-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: forbid NODE-ED25519 and NODE-ED448 "raw" key export #38668
Conversation
This comment has been minimized.
This comment has been minimized.
Raw import is similarly affected & why I provided the pkcs8 key equivalents: https://github.com/nodejs/node/pull/36879/files#diff-15c1a60d165e73c0aa21f0aff84493a257a577a97e9c8d2f33779b003193e338R126 This should be removed? https://github.com/nodejs/node/pull/36879/files#diff-15c1a60d165e73c0aa21f0aff84493a257a577a97e9c8d2f33779b003193e338R236 It's also unclear to me if X25519/X448 is similarly impacted, but I think so given the logic in the test (at least for import?): Here's the import of private EdDH keys: |
Raw X/Ed key import was the reason why @jasnell implemented this node-specific webcrypto extension in the first place. I'll leave the rest to him to comment. I'm having a hard time understanding what is it you are after. |
raw private import and raw public import/export should still work i hope? |
@devsnek with this PR in place that is still the case, yes. |
I'm not so sure we need to forbid this in the first place. |
@pavna I'm from the Cloudflare Workers team working on WebCrypto updates (context here is I'm adding Ed25519 support). I was originally going to use a custom name on our end for the algorithms/curves as I didn't understand why Node went with I was told to use the same ones as Node to avoid unnecessary incompatibility for users who may write code for both platforms. I wanted to highlight an area of incompatibility we'll have. It seems like we're aligned that raw export of private keys shouldn't be allowed & for imports I'll just make a note in our developer docs for the difference. |
@vlovich ... that's excellent to hear re: Cloudflare Workers WebCrypto updates! Making sure we're aligned here makes perfect sense! Keep in mind that the entire WebCrypto module is still considered to be "Experimental" so we can change things as it makes sense to do so. Regarding the naming, I just went with something that would be descriptive and would make it clearer to someone who is less familiar with the I think we're definitely in agreement on the raw export of the private keys. Limiting that makes perfect sense. If there are other incompatibilities definitely let us know! While the module is still experimental we can make breaking changes without worrying about semver rules. |
"Need* is a bit strong. Restricting export of the private keys is consistent with the rest of WebCrypto and making it more difficult to get to the private key data just makes sense Just In Case (tm). |
Yup. I'm definitely noting that it's non-standard & might experience breaking changes. We'll have more constraints on our end in terms of breakages since this is a production system & we will have at least one customer that will be using Ed25519 when it ships. We're only going to ship Ed25519 to start with & we'll be unable to support Curve448 since BoringSSL ripped it out. Hopefully that limits our exposure & if issues come up we'll try to co-ordinate if we think there's a problem. The spec seems simple enough that I'm hopeful any changes won't actually be wholly backwards incompatible. On the naming, it was just a bit jarring and as an implementer new to WebCrypto & Curve25519, it would have saved me a few cycles to see |
I'm happy to change the names to whatever may eventually become the "Standard" :-) ...
Once this happens we can make sure we're being careful about avoiding breaking changes on these to avoid issues. |
I'm actually the customer (or well, i work for the customer 😄) happy to track whatever changes happen in the name of a nice standardized ecosystem. |
Landed in 2130598 |
Regarding the name I suggest do not change the original algorithm's name: for signatures are Ed25519 and Ed448, for Diffie-Hellman operations are: X25519 and X448. There are historical reasons for these names and there is no need to change them. |
closes #38655
Similar to ECDH and ECDSA "raw" export is not allowed for private keys.
This is a breaking change but webcrypto is still an experimental module.
cc @nodejs/crypto