-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebCryptoAPI EC key SPKI export does not always use uncompressed point format #45859
Comments
@tniessen and I tried to find a way of ensuring EC keys use uncompressed point format upon export but short of some very brute and inefficient JS hacks using the Web Crypto API itself we didn't find a way. |
@jasnell do you have any ideas on how to resolve this issue in either the |
cc @nodejs/crypto |
To clarify, it's certainly possible in C++ but it requires some refactoring because the internal code passes |
I think that if we can identify the KeyObjectData is using compressed point then creating a temporary copy for the spki export in this edge-case would be okay? |
This is about Seems like that should be a trivial fix in |
It's just that the existing functionality works with ec point and the key representation we have is ec key. If you see an obvious way to do this, great! |
The WebCrypto spec apparently mandates that EC keys must be exported in uncompressed point format. This commit makes it so. Fixes: nodejs#45859
#46021. It's admittedly not very elegant but oh well. |
The WebCrypto spec apparently mandates that EC keys must be exported in uncompressed point format. This commit makes it so. Fixes: nodejs#45859
The WebCrypto spec apparently mandates that EC keys must be exported in uncompressed point format. This commit makes it so. Fixes: nodejs#45859
Only that one :) Thanks for working on this. |
Our WebCryptoAPI implementation supports import of compressed point format EC keys in both
raw
, andspki
forms. That is an optional to implement part of the API.The specification however requires that when keys are exported they unconditionally use the uncompressed point format. This is currently not the case in Node.js when compressed point
spki
was used to import the CryptoKey.The following script demonstrates the issue.
Script
I'm opening this issue so that I have an issue tracker link to add to the WPT status file once it gets updated.
The text was updated successfully, but these errors were encountered: