WebCrypto roadmap #11690
Comments
lucacasonato
added
feat
|
Please consider adding ED25519 to this list. Cloudflare Workers recently added this non-yet-standard algorithm since it was requested so often by developers writing Discord integrations. The operations they support are Support for this would be nice for folks wanting to write cross-worker-platform code with similar crypto support and performance characteristics. |
|
I will bring this up with the webcrypto working group at W3C. It seems like a logical addition. We won't act prior to standardization though. |
|
I applaud this overview. Thank you |
|
As far as urgency goes, given my wishful target of supporting JWS formatted JWTs first the most important missing piece is SubtleCrypto.importKey jwk, spki, and pkcs8 format support for RSASSA-PKCS1-v1_5, RSA-PSS, and ECDSA keys. Immediately followed by ECDSA verification, then encryption (AES-GCM, AES-CBC). I would also like to note that importKey for HMAC is only partially complete as the |
|
@littledivy I'm working on a deno-specific publish and build process for While the implementation is incomplete it is not possible to use the package without Would it be possible to make it so that the WebCrypto interface would be complete and type-defined whilst the actual missing implementations simply throwing It's global type interfaces such as In order for an implementation to be portable the types should follow |
|
@panva Yeah missing types can be annoying but I think that they should match reality. cc @lucacasonato btw also Line 15258 in 9105104 |
|
I would very much prefer the types to be complete to allow for portable implementations, that went out of their way to be fully built using TS and prepared to be consumed in Deno in through deno.land/x, to be used without having to instruct users to disable their precious type checking. |
|
ad importKey, that would appear to be a mistake on it has little impact tho since they have an overload for each of the enum values. |
@oles thanks for the offer, it'll be great if you can test #13013 - the PR includes JWK for EC and RSA - you can find the source branch here if you're ok with building deno, otherwise, let me know. I've done some preliminary testing of RSA-PSS JWK and signed JWT using jose. |
|
@seanwykes @oles needs P-256 ECDSA to sign an ES256 JWT. I already know the sign/verify operations work fine in |
So should be ready to go, the JWK key imports are already implemented in #13013. |
|
@seanwykes nice. In case you want to run the full suite of jose tests under Deno, this is how you might do that. At the moment, with deno 1.16.4, the results look like this: |
Updated :-) |
|
@panva success over at #13013 with both key import and signing! Thank you for the pointers and the library, and thank you @seanwykes for your work on this - let me know if there's something more you'd like for me to test or help out with 👍 |
|
@panva JOSE test suite on current ECDSA & ECDH imports / exports are coming very soon. |
|
@lucacasonato I was checking that yesterday, great progress! much props to yourself, @seanwykes, @littledivy and anyone else participating in the effort. I'd like to think the jose test suite is a good interoperability resource in addition to the web platform tests. |
|
~98.1% of the WebCrypto APIs are now part of Deno v1.18.0 🎉 Thank you to @seanwykes and everyone involved in this nearly 6 month long effort! |
|
Let me join in the congratulations. @littledivy @seanwykes @lucacasonato thank you for these amazing efforts! From a pending features perspective (JOSE completeness-wise) I'm looking at general P-521 support, P-384 ECDH. It'd be great to plan for Curve25519 and Curve448, either through adding this draft support or following Node.js and CF Workers in adding the NODE- prefixed versions until said draft is adopted as an official extension. |
|
And here's my personal thank you to @littledivy, @lucacasonato and @bartlomieju for your patience and technical guidance for a Deno / Rust newbie. I've learnt a lot from you guys! |
Spec: https://w3c.github.io/webcrypto
This is the global tracking issue for WebCrypto API implementation.
See the status of the entire API surface:
SubtleCrypto.encryptRSA-OAEPAES-CTRfeat(ext/crypto) - support encrypt/decrypt with AES-CTR #13177AES-CBCAES-GCMSubtleCrypto.decryptRSA-OAEPAES-CTRfeat(ext/crypto) - support encrypt/decrypt with AES-CTR #13177AES-CBCAES-GCMSubtleCrypto.signRSASSA-PKCS1-v1_5RSA-PSS(all hashes)RSA-PSS(all hashes)ECDSAP256P384P521HMACSubtleCrypto.verifyRSASSA-PKCS1-v1_5RSA-PSS(all hashes)RSA-PSS(all hashes)ECDSAP256P384P521HMACSubtleCrypto.digestSHA-1SHA-256SHA-384SHA-512SubtleCrypto.generateKeyRSASSA-PKCS1-v1_5RSA-PSSRSA-PSSRSA-OAEPECDSAP256P384P521ECDHfeat(ext/crypto): generate ECDH keys #11870P256P384P521AES-CTRfeat(ext/crypto): AES key generation #11869AES-CBCfeat(ext/crypto): AES key generation #11869AES-GCMfeat(ext/crypto): AES key generation #11869AES-KWfeat(ext/crypto): AES key generation #11869HMACSubtleCrypto.deriveKeyECDHHKDFPBKDF2SubtleCrypto.deriveBitsECDHHKDFPBKDF2SubtleCrypto.importKeyRSASSA-PKCS1-v1_5RSA-PSSRSA-OAEPECDSA(missing p512 curve)ECDH(missing p512 curve)AES-CTRAES-CBCAES-GCMAES-KWHMACHKDFPBKDF2SubtleCrypto.exportKeyRSASSA-PKCS1-v1_5RSA-PSSRSA-OAEPECDSA(missing p512 curve)ECDH(missing p512 curve)AES-CTRAES-CBCAES-GCMAES-KWHMACSubtleCrypto.wrapKeyRSA-OAEPAES-CTRAES-CBCAES-GCMAES-KWSubtleCrypto.unwrapKeyRSA-OAEPAES-CTRAES-CBCAES-GCMAES-KWThe text was updated successfully, but these errors were encountered: