Closed Bug 1133698 Opened 10 years ago Closed 4 years ago

Implement PKCS8 import/export of ECDSA keys for WebCrypto API

Categories

(Core :: DOM: Web Crypto, task, P3)

Product:
Core
Component:
DOM: Web Crypto
Version:
38 Branch
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
93 Branch
Tracking Flags:
Tracking Status
firefox93 --- fixed

People

(Reporter: simon.koelsch, Assigned: christoph-wa)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Attachments

(2 files)

ECDSA private/public key export test
716 bytes, text/javascript
Details
Bug 1133698 - Implement PKCS8 import/export of ECDSA keys for WebCrypto API. r=keeler
47 bytes, text/x-phabricator-request
Details | Review
Firefox Nightly Build (38.0a1 (2015-02-16)) User Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0" Export of private or public ECDSA P-256 key is not working and a DOMException [NotSupportedError: "Operation is not supported"] is thrown. The result should be a jwk object, containing the key. Bug 1025230 and 1034854 suggest this should work. The attached example can be pasted directly to the JS console. I tried to verify the code and it is working in Chrome (Version 42.0.2306.0 canary (64-bit)). Maybe it is related to Bug 1106087 (WebCrypto exportKey fails to export newly generated ECDH private key.).
Mistakenly filed against Firefox 38 and should be instead 38 Branch. Sorry for the spam. dkl
Version: Firefox 38 → 38 Branch
This is a problem in 39.0a2 as well. It's a blocker for us.
Bug 1158296 just landed, it implements SPKI export for ECDSA. PKCS8 export is missing and needs to be implemented. Shouldn't be too hard after we fixed PKCS8 export for ECDH, was working on that yesterday.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Mac OS X → All
Hardware: x86_64 → All
Summary: WebCrypto export of ECDSA keys (private/public) fails → Implement export of ECDSA private keys for WebCrypto API
Component: Security → DOM: Security
Product: Firefox → Core
Summary: Implement export of ECDSA private keys for WebCrypto API → Implement PKCS8 import/export of ECDSA keys for WebCrypto API
Component: DOM: Security → Security
Component: Security → DOM: Security
Priority: -- → P3
Whiteboard: [domsecurity-backlog2]
Just run into this bug. Since bug 1295121 is fixed I wonder what the status is?
I am still unable to export private keys for ECDSA in pkcs8 format. Is there any progress in this? Thank you
Component: DOM: Security → DOM: Web Crypto

Just to keep an eye on:
Please see documentation about webCrypto:
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto

And statement:
Storing keys
CryptoKey objects can be stored using the structured clone algorithm, meaning that you can store and retrieve them using standard web storage APIs. The specification expects that most developers will use the IndexedDB API to store CryptoKey objects.

However storing private key of ECDH into IndexedDB:

   store.put({id:2, keys: keyPair.privateKey});

throws this exception:

   DataCloneError: The object could not be cloned.

Checked with
Firefox: 72.0beta
and Firefox: 71.0 (64 bits)

Do you know any workaround for this issue before this bug will be fixed?

Christoph are you waiting for someone to review this?

Flags: needinfo?(christoph-wa)

Yes, however I noticed that nss is not developed within mozilla-central. I haven't gotten around to creating a separate patch yet.
Or is it not a problem to submit the nss part also via phabricator?

Flags: needinfo?(christoph-wa)

Hello!

I hope you are doing great!

Are there any updates about this?

We are not supporting Firefox for one of our products because of this issue :/

Thanks!

Adding NI since the question in comment 11 seems to have been missed.

Flags: needinfo?(evilpies)

I don't know the answer to that question, maybe Dana can take a look at this?

Flags: needinfo?(evilpies) → needinfo?(dkeeler)

(In reply to Christoph Walcher from comment #11)

Yes, however I noticed that nss is not developed within mozilla-central. I haven't gotten around to creating a separate patch yet.
Or is it not a problem to submit the nss part also via phabricator?

Please open a new bug in NSS :: Libraries and submit the patch via phabricator.

Flags: needinfo?(dkeeler) → needinfo?(christoph-wa)
Type: defect → task
Depends on: 1693206
Flags: needinfo?(christoph-wa)
Assignee: nobody → christoph-wa
Status: NEW → ASSIGNED
Attachment #9189394 - Attachment description: Bug 1133698 - Implement PKCS8 import/export of ECDSA keys for WebCrypto API → Bug 1133698 - Implement PKCS8 import/export of ECDSA keys for WebCrypto API. r=keeler
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/31ee83932e04 Implement PKCS8 import/export of ECDSA keys for WebCrypto API. r=keeler

https://hg.mozilla.org/mozilla-central/rev/31ee83932e04

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox93: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 93 Branch

Had this during nightly builds today 😀

Firefox 92.0 (Linux x86_64) Learning > Firefox ECDH/ECDSA private key structured clone canary,
if this fails we can start storing ECDH/ECDSA private keys in indexedb on Firefox
FAILED: Mozilla seems to have implemented structured cloning for ECDH and ECDSA private keys eventually!
	Expected: true
	Actual: false
	@webpack:///./src-test/learning/browser/firefox.ts?:58:20

Thanks for the effort.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: