-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebCrypto roadmap #11690
Comments
Please consider adding ED25519 to this list. Cloudflare Workers recently added this non-yet-standard algorithm since it was requested so often by developers writing Discord integrations. The operations they support are Support for this would be nice for folks wanting to write cross-worker-platform code with similar crypto support and performance characteristics. |
I will bring this up with the webcrypto working group at W3C. It seems like a logical addition. We won't act prior to standardization though. |
I applaud this overview. Thank you |
As far as urgency goes, given my wishful target of supporting JWS formatted JWTs first the most important missing piece is SubtleCrypto.importKey jwk, spki, and pkcs8 format support for RSASSA-PKCS1-v1_5, RSA-PSS, and ECDSA keys. Immediately followed by ECDSA verification, then encryption (AES-GCM, AES-CBC). I would also like to note that importKey for HMAC is only partially complete as the |
@littledivy I'm working on a deno-specific publish and build process for While the implementation is incomplete it is not possible to use the package without Would it be possible to make it so that the WebCrypto interface would be complete and type-defined whilst the actual missing implementations simply throwing It's global type interfaces such as In order for an implementation to be portable the types should follow |
@panva Yeah missing types can be annoying but I think that they should match reality. cc @lucacasonato btw also Line 15258 in 9105104
|
I would very much prefer the types to be complete to allow for portable implementations, that went out of their way to be fully built using TS and prepared to be consumed in Deno in through deno.land/x, to be used without having to instruct users to disable their precious type checking. |
ad importKey, that would appear to be a mistake on it has little impact tho since they have an overload for each of the enum values. |
@oles thanks for the offer, it'll be great if you can test #13013 - the PR includes JWK for EC and RSA - you can find the source branch here if you're ok with building deno, otherwise, let me know. I've done some preliminary testing of RSA-PSS JWK and signed JWT using jose. |
@seanwykes @oles needs P-256 ECDSA to sign an ES256 JWT. I already know the sign/verify operations work fine in |
So should be ready to go, the JWK key imports are already implemented in #13013. |
@seanwykes nice. In case you want to run the full suite of jose tests under Deno, this is how you might do that.
At the moment, with deno 1.16.4, the results look like this: |
Updated :-) |
@panva success over at #13013 with both key import and signing! Thank you for the pointers and the library, and thank you @seanwykes for your work on this - let me know if there's something more you'd like for me to test or help out with 👍 |
@panva JOSE test suite on current ECDSA & ECDH imports / exports are coming very soon. |
@lucacasonato I was checking that yesterday, great progress! much props to yourself, @seanwykes, @littledivy and anyone else participating in the effort. I'd like to think the jose test suite is a good interoperability resource in addition to the web platform tests. |
~98.1% of the WebCrypto APIs are now part of Deno v1.18.0 🎉 Thank you to @seanwykes and everyone involved in this nearly 6 month long effort! |
Let me join in the congratulations. @littledivy @seanwykes @lucacasonato thank you for these amazing efforts! From a pending features perspective (JOSE completeness-wise) I'm looking at general P-521 support, P-384 ECDH. It'd be great to plan for Curve25519 and Curve448, either through adding this draft support or following Node.js and CF Workers in adding the NODE- prefixed versions until said draft is adopted as an official extension. |
And here's my personal thank you to @littledivy, @lucacasonato and @bartlomieju for your patience and technical guidance for a Deno / Rust newbie. I've learnt a lot from you guys! |
Spec: https://w3c.github.io/webcrypto
This is the global tracking issue for WebCrypto API implementation.
See the status of the entire API surface:
SubtleCrypto.encrypt
RSA-OAEP
AES-CTR
feat(ext/crypto) - support encrypt/decrypt with AES-CTR #13177AES-CBC
AES-GCM
SubtleCrypto.decrypt
RSA-OAEP
AES-CTR
feat(ext/crypto) - support encrypt/decrypt with AES-CTR #13177AES-CBC
AES-GCM
SubtleCrypto.sign
RSASSA-PKCS1-v1_5
RSA-PSS
(all hashes)RSA-PSS
(all hashes)ECDSA
P256
P384
P521
HMAC
SubtleCrypto.verify
RSASSA-PKCS1-v1_5
RSA-PSS
(all hashes)RSA-PSS
(all hashes)ECDSA
P256
P384
P521
HMAC
SubtleCrypto.digest
SHA-1
SHA-256
SHA-384
SHA-512
SubtleCrypto.generateKey
RSASSA-PKCS1-v1_5
RSA-PSS
RSA-PSS
RSA-OAEP
ECDSA
P256
P384
P521
ECDH
feat(ext/crypto): generate ECDH keys #11870P256
P384
P521
AES-CTR
feat(ext/crypto): AES key generation #11869AES-CBC
feat(ext/crypto): AES key generation #11869AES-GCM
feat(ext/crypto): AES key generation #11869AES-KW
feat(ext/crypto): AES key generation #11869HMAC
SubtleCrypto.deriveKey
ECDH
HKDF
PBKDF2
SubtleCrypto.deriveBits
ECDH
HKDF
PBKDF2
SubtleCrypto.importKey
RSASSA-PKCS1-v1_5
RSA-PSS
RSA-OAEP
ECDSA
(missing p512 curve)ECDH
(missing p512 curve)AES-CTR
AES-CBC
AES-GCM
AES-KW
HMAC
HKDF
PBKDF2
SubtleCrypto.exportKey
RSASSA-PKCS1-v1_5
RSA-PSS
RSA-OAEP
ECDSA
(missing p512 curve)ECDH
(missing p512 curve)AES-CTR
AES-CBC
AES-GCM
AES-KW
HMAC
SubtleCrypto.wrapKey
RSA-OAEP
AES-CTR
AES-CBC
AES-GCM
AES-KW
SubtleCrypto.unwrapKey
RSA-OAEP
AES-CTR
AES-CBC
AES-GCM
AES-KW
The text was updated successfully, but these errors were encountered: