Bug 233705 - PKCS8 EC private keys without the public key component cannot be imported with SubtleCrypto.importKey
Summary: PKCS8 EC private keys without the public key component cannot be imported wit...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: Other
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-12-01 08:12 PST by Filip Skokan
Modified: 2024-03-11 05:38 PDT (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Skokan 2021-12-01 08:12:31 PST
Steps to reproduce:

// PKCS8 representation of a private P-384 EC key with the public key omitted
const pkcs8 = new Uint8Array([48, 78, 2, 1, 0, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 4, 55, 48, 53, 2, 1, 1, 4, 48, 32, 52, 118, 9, 96, 116, 119, 172, 168, 251, 251, 197, 230, 33, 132, 85, 243, 25, 150, 105, 121, 46, 248, 180, 102, 250, 168, 123, 220, 103, 121, 129, 68, 200, 72, 221, 3, 102, 30, 237, 90, 198, 36, 97, 52, 12, 234, 150])

crypto.subtle.importKey('pkcs8', pkcs8, { name: 'ECDSA', namedCurve: 'P-384' }, false, ['sign'])

Actual result:

importKey is rejected with DataError: Data provided to an operation does not meet requirements

Expected result:
EC private key PKCS8 without the public key component should import as in other browsers and Web Cryptography API implementations (we expect interoperability in this regard)
Comment 1 Radar WebKit Bug Importer 2021-12-08 08:13:44 PST
<rdar://problem/86211792>
Comment 2 Ahmad Saleem 2024-03-11 05:33:11 PDT
Using this in console for all browsers, I get similar error;

const pkcs8 = new Uint8Array([48, 78, 2, 1, 0, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 4, 55, 48, 53, 2, 1, 1, 4, 48, 32, 52, 118, 9, 96, 116, 119, 172, 168, 251, 251, 197, 230, 33, 132, 85, 243, 25, 150, 105, 121, 46, 248, 180, 102, 250, 168, 123, 220, 103, 121, 129, 68, 200, 72, 221, 3, 102, 30, 237, 90, 198, 36, 97, 52, 12, 234, 150])

crypto.subtle.importKey('pkcs8', pkcs8, { name: 'ECDSA', namedCurve: 'P-384' }, false, ['sign'])

___

Safari 17.4, Chrome Canary 124 and Firefox Nightly 125.
Comment 3 Ahmad Saleem 2024-03-11 05:38:58 PDT
Actually I might have copied code wrong in Chrome:

const pkcs8 = new Uint8Array([48, 78, 2, 1, 0, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 4, 55, 48, 53, 2, 1, 1, 4, 48, 32, 52, 118, 9, 96, 116, 119, 172, 168, 251, 251, 197, 230, 33, 132, 85, 243, 25, 150, 105, 121, 46, 248, 180, 102, 250, 168, 123, 220, 103, 121, 129, 68, 200, 72, 221, 3, 102, 30, 237, 90, 198, 36, 97, 52, 12, 234, 150])

crypto.subtle.importKey('pkcs8', pkcs8, { name: 'ECDSA', namedCurve: 'P-384' }, false, ['sign'])

__

It shows `Promise <pending>`.