Comments (11)
This is what Safari complains about:
from nokey.
Ok, so Safari seems to have problems with either RSA-PSS
or RSA-OAEP
or both (https://github.com/Zinggi/NoKey/blob/master/web/js/setup.js#L77).
There might also be more problems down the line.
There is a polyfill that could potentially fix this, but I think using a polyfill for crypto has serious drawbacks: a big performance penalty, possibly faulty or insecure implementation and increased bundle size.
This quote also doesn't inspire a lot of confidence: "We have done no security review or take a position on the security of these third-party libraries. YOU HAVE BEEN WARNED."
So I'm not sure what should be done...
from nokey.
I might be missing something but following this post I can use webkitSubtle
with Safari 11.1 to generate promise after the generateKey
in the console like you did in your code.
> if (window.crypto && !window.crypto.subtle && window.crypto.webkitSubtle) {
window.crypto.subtle = window.crypto.webkitSubtle;
}
< undefined
> window.crypto.subtle
< SubtleCrypto {encrypt: function, decrypt: function, sign: function, verify: function, digest: function, …}
> window.crypto.subtle.generateKey({
name: "RSA-OAEP",
modulusLength: 2048,
publicExponent: new Uint8Array([0x03]),
hash: { name: "SHA-256" }
}, true, ["encrypt", "decrypt"]);
< Promise {status: "pending"}
from nokey.
You probably have to run the promise, before you see the error.
Try:
window.crypto.subtle.generateKey({
name: "RSA-OAEP",
modulusLength: 2048,
publicExponent: new Uint8Array([0x03]),
hash: { name: "SHA-256" }
}, true, ["encrypt", "decrypt"]).then(
(key) => { console.log(key) }
).catch(
(e) => { console.log("error", e); }
);
from nokey.
It seems to work:
Promise = $2
result: undefined
status: "resolved"
And when I inspect the object:
[Log] Object
privateKey: CryptoKey {type: "private", extractable: true, algorithm: Object, usages: ["decrypt"]}
publicKey: CryptoKey {type: "public", extractable: true, algorithm: Object, usages: ["encrypt"]}
from nokey.
Interesting, can you also try RSA-PSS
?
If that also works, maybe they fixed it? Are you still getting the same error here?
from nokey.
Unfortunately RSA-PSS gives an error. ;( For the record RSA-PSS is not listed in the algo
value here: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey
from nokey.
This issue appears to be related to publicExponent
.
Using the exponent suggested here (65,537) appears to fix the issue for some reason.
The following code works on Safari 11.1:
crypto.subtle.generateKey({
name: "RSA-PSS",
modulusLength: 2048,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: { name: "SHA-256" },
}, true, ["sign", "verify"]).then(console.log)
from nokey.
Very strange...
Now I'd need someone to build it locally to try out if this little change would make it work or if there is some other problem then.
I'd also need to know if it's only generateKey
that has trouble with that particular exponent or if importing and verifying would also cause problems with that exponent.
from nokey.
https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle#Browser_compatibility
from nokey.
u can use this polyfill https://github.com/PeculiarVentures/webcrypto-liner
from nokey.
Related Issues (20)
- [Question] How does NoKey handle device loss? HOT 6
- Popup is blank on Firefox
- Icon isn't centered on android HOT 1
- Add online services
- icons are also displayed even if we know this can't be a login field
- "Chose login" sometimes overlaps with login button
- Remove popup as soon as notifications are gone
- Redirect not working if extension active
- Not working if login inside iframe
- Submit login not always detected HOT 1
- don't open popup if the number of notifications decreased
- Confusing device icon HOT 1
- Add doc details on security HOT 7
- APK for v0.4.0 missing from releases tag HOT 8
- Doesn't work on Android 6.0.1 HOT 5
- .xyz domain - tracking HOT 3
- Generate readable passwords HOT 3
- Firefox extension (and webapp opened in Firefox) not working HOT 7
- I love this app, could we get more updates? HOT 1
- Any change this could compile to Android API 18 with minimal to no changes? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nokey.