panva
commented
2 years ago The keys in appendix-B.1.1 are in PKCS1, which isn't accepted by webcrypto at all. Recommend using rsaEncryption OID PKCS8 and SPKI PEM or JWK if they ought to be imported as CryptoKey reliably.
The private key in appendix-B.1.2 is 1.2.840.113549.1.1.10 (id-RSASSA-PSS). WebCryptoAPI implementations only generally accept 1.2.840.113549.1.1.1 (rsaEncryption) keys. Recommend using rsaEncryption OID PKCS8 PEM or JWK if they ought to be imported as CryptoKey reliably.
The private key in appendix-B.1.3 is in SEC1 format, which isn't accepted by webcrypto at all. Recommend using id-ecPublicKey OID PKCS8 PEM or JWK if they ought to be imported as CryptoKey reliably.
The keys in appendix-B.1.4 are fine but currently only Node.js and Deno runtimes implement Ed25519 as per Secure Curves in the Web Cryptography API.
Hope this helps inform the WG. I would propose to keep the PEM keys as is and add their JWK representation.
The HTTP WG's draft-ietf-httpbis-message-signatures-13 is in final call. It is publishing the keys it is using in its examples in PEM format.
I am having a particular problem loading the Appendix B.1.2 Example RSA PSS Key with the WebCrypto API. I adapted the import-key example from MDN and attached it here as import-key.zip. The adaptation consists of adding two more keys to the import example giving us a total of three keys:
I have opened this as https://github.com/httpwg/http-extensions/issues/2290 .
I prefer the JWK formats as there is no hiding of the data in magical difficult to read formats. But if they are to use PEM can I point them to something that explains what format those PEMs need to have and why the given key (that I have no problem loading in the JVM) does not function with the webcrypto api? Having keys in the spec that load nicely into the browser using the WebCrypto API would help implementers test their code and explain problems by pointing to the spec without needing layers of transformations that may be difficult to explain.