Last active
April 17, 2018 01:35
-
-
Save robyoder/cabf0ee67bb2c9a90711cc1dd8c6d523 to your computer and use it in GitHub Desktop.
Private keys that error in different browsers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const pk_a = { | |
"alg": "RSA-OAEP", | |
"d": "SEI7RlFFuwpNtM7OBbz-rakRPa8tA7JosHCFbDp8rpnPgaQqE3Nx3XkemNDn8eypqdwGXo1PSHRFn40BPOjidNb5QvsdLcp9fgwF66fyzT0tRAYWK14Fuh042WciYvb3wk55CcmIK1PI4-nsGiQW8flPHSnmJJowdD23qajcJDkSozm0I44AAiEgp9pNgAIgDfPWh8qvjm0dqq10U20aYTOVeMUZz_sDAr9N9pcl9yrItouqnuWVzRzs-S2P55JXgUj87KxvQtcMr4vl6Ek9p_Pqn2ktcJpBM5Qsx_Bu-_fEqVjpDZr34CgENY89OA3MxLsOiMIOC4sD3z7h6GNB", | |
"dp": "YRLeNGJByvFv4Jpv2Ef-mmknlNmZdg2MCk7xsQh3-nufKxEssdN_jTF1lTR5mnYKJyaGfsuADRy-xzIuili91xx2631VXIpzO4EApt-_droErdjzwJiOVqbMQmEU9ithLWWbpa0IPm5HZCa7PD-2ctt79aMFualsmwQ2Auc2ET0", | |
"dq": "KbWh0933yZ1ndCe5KW_QF0RlF57QsLL3Lc6bfOB2uY9AitUv5s4Q0BrHwdlS-0v1S0s3T_XJKjN5XRd-TEGOX0xZMRGuA99QyGm_arw4Rkrm27u3zBBUaN5Hm1rHMYugrbb4Ch1BQioCdlR1yfJwVR5w8cpp6J68jWl1ST0Oj7k", | |
"e": "AQAB", | |
"ext": true, | |
"key_ops": [ | |
"decrypt" | |
], | |
"kty": "RSA", | |
"n": "zYn-rDpx6iI7AylGoNVh5WtdlgyQNa63JIv562B0Xh3Ye5ip3MW_ehPeEOIkTFFfigTNc2stCrTHVNRGgpny0bRsYJT6w_8PBzeCwIJ4xMy9Kzy8SGbyC8QfL0nopUJuJcIU5EuTyY4XX9p9M2FBqtjmplKGj6XsP81JrpVl1ZN5CNFW1mmpEIjdc7egzlH0CaJGum-Opr8rSw_-SQQNEDWsftAPwZktrJlk_mL068o6wuPuSgrzhhesbxBC532SsWtVkIgbJy-UlcsTI6KCSxZHQiAJ0q37bf1535IF8okrVd6iJqUjZ2XltbZpxDkAtoTKBEpH3tBiMUhiUzkOTQ", | |
"p": "1blRZM5aXP7CkdOTWidcnkZQiBk8Rnpl12p2AsDgCqBWeLtGOoi8lux5zPwK07cB5Mcf0r7_uLHQt0tPHfuDKMacktLUsoCsVDbnkOPJL9aK0nWLCMzy9sgmZq4LMOChNRzPkQegq-vJxXON_Ol_3O2YGlePnpIIT79V_CzDbuU", | |
"q": "9jI1BOgJNo6P3U21dgEYiMjJhF38n1xiyxRjl_dp5otzN4mkpg32sGAZAhO1rdjc9Zz2OlvuMyef6YQrtcDuVcm8Sq2YyYwhqB6dlN6dKswr9gGyBEqfcUtKoGRm7uNA1_z_N83n9h1ji06958uq3S3QvSS4_FlNlvQMsoOOw0k", | |
"qi": "x9wUQzvMTSkzPKgvMnGxhltqX6Q3ruv2O5M98Vg-f_-c4O3p-bFSO94768OV7859QD_LY7J0eqjaUtvXXMcHpOH0J8xa7vgVU37vEjqEwI_zloDkyRihumwFKH6SCRTZTnIlJNgNFR_m1fFhatHdQj6VFf0HYREnTqlWd25yYRE", | |
"kid": "h7bbt47gymfxtb3amihkvgu6zi" | |
}; | |
const pk_a_swapped = { | |
"alg": "RSA-OAEP", | |
"d": "SEI7RlFFuwpNtM7OBbz-rakRPa8tA7JosHCFbDp8rpnPgaQqE3Nx3XkemNDn8eypqdwGXo1PSHRFn40BPOjidNb5QvsdLcp9fgwF66fyzT0tRAYWK14Fuh042WciYvb3wk55CcmIK1PI4-nsGiQW8flPHSnmJJowdD23qajcJDkSozm0I44AAiEgp9pNgAIgDfPWh8qvjm0dqq10U20aYTOVeMUZz_sDAr9N9pcl9yrItouqnuWVzRzs-S2P55JXgUj87KxvQtcMr4vl6Ek9p_Pqn2ktcJpBM5Qsx_Bu-_fEqVjpDZr34CgENY89OA3MxLsOiMIOC4sD3z7h6GNB", | |
"dp": "KbWh0933yZ1ndCe5KW_QF0RlF57QsLL3Lc6bfOB2uY9AitUv5s4Q0BrHwdlS-0v1S0s3T_XJKjN5XRd-TEGOX0xZMRGuA99QyGm_arw4Rkrm27u3zBBUaN5Hm1rHMYugrbb4Ch1BQioCdlR1yfJwVR5w8cpp6J68jWl1ST0Oj7k", | |
"dq": "YRLeNGJByvFv4Jpv2Ef-mmknlNmZdg2MCk7xsQh3-nufKxEssdN_jTF1lTR5mnYKJyaGfsuADRy-xzIuili91xx2631VXIpzO4EApt-_droErdjzwJiOVqbMQmEU9ithLWWbpa0IPm5HZCa7PD-2ctt79aMFualsmwQ2Auc2ET0", | |
"e": "AQAB", | |
"ext": true, | |
"key_ops": [ | |
"decrypt" | |
], | |
"kty": "RSA", | |
"n": "zYn-rDpx6iI7AylGoNVh5WtdlgyQNa63JIv562B0Xh3Ye5ip3MW_ehPeEOIkTFFfigTNc2stCrTHVNRGgpny0bRsYJT6w_8PBzeCwIJ4xMy9Kzy8SGbyC8QfL0nopUJuJcIU5EuTyY4XX9p9M2FBqtjmplKGj6XsP81JrpVl1ZN5CNFW1mmpEIjdc7egzlH0CaJGum-Opr8rSw_-SQQNEDWsftAPwZktrJlk_mL068o6wuPuSgrzhhesbxBC532SsWtVkIgbJy-UlcsTI6KCSxZHQiAJ0q37bf1535IF8okrVd6iJqUjZ2XltbZpxDkAtoTKBEpH3tBiMUhiUzkOTQ", | |
"p": "9jI1BOgJNo6P3U21dgEYiMjJhF38n1xiyxRjl_dp5otzN4mkpg32sGAZAhO1rdjc9Zz2OlvuMyef6YQrtcDuVcm8Sq2YyYwhqB6dlN6dKswr9gGyBEqfcUtKoGRm7uNA1_z_N83n9h1ji06958uq3S3QvSS4_FlNlvQMsoOOw0k", | |
"q": "1blRZM5aXP7CkdOTWidcnkZQiBk8Rnpl12p2AsDgCqBWeLtGOoi8lux5zPwK07cB5Mcf0r7_uLHQt0tPHfuDKMacktLUsoCsVDbnkOPJL9aK0nWLCMzy9sgmZq4LMOChNRzPkQegq-vJxXON_Ol_3O2YGlePnpIIT79V_CzDbuU", | |
"qi": "_4fmdfdjr2NAyodFG4pISTHRWxdX6WXFawr-syt2kdapw1LaLrgfyatDVbSEGZgc1Fop-WQt_Z8eDcRRLeKRH5MEYY_4lguibq8mxjhkNftOG8hoOSMr6iw8xU2a0Bl_U64Jihm2RELTUhZ2g6PNzI44vkz-tjOCj2eWmSXYtR", | |
"kid": "h7bbt47gymfxtb3amihkvgu6zi" | |
}; | |
const pk_b = { | |
"alg": "RSA-OAEP", | |
"d": "RUDfqVy8oR23Buqw6tMq09JsSg9uOCIvmN35oKwRABBIRvo5LDguKnJQw_hyJy1osZ8l11QAe4IM1Lfo_AMR3OwZOY3ZIJMDcirRYKJrm2Lo9-7y2BpVmrCPEZB0k6vXZIWcqesdU072h5tzF4QSm_F5s6nHfxLNsMDnQwq0dpPk6wjhifzoe-m_R65o9TPskfannht7hZxe4cFcKQOQLkkWkmpBIfoHhmpNBzKZZwObfPyyCUSf_AQhX2XcI77fopPohPT0_sJKhtzL0PiWJ80gBjioo9UePnAEB9RqHgjgN6ny4_YQd7V1h3f_Ga3s1W9WoQwKqkvtkTkEDataJQ", | |
"dp": "XOkqrRnF4OpxJLUke3Udpke8b0IP0uIWvieB0yUpL4Atbybtfnkq4Ihy2afMiwXQa8qT-FhwMuo25ECgEWcOP6Ps7g5il2z5PuQORfGFq4eCQe3-05nc-8P30vfGu2i5zoVGZzSN3yU34fK1Dj3wYZu-AFS3rTchxRxiMJEDeRM", | |
"dq": "ZfqGpPUAxSunZJ5XwkKEFOTUu8JsBsd-tqy593UpYLCqg0-OLl61lLH7FyCmSiUo_6gG3Dr_ecDv206V7vi1-olQyGLpPW7xHqcSquguFjVTQtgFMKq9T2dJs2FoH340b5z4a86d_PE4Z5EWMlxt1oi-UG6e3u-rdqEWwnK1dLE", | |
"e": "AQAB", | |
"ext": true, | |
"key_ops": [ | |
"decrypt" | |
], | |
"kty": "RSA", | |
"n": "sVKWsufKaLtat56UypOSjPef6G7cvpPacaVMi4Bf0XHUEysapOR76HXuz1GM8i2d4hAq307EVvDLtBgUzYljTWiBPT8aWAbhpDds2UGUNYjaRE0Z8Ki6Cv5aL-TG0PNu9Uh9Vlujd8yHgnAOgx_r_yQEjVwSob3OVjspGgd8gn45H1oMNie9-tw3Q6pn2HSVY2WL1VOeVJzEvIxDCyhXS-2zuMsAi8LwXQ2MncCPxNygXJ0YF6oEU4MgX6N7Z2dwpFAKVlPOdc8gJUk1JmzIq-4mU1pCa-EMBH_t1YU8BXPNdiM0mhJoSrjmiRjfeTz1VSZdSgYTW6nKP55xF0Jlkw", | |
"p": "7-0xilQi2QREdmev39Fy_ygVSzRFppZVhU2j2dxQtAxGe1QKvy1Qj_8Q1h1qejf6SWdW-FPuFC2m9LpU7vlo3LosQw1Pt15fFFauEAlRCkU8ThOYw8bpu-v7rAf3PHdxe20kNRZ-tftezNBjlteWXRCMiK_rMyO6cSNjdUZBxMc", | |
"q": "vTO4c7ETd5xenxL2HoM_zM_6NN6TCjNZl1FCnhk57tp7lDwTWXdCcCAeNt-3fYR4-eQLR0wBqGYcNTZOE_4QjBGXXOC7njFxw3kJqujYXFM1Xp08Rc3zYFzyMRJRO60BLDfVKQMdZDVgzJ0aYDQuZ05GoA3LKisJaLYliYEk9NU", | |
"qi": "S8hPwkmpzbC5yjpbHO0N_JEJlGg_N884cNHs2L20cqaUstFAjOAxBQFRBOJFWTOjMLUCLMtmbbo3OZnfpxwQLIC72wpouWeaF763q_jCz74g8ulHFgqT9IIyzGxTh76RRHJKtHb6riCeOqtcL9Fisq0SrMp1qYej1XIVtt9d9Rg", | |
"kid": "gggxwbfqjz72nbd7gktrbkndgm" | |
}; | |
const pk_b_swapped = { | |
"alg": "RSA-OAEP", | |
"d": "RUDfqVy8oR23Buqw6tMq09JsSg9uOCIvmN35oKwRABBIRvo5LDguKnJQw_hyJy1osZ8l11QAe4IM1Lfo_AMR3OwZOY3ZIJMDcirRYKJrm2Lo9-7y2BpVmrCPEZB0k6vXZIWcqesdU072h5tzF4QSm_F5s6nHfxLNsMDnQwq0dpPk6wjhifzoe-m_R65o9TPskfannht7hZxe4cFcKQOQLkkWkmpBIfoHhmpNBzKZZwObfPyyCUSf_AQhX2XcI77fopPohPT0_sJKhtzL0PiWJ80gBjioo9UePnAEB9RqHgjgN6ny4_YQd7V1h3f_Ga3s1W9WoQwKqkvtkTkEDataJQ", | |
"dp": "ZfqGpPUAxSunZJ5XwkKEFOTUu8JsBsd-tqy593UpYLCqg0-OLl61lLH7FyCmSiUo_6gG3Dr_ecDv206V7vi1-olQyGLpPW7xHqcSquguFjVTQtgFMKq9T2dJs2FoH340b5z4a86d_PE4Z5EWMlxt1oi-UG6e3u-rdqEWwnK1dLE", | |
"dq": "XOkqrRnF4OpxJLUke3Udpke8b0IP0uIWvieB0yUpL4Atbybtfnkq4Ihy2afMiwXQa8qT-FhwMuo25ECgEWcOP6Ps7g5il2z5PuQORfGFq4eCQe3-05nc-8P30vfGu2i5zoVGZzSN3yU34fK1Dj3wYZu-AFS3rTchxRxiMJEDeRM", | |
"e": "AQAB", | |
"ext": true, | |
"key_ops": [ | |
"decrypt" | |
], | |
"kty": "RSA", | |
"n": "sVKWsufKaLtat56UypOSjPef6G7cvpPacaVMi4Bf0XHUEysapOR76HXuz1GM8i2d4hAq307EVvDLtBgUzYljTWiBPT8aWAbhpDds2UGUNYjaRE0Z8Ki6Cv5aL-TG0PNu9Uh9Vlujd8yHgnAOgx_r_yQEjVwSob3OVjspGgd8gn45H1oMNie9-tw3Q6pn2HSVY2WL1VOeVJzEvIxDCyhXS-2zuMsAi8LwXQ2MncCPxNygXJ0YF6oEU4MgX6N7Z2dwpFAKVlPOdc8gJUk1JmzIq-4mU1pCa-EMBH_t1YU8BXPNdiM0mhJoSrjmiRjfeTz1VSZdSgYTW6nKP55xF0Jlkw", | |
"p": "vTO4c7ETd5xenxL2HoM_zM_6NN6TCjNZl1FCnhk57tp7lDwTWXdCcCAeNt-3fYR4-eQLR0wBqGYcNTZOE_4QjBGXXOC7njFxw3kJqujYXFM1Xp08Rc3zYFzyMRJRO60BLDfVKQMdZDVgzJ0aYDQuZ05GoA3LKisJaLYliYEk9NU", | |
"q": "7-0xilQi2QREdmev39Fy_ygVSzRFppZVhU2j2dxQtAxGe1QKvy1Qj_8Q1h1qejf6SWdW-FPuFC2m9LpU7vlo3LosQw1Pt15fFFauEAlRCkU8ThOYw8bpu-v7rAf3PHdxe20kNRZ-tftezNBjlteWXRCMiK_rMyO6cSNjdUZBxMc", | |
"qi": "gXD2BFHiweQ4e4DX6UmyGj9jHqEYw3PHc59ogzay54ZWNjDh3QU87535SGAwb1X1yPwm5ztWcP0BRQAsjWE5pRDfqt3iu9kxjhQoKzp4jUSBHQhDxybP1wHhhH5YtzSXCnXNXpKa3t5Mf5DiO7KlSIbv0qbamH-DxJozHmNfzoQ", | |
"kid": "gggxwbfqjz72nbd7gktrbkndgm" | |
}; | |
const alg = { | |
name: "RSA-OAEP", | |
modulusLength: 2048, | |
publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // 24-bit representation of 65537 | |
hash: {name: "SHA-1"} | |
}; | |
// This key is rejected by Safari 11 because p < q. | |
// It was generated by Microsoft Edge. | |
crypto.subtle.importKey("jwk", pk_a, alg, true, ["decrypt"]); | |
// This key has p and q swapped, dp and dq swapped, and qi recalculated. | |
// Safari 11 imports it fine, but Chrome and Firefox throw a DOMException error. Why? | |
crypto.subtle.importKey("jwk", pk_a_swapped, alg, true, ["decrypt"]); | |
// This one has p > q, and every browser imports it correctly. | |
crypto.subtle.importKey("jwk", pk_b, alg, true, ["decrypt"]); | |
// This is the same as pk_b, with the same swaps done as before. | |
// Safari 11 throws an error because p < q, but Chrome and Firefox import it fine. | |
crypto.subtle.importKey("jwk", pk_b_swapped, alg, true, ["decrypt"]); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment