Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Public Key Encryption in Microsoft Edge

I have the following JavaScript code to implement public key encryption using the Web Cryptography API. It works for Firefox and Chrome but fails for Microsoft Edge. The error I am getting from Edge is "Could not complete the operation due to error 80700011." What have I missed?

<script>
    var data = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9]);

    var crypto = window.crypto || window.msCrypto;
    var cryptoSubtle = crypto.subtle;

    cryptoSubtle.generateKey(
        {
            name: "RSA-OAEP",
            modulusLength: 2048, 
            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
            hash: { name: "SHA-256" }, 
        },
        true, 
        ["encrypt", "decrypt"]
    ).then(function (key) { 
        console.log(key);
        console.log(key.publicKey);
        return cryptoSubtle.encrypt(
            {
                name: "RSA-OAEP"
            },
            key.publicKey,
            data
            );
    }).then(function (encrypted) { 
        console.log(new Uint8Array(encrypted));
    }).catch(function (err) {
        console.error(err);
    });
</script>
like image 232
FengHuang Avatar asked Oct 09 '15 16:10

FengHuang


People also ask

What encryption does Microsoft edge use?

Microsoft Edge stores passwords encrypted on disk. They're encrypted using AES and the encryption key is saved in an operating system (OS) storage area.

Is Microsoft edge sync encrypted?

Is the synced data encrypted? Yes, the data is encrypted in transport using TLS 1.2 or greater. All data types are additionally encrypted at rest in Microsoft's service using AES128.

What is Microsoft double key encryption?

Double Key Encryption encrypts your data with two keys. Your encryption key is in your control and the second key is stored in Microsoft Azure, allowing you to move your encrypted data to the cloud. HYOK protects your content with only one key and the key is always on premises.


2 Answers

I've found the cause of this issue. I have to add the hash field when invoking the encrypt function:

        return cryptoSubtle.encrypt(
            {
                name: "RSA-OAEP",
                hash: { name: "SHA-256" }
            },
            key.publicKey,
            data
            );

This does not match the Web Cryptography API Spec but it works.

like image 188
FengHuang Avatar answered Sep 18 '22 08:09

FengHuang


Same problem with crypto.subtle.sign. Needed to add the hashing algorithm (same issue in Safari)

Replace

crypto.subtle.sign(
            {
                 name: "RSASSA-PKCS1-v1_5"
            },
            cryptoKey,
            digestToSignBuf);

with

crypto.subtle.sign(
            {
                 name: "RSASSA-PKCS1-v1_5", 
                 hash: "SHA-256"
            },
            cryptoKey,
            digestToSignBuf);
like image 36
pedrofb Avatar answered Sep 21 '22 08:09

pedrofb