Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto.subtle.importKey fails to import ECDSA PKCS8 data that only has a private key #52359

Closed
sliftist opened this issue Apr 4, 2024 · 2 comments
Closed

crypto.subtle.importKey fails to import ECDSA PKCS8 data that only has a private key #52359

sliftist opened this issue Apr 4, 2024 · 2 comments
Labels
crypto Issues and PRs related to the crypto subsystem. webcrypto

Comments

@sliftist
Copy link

sliftist commented Apr 4, 2024

Version

v18.16.0

Platform

MSYS_NT-10.0-22621

Subsystem

No response

What steps will reproduce the bug?

A private key without the public key fails to decode (taken from https://datatracker.ietf.org/doc/html/rfc8410#section-10.3)

var data = Uint8Array.from(atob("MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC"), c => c.charCodeAt(0));
crypto.subtle.importKey("pkcs8", data, { name: "ECDSA", namedCurve: "P-256" }, false, ["sign"]);

This appears to be a valid private key, as seen here: https://lapo.it/asn1js/#MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp-K06_nwoy_HU--CXqI9EdVhC .

How often does it reproduce? Is there a required condition?

Every time.

What is the expected behavior? Why is that the expected behavior?

ED25519 private keys are sufficient to sign payloads.

What do you see instead?

An error, Invalid key type.

Additional information

This might be an OpenSSL issue instead. I am not familiar enough with the code to trace down the exact source of the error. However, apparently OpenSSL has no issue generating public ED25519 keys from private keys (https://stackoverflow.com/questions/72151697/generating-public-ed25519-key-with-openssl), so it does appear that OpenSSL provides the functionality in some form or another.
@panva
Copy link
Member

panva commented Apr 4, 2024
edited
Loading

Ed25519 is not P-256. See the updated code that works.

var data = Uint8Array.from(
  atob("MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC"),
  (c) => c.charCodeAt(0)
);
await crypto.subtle.importKey("pkcs8", data, "Ed25519", false, ["sign"]);

CryptoKey {
  type: 'private',
  extractable: false,
  algorithm: { name: 'Ed25519' },
  usages: [ 'sign' ]
}

Refs:

These curves are experimental in Node's implementation of WebCryptoAPI until they get merged into the main webcrypto spec and further adopted by more runtimes.

@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto labels Apr 4, 2024
@sliftist
Copy link
Author

sliftist commented Apr 4, 2024

@panva , thank you, you have no idea how helpful this information is! Closing, as it appears there is no bug.

@sliftist sliftist closed this as completed Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. webcrypto
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@panva @sliftist