 163, 92, 96, 81, 2, 129, 129, 0, 253, 234, 23, 27, 184, 139, 77, 92, 246, 52, 151, 145, 48, 239, 89, 159, 119, 223, 130, 81, 104, 72, 209, 105, 237, 109, 162, 188, 184, 33, 80, 213, 85, 47, 113, 84, 185, 115, 5, 45, 155, 125, 88, 105, 213, 55, 92, 89, 155, 246, 182, 76, 94, 205, 184, 0, 127, 149, 215, 115, 155, 162, 169, 226, 248, 32, 155, 87, 72, 196, 217, 163, 140, 106, 185, 105, 48, 154, 31, 198, 38, 91, 51, 154, 163, 65, 177, 92, 28, 66, 213, 43, 101, 16, 233, 187, 224, 116, 141, 120, 2, 102, 132, 62, 188, 203, 21, 70, 167, 132, 230, 230, 114, 66, 64, 206, 124, 137, 225, 118, 42, 156, 145, 114, 106, 209, 72, 167, 2, 129, 129, 0, 223, 51, 163, 28, 226, 147, 154, 86, 163, 168, 185, 16, 78, 181, 149, 56, 12, 107, 41, 82, 18, 170, 131, 210, 103, 51, 110, 146, 196, 68, 210, 5, 115, 217, 122, 99, 197, 8, 125, 173, 160, 196, 114, 193, 189, 208, 140, 232, 153, 46, 153, 127, 155, 40, 145, 58, 213, 71, 147, 102, 206, 173, 246, 206, 179, 1, 231, 34, 248, 229, 121, 185, 71, 183, 205, 104, 166, 224, 213, 67, 115, 141, 245, 104, 248, 100, 160, 189, 218, 121, 37, 39, 34, 173, 15, 119, 101, 44, 193, 176, 2, 249, 35, 124, 0, 165, 16, 7, 110, 210, 16, 30, 147, 125, 179, 160, 99, 114, 26, 62, 149, 252, 113, 136, 194, 247, 224, 37, 2, 129, 128, 100, 246, 78, 199, 244, 2, 87, 249, 173, 224, 77, 160, 42, 208, 17, 87, 234, 103, 82, 63, 34, 115, 73, 233, 143, 193, 247, 98, 136, 232, 158, 102, 165, 95, 158, 245, 172, 99, 194, 220, 86, 166, 105, 160, 115, 106, 118, 235, 30, 171, 227, 226, 204, 19, 138, 165, 144, 21, 185, 188, 187, 86, 219, 172, 103, 51, 55, 241, 101, 250, 247, 251, 35, 27, 80, 172, 53, 234, 34, 214, 60, 108, 41, 65, 196, 198, 155, 74, 95, 230, 103, 50, 193, 22, 15, 138, 103, 254, 144, 61, 246, 222, 98, 153, 59, 162, 152, 204, 38, 82, 31, 41, 228, 166, 217, 116, 1, 107, 37, 222, 65, 165, 77, 228, 43, 251, 25, 163, 2, 129, 129, 0, 133, 58, 158, 95, 108, 131, 108, 121, 208, 192, 178, 142, 160, 92, 213, 16, 26, 161, 144, 141, 147, 228, 194, 64, 194, 39, 58, 22, 83, 31, 61, 57, 209, 247, 251, 141, 56, 28, 36, 96, 146, 121, 16, 130, 194, 217, 140, 114, 126, 149, 9, 60, 217, 17, 178, 246, 170, 62, 74, 38, 240, 177, 120, 131, 210, 232, 12, 222, 156, 48, 229, 162, 137, 195, 149, 209, 164, 226, 201, 137, 180, 157, 4, 226, 190, 121, 218, 84, 216, 230, 189, 29, 138, 30, 65, 0, 36, 157, 61, 147, 225, 130, 115, 2, 222, 163, 168, 88, 183, 118, 157, 246, 146, 85, 82, 246, 38, 198, 2, 18, 95, 150, 202, 242, 54, 102, 157, 29, 2, 129, 129, 0, 169, 126, 79, 164, 70, 238, 179, 136, 129, 238, 109, 233, 196, 68, 212, 221, 124, 182, 210, 19, 215, 225, 34, 169, 44, 245, 178, 223, 151, 9, 51, 222, 47, 2, 42, 38, 156, 205, 255, 237, 224, 37, 151, 32, 27, 69, 129, 199, 195, 248, 155, 85, 211, 144, 139, 87, 238, 70, 109, 95, 138, 162, 196, 90, 244, 103, 23, 158, 250, 218, 234, 156, 219, 24, 42, 221, 8, 116, 209, 0, 151, 223, 55, 122, 197, 36, 106, 230, 17, 233, 89, 81, 206, 131, 17, 196, 192, 109, 156, 195, 138, 98, 92, 93, 167, 199, 80, 204, 248, 125, 159, 218, 183, 26, 123, 128, 100, 189, 193, 59, 245, 242, 165, 223, 188, 109, 108, 160]), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['decrypt']),
]); Safari accepts all of them, Firefox accepts the first one and rejects the others with |
@twiss do you have valid keys for the different OIDs too? |
No, I don't, but I can try to find or make some |
I have id-RSASSA-PSS as well as id-ecDH, just need id-RSAES-OAEP |
OK. Could you post the ones you have, maybe? It might be easier to modify a PSS key to an OAEP one rather than create it from scratch (I can't find any example keys so far) |
Using the above script Firefox latest
Chromium latest (Chrome, Edge, Opera, ...)
Safari latest
Node.js latest (experimental impl)
Deno latest (WIP master as of now)
|
At least in Node.js if an import succeeds, export would use the same OID for that key. What comes in is what comes out. That is technically not conform with the current language but also not conform with "after #305". |
Thanks for the keys, and tests! Here are some RSA-OAEP keys with OID
I think that's reasonable behavior, but at the same time it's probably not reasonable to put that in the spec, as it would require us (and implementations) to store the way the key was originally encoded, which seems otherwise pointless. So, given all of the above I agree it would be reasonable to drop importing |
I wasn't thinking of putting this behaviour in the spec. I was merely making sure this pattern is pointed out. The Node.js implementation is still marked as experimental and as such we're able to make breaking changes rather quickly.
I agree. But it is worth pointing out that these key representations are correct in that they don't allow use of that key for other purposes. At the same time the ease of JWK export and subsequent dropping |
@jasnell does the CF Workers implementation also only support rsaEncryption and ecPublicKey OIDs? |
Yeah, I understand, and thanks for pointing it out. I was mostly trying to say that having two possible representations in the spec causes some complexity here indeed (and forcing the implementation to re-serialize, or not, is perhaps not desirable).
Yeah. The only situation where it might matter is when the key is encrypted using AES-KW, for example, and can't easily be changed. In that case I also agree the algorithm-specific OIDs are better, and it would've been nicer if all implementations used and supported them from the start. But at this point, I'm not sure if it's worth the effort to convince them to do so (and exporting the algorithm-specific OIDs would cause breakage, for now). |
@panva ... I don't know off the top of my head but I've made a note to check :-) |
Just an update to this, I've also tested importing
Since they're only correctly implemented in one implementation, and can't be relied upon to work (let alone enforce the usage specified in the OID) on the web in general, I would propose that we drop them as well. @lucacasonato, @kcheney1 and @dveditz, would you be OK with dropping support for importing these OIDs (and The main downside is that then you can't import a spki or pkcs1 key that's tightly bound to the algorithm and hash it can be used with (this might be relevant if you store encrypted keys for signing and encrypting on an untrusted server, for example, and the server can swap them without detection), but this is already the reality today, and jwk keys can be used instead (we can add a note in the spec to that effect). The checks for importing jwk keys are implemented correctly everywhere I tested, except for one case (when importing ECC keys in Firefox, the |
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This PR updates RSA key import/export to a state which is interoperable with other implementations. For RSA the only OID in and out is `rsaEncryption`. For EC the only OID in and out is `id-ecpublickey` (fixed in #16152). see w3c/webcrypto#307 (comment) see w3c/webcrypto#307 see w3c/webcrypto#305 see nodejs/node#42816
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: nodejs/node#42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
We should test importing RSA keys with OID
id-RSASSA-PSS
orid-RSAES-OAEP
, and ECDH keys with OIDid-ecDH
; both well-formed and malformed cases (e.g. RSA keys with these OIDs with missing or malformed paramers, as in #297).The text was updated successfully, but these errors were encountered: