-
Notifications
You must be signed in to change notification settings - Fork 22.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SubtleCrypto: sign() method missing Ed25519 in Supported algorithms #30886
Comments
Secure Curves in the Web Cryptography API
|
Thanks for opening this one. That page is targeting this spec: https://w3c.github.io/webcrypto/#SubtleCrypto-method-sign which does not include The spec that covers the algorithms with the missing secure curves is at this state:
Although there's partial / experimental support, it looks a little early to include these at the moment. If we were to add anything, it would likely be under https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto#supported_algorithms with some indication of status and resources to learn more. |
There's a whole bunch of proposals that are implemented in the wild and are documented on MDN. E.g., WICG File System Access API, not to be confused with WHATWG File System Standard. Direct Sockets in Isolated Web Apps are shipped on Chromium. That's how I can create a Node.js, Deno, Bun, and Chromium 122 all implement Ed25519. The problem is the authors wbn-sign quoted MDN as the source for information re Ed25519 algorithm as a reason for using Node.js
Next I'm going to use the same code in the browser, substituting WICG File System Access API for Node.js This has to be written up somewhere on MDN Web Docs so people can't make excuses for why they are using Node.js |
@bsmth I see the "waiting for implementations" label. Chromium and Chrome, Node.js, Deno, and Bun all implement Ed25519. Chromium and Chrome and Deno directly via Web Cryptography API, Bun using |
Thanks for the feedback. Where I've added For some context, I got started on this already today adding an I'm more than happy to include documentation for the missing algos, but it needs to be clear it's not part of this API yet. Can we consider where to include it or pitfalls readers should be aware of? |
That implementation has already landed in
Yes, it's possible. I linked to the repositories above
The works in Node.js, Deno, and Bun using the same code. The code also works on Chromium 122 Developer Build. This is the MDN source the GoogleChrome author referenced, which turns out is inaccurate information. GoogleChromeLabs/webbundle-plugins#11 (comment)
and read this Secure Curves in the Web Cryptography API which might be the source of your idea that Ed25519 is not implemented. It's implemented in a lot of JavaScript runtimes and Chrome and Chromium, listed above - not in Firefox Nightly 123 That's 1 not implemented out of 4 separate JavaScript runtimes (counting Chromium and Chrome as 1, even though they are not the same browser). Just run the code here https://github.com/guest271314/webbundle using Node.js (I'm running nightly release 22), Deno, Bun and run this code
on Chrome-For-Testing https://github.com/GoogleChromeLabs/chrome-for-testing or Chromium Developer Build https://download-chromium.appspot.com/ or Chrome Unstable Build (Canary) to verify for yourself. Just because Firefox hasn't implemented a standard or API doesn't mean multiple other vendors have not. |
@bsmth PR for sign-verify example mdn/dom-examples#247 |
Thank you very much, I will take a look shortly |
See also w3c/webcrypto#362 |
FYI I'm looking at this as part of #34989 because FF129 implements this. Great you've done the hard work. |
I'm a bit confused.
I'm getting this error in Chrome but not firefox. const key = await window.crypto.subtle.importKey(
"spki",
base64ToUint8Array(await getServerCert()),
{
name: "Ed25519",
},
false,
["verify"]
);
|
It's not supported in Chrome, see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#browser_compatibility. |
MDN URL
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign
What specific section or headline is this issue about?
Supported algorithms
What information was incorrect, unhelpful, or incomplete?
Missing Ed25519.
What did you expect to see?
Ed25519 algorithm listed.
Do you have any supporting links, references, or citations?
GoogleChromeLabs/webbundle-plugins#11 (comment)
GoogleChromeLabs/webbundle-plugins#11 (comment)
This modified version of Deno test code https://github.com/denoland/deno/blob/ca64771257d23ceee97e882965269702c359f6aa/cli/tests/node_compat/test/parallel/test-webcrypto-sign-verify.js#L115-L133 logs
true
on Chromium Version 122.0.6170.0 (Developer Build) (64-bit).Do you have anything more you want to share?
No response
The text was updated successfully, but these errors were encountered: