isomorphic-webcrypto: RSA generatekey, unsupported algorithm
This is literally the only package I have found that supports webcrypto with react native…
But I really need to be able to generate the following RSA key (for compatibility with the rest of our system)…
await crypto.subtle.generateKey(
{
name: "RSA-PSS",
hash: "SHA-256",
modulusLength: 4096,
publicExponent: new Uint8Array([1, 0, 1]),
},
true,
["sign", "verify"],
);
Any plans to support this? I would be really appreciative.
About this issue
- Original URL
- State: open
- Created 4 years ago
- Comments: 20 (6 by maintainers)
@cryptoAlgorithm @davidcallanan The recommended library runs code in the WebView without hitting a remote server. Here’s the code for the suggested library (basically loads an empty html file, then injects js that runs client side). The WebView method is more secure than the js version today, because it’s built on top of the platform’s native crypto APIs.
There is one real limitation to any polyfill I’ve seen in React Native: non-exportable keys. In a browser, you can generate key pairs where the private portion can’t be serialized to a jwk or pem. This prevents an xss from exfiltrating a private key. In the browser, not being able to serialize the key means you have to store the key in IndexedDB if you want to use it in future sessions (IndexedDB can store some objects without serializing them). There is no way to simulate the functionality in React Native unless you use a WebCrypto polyfill built on top of the iOS and Android crypto primitives.
The WebView method is certainly the most secure, reliable, and up-to-date method. I’ve considered moving this library to use the WebView method by default. The only caveat is the extra step of including the WebView in the render tree. This extra step just becomes cumbersome if you’re shipping a library built on top of
isomorphic-webcryptoto end-users.Hope that helps with your decision.