RESOLVED WONTFIX 262613
Ed25519 JWK import should ignore the "alg" JWK member 
https://bugs.webkit.org/show_bug.cgi?id=262613
Summary Ed25519 JWK import should ignore the "alg" JWK member
Filip Skokan
Reported 2023-10-04 06:00:28 PDT
As per https://github.com/WICG/webcrypto-secure-curves/pull/24 the "alg" JWK member is now ignored during JWK import, and missing during JWK export for Ed25519 keys. Safari correctly handles the latter but not the former, the "alg" JWK member is not ignored during import. ``` const jwk = { crv: "Ed25519", x: "2OGJY9gJ1IfZVJrMrsZ0Ln7rok2KDTsUt-PK6gaJPcw", kty: "OKP", alg: "this should now be ignored", }; crypto.subtle.importKey("jwk", jwk, "Ed25519", true, ["verify"]).then((key) => { crypto.subtle.exportKey("jwk", key).then((exportedJwk) => { if (exportedJwk.alg) { console.log("❌ alg should be missing"); } }); }); ```
Attachments
Add attachment proposed patch, testcase, etc.
Filip Skokan
Comment 1 2023-10-04 06:01:20 PDT
WPT update for the draft spec change https://github.com/web-platform-tests/wpt/pull/42333
Radar WebKit Bug Importer
Comment 2 2023-10-11 06:01:15 PDT
<rdar://problem/116806236>
Javier Fernandez
Comment 3 2023-11-27 08:48:50 PST
I'm working on a patch for this bug.
Javier Fernandez
Comment 4 2023-11-28 10:36:41 PST
Pull request: https://github.com/WebKit/WebKit/pull/21006
Javier Fernandez
Comment 5 2024-02-16 02:23:33 PST
It seems Chrome reviewers have doubts regarding the decision to remove the 'alg' field from the JWK import operation's logic. I'd rather wait until there is more consensus before merging the patch.
Javier Fernandez
Comment 6 2024-10-23 05:43:47 PDT
It seems that FF implementation ignores the "alg" JWK member, as it passes the related tests [1]. It'd be useful to know WebKit's position on this regard, given than apparently Chrome's concerns are debatable, from what I could extract from the conversation in the mentioned Chrome bug. [1] https://wpt.fyi/results/WebCryptoAPI/import_export/okp_importKey_Ed25519.https.any.html?label=experimental&label=master&aligned
Javier Fernandez
Comment 7 2025-03-07 08:23:02 PST
It seems the spec introduced again the "alg" key in the JWK format, see https://github.com/w3c/webcrypto/pull/401 I guess we can close this bug as invalid and perhaps file a new one if the current behavior doesn't match the new possible values of the "alg" member.
Note You need to log in before you can comment on or make changes to this bug.