DPoP: use RS256 instead of ES256 (#191)

paypal · Mar 1, 2024 · b3b58d7 · b3b58d7
1 parent 6f0e7cc
commit b3b58d7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 13 deletions.
diff --git a/src/dpop.js b/src/dpop.js
@@ -29,17 +29,19 @@ type CreateJWT = (JWTParameters) => Promise<string>;
 
 type BuildDPoPHeaders = (DPoPParameters) => Promise<DPoPHeaders>;
 
-// https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
+// https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
 const KEY_OPTIONS = {
-  alg: "ES256",
+  alg: "RS256",
   create: {
-    name: "ECDSA",
-    namedCurve: "P-256",
+    hash: "SHA-256",
+    modulusLength: 4096,
+    name: "RSASSA-PKCS1-v1_5",
+    publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
   },
   extractable: false,
   sign: {
-    name: "ECDSA",
-    hash: { name: "SHA-256" },
+    hash: "SHA-256",
+    name: "RSASSA-PKCS1-v1_5",
   },
   usages: ["sign", "verify"],
 };

diff --git a/src/dpop.test.js b/src/dpop.test.js
@@ -54,7 +54,7 @@ describe("DPoP", () => {
       const jwk1 = await window.crypto.subtle.exportKey("jwk", publicKey1);
       const { publicKey: publicKey2 } = await generateKeyPair();
       const jwk2 = await window.crypto.subtle.exportKey("jwk", publicKey2);
-      expect(jwk1.x).toBeTruthy();
+      expect(jwk1.n).toBeTruthy();
       expect(jwk1).toStrictEqual(jwk2);
     });
   });
@@ -93,9 +93,9 @@ describe("DPoP", () => {
       // https://datatracker.ietf.org/doc/html/rfc9449#section-4.2-2.2
       expect(header.typ).toBe("dpop+jwt");
       // https://datatracker.ietf.org/doc/html/rfc9449#section-4.2-2.4
-      expect(header.alg).toBe("ES256");
+      expect(header.alg).toBe("RS256");
       // https://datatracker.ietf.org/doc/html/rfc9449#section-4.2-2.6
-      expect(header.jwk.x).toBeTruthy();
+      expect(header.jwk.n).toBeTruthy();
     });
     it("has a valid payload", () => {
       const payload = JSON.parse(base64decodeUrlSafe(encodedPayload));
@@ -115,10 +115,7 @@ describe("DPoP", () => {
     it("has a valid signature", async () => {
       const signature = stringToBytes(base64decodeUrlSafe(encodedSignature));
       const verified = await window.crypto.subtle.verify(
-        {
-          name: "ECDSA",
-          hash: { name: "SHA-256" },
-        },
+        "RSASSA-PKCS1-v1_5",
         publicKey,
         signature,
         stringToBytes(`${encodedHeader}.${encodedPayload}`)