Cannot export RSA-OAEP key on iOS 10 Safari

[doraemondrian]

I took the same example over at https://github.com/PeculiarVentures/webcrypto-liner/issues/50 and just switched the AES-GCM algorithm to RSA-OAEP, and that seems to break the example.

By the way I can confirm that the original example (after the fix at https://github.com/PeculiarVentures/webcrypto-liner/issues/50#issuecomment-363374774) works just fine.

It just doesn't work for RSA-OAEP export.

Here's the code (Pretty much the same, except I'm trying to export an RSA key)

<HTML>
<head>
    <meta charset="UTF-8">
    <title>WebCrypto Liner</title>
    <script src="https://microshine.github.io/test-webcrypto/webcrypto-liner.shim.js"></script>
    <script src="https://microshine.github.io/test-webcrypto/asmcrypto.min.js"></script>
</head>

<body>
    <script>
        function test2() {
            crypto.subtle.generateKey(
              {
                name: "RSA-OAEP",
                modulusLength: 2048,
                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
                hash: {name: "SHA-256"},
              },
              true,
              ["encrypt", "decrypt"]
            ).then(function(key) {
              console.log("key = ", key);
              return crypto.subtle.exportKey("jwk", key.publicKey)
            }).catch(function (err) {
                console.error("Y3 error: ", err);
                write_debug("Y3 error: " + err);
            }).then(function (keydata) {
                console.log("Y4");
                write_debug("Y4");
            })
        }
        function write_debug(txt) {
            var div = document.createElement("div");
            document.body.appendChild(div);
            div.innerHTML = txt;
        }
        test2();
    </script>
</BODY>
</HTML>

I get an "Y3 error: Error: Cannot export native CryptoKey from JS implementation".

I'm using iOS 10 safari on an iPad. (It works fine on other browsers)

[microshine]

This is because Safari can generate RSA-OAEP but have error on exportKey I added alert on error in native exportKey. Here is screen with error message.

We can replace native generateKey for RSA-OAEP and use JS implementation for it. @rmhrisk What do you think about it?

[rmhrisk]

If I understand correctly the issue is Safari, or this version, does not allow exporting if the public key for RSA-OAEP?

This seems pretty fundamental, isn’t there a a chance we have to make this call in a different way in the case if Safari?

Does WebCrypto-tests have the same behavior?

[rmhrisk]

Sounds like Safari 11 works but this version does not.

If so then yes using JS is the right solution but only for those older than 11.

[doraemondrian]

Yes, I can confirm it works on iOS 11

In fact the reason I started researching an alternative to the native WebCrypto api in the first place was because my app which works perfectly fine on iOS 11 suddenly stopped working on iOS 10.

This meant I can't use native webcrypto for exporting, so I started looking and i came across this project.

[microshine]

@doraemondrian Can you try https://microshine.github.io/test-webcrypto/ on Safari v10 and v11? I uploaded test lib with alert dialogs in it

[doraemondrian]

@microshine here it is:

iOS 10 on iPad

• RSA-OAEP JS
• Throws an error

iOS 11 on iPhone

• RSA-OAEP native
• Works

[microshine]

@doraemondrian Type error is from exportKey because CryptoKey is not native. It's ok

I'll update importKey for RSA-OAEP and publish new version

[doraemondrian]

Thanks! Looking forward to it!

[microshine]

I published v0.1.34

[doraemondrian]

Just checked and looks like it's working, thank you!