-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incompatibility with Node's Webcrypto when using Ed25519 keys #55
Comments
|
I switched to using |
The Node.js implementation has since been updated to reflect the CFRG curves WICG draft. I would suggest this polyfill to follow suit. The draft is also partially supported in Deno. Chromium's implementation is ongoing and so is WebKit's. |
Chromium now supports Ed25519 algorithm, see https://blogs.igalia.com/jfernandez/2023/06/20/secure-curves-in-the-web-cryptography-api/. Node.js |
FWIW this is what I use to generate ED23319 keys using
Import private and public keys: https://github.com/guest271314/webbundle/blob/main/index.js#L11-L29
|
I've been using the https://github.com/PeculiarVentures/x509 library.
At first since webcrypto already available in nodejs, I thought it was sufficient to do this:
However subsequently I found that that there's an API difference between the way x509 expects Ed25519 algorithm objects that are based on this library, compared to the ones that in NodeJS (https://nodejs.org/api/webcrypto.html#ed25519ed448x25519x448-key-pairs).
For example in NodeJS's webcrypto, the
alg
parameter can just be:{ name: 'Ed25519' }
.However for peculiar's webcrypto, the
alg
parameter has to be{ name: 'EdDSA', namedCurve: 'Ed25519' }
.This caused some incompatibilities in
webcrypto.subtle.importKey
and inx509.X509CertificateGenerator.createSelfSigned
In the case of the
importKey
, I have to use a webcrypto's expected alg parameter:During the generation of the certificate, if I used node's webcrypto, the certificate generation works without exceptions, however I notice that the
signatureAlgorithm
field is empty, and stays as:The resulting certificate when output to PEM is not readable by
openssl x509 -in ./tmp/cert -text
.So it seems that if I want to use ed25519 with https://github.com/PeculiarVentures/x509, I have to use peculiar's webcrypto and not node's webcrypto.
The text was updated successfully, but these errors were encountered: