Implement PKCS8 import/export of ECDSA keys for WebCrypto API
Categories
(Core :: DOM: Web Crypto, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox93 | --- | fixed |
People
(Reporter: simon.koelsch, Assigned: christoph-wa)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog2])
Attachments
(2 files)
Firefox Nightly Build (38.0a1 (2015-02-16)) User Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0" Export of private or public ECDSA P-256 key is not working and a DOMException [NotSupportedError: "Operation is not supported"] is thrown. The result should be a jwk object, containing the key. Bug 1025230 and 1034854 suggest this should work. The attached example can be pasted directly to the JS console. I tried to verify the code and it is working in Chrome (Version 42.0.2306.0 canary (64-bit)). Maybe it is related to Bug 1106087 (WebCrypto exportKey fails to export newly generated ECDH private key.).
Comment 1•9 years ago
|
||
Mistakenly filed against Firefox 38 and should be instead 38 Branch. Sorry for the spam. dkl
Comment 2•9 years ago
|
||
This is a problem in 39.0a2 as well. It's a blocker for us.
Comment 3•9 years ago
|
||
Bug 1158296 just landed, it implements SPKI export for ECDSA. PKCS8 export is missing and needs to be implemented. Shouldn't be too hard after we fixed PKCS8 export for ECDH, was working on that yesterday.
Updated•9 years ago
|
Updated•9 years ago
|
Updated•9 years ago
|
Updated•8 years ago
|
Updated•8 years ago
|
Updated•8 years ago
|
Comment 4•7 years ago
|
||
Just run into this bug. Since bug 1295121 is fixed I wonder what the status is?
I am still unable to export private keys for ECDSA in pkcs8 format. Is there any progress in this? Thank you
Updated•5 years ago
|
Just to keep an eye on:
Please see documentation about webCrypto:
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto
And statement:
Storing keys
CryptoKey objects can be stored using the structured clone algorithm, meaning that you can store and retrieve them using standard web storage APIs. The specification expects that most developers will use the IndexedDB API to store CryptoKey objects.
However storing private key of ECDH into IndexedDB:
store.put({id:2, keys: keyPair.privateKey});
throws this exception:
DataCloneError: The object could not be cloned.
Checked with
Firefox: 72.0beta
and Firefox: 71.0 (64 bits)
Do you know any workaround for this issue before this bug will be fixed?
Assignee | ||
Comment 8•4 years ago
|
||
Comment hidden (advocacy) |
Comment 10•4 years ago
|
||
Christoph are you waiting for someone to review this?
Assignee | ||
Comment 11•4 years ago
|
||
Yes, however I noticed that nss is not developed within mozilla-central. I haven't gotten around to creating a separate patch yet.
Or is it not a problem to submit the nss part also via phabricator?
Comment 12•4 years ago
|
||
Hello!
I hope you are doing great!
Are there any updates about this?
We are not supporting Firefox for one of our products because of this issue :/
Thanks!
Comment 13•4 years ago
|
||
Adding NI since the question in comment 11 seems to have been missed.
Comment 14•4 years ago
|
||
I don't know the answer to that question, maybe Dana can take a look at this?
(In reply to Christoph Walcher from comment #11)
Yes, however I noticed that nss is not developed within mozilla-central. I haven't gotten around to creating a separate patch yet.
Or is it not a problem to submit the nss part also via phabricator?
Please open a new bug in NSS :: Libraries and submit the patch via phabricator.
Updated•4 years ago
|
Assignee | ||
Updated•3 years ago
|
Comment hidden (advocacy) |
Updated•3 years ago
|
Updated•3 years ago
|
Comment 17•3 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/31ee83932e04 Implement PKCS8 import/export of ECDSA keys for WebCrypto API. r=keeler
Comment 18•3 years ago
|
||
bugherder |
Comment 20•3 years ago
|
||
Had this during nightly builds today 😀
Firefox 92.0 (Linux x86_64) Learning > Firefox ECDH/ECDSA private key structured clone canary,
if this fails we can start storing ECDH/ECDSA private keys in indexedb on Firefox
FAILED: Mozilla seems to have implemented structured cloning for ECDH and ECDSA private keys eventually!
Expected: true
Actual: false
@webpack:///./src-test/learning/browser/firefox.ts?:58:20
Thanks for the effort.
Description
•