search

PeculiarVentures / webcrypto

A WebCrypto Polyfill for NodeJS
MIT License
185 stars 23 forks source link

RSA Public Key re-export results in malformed buffer #56

Closed WorldThirteen closed 2 years ago

WorldThirteen commented 2 years ago

When @peculiar/webcrypto is used as a crypto engine, RSA public key re-export result is invalid.

Here is a sample code:

import { Crypto } from '@peculiar/webcrypto';

const crypto = new Crypto();

const algorithm = {
  name: 'RSASSA-PKCS1-v1_5',
  hash: 'SHA-256',
  publicExponent: new Uint8Array([1, 0, 1]),
  modulusLength: 2048,
};
const keys = await crypto.subtle.generateKey(algorithm, true, ['sign', 'verify'])

const cryptoKeyBuffer = await crypto.subtle.exportKey('spki', keys.publicKey);
console.log(cryptoKeyBuffer.byteLength); // will log 294

const reImportedKey = await crypto.subtle.importKey('spki', cryptoKeyBuffer, algorithm, true, ['verify']);
const reExportedKey = await crypto.subtle.exportKey('spki', reImportedKey);

console.log(reExportedKey.byteLength); // will log 22, invalid bytelength.

The same code for WebCrypto in browser implementation or WebCrypto in the node will result in a valid re-exported buffer with the same length and ability to import/export countless times.

microshine commented 2 years ago

I can't reproduce this issue. I've tried to run this scrip using TS and JS implementations. No success.

I need more information about it. OS version, NodeJS version, module and dependencies versions

WorldThirteen commented 2 years ago

I found that my example was invalid (the latest console log should use another variable). I have edited the initial comment.

Environments where it was possible to reproduce:

Dependencies tree (cure related to webcrypto) ``` npm ls @peculiar/webcrypto @peculiar/asn1-schema @peculiar/json-schema pvtsutils tslib webcrypto-core ├─┬ @peculiar/asn1-schema@2.3.0 │ ├─┬ asn1js@3.0.5 │ │ ├── pvtsutils@1.3.2 deduped │ │ └── tslib@2.4.0 deduped │ ├── pvtsutils@1.3.2 deduped │ └── tslib@2.4.0 ├─┬ @peculiar/webcrypto@1.1.7 │ ├── @peculiar/asn1-schema@2.3.0 deduped │ ├─┬ @peculiar/json-schema@1.1.12 │ │ └── tslib@2.2.0 │ ├── pvtsutils@1.3.2 deduped │ ├── tslib@2.2.0 │ └─┬ webcrypto-core@1.2.0 │ ├── @peculiar/asn1-schema@2.3.0 deduped │ ├── @peculiar/json-schema@1.1.12 deduped │ ├── pvtsutils@1.3.2 deduped │ └── tslib@2.2.0 └── tslib@1.14.1 ```

I've noticed that I have used not the most recent version, so I've updated it to the latest and the issue is gone. Seems it was a dependency tree issue, but in such a case, I would like to receive an expectation instead of an invalid buffer.

Since the issue is not reproducible with the latest version and clear dependency tree, closing.