IE11 encrypt specification w/ AlgorithmIdentifier
Closed this issue · 2 comments
I've been having issues implementing the crypto api for IE11 using RSA-OAEP encryption. After some pain, I discovered with the help of this stack overflow post, https://stackoverflow.com/questions/33047314/public-key-encryption-in-internet-explorer-11, that with IE11 you need to specify a hash in the AlgorithmIdentifier, which is not in the spec (https://www.w3.org/TR/WebCryptoAPI/#rsa-oaep-operations).
Is this something that:
- We can add into the implementation
- Document as a caveat for consumers
I'm happy to help with documentation if PRs are welcome.
Cheers
Thanks for your research and of course PRs are welcomed. I'd like this to be implemented as close to the Spec as possible.
Could you please check that the issue is fixed with latest commit.
Hi virbonoff,
Thanks first for the shim, it saved me a lot of nerves and time. I think there is still a error in this Bugfix.
if (isIE && (m === 'encrypt' || m === 'decrypt') && ka.name === 'RSA-OAEP') {
args[0].hash = b.hash;
}
should be:
if (isIE && (m === 'encrypt' || m === 'decrypt') && ka.name === 'RSA-OAEP') {
args[0].hash = b.algorithm.hash;
}
otherwise hash is still undefined and the operation failes.
Jasmin errors from 218 failures in IE reduced to 198