search

ucan-wg / ts-ucan

Auth tokens for a distributed, user-controlled world
https://www.npmjs.com/package/ucans
Apache License 2.0
97 stars 11 forks source link

Cannot export keys with p256 plugin #108

Open kshinn opened 4 months ago

kshinn commented 4 months ago

Context

I'm trying to use the EcdsaKeyPair as a utility to generate a stable keypair. For testing purposes I'm:

  1. Creating a keypair with exportable = true
  2. Exporting that keypair
  3. Loading the private key so I have a stable key to reuse across tests / experiments

This works fine using the EdKeypair, but fails with "key is not extractable" when using the p256 plugin.

I believe the problem is that, when creating a new key, the static method does not allow you to specify exportable and hardcodes the extraction parameter to "false" when creating the key.

I have a PR that addresses this issue that I will reference here.

kshinn commented 4 months ago

On further inspection it could be that I'm misunderstanding the use of the methods on this class. With the provided fix, I can successfully export the key, however it exports it in pkcs8 format. There doesn't seem to be a symmetrical way to import this key material. The import function uses the jwk format instead of a raw format. In order to make this change useful, we would need to also add an importFromRaw type of method to this class. This may start to diverge from the original intent of these classes. Happy to add if it makes sense.