Doesn't work on Safari about nokey HOT 11 OPEN

This is what Safari complains about:

from nokey.

Ok, so Safari seems to have problems with either RSA-PSS or RSA-OAEP or both (https://github.com/Zinggi/NoKey/blob/master/web/js/setup.js#L77).
There might also be more problems down the line.

There is a polyfill that could potentially fix this, but I think using a polyfill for crypto has serious drawbacks: a big performance penalty, possibly faulty or insecure implementation and increased bundle size.
This quote also doesn't inspire a lot of confidence: "We have done no security review or take a position on the security of these third-party libraries. YOU HAVE BEEN WARNED."

So I'm not sure what should be done...

from nokey.

I might be missing something but following this post I can use webkitSubtle with Safari 11.1 to generate promise after the generateKey in the console like you did in your code.

> if (window.crypto && !window.crypto.subtle && window.crypto.webkitSubtle) {
    window.crypto.subtle = window.crypto.webkitSubtle;
}
< undefined
> window.crypto.subtle
< SubtleCrypto {encrypt: function, decrypt: function, sign: function, verify: function, digest: function, …}
> window.crypto.subtle.generateKey({
            name: "RSA-OAEP",
            modulusLength: 2048,
            publicExponent: new Uint8Array([0x03]),
            hash: { name: "SHA-256" }
}, true, ["encrypt", "decrypt"]);
< Promise {status: "pending"}

from nokey.

You probably have to run the promise, before you see the error.
Try:

window.crypto.subtle.generateKey({
            name: "RSA-OAEP",
            modulusLength: 2048,
            publicExponent: new Uint8Array([0x03]),
            hash: { name: "SHA-256" }
}, true, ["encrypt", "decrypt"]).then(
    (key) => { console.log(key) }
).catch(
    (e) => { console.log("error", e); }
);

from nokey.

It seems to work:

Promise = $2
result: undefined
status: "resolved"

And when I inspect the object:

[Log] Object

privateKey: CryptoKey {type: "private", extractable: true, algorithm: Object, usages: ["decrypt"]}
publicKey: CryptoKey {type: "public", extractable: true, algorithm: Object, usages: ["encrypt"]}

from nokey.

Interesting, can you also try RSA-PSS?
If that also works, maybe they fixed it? Are you still getting the same error here?

from nokey.

Unfortunately RSA-PSS gives an error. ;( For the record RSA-PSS is not listed in the algo value here: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey

from nokey.

This issue appears to be related to publicExponent.
Using the exponent suggested here (65,537) appears to fix the issue for some reason.

The following code works on Safari 11.1:

crypto.subtle.generateKey({
            name: "RSA-PSS",
            modulusLength: 2048,
            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
            hash: { name: "SHA-256" },
        }, true, ["sign", "verify"]).then(console.log)

Output:

from nokey.

Very strange...
Now I'd need someone to build it locally to try out if this little change would make it work or if there is some other problem then.
I'd also need to know if it's only generateKey that has trouble with that particular exponent or if importing and verifying would also cause problems with that exponent.

from nokey.

https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle#Browser_compatibility

from nokey.

u can use this polyfill https://github.com/PeculiarVentures/webcrypto-liner

from nokey.