1

I am creating a keyPair, then exporting a key from the keyPair, using the Web Crypto API:

var log = console.log.bind(console);

var subtleCrypto = null;
if ( window.crypto ) {
    subtleCrypto = window.crypto.subtle || window.crypto.webkitSubtle;
}
if ( window.msCrypto ) {
    subtleCrypto = window.msCrypto.subtle
}

subtleCrypto.generateKey(
    {
        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 2048,
        publicExponent: new Uint8Array([1, 0, 1]),  // 24 bit representation of 65537
        hash: {name: "SHA-256"}
    },
    true, // can extract it later if we want
    ["sign", "verify"]
).then(function(keyPair){
    log('Exporting from keyPair', keyPair)
    subtleCrypto.exportKey('pkcs8', keyPair.privateKey).then(function(pkcs8) {
        log('Exported keypair!', pkcs8)
    }, function(reason) {
        log('Couldnt export keypair', reason)
    })
}, function(reason){
    log('could not generate key', reason)
})

On Chrome and Firefox, the code works fine, printing:

 "Exporting from keyPair" Object { privateKey: CryptoKey, publicKey: CryptoKey }
 "Exported keypair!" ArrayBuffer { byteLength: 1218 }

However on Safari it fails, printing only:

 Exporting from keyPair KeyPair

And then not doing anything. How can I export the key on Safari?

mikemaccana
  • 110,530
  • 99
  • 389
  • 494
  • This doesn't actually have anything to do with promises, but rather it looks like a bug in safari's web crypto implementation. – Benjamin Gruenbaum Jul 06 '15 at 10:54
  • Maybe accessing `keyPair.privateKey` throws? You're not catching all errors on your promises, try to add a `.catch()` handler. – Bergi Jul 06 '15 at 12:09
  • @bergi wouldn't the second function after in 'then()' catch errrors? I've read the promises page at MDN but suspect I'm misunderstanding the difference between .catch() and the second .then() function. – mikemaccana Jul 06 '15 at 13:49
  • 1
    @mikemaccana: see [here](http://stackoverflow.com/a/24663315/1048572) - your second `then` callback only catches the errors from `subtleCrypto.generateKey()` (as the log messages states) – Bergi Jul 06 '15 at 14:06

2 Answers2

3

Webkit is currently not able to export keys as either 'pkcs8' or 'spki' (as found personally and confirmed by https://bugs.webkit.org/show_bug.cgi?id=129978).

The way to get around this is to export it as 'jwk' and then convert the resulting key by extracting the various parts and encoding them in ASN.1. An example of how this can be done can be found in the webcrypto-shim project, which you could just use and not have to do it yourself, though it will not work for RSA-OAEP + SHA-256 or AES-GCM on Webkit.

felix
  • 81
  • 5
0

There are currently a number of problems with the Safari implementation of WebCrypto as well as the Edge implementation.

For this reason we implemented this library that masks those differences, you you can find it here : https://github.com/PeculiarVentures/webcrypto-liner/blob/master/BrowserSupport.md

In this particular case as the earlier response said Safari does not implement PKCS8 formating.

If you need the PKCS8 format take a look at this function : https://github.com/PeculiarVentures/pkijs-es6/blob/62bbedea4cd3b60debbdc309bc48b5c188f4504e/src/CryptoEngine.js#L438-L532

rmhrisk
  • 1,814
  • 10
  • 16
  • This is advertisement, not a solution. – whiskeyfur Dec 07 '17 at 18:30
  • The problem is that Safari doesn't support the export format he needs, the library we created adds support for that export format. That is a solution to the stated problem. If he doesn't want to use that he can manually construct the format with the second link. That too is a solution. – rmhrisk Dec 08 '17 at 00:17
  • Fair enough and my apologies. I see too many times in the comments of advertisers claiming their library fixes 'all the issues', or some such... promising the moon and delivering only a little more money into their pockets instead. The wording here just came a little too close to that kind of nonsense/B$. Again, my apologies. – whiskeyfur Dec 08 '17 at 00:40
  • Both libraries are free and permissively licensed. – rmhrisk Dec 08 '17 at 06:31