When importing RSA JWKs I'm seeing an issue with export on iOS 14 that did not exist on iOS 12 and iOS 13. I'm experiencing this through real device testing on the BrowserStack platform. The issue is that if re-exported, the exported JWK does not sometimes match the imported one. The snippet below works fine on iOS 12 and 13, but fails on iOS 14 Mobile Safari 14.0.2 (iOS 14.3). ```js const jwk = { kty: "RSA", n: "w1MQU2ERHuPd_BJAJEHqI2UQdcU7qBQn9LrujqDIU1KafLNDK_yrS-ZhlpL9XOO0KZpLa4bEZhJpqiHiqG65uaeIsfS1iU2tqKQ5YBq5MQBcfR330jNAa08t8wAnamPZdEZGZX17MIw7J3fvpbHKSdsyfH6EacCrtmGjUzhXiKwcwG3BH1GRySnFBrsCbOA4WBp5DbP1GurgNcWOsGul2bApK44f0bawQ3RAEgchJFsC_Uz_w7piA9r8Wl9KUJZ5ygvEuTojTQBtyjcngwHFXgHDYzveHh7Q25MaX2EmoEUQUnH_VgOXKoSjtBSWTVW1lo-T7dw3XTiIsJRFWa38mQ", e: "AQAB", d: "JYptdNkPJVS-cZhAY7eXfL4L79a8pI1bMJpNB3S3i-wwbQ83NdkWQzxAPWR69cN9-RECtePtE4EuddiVa7H8WEZu62URDxay7drCfEomldhv7kw4OVpIY1eQiUfaS4RtYv-uwAriBm6tX-SZVstZCeDrTyox4PF7D06syW3mxQmZMTL6IwOLpQiAgijO5Aa2KihufIWbCVaEQ8UOvJ9VXcAJsM4wSHUc55jx5CfwHSlyPjxuWcBACvCB4llY_n_krHbFDAocmUImjpbMWp5y3BmS9wtGlbS_H9_Dl9Efkp6qRdhenOF2Fh9vLhoi19AhPu0ORfHTgjUuN4tLb88IAQ", p: "8kxaQxCH24jb0tZ4gPfvRUJJuD6WNbtBClhdoSE2JmvHM-HtzVCh6aW_ulHLIT82PBMRXTK_lihiUD6NvCSbjMiVEKHT6Jn5-dbSlpp8uj3HmfsACBvLpxMD81Go6Tx7RKb1HNL7yRCLyo8r9buJenGF2H03HJ88HuNoCjAxZ8E", q: "zl6xI19mJupKa0PTRZsy6sZ_2dQnl-KuMVt3-TtZ4LfcSZL1F24HlAkj8tPKGVF6oya-bYRoQ928iZTNV2Gy1VdnjUGb3xeINFzORZmGUGtV5w6ugtLcngYKkfdEfLltq2KX3ZvS--EdkT9iY47kWrTicSf28IyLUolCm62fitk", dp: "TjwbFPZ8d4VMPVqk1De6GWna9dO3mqfYy2dW7BUWL_ey_Wyg5R94-EFdk-KfLSAE-gbKH4aoV-q4O-LGzw4e76lAgHtQOhWlomcb3icJyPTzwyNJklSvQEYii2k9mfm-b59dG66AQB7IlGIANrsUG-YV6p4bsnEz72FMEaYX_cE", dq: "PyeLXh_byxz4GUtwZGTSeDa2-ZqLY1fjpwcu9_7JypN5vqpShxENEKibb7yQpJ7iwPsiW7GhluNMx23aSVuEtvVAo2HoqaUx8ZRVK8eH6yRt7X_4t-B_03xVz8W0F9dHUKOjhhYhwyNpQQH8wisAhyHECo0IbSUVnfSThcDkikE", qi: "DBZc1mfJLCxHgpHyfrlueIVTooOCGBWTSC-C6PBicwjl2eJiQVe9Q3zFShjvv70SJpZ15SBKn06fML9nn9lRvbzQJBP671lUtxF_NfYN7Yl_FLEeADMfV7wBKZ8eIk8BhstzSY3xH_ZNJklYRnSCBZNI_NlSfH2QxSb-JjH6xGA", }; const { subtle } = globalThis.crypto; const cryptoKey = await subtle.importKey('jwk', jwk, { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } }, true, ['sign']) const reExport = await subtle.exportKey('jwk', cryptoKey) console.log(reExport.d === jwk.d) // expect the keys to match ```
Interestingly enough, when I flip the actual and expected, then I the same bug applies to OS X Safari only in reverse. That being said - for deterministic signatures produced using both JWKs - they both generate the same output.
Created attachment 437563 [details] test case Same test case as an attachment. Verified failing on Apple Silicon Mac. I think that we get this value directly from CCRSAGetKeyComponents. Equivalent private exponents obviously exist; I'm not sure if there are any requirements on round-trip fidelity or on using a particular normalized form in any of the specs involved.
<rdar://problem/82875952>