Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document that Safari generates randomized Ed25519 signatures #24462

Merged
merged 1 commit into from
Oct 2, 2024
Merged

Document that Safari generates randomized Ed25519 signatures #24462

merged 1 commit into from
Oct 2, 2024

Conversation

twiss
Copy link
Contributor

@twiss twiss commented Sep 17, 2024
edited
Loading

Summary

Document the fact that for the Ed25519 algorithm in Web Crypto's crypto.subtle.sign function, Safari generates randomized signatures as per draft-irtf-cfrg-det-sigs-with-noise, instead of deterministic signatures as per RFC 8032.

There is a discussion in WICG/webcrypto-secure-curves#28 to make this behavior legal, but as of now it isn't (although in most cases it shouldn't cause interoperability issues). Additionally, even if this becomes legal as per the Web Crypto spec, it may still be noteworthy for developers who (for some reason) require the deterministic behavior of Ed25519 as specified in RFC 8032.

Test results and supporting details

This behavior can be confirmed by running

const { privateKey } = await crypto.subtle.generateKey('Ed25519', false, ['sign']);
console.log(new Uint8Array(await crypto.subtle.sign('Ed25519', privateKey, new ArrayBuffer())));
console.log(new Uint8Array(await crypto.subtle.sign('Ed25519', privateKey, new ArrayBuffer())));

In deterministic implementations, both signatures will be identical. In randomized implementations, they'll be different. I tested desktop and mobile Safari 17 and 18 and all of them implement the randomized variant.

Related issues

Relevant WebKit issue: https://bugs.webkit.org/show_bug.cgi?id=262499.

@github-actions github-actions bot added the data:api Compat data for Web APIs. https://developer.mozilla.org/docs/Web/API label Sep 17, 2024
@twiss twiss force-pushed the safari-randomized-ed25519 branch from 6ca564b to be1ff54 Compare September 17, 2024 21:09
@twiss
Copy link
Contributor Author

twiss commented Sep 18, 2024

@hamishwillee perhaps you're the right person to ask for a review for this? ☺️

@caugner caugner merged commit 24f32be into mdn:main Oct 2, 2024
6 checks passed
@twiss twiss deleted the safari-randomized-ed25519 branch October 2, 2024 16:12
@twiss twiss mentioned this pull request Oct 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caugner caugner caugner approved these changes

Assignees
No one assigned
Labels
data:api Compat data for Web APIs. https://developer.mozilla.org/docs/Web/API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twiss @caugner