wrapKey permission is not sufficient in iOS Safari to wrap a key

[borisreitman]

The wrapping_key in this code has a "wrapKey" permission. However, this gave an error when I tired to used it. But, when the wrapping key also has an "encrypt" permission, there is no error.

The "wrapKey" permission should be sufficient, and it works in other browsers.

crypto.subtle.wrapKey(
  "jwk",
  key,
  wrapping_key, //the AES-GCM key with "wrapKey" usage flag
  {  
    name: "AES-GCM",
    iv: nonce,
    tagLength: 128
  }
)

[microshine]

This is because wrapKey = exportKey + encrypt https://github.com/PeculiarVentures/webcrypto-liner/blob/master/src/rsa/crypto.ts#L246

I'm not sure there is another way to resolve it. I think the best way is to use wrapKey usage with encrypt, and unwrapKey usage with decrypt

[borisreitman]

So, how come it works in Chrome with just wrapKey without decrypt ? Is this non-standard ?

[FalconIA]

Same question.

When I user RSA-OAEP, got a error of "CryptoKey has wrong key usage. Must be 'encrypt'".

[microshine]

@borisreitman webcrypto-liner uses native Crypto if it's possible. This is why it doesn't throw error on wrapKey without encrypt key usage

[microshine]

@FalconIA this is source code for RSA wrapKey https://github.com/PeculiarVentures/webcrypto-liner/blob/master/src/rsa/crypto.ts#L230-L248

As I told before wrapKey = exportKey + encrypt. This is main problem for encrypt key usage error. I've got some ideas how to fix it. I'll do it soon

[microshine]

@FalconIA @borisreitman I published new version of webcrypto-liner. Can you check it?