How to convert Rsa Key Pair (string) to Crypto key to sign data

Question

I used this C# method to send a private key to my javascript as a string:

public static string SignData(string certPath,string certPass)
{
       X509Certificate2 keyStore = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "Certifikatat\\" + certPath, certPass, X509KeyStorageFlags.Exportable);
       RSA privateKey = keyStore.GetRSAPrivateKey();

       TextWriter textWriter = new StringWriter();
       var eky = DotNetUtilities.GetRsaKeyPair(privateKey);
       PemWriter pemWriter = new PemWriter(textWriter);
       pemWriter.WriteObject(eky);
       pemWriter.Writer.Flush();
       return pemWriter.Writer.ToString();
}

Now I need to convert the string to a CryptoKey in order to be used for signing some data. I tried the following code:

window.crypto.subtle.importKey(
        "pkcs8",
        pemToArrayBuffer(pk),
        {
            name: "RSASSA-PKCS1-v1_5",
            hash: { name: "SHA-256" },
        },
        false,
        ["sign"]
    )
    .then(function (publicKey) {
        //returns a publicKey (or privateKey if you are importing a private key)
        console.log(publicKey);
    })
    .catch(function (err) {
        console.error(err);
    });

}
function removeLines(str) {
    str = str.replace("\r", "");
    return str.replace("\n", "");
}

function base64ToArrayBuffer(b64) {
    var byteString = btoa(b64);
    var byteArray = new Uint8Array(byteString.length);
    for (var i = 0; i < byteString.length; i++) {
         byteArray[i] = byteString.charCodeAt(i);
    }

    return byteArray;
}

function pemToArrayBuffer(pem) {
    var b64Lines = removeLines(pem);
    var b64Prefix = b64Lines.replace('-----BEGIN RSA PRIVATE KEY-----', '');
    var b64Final = b64Prefix.replace('----- END RSA PRIVATE KEY-----', '');

    return base64ToArrayBuffer(b64Final);
}

pk is the rsa pair key and now i need to convert it in order to be used by:

var signature = window.crypto.subtle.sign("RSA_PKCS1_SHA256", pks, bytes);

pks should be the CryptoKey generated by the pk string.

Answer 1

The C# code does not export the key in PKCS#8 format, but in PKCS#1 format. Since the WebCrypto API only supports the PKCS#8 format, this must be changed:

...
Org.BouncyCastle.OpenSsl.Pkcs8Generator pkcs8Gen = new Org.BouncyCastle.OpenSsl.Pkcs8Generator(eky.Private);
Org.BouncyCastle.Utilities.IO.Pem.PemObject pkcs8 = pkcs8Gen.Generate();
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(new StringWriter());
pemWriter.WriteObject(pkcs8);
...

The two lines in the middle take care of the conversion to a PKCS#8 formatted key.

---

Additionally, in the JavaScript code in base64ToArrayBuffer(), the btoa() function must be replaced with the atob() function. Also, in pemToArrayBuffer(), instead of the PKCS#1, the PKCS#8 headers and footers must be removed, i.e. -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.

With these changes, in the C# code, a PKCS#8 key is exported and in the JavaScript code, a PKCS#8 key is imported into a CryptoKey.

Full JavaScript code (including signing):

var pkcs8Pem = `-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA2gdsVIRmg5IH0rG3
u3w+gHCZq5o4OMQIeomC1NTeHgxbkrfznv7TgWVzrHpr3HHK8IpLlG04/aBo6U5W
2umHQQIDAQABAkEAu7wulGvZFat1Xv+19BMcgl3yhCdsB70Mi+7CH98XTwjACk4T
+IYv4N53j16gce7U5fJxmGkdq83+xAyeyw8U0QIhAPIMhbtXlRS7XpkB66l5DvN1
XrKRWeB3RtvcUSf30RyFAiEA5ph7eWXbXWpIhdWMoe50yffF7pW+C5z07tzAIH6D
Ko0CIQCyveSTr917bdIxk2V/xNHxnx7LJuMEC5DcExorNanKMQIgUxHRQU1hNgjI
sXXZoKgfaHaa1jUZbmOPlNDvYYVRyS0CIB9ZZee2zubyRla4qN8PQxCJb7DiICmH
7nWP7CIvcQwB
-----END PRIVATE KEY-----`; // For simplicity, a 512 bit demo key. In practice, keys >= 2048 bits must be used for security reasons!

// Import PKCS#8 key into CryptoKey
window.crypto.subtle.importKey(
    "pkcs8",
    pemToArrayBuffer(pkcs8Pem),
    {
        name: "RSASSA-PKCS1-v1_5",
        hash: { name: "SHA-256" },
    },
    false,
    ["sign"]
)
.then(function (privateKey) {
    console.log(privateKey);
    // Sign: RSA with SHA256 and PKCS#1 v1.5 padding
    window.crypto.subtle.sign(
        {
            name: "RSASSA-PKCS1-v1_5",
        },
        privateKey, 
        new TextEncoder().encode('The quick brown fox jumps over the lazy dog') 
    )
    .then(function(signature){
        console.log(ab2b64(signature)); // jIPK2Jftokn+yeuiMQYdWF2vyZF3Jn4+cbuKP84HzGZjv033ry4cGUXSprtC6yXwQiKLWR/BjNqC2Syq6ERnDA==
    })
    .catch(function(err){
        console.error(err);
    });
})
.catch(function (err) {
    console.error(err);
});

function ab2b64(arrayBuffer) {
    return window.btoa(String.fromCharCode.apply(null, new Uint8Array(arrayBuffer)));
}

function removeLines(str) {
    str = str.replace("\r", "");
    return str.replace("\n", "");
}

function base64ToArrayBuffer(b64) {
    //var byteString = btoa(b64);
    var byteString = atob(b64); // Fix
    var byteArray = new Uint8Array(byteString.length);
    for (var i = 0; i < byteString.length; i++) {
         byteArray[i] = byteString.charCodeAt(i);
    }
    return byteArray;
}

function pemToArrayBuffer(pem) {
    var b64Lines = removeLines(pem);
    //var b64Prefix = b64Lines.replace('-----BEGIN RSA PRIVATE KEY-----', '');
    //var b64Final = b64Prefix.replace('----- END RSA PRIVATE KEY-----', '');
    var b64Prefix = b64Lines.replace('-----BEGIN PRIVATE KEY-----', ''); // Fix
    var b64Final = b64Prefix.replace('-----END PRIVATE KEY-----', ''); // fix
    return base64ToArrayBuffer(b64Final);
}