Open twiss opened 2 years ago
@twiss when you say "test", do you mean adding wpts or testing the existing implementations whether they actually support importing these OIDs? I'm happy to test this in the implementations but my gut tells me the browsers only support rsaEncryption
for RSA/RSA-PSS/RSA-OAEP and ecPublicKey
for ECDH/ECDSA.
Similar to #305 if we observe these OIDs are commonly not supported, should we suggest updating the language to only mention the two common OIDs? Or make their support optional so that users don't have the expectation of them being supported in every implementation.
I meant the former, but the latter is also a good question. I somewhat assumed that at least some implementations would support it, because I've seen some implementations accept broken keys with the algorithm-specific OIDs (with NULL parameters) in some cases, so I assumed they would accept well-formed keys (with the proper parameters) too. But it would be great if you could test this assumption indeed.
Here are some test cases with broken keys:
await Promise.allSettled([
crypto.subtle.importKey('spki', new Uint8Array([48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 10, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 176, 94, 197, 119, 0, 9, 176, 157, 182, 83, 98, 110, 116, 159, 12, 68, 229, 187, 156, 15, 25, 135, 178, 126, 31, 180, 227, 189, 109, 93, 237, 54, 143, 201, 48, 81, 82, 126, 125, 170, 91, 26, 51, 131, 42, 207, 218, 45, 139, 86, 113, 173, 7, 195, 230, 106, 74, 13, 7, 210, 77, 226, 85, 95, 99, 96, 55, 227, 182, 25, 10, 119, 85, 68, 101, 98, 38, 75, 127, 208, 219, 52, 93, 232, 228, 132, 6, 88, 246, 254, 105, 71, 162, 179, 241, 162, 99, 186, 13, 71, 241, 86, 47, 142, 125, 233, 255, 92, 94, 37, 168, 146, 108, 106, 242, 129, 127, 80, 231, 54, 33, 135, 197, 72, 220, 52, 147, 91, 68, 96, 164, 78, 103, 87, 244, 62, 20, 145, 202, 72, 111, 161, 145, 99, 122, 90, 106, 63, 42, 4, 196, 226, 67, 134, 213, 221, 250, 238, 145, 46, 243, 143, 59, 115, 168, 3, 21, 145, 58, 60, 210, 5, 154, 251, 199, 36, 70, 67, 224, 167, 165, 112, 204, 249, 88, 22, 40, 40, 233, 107, 216, 255, 176, 244, 230, 177, 232, 52, 7, 22, 105, 114, 155, 178, 201, 140, 145, 84, 96, 139, 66, 94, 69, 7, 166, 87, 245, 167, 92, 210, 218, 118, 187, 196, 170, 135, 120, 53, 119, 72, 39, 190, 46, 196, 38, 187, 189, 203, 67, 51, 81, 201, 214, 65, 126, 164, 70, 152, 168, 172, 119, 93, 213, 138, 208, 227, 2, 3, 1, 0, 1]), { name: 'RSA-PSS', hash: 'SHA-256' }, true, ['verify']),
crypto.subtle.importKey('pkcs8', new Uint8Array([48, 130, 4, 189, 2, 1, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 10, 5, 0, 4, 130, 4, 167, 48, 130, 4, 163, 2, 1, 0, 2, 130, 1, 1, 0, 176, 94, 197, 119, 0, 9, 176, 157, 182, 83, 98, 110, 116, 159, 12, 68, 229, 187, 156, 15, 25, 135, 178, 126, 31, 180, 227, 189, 109, 93, 237, 54, 143, 201, 48, 81, 82, 126, 125, 170, 91, 26, 51, 131, 42, 207, 218, 45, 139, 86, 113, 173, 7, 195, 230, 106, 74, 13, 7, 210, 77, 226, 85, 95, 99, 96, 55, 227, 182, 25, 10, 119, 85, 68, 101, 98, 38, 75, 127, 208, 219, 52, 93, 232, 228, 132, 6, 88, 246, 254, 105, 71, 162, 179, 241, 162, 99, 186, 13, 71, 241, 86, 47, 142, 125, 233, 255, 92, 94, 37, 168, 146, 108, 106, 242, 129, 127, 80, 231, 54, 33, 135, 197, 72, 220, 52, 147, 91, 68, 96, 164, 78, 103, 87, 244, 62, 20, 145, 202, 72, 111, 161, 145, 99, 122, 90, 106, 63, 42, 4, 196, 226, 67, 134, 213, 221, 250, 238, 145, 46, 243, 143, 59, 115, 168, 3, 21, 145, 58, 60, 210, 5, 154, 251, 199, 36, 70, 67, 224, 167, 165, 112, 204, 249, 88, 22, 40, 40, 233, 107, 216, 255, 176, 244, 230, 177, 232, 52, 7, 22, 105, 114, 155, 178, 201, 140, 145, 84, 96, 139, 66, 94, 69, 7, 166, 87, 245, 167, 92, 210, 218, 118, 187, 196, 170, 135, 120, 53, 119, 72, 39, 190, 46, 196, 38, 187, 189, 203, 67, 51, 81, 201, 214, 65, 126, 164, 70, 152, 168, 172, 119, 93, 213, 138, 208, 227, 2, 3, 1, 0, 1, 2, 130, 1, 0, 72, 158, 237, 61, 223, 149, 29, 213, 2, 162, 248, 239, 180, 51, 93, 16, 237, 107, 63, 137, 244, 32, 44, 189, 195, 254, 110, 155, 171, 241, 181, 223, 246, 122, 135, 219, 164, 85, 19, 23, 87, 37, 197, 186, 39, 161, 168, 27, 130, 185, 24, 91, 127, 204, 9, 15, 16, 232, 166, 164, 208, 142, 246, 74, 45, 152, 11, 203, 70, 74, 175, 69, 141, 165, 120, 253, 93, 249, 78, 106, 200, 39, 154, 215, 111, 104, 113, 88, 166, 115, 1, 20, 143, 8, 250, 224, 187, 161, 123, 32, 121, 93, 220, 125, 22, 153, 136, 29, 23, 98, 248, 51, 58, 83, 27, 1, 121, 83, 237, 176, 27, 68, 85, 86, 119, 221, 106, 34, 198, 81, 222, 242, 79, 42, 137, 210, 151, 126, 44, 200, 40, 253, 135, 122, 108, 186, 100, 58, 150, 227, 121, 181, 105, 61, 127, 227, 245, 136, 222, 83, 19, 144, 23, 98, 166, 164, 174, 100, 162, 243, 28, 56, 243, 26, 63, 197, 182, 137, 249, 150, 219, 232, 204, 161, 86, 66, 169, 29, 179, 101, 216, 46, 244, 3, 113, 53, 51, 30, 165, 23, 48, 106, 103, 122, 18, 171, 134, 243, 73, 32, 195, 159, 253, 88, 171, 44, 16, 222, 56, 246, 87, 29, 69, 98, 146, 98, 79, 141, 145, 49, 223, 144, 233, 245, 24, 38, 21, 253, 45, 3, 56, 163, 249, 70, 98, 166, 171, 117, 152, 243, 237, 139, 121, 145, 151, 169, 2, 129, 129, 0, 216, 228, 237, 147, 206, 117, 1, 50, 70, 30, 77, 53, 231, 14, 43, 201, 187, 214, 147, 179, 209, 110, 126, 101, 67, 134, 171, 222, 100, 222, 62, 166, 236, 170, 63, 157, 200, 249, 134, 81, 217, 32, 85, 38, 154, 119, 37, 11, 19, 201, 252, 46, 145, 253, 136, 134, 173, 85, 136, 217, 213, 125, 229, 144, 166, 71, 160, 64, 173, 244, 202, 119, 48, 129, 236, 145, 161, 166, 43, 143, 125, 8, 202, 193, 26, 217, 27, 140, 159, 98, 205, 167, 238, 176, 124, 83, 75, 113, 169, 80, 50, 183, 41, 236, 191, 168, 36, 80, 59, 90, 56, 37, 47, 72, 17, 45, 9, 57, 89, 46, 133, 120, 220, 186, 49, 9, 118, 45, 2, 129, 129, 0, 208, 43, 101, 123, 142, 130, 107, 251, 100, 49, 54, 37, 113, 88, 125, 59, 133, 19, 15, 89, 230, 100, 245, 33, 135, 123, 86, 187, 202, 49, 241, 220, 163, 237, 85, 34, 253, 32, 76, 136, 161, 254, 91, 49, 75, 232, 77, 92, 245, 69, 68, 171, 145, 184, 224, 68, 58, 250, 195, 86, 14, 35, 44, 241, 193, 254, 190, 203, 108, 169, 61, 97, 234, 10, 239, 89, 173, 49, 81, 105, 140, 173, 74, 243, 223, 187, 167, 22, 23, 154, 230, 88, 119, 86, 115, 129, 244, 218, 137, 26, 74, 171, 242, 19, 85, 97, 154, 111, 24, 30, 254, 4, 67, 42, 254, 205, 171, 82, 37, 158, 254, 104, 47, 53, 26, 21, 93, 79, 2, 129, 128, 11, 51, 223, 213, 135, 143, 97, 141, 112, 51, 182, 119, 55, 68, 243, 28, 11, 88, 172, 238, 87, 189, 230, 71, 98, 178, 125, 4, 18, 159, 172, 10, 193, 36, 149, 254, 151, 87, 212, 9, 60, 54, 192, 79, 43, 33, 70, 71, 137, 49, 32, 150, 99, 49, 254, 48, 62, 153, 177, 100, 214, 243, 22, 189, 94, 233, 74, 44, 173, 15, 124, 185, 165, 70, 192, 170, 80, 248, 29, 61, 223, 14, 106, 50, 137, 41, 119, 147, 206, 211, 178, 157, 158, 229, 124, 182, 108, 170, 37, 61, 160, 48, 247, 184, 99, 185, 210, 142, 86, 82, 117, 157, 238, 16, 65, 218, 218, 164, 28, 168, 27, 122, 191, 163, 218, 78, 139, 205, 2, 129, 128, 96, 55, 238, 204, 81, 110, 143, 34, 191, 136, 207, 146, 54, 245, 195, 204, 195, 17, 176, 66, 201, 111, 88, 174, 138, 196, 195, 174, 65, 35, 28, 187, 243, 57, 59, 228, 212, 67, 29, 156, 249, 227, 107, 155, 57, 142, 194, 83, 121, 58, 239, 38, 174, 80, 89, 184, 175, 218, 64, 119, 130, 73, 87, 248, 214, 198, 60, 194, 34, 19, 135, 191, 190, 66, 23, 167, 199, 153, 200, 27, 149, 94, 116, 10, 141, 27, 91, 123, 166, 165, 126, 90, 221, 174, 35, 237, 169, 147, 105, 83, 177, 184, 16, 72, 71, 106, 185, 203, 39, 199, 11, 122, 68, 225, 150, 172, 209, 199, 66, 132, 94, 235, 33, 6, 214, 107, 145, 153, 2, 129, 129, 0, 174, 40, 94, 12, 190, 3, 157, 254, 92, 138, 182, 205, 88, 120, 153, 192, 63, 182, 171, 11, 235, 30, 115, 54, 106, 216, 95, 65, 72, 189, 38, 11, 202, 201, 249, 110, 75, 55, 68, 20, 80, 186, 248, 150, 23, 5, 195, 5, 5, 15, 179, 161, 8, 83, 86, 187, 28, 228, 41, 103, 76, 48, 53, 122, 97, 19, 40, 214, 170, 60, 160, 51, 104, 72, 46, 22, 210, 110, 27, 119, 247, 133, 226, 112, 39, 146, 167, 41, 156, 54, 73, 6, 26, 198, 102, 67, 83, 244, 20, 47, 216, 74, 121, 47, 13, 118, 186, 146, 201, 19, 14, 218, 153, 207, 72, 233, 254, 140, 191, 111, 15, 25, 99, 13, 39, 8, 71, 175]), { name: 'RSA-PSS', hash: 'SHA-256' }, true, ['sign']),
crypto.subtle.importKey('spki', new Uint8Array([48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 7, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 221, 98, 33, 140, 115, 83, 88, 147, 196, 47, 75, 241, 134, 248, 177, 116, 220, 9, 5, 200, 152, 33, 155, 252, 81, 129, 205, 44, 117, 27, 255, 129, 183, 81, 40, 200, 183, 68, 89, 4, 105, 232, 220, 212, 74, 205, 61, 6, 209, 166, 186, 72, 123, 236, 191, 144, 179, 68, 155, 152, 253, 7, 155, 51, 166, 183, 3, 17, 114, 79, 26, 47, 63, 177, 174, 226, 238, 254, 203, 134, 120, 79, 83, 122, 67, 98, 221, 38, 38, 188, 184, 49, 179, 225, 45, 86, 3, 47, 97, 85, 23, 98, 199, 18, 105, 187, 233, 230, 5, 147, 72, 226, 41, 144, 174, 198, 105, 107, 135, 239, 19, 62, 116, 17, 196, 143, 240, 151, 119, 132, 230, 149, 206, 63, 195, 234, 71, 71, 83, 33, 219, 68, 226, 53, 133, 152, 18, 44, 76, 42, 229, 1, 230, 147, 133, 74, 227, 109, 147, 196, 71, 35, 234, 18, 153, 50, 80, 79, 205, 65, 184, 12, 202, 25, 238, 182, 231, 152, 4, 97, 42, 193, 15, 164, 78, 8, 144, 24, 70, 78, 201, 34, 14, 1, 123, 220, 191, 225, 53, 184, 48, 95, 14, 206, 17, 0, 45, 198, 237, 246, 7, 92, 248, 86, 62, 36, 247, 95, 202, 121, 168, 100, 107, 76, 175, 228, 115, 91, 27, 80, 137, 244, 131, 200, 135, 52, 225, 239, 50, 135, 238, 223, 57, 75, 78, 31, 8, 84, 9, 225, 27, 180, 54, 242, 160, 35, 2, 3, 1, 0, 1]), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['encrypt']),
crypto.subtle.importKey('pkcs8', new Uint8Array([48, 130, 4, 190, 2, 1, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 7, 5, 0, 4, 130, 4, 168, 48, 130, 4, 164, 2, 1, 0, 2, 130, 1, 1, 0, 221, 98, 33, 140, 115, 83, 88, 147, 196, 47, 75, 241, 134, 248, 177, 116, 220, 9, 5, 200, 152, 33, 155, 252, 81, 129, 205, 44, 117, 27, 255, 129, 183, 81, 40, 200, 183, 68, 89, 4, 105, 232, 220, 212, 74, 205, 61, 6, 209, 166, 186, 72, 123, 236, 191, 144, 179, 68, 155, 152, 253, 7, 155, 51, 166, 183, 3, 17, 114, 79, 26, 47, 63, 177, 174, 226, 238, 254, 203, 134, 120, 79, 83, 122, 67, 98, 221, 38, 38, 188, 184, 49, 179, 225, 45, 86, 3, 47, 97, 85, 23, 98, 199, 18, 105, 187, 233, 230, 5, 147, 72, 226, 41, 144, 174, 198, 105, 107, 135, 239, 19, 62, 116, 17, 196, 143, 240, 151, 119, 132, 230, 149, 206, 63, 195, 234, 71, 71, 83, 33, 219, 68, 226, 53, 133, 152, 18, 44, 76, 42, 229, 1, 230, 147, 133, 74, 227, 109, 147, 196, 71, 35, 234, 18, 153, 50, 80, 79, 205, 65, 184, 12, 202, 25, 238, 182, 231, 152, 4, 97, 42, 193, 15, 164, 78, 8, 144, 24, 70, 78, 201, 34, 14, 1, 123, 220, 191, 225, 53, 184, 48, 95, 14, 206, 17, 0, 45, 198, 237, 246, 7, 92, 248, 86, 62, 36, 247, 95, 202, 121, 168, 100, 107, 76, 175, 228, 115, 91, 27, 80, 137, 244, 131, 200, 135, 52, 225, 239, 50, 135, 238, 223, 57, 75, 78, 31, 8, 84, 9, 225, 27, 180, 54, 242, 160, 35, 2, 3, 1, 0, 1, 2, 130, 1, 0, 87, 224, 1, 237, 28, 65, 243, 33, 4, 120, 185, 174, 111, 162, 251, 221, 165, 17, 183, 199, 254, 11, 41, 61, 168, 164, 219, 106, 80, 58, 2, 219, 220, 134, 76, 168, 15, 135, 3, 198, 170, 187, 146, 28, 122, 108, 169, 82, 177, 153, 122, 204, 22, 212, 204, 221, 133, 43, 48, 144, 51, 175, 247, 61, 51, 105, 229, 191, 225, 29, 225, 8, 236, 65, 125, 103, 250, 242, 12, 155, 157, 217, 239, 10, 211, 0, 197, 67, 197, 144, 151, 148, 179, 16, 40, 204, 193, 138, 231, 25, 189, 164, 169, 220, 119, 55, 238, 10, 46, 32, 94, 135, 215, 115, 228, 204, 65, 64, 59, 190, 252, 102, 135, 240, 29, 147, 253, 45, 133, 18, 123, 27, 171, 149, 217, 147, 162, 150, 55, 211, 247, 138, 176, 49, 154, 86, 188, 226, 134, 25, 133, 234, 40, 154, 146, 203, 50, 4, 84, 31, 122, 189, 0, 69, 135, 225, 20, 0, 183, 37, 191, 67, 78, 118, 202, 207, 157, 157, 198, 108, 137, 231, 147, 134, 75, 145, 130, 192, 225, 56, 43, 153, 32, 197, 221, 59, 233, 89, 163, 212, 27, 242, 179, 15, 189, 77, 82, 78, 100, 180, 142, 245, 237, 194, 174, 241, 87, 25, 175, 32, 56, 231, 152, 214, 217, 197, 56, 243, 70, 60, 77, 176, 29, 57, 43, 243, 78, 209, 104, 157, 248, 39, 63, 80, 56, 47, 149, 109, 12, 203, 159, 116, 163, 92, 96, 81, 2, 129, 129, 0, 253, 234, 23, 27, 184, 139, 77, 92, 246, 52, 151, 145, 48, 239, 89, 159, 119, 223, 130, 81, 104, 72, 209, 105, 237, 109, 162, 188, 184, 33, 80, 213, 85, 47, 113, 84, 185, 115, 5, 45, 155, 125, 88, 105, 213, 55, 92, 89, 155, 246, 182, 76, 94, 205, 184, 0, 127, 149, 215, 115, 155, 162, 169, 226, 248, 32, 155, 87, 72, 196, 217, 163, 140, 106, 185, 105, 48, 154, 31, 198, 38, 91, 51, 154, 163, 65, 177, 92, 28, 66, 213, 43, 101, 16, 233, 187, 224, 116, 141, 120, 2, 102, 132, 62, 188, 203, 21, 70, 167, 132, 230, 230, 114, 66, 64, 206, 124, 137, 225, 118, 42, 156, 145, 114, 106, 209, 72, 167, 2, 129, 129, 0, 223, 51, 163, 28, 226, 147, 154, 86, 163, 168, 185, 16, 78, 181, 149, 56, 12, 107, 41, 82, 18, 170, 131, 210, 103, 51, 110, 146, 196, 68, 210, 5, 115, 217, 122, 99, 197, 8, 125, 173, 160, 196, 114, 193, 189, 208, 140, 232, 153, 46, 153, 127, 155, 40, 145, 58, 213, 71, 147, 102, 206, 173, 246, 206, 179, 1, 231, 34, 248, 229, 121, 185, 71, 183, 205, 104, 166, 224, 213, 67, 115, 141, 245, 104, 248, 100, 160, 189, 218, 121, 37, 39, 34, 173, 15, 119, 101, 44, 193, 176, 2, 249, 35, 124, 0, 165, 16, 7, 110, 210, 16, 30, 147, 125, 179, 160, 99, 114, 26, 62, 149, 252, 113, 136, 194, 247, 224, 37, 2, 129, 128, 100, 246, 78, 199, 244, 2, 87, 249, 173, 224, 77, 160, 42, 208, 17, 87, 234, 103, 82, 63, 34, 115, 73, 233, 143, 193, 247, 98, 136, 232, 158, 102, 165, 95, 158, 245, 172, 99, 194, 220, 86, 166, 105, 160, 115, 106, 118, 235, 30, 171, 227, 226, 204, 19, 138, 165, 144, 21, 185, 188, 187, 86, 219, 172, 103, 51, 55, 241, 101, 250, 247, 251, 35, 27, 80, 172, 53, 234, 34, 214, 60, 108, 41, 65, 196, 198, 155, 74, 95, 230, 103, 50, 193, 22, 15, 138, 103, 254, 144, 61, 246, 222, 98, 153, 59, 162, 152, 204, 38, 82, 31, 41, 228, 166, 217, 116, 1, 107, 37, 222, 65, 165, 77, 228, 43, 251, 25, 163, 2, 129, 129, 0, 133, 58, 158, 95, 108, 131, 108, 121, 208, 192, 178, 142, 160, 92, 213, 16, 26, 161, 144, 141, 147, 228, 194, 64, 194, 39, 58, 22, 83, 31, 61, 57, 209, 247, 251, 141, 56, 28, 36, 96, 146, 121, 16, 130, 194, 217, 140, 114, 126, 149, 9, 60, 217, 17, 178, 246, 170, 62, 74, 38, 240, 177, 120, 131, 210, 232, 12, 222, 156, 48, 229, 162, 137, 195, 149, 209, 164, 226, 201, 137, 180, 157, 4, 226, 190, 121, 218, 84, 216, 230, 189, 29, 138, 30, 65, 0, 36, 157, 61, 147, 225, 130, 115, 2, 222, 163, 168, 88, 183, 118, 157, 246, 146, 85, 82, 246, 38, 198, 2, 18, 95, 150, 202, 242, 54, 102, 157, 29, 2, 129, 129, 0, 169, 126, 79, 164, 70, 238, 179, 136, 129, 238, 109, 233, 196, 68, 212, 221, 124, 182, 210, 19, 215, 225, 34, 169, 44, 245, 178, 223, 151, 9, 51, 222, 47, 2, 42, 38, 156, 205, 255, 237, 224, 37, 151, 32, 27, 69, 129, 199, 195, 248, 155, 85, 211, 144, 139, 87, 238, 70, 109, 95, 138, 162, 196, 90, 244, 103, 23, 158, 250, 218, 234, 156, 219, 24, 42, 221, 8, 116, 209, 0, 151, 223, 55, 122, 197, 36, 106, 230, 17, 233, 89, 81, 206, 131, 17, 196, 192, 109, 156, 195, 138, 98, 92, 93, 167, 199, 80, 204, 248, 125, 159, 218, 183, 26, 123, 128, 100, 189, 193, 59, 245, 242, 165, 223, 188, 109, 108, 160]), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['decrypt']),
]);
Safari accepts all of them, Firefox accepts the first one and rejects the others with DataError
, Chrome rejects all of them with DataError
(as it should).
@twiss do you have valid keys for the different OIDs too?
No, I don't, but I can try to find or make some
I have id-RSASSA-PSS as well as id-ecDH, just need id-RSAES-OAEP
OK. Could you post the ones you have, maybe? It might be easier to modify a PSS key to an OAEP one rather than create it from scratch (I can't find any example keys so far)
Using the above script
Firefox latest
spki id-RSASSA-PSS import ✅ success
pkcs8 id-RSASSA-PSS import ❌ fail DataError
spki id-ecDH import ❌ fail DataError
pkcs8 id-ecDH import ❌ fail DataError
Chromium latest (Chrome, Edge, Opera, ...)
spki id-RSASSA-PSS import ❌ fail DataError
pkcs8 id-RSASSA-PSS import ❌ fail DataError
spki id-ecDH import ❌ fail DataError
pkcs8 id-ecDH import ❌ fail DataError
https://www.chromium.org/blink/webcrypto
When importing/exporting "spki" and "pkcs8" formats, the only OIDs supported by Chromiumare those recognized by OpenSSL/BoringSSL.
Importing ECDH keys does not accept id-ecDH. The OID must instead be id-ecPublicKey (This can cause problems importing keys generated by Firefox; use "raw" EC keys as a workaround; Chromium in this case is not spec compliant)
Importing RSA-PSS keys does not accept id-RSASSA-PSS. The OID must instead be rsaEncryption
Importing RSA-OAEP keys does not accept id-RSAES-OAEP. The OID must instead be rsaEncryption.
Exporting ECDH keys uses OID id-ecPublicKey, whereas the WebCrypto spec says to use id-ecDH.
Exporting RSA-PSS keys uses OID rsaEncryption, whereas the WebCrypto spec says to use RSA-PSS.
Exporting RSA-OAEP keys uses OID rsaEncryption, whereas the WebCrypto spec says to use id-RSAES-OAEP.
Safari latest
spki id-RSASSA-PSS import ❌ fail DataError
pkcs8 id-RSASSA-PSS import ❌ fail DataError
spki id-ecDH import ❌ fail DataError
pkcs8 id-ecDH import ❌ fail DataError
Node.js latest (experimental impl)
spki id-RSASSA-PSS import ✅ success
pkcs8 id-RSASSA-PSS import ✅ success
spki id-ecDH import ❌ fail Error
pkcs8 id-ecDH import ❌ fail Error
https://github.com/nodejs/node/issues/39959
Deno latest (WIP master as of now)
spki id-RSASSA-PSS import ✅ success
pkcs8 id-RSASSA-PSS import ✅ success
spki id-ecDH import ❌ fail NotSupportedError
pkcs8 id-ecDH import ❌ fail NotSupportedError
At least in Node.js if an import succeeds, export would use the same OID for that key. What comes in is what comes out. That is technically not conform with the current language but also not conform with "after #305".
Thanks for the keys, and tests! Here are some RSA-OAEP keys with OID id-RSAES-OAEP
and valid (I think) RSAES-OAEP-params
; adapted from the RSA-PSS keys. However, none of the browsers accept them. Though, Firefox does accept the public key (for all RSA algorithms, including RSA-OAEP) if I change the OID to id-RSASSA-PSS
(and also accepts them if the hashes in the parameters don't match). So, my theory is that
id-RSASSA-PSS
as a "synonym" to rsaEncryption
for public keys, and ignores the parametersid-RSASSA-PSS
and id-RSAES-OAEP
as synonyms to rsaEncryption
for public and private keys, but requires the parameters to be NULLAt least in Node.js if an import succeeds, export would use the same OID for that key. What comes in is what comes out. That is technically not conform with the current language but also not conform with "after #305".
I think that's reasonable behavior, but at the same time it's probably not reasonable to put that in the spec, as it would require us (and implementations) to store the way the key was originally encoded, which seems otherwise pointless.
So, given all of the above I agree it would be reasonable to drop importing id-RSASSA-PSS
, id-RSAES-OAEP
and id-ecDH
keys, and have only one possible representation in the spec. The latter two are already not supported anywhere, the only breaking change (I think) would be Firefox which (accidentally?) allows importing valid id-RSASSA-PSS
public keys - but even Firefox doesn't actually implement the full steps to import, and doesn't check the RSASSA-PSS-params
- so they might also be happier with dropping this entirely. Perhaps @dveditz do you have an opinion?
I think that's reasonable behavior, but at the same time it's probably not reasonable to put that in the spec, as it would require us (and implementations) to store the way the key was originally encoded, which seems otherwise pointless.
I wasn't thinking of putting this behaviour in the spec. I was merely making sure this pattern is pointed out.
The Node.js implementation is still marked as experimental and as such we're able to make breaking changes rather quickly.
So, given all of the above I agree it would be reasonable to drop importing id-RSASSA-PSS, id-RSAES-OAEP and id-ecDH keys, and have only one possible representation in the spec.
I agree. But it is worth pointing out that these key representations are correct in that they don't allow use of that key for other purposes. At the same time the ease of JWK export and subsequent dropping alg
, use
, key_ops
, etc makes this a moot point if the key is exportable. It is also relatively easy to change the OID, drop the params and treat keys as rsaEncryption
applicable to all RSA algorithms when importing anyway.
@jasnell does the CF Workers implementation also only support rsaEncryption and ecPublicKey OIDs?
I wasn't thinking of putting this behaviour in the spec. I was merely making sure this pattern is pointed out.
Yeah, I understand, and thanks for pointing it out. I was mostly trying to say that having two possible representations in the spec causes some complexity here indeed (and forcing the implementation to re-serialize, or not, is perhaps not desirable).
I agree. But it is worth pointing out that these key representations are correct in that they don't allow use of that key for other purposes. At the same time the ease of JWK export and subsequent dropping
alg
,use
,key_ops
, etc makes this a moot point if the key is exportable. It is also relatively easy to change the OID, drop the params and treat keys asrsaEncryption
applicable to all RSA algorithms when importing anyway.
Yeah. The only situation where it might matter is when the key is encrypted using AES-KW, for example, and can't easily be changed. In that case I also agree the algorithm-specific OIDs are better, and it would've been nicer if all implementations used and supported them from the start. But at this point, I'm not sure if it's worth the effort to convince them to do so (and exporting the algorithm-specific OIDs would cause breakage, for now).
@panva ... I don't know off the top of my head but I've made a note to check :-)
Just an update to this, I've also tested importing RSASSA-PKCS1-v1_5
keys with sha1WithRSAEncryption
, sha256WithRSAEncryption
, sha384WithRSAEncryption
or sha512WithRSAEncryption
OIDs instead of rsaEncryption
. The results are:
Since they're only correctly implemented in one implementation, and can't be relied upon to work (let alone enforce the usage specified in the OID) on the web in general, I would propose that we drop them as well.
@lucacasonato, @kcheney1 and @dveditz, would you be OK with dropping support for importing these OIDs (and id-RSASSA-PSS
, id-RSAES-OAEP
and id-ecDH
) from the spec (and only support rsaEncryption
and id-ecPublicKey
, as most implementations do)?
The main downside is that then you can't import a spki or pkcs1 key that's tightly bound to the algorithm and hash it can be used with (this might be relevant if you store encrypted keys for signing and encrypting on an untrusted server, for example, and the server can swap them without detection), but this is already the reality today, and jwk keys can be used instead (we can add a note in the spec to that effect). The checks for importing jwk keys are implemented correctly everywhere I tested, except for one case (when importing ECC keys in Firefox, the crv
in the jwk key is not checked against the namedCurve
in the algorithm identifier, and the former is used. I'll open an issue for that. Edit: https://bugzilla.mozilla.org/show_bug.cgi?id=1760806).
We should test importing RSA keys with OID
id-RSASSA-PSS
orid-RSAES-OAEP
, and ECDH keys with OIDid-ecDH
; both well-formed and malformed cases (e.g. RSA keys with these OIDs with missing or malformed paramers, as in #297).