1

I am trying to generate key pairs using SubtleCrypto API in javascript and then using the same to sign some data using ECDSA algorithm. Documentation for the same can be found at this link.
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign
An implementation of the same API can be found at this link.
https://github.com/diafygi/webcrypto-examples/

Now the problem I am facing is the signature produced by the API is different for the same private key and data, which should never be the case.

    var gprivateKeyobject = null;
var gpublicKeyobject = null;
var gsignature =null;


window.crypto.subtle.generateKey(
    {
        name: "ECDSA",
        namedCurve: "P-256", 
    },
    true, //whether the key is extractable (i.e. can be used in exportKey)
    ["sign", "verify"] //can be any combination of "sign" and "verify"
)
.then(function(key){
    //returns a keypair object
    gprivateKeyobject = key.privateKey;
    gpublicKeyobject = key.publicKey;
    console.log('keys generated');
})
.catch(function(err){
    console.error(err);
});


var str = "hello test 1233";
var buf = new ArrayBuffer(str.length*2); // 2 bytes for each char
  var bufView = new Uint16Array(buf);
  for (var i=0, strLen=str.length; i < strLen; i++) 
  {
    bufView[i] = str.charCodeAt(i);
  }
   console.log(bufView);

function sign()
{

window.crypto.subtle.sign(
    {
        name: "ECDSA",
        hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
    },
    gprivateKeyobject, //from generateKey or importKey above
    bufView //ArrayBuffer of data you want to sign
)
.then(function(signature){
    //returns an ArrayBuffer containing the signature
    //console.log(bufView);
    console.log(signature);
    console.log(String.fromCharCode.apply(null, new Uint8Array(signature)));

})
.catch(function(err){
    console.error(err);
});

}

my console showing different signatures produced at consecutive calls to the function sign(which implies that private key and data to be signed must not have changed

my console showing different signatures produced at consecutive calls to the function sign(which implies that private key and data to be signed must not have changed)

Squeamish Ossifrage
  • 49,816
  • 3
  • 122
  • 230
Nikhil Yadav
  • 23
  • 4

1 Answers1

4

Now the problem I am facing is the signature produced by the API is different for the same private key and data, which should never be the case.

Actually in cryptography we don't require our signature schemes to be deterministic. It can even be harmful if you consider things like fault attacks (example attack PDF). Additionally you are using ECDSA which has only "recently" seen a deterministic variant in RFC 6979 and for which most standards (still?) mandate the non-deterministic variant (eg FIPS 186).

Additionally more often than not if you want to do something with deterministic signatures you are looking for a different primitive and probably should describe the problem and not the problem of "the" fix.

If you really don't want a deterministic signature scheme supported by the API you linked to, you can use RSASSA-PKCS1-v1_5 which is an older, still secure deterministic RSA-based signature scheme.

Community
  • 1
SEJPM
  • 46,697
  • 9
  • 103
  • 214