Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Public Key Encryption in Microsoft Edge

Tags:

encryption

public-key-encryption

microsoft-edge

webcrypto-api

I have the following JavaScript code to implement public key encryption using the Web Cryptography API. It works for Firefox and Chrome but fails for Microsoft Edge. The error I am getting from Edge is "Could not complete the operation due to error 80700011." What have I missed? 

<script>
    var data = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9]);

    var crypto = window.crypto || window.msCrypto;
    var cryptoSubtle = crypto.subtle;

    cryptoSubtle.generateKey(
        {
            name: "RSA-OAEP",
            modulusLength: 2048, 
            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
            hash: { name: "SHA-256" }, 
        },
        true, 
        ["encrypt", "decrypt"]
    ).then(function (key) { 
        console.log(key);
        console.log(key.publicKey);
        return cryptoSubtle.encrypt(
            {
                name: "RSA-OAEP"
            },
            key.publicKey,
            data
            );
    }).then(function (encrypted) { 
        console.log(new Uint8Array(encrypted));
    }).catch(function (err) {
        console.error(err);
    });
</script>
like image 232
FengHuang Avatar asked Oct 09 '15 16:10

FengHuang

People also ask

What encryption does Microsoft edge use?

Microsoft Edge stores passwords encrypted on disk. They're encrypted using AES and the encryption key is saved in an operating system (OS) storage area.

Is Microsoft edge sync encrypted?

Is the synced data encrypted? Yes, the data is encrypted in transport using TLS 1.2 or greater. All data types are additionally encrypted at rest in Microsoft's service using AES128.

What is Microsoft double key encryption?

Double Key Encryption encrypts your data with two keys. Your encryption key is in your control and the second key is stored in Microsoft Azure, allowing you to move your encrypted data to the cloud. HYOK protects your content with only one key and the key is always on premises.

2 Answers

I've found the cause of this issue. I have to add the hash field when invoking the encrypt function:

        return cryptoSubtle.encrypt(
            {
                name: "RSA-OAEP",
                hash: { name: "SHA-256" }
            },
            key.publicKey,
            data
            );

This does not match the Web Cryptography API Spec but it works.

like image 188
FengHuang Avatar answered Sep 18 '22 08:09

FengHuang

Same problem with crypto.subtle.sign. Needed to add the hashing algorithm (same issue in Safari)

Replace 

crypto.subtle.sign(
            {
                 name: "RSASSA-PKCS1-v1_5"
            },
            cryptoKey,
            digestToSignBuf);

with 

crypto.subtle.sign(
            {
                 name: "RSASSA-PKCS1-v1_5", 
                 hash: "SHA-256"
            },
            cryptoKey,
            digestToSignBuf);
like image 36
pedrofb Avatar answered Sep 21 '22 08:09

pedrofb
Sign in to Comment

Related questions

How come putting the GCM authentication tag at the end of a cipher stream require internal buffering during decryption?
Python Crypto, RSA Public/Private key, with large file
"no shared cipher" at ssl_accept, why?
NotImplementedError: Use module Crypto.Cipher.PKCS1_OAEP instead error
How to generate curve25519 key pair for diffie hellman algorithm?
Encrypted Django Model Fields
Preventing MITM attacks on server
PHP: Short id like Youtube, with salt
Which encryption algorithm is useful for encrypting a file stored on disk?
Can RSA Encrypted Data be Sent Over HTTP?
We encrypt a file for a client using BouncyCastle API. He gets a "For your eyes only" message from PGP when trying to decrypt it. Why?
Encrypting a file with a weak password, bcrypt or SHA-256 + AES-256?
Best + Strongest method of encryption for databases [closed]
undefined reference to md5 [duplicate]
Web app with client-side encryption
AES Encrypt in CryptoJS and decrypt in Coldfusion
C++ Encrypting and decrypting Lua files
Identify and disable weak cipher suites Windows server 2008 / IIS 7
C# Decrypt bytes from SQL Server EncryptByPassPhrase?
Is TLS_RSA_WITH_3DES_EDE_CBC_SHA equivalent to SSL_RSA_WITH_3DES_EDE_CBC_SHA

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!