Login/Register
Java-Generated Private Key Imports in Chrome but Fails in Safari
Asked Answered
Solved javascriptjavacryptographybouncycastlewebcrypto
S

1

9

I am working on a project where I generate an EC private key using Java and then import it in the browser using JavaScript. The key imports successfully in Chrome, but it fails in Safari.Here’s my JavaScript code for importing private key:

[Try running this html file in browser]

<!DOCTYPE html>
<html>
<head>
  <title>ECDH Key Pair Generation</title>
</head>
<body> 
  <script>

//Utils
function _extractRawKeyMaterial(pem, type) {
  const pemHeader = `-----BEGIN ${type} KEY-----`;
  const pemFooter = `-----END ${type} KEY-----`;

  const endingIndex = pem.indexOf(pemFooter);
  const startingIndex = pem.indexOf(pemHeader) + pemHeader.length;

  const pemContents = pem.substring(startingIndex, endingIndex);
  var return_object = convertBase64StringToArrayBuffer(pemContents.trim());
  return return_object;
}

 const convertBase64StringToArrayBuffer = base64String => {
  const text = window.atob(base64String);
  return convertStringToArrayBuffer(text);
};

 const convertStringToArrayBuffer = str => {
  const buf = new ArrayBuffer(str.length);
  const bufView = new Uint8Array(buf);
  for (let i = 0, strLen = str.length; i < strLen; i++) {
    bufView[i] = str.charCodeAt(i);
  }
  return buf;
};


// private key
var privateKeyGenerated = `-----BEGIN PRIVATE KEY-----
ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAMvyd7HU0FwJxgs5N87NVw
MPOR60umJXnhPjdtn0O0RHgx2J0sVnvw7B6ue1Wb5uQ=
-----END PRIVATE KEY-----`

// Pass the loaded private key to your function
_loadEccPrivateKey(privateKeyGenerated);

// Code working in chrome but fails in safari with an error : Data provided to an operation does not meet requirements
 async function _loadEccPrivateKey(pemKey) {
  try {
     const rawKey = _extractRawKeyMaterial(pemKey.trim(), "PRIVATE");

    //console.log(rawKey)
    const key = await window.crypto.subtle.importKey(
      "pkcs8", // Format for private keys
      rawKey,
      {
        name: "ECDH",
        namedCurve: "P-384",
      },
      true,
      ["deriveBits", "deriveKey"] // Key usages
    );

    console.log('Imported Private Key:', key);
    return key;
  } catch (e) {
    console.error('Error importing private key:', e);
    throw e;
  }
}

</script> 
</body>
</html>

The code works perfectly in Chrome but throws an error in Safari. The error message is "DATA PROVIDED TO AN OPERATION DOES NOT MEET REQUIREMENTS"

Here is my JAVA CODE for more information:


import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.io.FileOutputStream;
import java.io.IOException;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.util.Base64;

public class TestApplication {

    private static final String CURVE = "secp384r1"; // P-384 curve

    public static void main(String[] args) {
        try {
            // Add BouncyCastle Provider
            Security.addProvider(new BouncyCastleProvider());

            // Generate EC key pair
            ECGenParameterSpec parameterSpec = new ECGenParameterSpec(CURVE);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
            keyPairGenerator.initialize(parameterSpec, new SecureRandom());
            KeyPair keyPair = keyPairGenerator.generateKeyPair();

            // Extract and print private key
            PrivateKey privateKey = keyPair.getPrivate();
            String privateKeyPem = convertToPem(privateKey);
            System.out.println("Private Key in PEM format:\n" + privateKeyPem);

            // Save the private key in binary format to a file (optional)
            String privateKeyFilePath = "private_key.bin";
            saveKeyToBinaryFile(privateKey, privateKeyFilePath);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    // Convert private key to PEM format
    private static String convertToPem(PrivateKey privateKey) {
        String base64Key = Base64.getEncoder().encodeToString(privateKey.getEncoded());
        return "-----BEGIN PRIVATE KEY-----\n" +
                base64Key +
                "\n-----END PRIVATE KEY-----";
    }

    // Save the private key in binary format
    private static void saveKeyToBinaryFile(PrivateKey privateKey, String filePath) {
        try (FileOutputStream fos = new FileOutputStream(filePath)) {
            fos.write(privateKey.getEncoded());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

If you want to try it yourself, just run this Java POC: https://github.com/ChetanTailor/JavaPrivateKeyPOC

Suspend answered 13/8, 2024 at 7:24 Comment(3)
What Safari version on what OS (MacOS, iOS + version)?Mylonite
Hi Chetan, and welcome to Stack overflow! Are you sure you are using PKCS#8 format? You are adding your own base64 encoding to an key that is already encoded in PKCS#8. Edit your question (do not reply to this comment) to add the content of the key variable received by _loadEccPrivateKey +It is very strange that you generated a key server side (Java) and sent it to the browser. Might be a good question to ask on Stack Exchange....Kumkumagai
Hi, i have updated the question also i am using safari 15.6.1 and macOS 12.7.6Suspend
R
5

This is a known Safari and Firefox bug where importKey requires EC keys to include the public component as well as the private.

Here's a working P-384 private key (generated with openssl ecparam -genkey -name prime256v1 -noout and ASCII armor tweaked to match the expected header):

var privateKeyGenerated = `-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBoZCuF4gA0MozAQFtE
lm+zCPikEs5JeMFyZRVPpXEHYsQQFZc71KYFNdAA0uazYHWhZANiAAQkQ/kYHu/y
F9Ec2QPkQxtqRWKgi8U2ZIqo6SeJfgs/4g7P3EaFgx/T2BAGw1HIrwfO1kiAJi/f
tkdHqte8uf88Oo8vq1YSniBNV8E4kC4VbsrHNrYcBPk0XfyL1B4pJ8M=
-----END PRIVATE KEY-----`

You can compare the ASN.1 parsing of this key:

PrivateKeyInfo SEQUENCE (3 elem)

    version Version INTEGER 0
    privateKeyAlgorithm AlgorithmIdentifier SEQUENCE (2 elem)
        algorithm OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type)
        parameters ANY OBJECT IDENTIFIER 1.3.132.0.34 secp384r1 (SECG (Certicom) named elliptic curve)
    privateKey PrivateKey OCTET STRING (158 byte) 30819B020101043068642B85E20034328CC0405B44966FB308F8A412CE4978C172651…
        SEQUENCE (3 elem)
            INTEGER 1
            OCTET STRING (48 byte) 68642B85E20034328CC0405B44966FB308F8A412CE4978C17265154FA5710762C41015…
            [1] (1 elem)
                BIT STRING (776 bit) 0000010000100100010000111111100100011000000111101110111111110010000101…

with the key you provided:

PrivateKeyInfo SEQUENCE (3 elem)

    version Version INTEGER 0
    privateKeyAlgorithm AlgorithmIdentifier SEQUENCE (2 elem)
        algorithm OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type)
        parameters ANY OBJECT IDENTIFIER 1.3.132.0.34 secp384r1 (SECG (Certicom) named elliptic curve)
    privateKey PrivateKey OCTET STRING (55 byte) 303502010104300CBF277B1D4D05C09C60B3937CECD57030F391EB4BA62579E13E376D…
        SEQUENCE (2 elem)
            INTEGER 1
            OCTET STRING (48 byte) 0CBF277B1D4D05C09C60B3937CECD57030F391EB4BA62579E13E376D9F43B4447831D8…

Note that the second one is missing an element at the end, representing the public key.

You can fix your Java code by passing the private key through PrivateKeyInfo, which is the ASN.1 structure expected by browsers. Unfortunately BouncyCastle's implementation introduces new, unsupported structures, like a public key identifier, so you must manually re-encode it with only the parts you want.

This way you can create an encoded key that exactly matches the OpenSSL structures:

PrivateKeyInfo originalKeyInfo = PrivateKeyInfo.getInstance(keyPair.getPrivate().getEncoded());

ASN1Sequence oldPrivateKeySequence = DERSequence
        .getInstance(originalKeyInfo.getPrivateKey().getOctets());
DERSequence newPrivateKeySequence = new DERSequence(new ASN1Encodable[] {
        // Version (1).
        oldPrivateKeySequence.getObjectAt(0),

        // Private key bytes.
        oldPrivateKeySequence.getObjectAt(1),

        // Public key algorithm. Accepted by Firefox but not Safari, so must be skipped.
        // oldPrivateKeySequence.getObjectAt(2),

        // Public key bytes, tagged [1].
        oldPrivateKeySequence.getObjectAt(3),
});

// Re-create PrivateKeyInfo with only the structures we want.
ASN1EncodableVector v = new ASN1EncodableVector();

// Version fixed to zero.
v.add(new ASN1Integer(BigIntegers.ZERO));
v.add(originalKeyInfo.getPrivateKeyAlgorithm());
v.add(new DEROctetString(newPrivateKeySequence));

byte[] keyPairEncoded = new DERSequence(v).getEncoded();

Here's the full source code:

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.BigIntegers;

import java.io.FileOutputStream;
import java.io.IOException;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.util.Base64;

public class TestApplication {

    private static final String CURVE = "secp384r1"; // P-384 curve

    public static void main(String[] args) {
        try {
            // Add BouncyCastle Provider
            Security.addProvider(new BouncyCastleProvider());

            // Generate EC key pair
            ECGenParameterSpec parameterSpec = new ECGenParameterSpec(CURVE);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
            keyPairGenerator.initialize(parameterSpec, new SecureRandom());
            KeyPair keyPair = keyPairGenerator.generateKeyPair();

            // Encode with Safari-compatible ASN.1 structure.
            byte[] keyPairBytes = encodeKeyPair(keyPair);

            // Extract and print key pair
            String privateKeyPem = convertToPem(keyPairBytes);
            System.out.println("Private Key in PEM format:\n" + privateKeyPem);

            // Save the key pair in binary format to a file (optional)
            String privateKeyFilePath = "private_key.bin";
            saveKeyToBinaryFile(keyPairBytes, privateKeyFilePath);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    // Convert a KeyPair into ASN.1 encoded PrivateKeyInfo compatible with Safari.
    private static byte[] encodeKeyPair(KeyPair keyPair) throws IOException {
        PrivateKeyInfo originalKeyInfo = PrivateKeyInfo.getInstance(keyPair.getPrivate().getEncoded());

        ASN1Sequence oldPrivateKeySequence = DERSequence
                .getInstance(originalKeyInfo.getPrivateKey().getOctets());
        DERSequence newPrivateKeySequence = new DERSequence(new ASN1Encodable[] {
                // Version (1).
                oldPrivateKeySequence.getObjectAt(0),

                // Private key bytes.
                oldPrivateKeySequence.getObjectAt(1),

                // Public key algorithm. Accepted by Firefox but not Safari, so must be skipped.
                // oldPrivateKeySequence.getObjectAt(2),

                // Public key bytes, tagged [1].
                oldPrivateKeySequence.getObjectAt(3),
        });

        // Re-create PrivateKeyInfo with only the structures we want.
        ASN1EncodableVector v = new ASN1EncodableVector();

        // Version fixed to zero.
        v.add(new ASN1Integer(BigIntegers.ZERO));
        v.add(originalKeyInfo.getPrivateKeyAlgorithm());
        v.add(new DEROctetString(newPrivateKeySequence));

        return new DERSequence(v).getEncoded();
    }

    // Convert private key to PEM format
    private static String convertToPem(byte[] privateKey) {
        String base64Key = Base64.getEncoder().encodeToString(privateKey);
        return "-----BEGIN PRIVATE KEY-----\n" +
                base64Key +
                "\n-----END PRIVATE KEY-----";
    }

    // Save the private key in binary format
    private static void saveKeyToBinaryFile(byte[] privateKey, String filePath) {
        try (FileOutputStream fos = new FileOutputStream(filePath)) {
            fos.write(privateKey);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

Finally, here's an example of the encoded keypair that this code generates:

-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBzsru70B3wapVJZsFj4hUHxAGO4B5fJypfAvGyKEyRc2ZdjaVWIOd+vfhgfKFIqe6hZANiAAR7f1ZbUKI2lLAgZ4dnHVHGTQ7D9E2yMxwT5gYiGKdc8+AHGBzoYauI4YTOMVBYHwNrqYT1oO0ruH2sI53U+iy1KnbUAPAP9z0lHi8HONJZ8D+FbKTQa5LWihLTJLihFJw=
-----END PRIVATE KEY-----

You can see how it's parsed with the same structure as the first OpenSSL key:

PrivateKeyInfo SEQUENCE (3 elem)

    version Version INTEGER 0
    privateKeyAlgorithm AlgorithmIdentifier SEQUENCE (2 elem)
        algorithm OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type)
        parameters ANY OBJECT IDENTIFIER 1.3.132.0.34 secp384r1 (SECG (Certicom) named elliptic curve)
    privateKey PrivateKey OCTET STRING (158 byte) 30819B020101043073B2BBBBD01DF06A954966C163E21507C4018EE01E5F272A5F02F…
        SEQUENCE (3 elem)
            INTEGER 1
            OCTET STRING (48 byte) 73B2BBBBD01DF06A954966C163E21507C4018EE01E5F272A5F02F1B2284C9173665D8D…
            [1] (1 elem)
                BIT STRING (776 bit) 0000010001111011011111110101011001011011010100001010001000110110100101…
Radmen answered 9/9, 2024 at 10:13 Comment(5)
Hello BoppreH, we have updated our Java code also added a public repo link to a small Java POC.Suspend
@Radmen You can clone java code and open in VS code with Extension Pack for Java and you'll be able to run the project in VS code. Please let me know if you have issue running the project.Metaphrast
@VarunNaharia Thanks, I had no problems running it. I've updated the answer with the fix for the Java code.Radmen
@BooreH Did you tried the above key in javascript code on safari, it seems not working for me but the first key that you provided was working on safariMetaphrast
@VarunNaharia Found the problem, edited the answer. It worked even on Safari 14 now. Please try again.Radmen

© 2022 - 2025 — McMap. All rights reserved.