It might be an implementation-defined behavior but WebKit doesn't throw when importing an elliptic curve key whose point (x, y) is not on the curve. For example, on Chrome, a DOM exception is thrown with the following code, while not on Safari: var jwkKey = { kty: "EC", use: "enc", ext: true, crv: "P-384", x: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", y: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", // (x, y) is not on the P-384 curve // y: "OPQLbvRDpocNk4FRQLUVRBbqiauWcnUn7cAC2uSOH6GpSLoTo6B-4LtHq0ydd-iu", // x and this y is on the curve }; var extractable = true; crypto.subtle.importKey("jwk", jwkKey, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]).then(function(result) { publicKey = result; });
<rdar://problem/80201774>