As per https://github.com/WICG/webcrypto-secure-curves/pull/24 the "alg" JWK member is now ignored during JWK import, and missing during JWK export for Ed25519 keys. Safari correctly handles the latter but not the former, the "alg" JWK member is not ignored during import. ``` const jwk = { crv: "Ed25519", x: "2OGJY9gJ1IfZVJrMrsZ0Ln7rok2KDTsUt-PK6gaJPcw", kty: "OKP", alg: "this should now be ignored", }; crypto.subtle.importKey("jwk", jwk, "Ed25519", true, ["verify"]).then((key) => { crypto.subtle.exportKey("jwk", key).then((exportedJwk) => { if (exportedJwk.alg) { console.log("❌ alg should be missing"); } }); }); ```
WPT update for the draft spec change https://github.com/web-platform-tests/wpt/pull/42333
<rdar://problem/116806236>
I'm working on a patch for this bug.
Pull request: https://github.com/WebKit/WebKit/pull/21006
It seems Chrome reviewers have doubts regarding the decision to remove the 'alg' field from the JWK import operation's logic. I'd rather wait until there is more consensus before merging the patch.
It seems that FF implementation ignores the "alg" JWK member, as it passes the related tests [1]. It'd be useful to know WebKit's position on this regard, given than apparently Chrome's concerns are debatable, from what I could extract from the conversation in the mentioned Chrome bug. [1] https://wpt.fyi/results/WebCryptoAPI/import_export/okp_importKey_Ed25519.https.any.html?label=experimental&label=master&aligned