JWK "key_ops" 成员与 Web Crypto 调用指定的成员不一致
The JWK "key_ops" member was inconsistent with that specified by the Web Crypto call
在 NodeJS 上,我生成密钥并将其导出如下,
const { Crypto } = require("@peculiar/webcrypto");
const crypto = new Crypto();
....
....
....
let KeyPair = await crypto.subtle.generateKey(
{
name: "ECDH",
namedCurve: "P-384"
},
false,
["deriveKey"]
);
let exportPubKey = await crypto.subtle.exportKey(
"jwk",
KeyPair.publicKey
)
现在,当我尝试在使用 Chrome 浏览器的客户端上导入导出的密钥时,它抛出一个 DOM 异常,我这样导入它,
window.crypto.subtle.importKey("jwk", {"kty":"EC","crv":"P-384","key_ops":[],"ext":true,"x":"mbLH4QWKwgYu3cwaUsk59M9awwhJydGdJOH0z8WapKuW6DAlnI8bcUg7kOl9ZCdb","y":"-PQ_HUtA45oC8YL3Zk2dExIWxykhimjfqFAc2pQrPTmrDKa-5AVn4Noz3PitZw2W"}, {"name": "ECDH", "namedCurve": "P-384"}, false, ["deriveKey"])
错误是,
DOMException: The JWK "key_ops" member was inconsistent with that specified by the Web Crypto call. The JWK usage must be a superset of those requested
令我惊讶的是,我可以在 Node 上导入相同的东西而不会出现任何错误。我的意思是客户端以几乎相同的格式生成 JWK。
经过位模糊测试后,我发现您必须传递一个空数组才能克服错误。
window.crypto.subtle.importKey("jwk", {"kty":"EC","crv":"P-384","key_ops":[],"ext":true,"x":"mbLH4QWKwgYu3cwaUsk59M9awwhJydGdJOH0z8WapKuW6DAlnI8bcUg7kOl9ZCdb","y":"-PQ_HUtA45oC8YL3Zk2dExIWxykhimjfqFAc2pQrPTmrDKa-5AVn4Noz3PitZw2W"}, {"name": "ECDH", "namedCurve": "P-384"}, false, ["deriveKey"])
变成,
window.crypto.subtle.importKey("jwk", {"kty":"EC","crv":"P-384","key_ops":[],"ext":true,"x":"mbLH4QWKwgYu3cwaUsk59M9awwhJydGdJOH0z8WapKuW6DAlnI8bcUg7kOl9ZCdb","y":"-PQ_HUtA45oC8YL3Zk2dExIWxykhimjfqFAc2pQrPTmrDKa-5AVn4Noz3PitZw2W"}, {"name": "ECDH", "namedCurve": "P-384"}, false, [])
在 NodeJS 上,我生成密钥并将其导出如下,
const { Crypto } = require("@peculiar/webcrypto");
const crypto = new Crypto();
....
....
....
let KeyPair = await crypto.subtle.generateKey(
{
name: "ECDH",
namedCurve: "P-384"
},
false,
["deriveKey"]
);
let exportPubKey = await crypto.subtle.exportKey(
"jwk",
KeyPair.publicKey
)
现在,当我尝试在使用 Chrome 浏览器的客户端上导入导出的密钥时,它抛出一个 DOM 异常,我这样导入它,
window.crypto.subtle.importKey("jwk", {"kty":"EC","crv":"P-384","key_ops":[],"ext":true,"x":"mbLH4QWKwgYu3cwaUsk59M9awwhJydGdJOH0z8WapKuW6DAlnI8bcUg7kOl9ZCdb","y":"-PQ_HUtA45oC8YL3Zk2dExIWxykhimjfqFAc2pQrPTmrDKa-5AVn4Noz3PitZw2W"}, {"name": "ECDH", "namedCurve": "P-384"}, false, ["deriveKey"])
错误是,
DOMException: The JWK "key_ops" member was inconsistent with that specified by the Web Crypto call. The JWK usage must be a superset of those requested
令我惊讶的是,我可以在 Node 上导入相同的东西而不会出现任何错误。我的意思是客户端以几乎相同的格式生成 JWK。
经过位模糊测试后,我发现您必须传递一个空数组才能克服错误。
window.crypto.subtle.importKey("jwk", {"kty":"EC","crv":"P-384","key_ops":[],"ext":true,"x":"mbLH4QWKwgYu3cwaUsk59M9awwhJydGdJOH0z8WapKuW6DAlnI8bcUg7kOl9ZCdb","y":"-PQ_HUtA45oC8YL3Zk2dExIWxykhimjfqFAc2pQrPTmrDKa-5AVn4Noz3PitZw2W"}, {"name": "ECDH", "namedCurve": "P-384"}, false, ["deriveKey"])
变成,
window.crypto.subtle.importKey("jwk", {"kty":"EC","crv":"P-384","key_ops":[],"ext":true,"x":"mbLH4QWKwgYu3cwaUsk59M9awwhJydGdJOH0z8WapKuW6DAlnI8bcUg7kOl9ZCdb","y":"-PQ_HUtA45oC8YL3Zk2dExIWxykhimjfqFAc2pQrPTmrDKa-5AVn4Noz3PitZw2W"}, {"name": "ECDH", "namedCurve": "P-384"}, false, [])