Support for using RSASSA-PKCS1-v1_5 with subtle crypto in auth

Grafana k6 Extensions
1

Hey all,
I think this may be a bit of a stretch as I’ve found a load of dead ends…

I’m trying to use crypto subtle (with RSASSA-PKCS1-v1_5) to sign a payload for use in auth when using k6.

The problem I’m having is that the xk6-webcrypto module doesn’t support RSASSA-PKCS1-v1_5 yet.
I also started looking at using Webpack to bundle the necessary components but as crypto is now a node core component, it can’t be bundled.
I’ve looked at other modules as well that could replicate the subtle functionality but there’s nothing really noteworthy.

My next thought is looking at implementing the functionality as a PR against xk6-webcrypto but (not really being a crypto buff) I think it will open a massive can of worms.

Any ideas?

Cheers,

Russell.

3

Hi @russkeane,

Honestly, I’m not a crypto buff, but I’d encourage you to work on that contribution. It’d be really appreciated and more than welcome. And if you have any specific question, we’ll be more than happy to help.

That being said, I’d recommend you to:

  1. Take a look at the existing implementations (for instance, AES or HMAC), to get an idea of the amount of code, and complexity that it may imply. Also, because it will help you understand what interface/s you’ll need to implement to add such support.

  2. Go by order of preference or complexity: so if you feel adding support for one operation (e.g. key generation), I’d suggest to start with that one, so you can start to get familiar with the ecosystem easier. Similarly, if you only need support for a few operations, just add support for those, one at a time. Don’t feel like it’s all or none, because as you can see, there’s uncomplete support for certain operations (like HMAC).

Finally, I’d like to suggest you to take a look at the crypto/rsa package from Go, because it has support for SignPKCS1v15 and VerifyPKCS1v15, so maybe it’s not as hard as it may seem at first glance. Different would be if there wouldn’t be official support.

Thanks!

1 Like
4

Hi @russkeane,
Previously, I encountered a similar issue to yours while using K6.
I needed to use SHA256 with RSA signing, but K6 itself does not provide the RSA encryption algorithm.
So, I wrote a signing plugin in Go language that supports SHA256 with RSA. This is not inherently complex or difficult.
Perhaps you can modify this plugin to meet your requirements.

1 Like