Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

RSA generatekey, unsupported algorithm

See original GitHub issue

This is literally the only package I have found that supports webcrypto with react native…

But I really need to be able to generate the following RSA key (for compatibility with the rest of our system)…

await crypto.subtle.generateKey(
    {
      name: "RSA-PSS",
      hash: "SHA-256",
      modulusLength: 4096,
      publicExponent: new Uint8Array([1, 0, 1]),
    },
    true,
    ["sign", "verify"],
  );

Any plans to support this? I would be really appreciative.

Issue Analytics

State:
Created 3 years ago
Comments:20 (6 by maintainers)

Top GitHub Comments

2reactions

kevlenedcommented, Jul 4, 2021

@cryptoAlgorithm @davidcallanan The recommended library runs code in the WebView without hitting a remote server. Here’s the code for the suggested library (basically loads an empty html file, then injects js that runs client side). The WebView method is more secure than the js version today, because it’s built on top of the platform’s native crypto APIs.

There is one real limitation to any polyfill I’ve seen in React Native: non-exportable keys. In a browser, you can generate key pairs where the private portion can’t be serialized to a jwk or pem. This prevents an xss from exfiltrating a private key. In the browser, not being able to serialize the key means you have to store the key in IndexedDB if you want to use it in future sessions (IndexedDB can store some objects without serializing them). There is no way to simulate the functionality in React Native unless you use a WebCrypto polyfill built on top of the iOS and Android crypto primitives.

The WebView method is certainly the most secure, reliable, and up-to-date method. I’ve considered moving this library to use the WebView method by default. The only caveat is the extra step of including the WebView in the render tree. This extra step just becomes cumbersome if you’re shipping a library built on top of isomorphic-webcrypto to end-users.

Hope that helps with your decision.

0reactions

cryptoAlgorithmcommented, Jul 5, 2021

@kevlened, I’ve ran into some issues with this WebView WebCrypto approach, namely the fact that Safari on iOS doesn’t fully support RSA-OEAP encryption/decryption with SHA-512/SHA-256 hashes. Only SHA-1 is supported, which won’t do. I look forward to the day when Safari finally decides to fix this (its a bug that has been around for ages), but for now I can’t really use this approach.

Top Results From Across the Web

RSA_PRIVATE_KEY problem · Discussion #9331 · saleor ...

The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key...

RSA — PyCryptodome 3.15.0 documentation

RSA is the most widespread and used public key algorithm. Its security is based on the difficulty of factoring large integers. The algorithm...

RSA — Cryptography 39.0.0.dev1 documentation

RSA is a public-key algorithm for encrypting and signing messages. Generation¶. Unlike symmetric cryptography, where the key is typically just a random series ......

How to generate "ssh-rsa" key instead of "rsa-sha2-512"

As this is not answer how to generate key, but rather what causes sshd ... host key algorithm: ssh-rsa debug1: kex: server->client cipher: ......

Generating RSA public keys from go using x509 ...

Reader bitSize := 64 keypair, _:= rsa.GenerateKey(reader, bitSize) fmt.Println("Public key ", &keypair.PublicKey) pubkey_bytes := x509.