Implementation status #20

panva · 2022-12-12T10:07:41Z

Tracking implementation states all in one place. Feel free to post updates or other implementations here.

Implementor	Ed25519	X25519	Ed448	X448	in a stable release
Chromium (Chrome, Edge)¹	✓	✓
WebKit (Safari)²	✓				✓
Gecko (Firefox)³	✓	✓			✓
Node.js⁴	✓	✓	✓	✓	✓
Deno⁵	✓				✓
Netlify Edge Functions⁵	✓				✓
Bun⁶	✓				✓
Cloudflare Workers⁷	✓	✓			✓
workerd⁷	✓	✓			✓
Vercel's Edge Runtime⁸	✓	✓			✓
Vercel's Edge Functions⁸	✓	✓			✓
Flow⁹	✓	✓	✓	✓	✓

Chromium ↩
WebKit ↩
Gecko ↩
Node.js ↩
Deno ↩ ↩²
Bun ↩
Clouflare ↩ ↩²
Vercel ↩ ↩²
Flow ↩

panva · 2022-12-12T10:07:47Z

Node.js

Ed25519, Ed448, X25519, and X448 are available since v18.4.0, also backported to v16.x (LTS).

cc @panva @tniessen @jasnell

panva · 2022-12-12T10:07:53Z

Deno

Ed25519 is available since v1.26.1, X25519 is not far from being complete.

Refs:

WebCrypto CFRG curves tracking issue denoland/deno#16145

cc @littledivy

panva · 2022-12-12T10:08:11Z

Chromium

Implementation is done for Ed25519 and X25519, currently behind WebCryptoCurve25519 runtime flag.

Refs:

cc @javifernandez

panva · 2022-12-12T10:08:14Z

WebKit

Implementation is done for Ed25519 and underway for X25519

Refs:

https://bugs.webkit.org/show_bug.cgi?id=246145
~~Support for Curve 25519 - Algorithm Ed25519 WebKit/WebKit#5026~~
~~Support for the Curve 25519 in order to be able to work with such type of curves and implementation of X25519 Algorithm WebKit/WebKit#5811~~
Support https://wicg.github.io/webcrypto-secure-curves/#ed25519 WebKit/WebKit#8691
Ed25519 is now available in Safari Technology Preview. webkit.org/blog/13839/release-notes-for-safari-technology-preview-163

cc @youennf @angelaizg

Update October 2023: Safari 17.0 was released recently, now with support for Ed25519 without any feature flags.

panva · 2022-12-12T10:28:26Z

Bun

Ed25519 is available in Bun.

Refs: oven-sh/bun#1816

fabricedesre · 2022-12-12T21:42:48Z

Gecko bug

Tracked in: https://bugzilla.mozilla.org/show_bug.cgi?id=1804788

panva · 2023-01-17T20:42:55Z

PeculiarVentures/webcrypto

Refs: PeculiarVentures/webcrypto#60

dwaite · 2023-02-10T18:01:41Z

Ed25519 enabled as an experimental option in Safari Tech Preview 163. https://webkit.org/blog/13839/release-notes-for-safari-technology-preview-163/

panva · 2023-04-01T11:51:32Z

Cloudflare Workers and `workerd`

Ed25519 and X25519 is available in workerd / Cloudflare Workers.

~~Refs: cloudflare/workerd#500~~
Refs: https://github.com/cloudflare/workerd/releases/tag/v1.20230419.0

panva · 2023-05-29T22:09:18Z

edge-runtime

Ed25519 and X25519 is available in both local edge-runtime as well as on Vercel's service deployments.

## Summary This PR introduces `generateSecretKey()`. You might need to use this when you need to sign for the creation of an account, for instance. Instead of vending the _bytes_ of a secret key, however, we use JS-native `CryptoKey` instances. These are opaque tokens that you can return at a later time to perform some action, like deriving the public key for the secret they represent, or signing a message. The idea is that you can freely pass these `CryptoKey` instances around your application without worrying about accidentally logging the key material itself – ie. to Sentry or to the browser console. The only environments that support Ed25519 key generation at the moment: * Node >=17.4 * Safari 17 For other environments, we'll supply a polyfill that implements key generation, signing, encryption, decryption, and verification in userspace. Spec: https://wicg.github.io/webcrypto-secure-curves/#ed25519 Proposal repo: https://github.com/WICG/webcrypto-secure-curves Implementation status: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/keys/ pnpm test:unit:browser pnpm test:unit:node ```

…s Ed25519 key generation in userspace ## Summary For environments where Ed25519 key generation is not supported, this polyfill injects a suitable implementation that uses `@noble/curves/ed25519` behind the scenes. Here's the list of environments that do support it: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/webcrypto-ed25519-polyfill pnpm test:unit:browser pnpm test:unit:node ```

## Summary This PR introduces `generateSecretKey()`. You might need to use this when you need to sign for the creation of an account, for instance. Instead of vending the _bytes_ of a secret key, however, we use JS-native `CryptoKey` instances. These are opaque tokens that you can return at a later time to perform some action, like deriving the public key for the secret they represent, or signing a message. The idea is that you can freely pass these `CryptoKey` instances around your application without worrying about accidentally logging the key material itself – ie. to Sentry or to the browser console. The only environments that support Ed25519 key generation at the moment: * Node >=17.4 * Safari 17 For other environments, we'll supply a polyfill that implements key generation, signing, encryption, decryption, and verification in userspace. Spec: https://wicg.github.io/webcrypto-secure-curves/#ed25519 Proposal repo: https://github.com/WICG/webcrypto-secure-curves Implementation status: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/keys/ pnpm test:unit:browser pnpm test:unit:node ```

…s Ed25519 key generation in userspace ## Summary For environments where Ed25519 key generation is not supported, this polyfill injects a suitable implementation that uses `@noble/curves/ed25519` behind the scenes. Here's the list of environments that do support it: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/webcrypto-ed25519-polyfill pnpm test:unit:browser pnpm test:unit:node ```

## Summary This PR introduces `generateSecretKey()`. You might need to use this when you need to sign for the creation of an account, for instance. Instead of vending the _bytes_ of a secret key, however, we use JS-native `CryptoKey` instances. These are opaque tokens that you can return at a later time to perform some action, like deriving the public key for the secret they represent, or signing a message. The idea is that you can freely pass these `CryptoKey` instances around your application without worrying about accidentally logging the key material itself – ie. to Sentry or to the browser console. The only environments that support Ed25519 key generation at the moment: * Node >=17.4 * Safari 17 For other environments, we'll supply a polyfill that implements key generation, signing, encryption, decryption, and verification in userspace. Spec: https://wicg.github.io/webcrypto-secure-curves/#ed25519 Proposal repo: https://github.com/WICG/webcrypto-secure-curves Implementation status: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/keys/ pnpm test:unit:browser pnpm test:unit:node ```

…s Ed25519 key generation in userspace ## Summary For environments where Ed25519 key generation is not supported, this polyfill injects a suitable implementation that uses `@noble/curves/ed25519` behind the scenes. Here's the list of environments that do support it: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/webcrypto-ed25519-polyfill pnpm test:unit:browser pnpm test:unit:node ```

## Summary This PR introduces `generateSecretKey()`. You might need to use this when you need to sign for the creation of an account, for instance. Instead of vending the _bytes_ of a secret key, however, we use JS-native `CryptoKey` instances. These are opaque tokens that you can return at a later time to perform some action, like deriving the public key for the secret they represent, or signing a message. The idea is that you can freely pass these `CryptoKey` instances around your application without worrying about accidentally logging the key material itself – ie. to Sentry or to the browser console. The only environments that support Ed25519 key generation at the moment: * Node >=17.4 * Safari 17 For other environments, we'll supply a polyfill that implements key generation, signing, encryption, decryption, and verification in userspace. Spec: https://wicg.github.io/webcrypto-secure-curves/#ed25519 Proposal repo: https://github.com/WICG/webcrypto-secure-curves Implementation status: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/keys/ pnpm test:unit:browser pnpm test:unit:node ```

…s Ed25519 key generation in userspace ## Summary For environments where Ed25519 key generation is not supported, this polyfill injects a suitable implementation that uses `@noble/curves/ed25519` behind the scenes. Here's the list of environments that do support it: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/webcrypto-ed25519-polyfill pnpm test:unit:browser pnpm test:unit:node ```

* refactor(experimental): a function for generating secret keys ## Summary This PR introduces `generateSecretKey()`. You might need to use this when you need to sign for the creation of an account, for instance. Instead of vending the _bytes_ of a secret key, however, we use JS-native `CryptoKey` instances. These are opaque tokens that you can return at a later time to perform some action, like deriving the public key for the secret they represent, or signing a message. The idea is that you can freely pass these `CryptoKey` instances around your application without worrying about accidentally logging the key material itself – ie. to Sentry or to the browser console. The only environments that support Ed25519 key generation at the moment: * Node >=17.4 * Safari 17 For other environments, we'll supply a polyfill that implements key generation, signing, encryption, decryption, and verification in userspace. Spec: https://wicg.github.io/webcrypto-secure-curves/#ed25519 Proposal repo: https://github.com/WICG/webcrypto-secure-curves Implementation status: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/keys/ pnpm test:unit:browser pnpm test:unit:node ```

…s Ed25519 key generation in userspace ## Summary For environments where Ed25519 key generation is not supported, this polyfill injects a suitable implementation that uses `@noble/curves/ed25519` behind the scenes. Here's the list of environments that do support it: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/webcrypto-ed25519-polyfill pnpm test:unit:browser pnpm test:unit:node ```

…s Ed25519 key generation in userspace (#1395) ## Summary For environments where Ed25519 key generation is not supported, this polyfill injects a suitable implementation that uses `@noble/curves/ed25519` behind the scenes. Here's the list of environments that do support it: WICG/webcrypto-secure-curves#20 ## Test Plan ``` cd packages/webcrypto-ed25519-polyfill pnpm test:unit:browser pnpm test:unit:node ```

panva · 2023-10-02T15:32:45Z

Safari 17.0 was released recently, now with support for Ed25519 without any feature flags 🎉 congratulations

pwombwell · 2024-02-22T16:31:19Z

Flow 6.17 supports Ed25519, X25519, Ed448 and X448.

https://wpt.fyi/results/WebCryptoAPI?label=master&product=chrome%5Bexperimental%5D&product=firefox%5Bexperimental%5D&product=safari%5Bexperimental%5D&product=flow-6.16.0&product=flow&aligned

Frosne · 2024-07-17T14:28:33Z

Hi guys,
Mozilla currently supports Ed25519 in Nightly: https://bugzilla.mozilla.org/show_bug.cgi?id=1804788

panva · 2024-07-17T14:53:13Z

@Frosne will this gradually make it to a stable release? or is it behind some sort of flag like Chrome's implementation?

Frosne · 2024-07-17T15:08:50Z

@Frosne will this gradually make it to a stable release? or is it behind some sort of flag like Chrome's implementation?

It should arrive to Firefox Release 129 (that's in 3 weeks I believe) if we don't observe any problems :)

panva · 2024-07-17T15:11:01Z

In that case Chromium is the only vendor not shipping its completed implementation.

Frosne · 2024-07-31T13:02:15Z

Hi,
Mozilla starts to support X25519 in Nightly: https://bugzilla.mozilla.org/show_bug.cgi?id=1904836.

javifernandez · 2024-12-12T09:56:07Z

Chromium has enabled by default the X25519 feature upstream, shipping in M133 as target.

https://chromestatus.com/feature/6291245926973440

javifernandez · 2024-12-12T09:57:49Z

WebKit has just merged the PR to enable X25519 in stable, but no information about when this would be released.

https://bugs.webkit.org/show_bug.cgi?id=284368

panva · 2024-12-13T11:58:28Z

@javifernandez what about Ed25519 in Chromium?

javifernandez · 2024-12-17T17:04:55Z

@javifernandez what about Ed25519 in Chromium?

The conclusion is that the spec needs more work, at least to address the open issues about randomized signatures and small-order checks:

panva · 2024-12-17T17:08:22Z

None of those are in my opinion blockers for releasing the current state of it that we can observe from WPTs / with --enable-experimental-web-platform-features.

lidel mentioned this issue Mar 1, 2023

Support for Curve25519 (Ed25519 X25519) in Web Cryptography APIs ipfs/in-web-browsers#204

Open

20 tasks

cdata mentioned this issue May 16, 2023

Evaluate cryptography in use and decide what we will support subconsciousnetwork/noosphere#390

Open

mrpachara mentioned this issue Jun 9, 2023

Web API is about to support EdDSA. mrpachara/ngx#27

Closed

WICG deleted a comment from Jarred-Sumner Jun 20, 2023

This was referenced Jul 13, 2023

refactor(experimental): a polyfill for generateKey() that implements Ed25519 key generation in userspace solana-labs/solana-web3.js#1395

Merged

refactor(experimental): a function for generating secret keys solana-labs/solana-web3.js#1379

Merged

LeviSchuck mentioned this issue Aug 6, 2023

Require deterministic ECDSA rather than random ECDSA w3c/webcrypto#163

Open

orbitlens mentioned this issue Aug 15, 2023

Consider converting hash, sign and verify to async functions stellar/js-stellar-base#681

Open

4 tasks

bsmth mentioned this issue Jan 26, 2024

feat(api): Add Ed25519 sign/verify SubtleCrypto algo mdn/browser-compat-data#22033

Merged

raducristianpopa mentioned this issue Feb 6, 2024

Transition to SubtleCrypto from Node's crypto module interledger/open-payments#416

Open

3 tasks

panva mentioned this issue Feb 7, 2024

Test Ed25519 with small- and mixed-order points web-platform-tests/wpt#43751

Merged

javifernandez mentioned this issue Feb 22, 2024

Planning the 2024-03-20 meeting w3c/webappsec#643

Closed

panva mentioned this issue Apr 4, 2024

crypto.subtle.importKey fails to import ECDSA PKCS8 data that only has a private key nodejs/node#52359

Closed

panva mentioned this issue Oct 1, 2024

crypto: remove experimental Curve448 WebCryptoAPI algorithms nodejs/node#55209

Closed

twiss mentioned this issue Dec 5, 2024

Add Curve25519 w3c/webcrypto#362

Merged

8 tasks

ADKaster mentioned this issue Dec 23, 2024

LibWeb+LibCrypto: Add Ed448 support in WebCryptoAPI LadybirdBrowser/ladybird#3009

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implementation status #20

Implementation status #20

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

fabricedesre commented Dec 12, 2022

panva commented Jan 17, 2023

dwaite commented Feb 10, 2023

panva commented Apr 1, 2023 •

edited

Loading

panva commented May 29, 2023 •

edited

Loading

panva commented Oct 2, 2023

pwombwell commented Feb 22, 2024

Frosne commented Jul 17, 2024

panva commented Jul 17, 2024

Frosne commented Jul 17, 2024

panva commented Jul 17, 2024

Frosne commented Jul 31, 2024

javifernandez commented Dec 12, 2024 •

edited

Loading

javifernandez commented Dec 12, 2024

panva commented Dec 13, 2024

javifernandez commented Dec 17, 2024

panva commented Dec 17, 2024

Implementation status #20

Implementation status #20

Comments

panva commented Dec 12, 2022 • edited Loading

Footnotes

panva commented Dec 12, 2022 • edited Loading

Node.js

panva commented Dec 12, 2022 • edited Loading

Deno

panva commented Dec 12, 2022 • edited Loading

Chromium

panva commented Dec 12, 2022 • edited Loading

WebKit

panva commented Dec 12, 2022 • edited Loading

Bun

fabricedesre commented Dec 12, 2022

Gecko bug

panva commented Jan 17, 2023

PeculiarVentures/webcrypto

dwaite commented Feb 10, 2023

panva commented Apr 1, 2023 • edited Loading

Cloudflare Workers and workerd

panva commented May 29, 2023 • edited Loading

edge-runtime

panva commented Oct 2, 2023

pwombwell commented Feb 22, 2024

Frosne commented Jul 17, 2024

panva commented Jul 17, 2024

Frosne commented Jul 17, 2024

panva commented Jul 17, 2024

Frosne commented Jul 31, 2024

javifernandez commented Dec 12, 2024 • edited Loading

javifernandez commented Dec 12, 2024

panva commented Dec 13, 2024

javifernandez commented Dec 17, 2024

panva commented Dec 17, 2024

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Dec 12, 2022 •

edited

Loading

panva commented Apr 1, 2023 •

edited

Loading

Cloudflare Workers and `workerd`

panva commented May 29, 2023 •

edited

Loading

javifernandez commented Dec 12, 2024 •

edited

Loading