Firefox cannot store EC private keys in IndexedDB

[dholms]

Problem

Google Chrome is able to store any key (that I've tried at least) in IndexedDB with no issues.

Firefox is able to store symmetric AES keys as well as RSA private keys, but throws the following error when attempting to store an ECDH/ECDSA private key:
DataCloneError: The object could not be cloned.
Note: it is specifically the private key that causes this, not the public

This is strange because the Mozilla recommendation for key management with the Web Crypto API is to store them in IndexedDB

This has to do with the way that Firefox has implemented the Structured Clone Algorithm which is an HTML specification used for storage in IndexedDB but also in other cases of data transfer such as communication between Workers via postMessage (you can see my tests of structuralClone using postMessage in src/utils.ts).

The only relevant bug report I could find is Here. Although I've tried this with both an exportable and a non-exportable key and it doesn't work either way. Apparently that issue is reliant on this one which hasn't shown any movement in 2yrs.

Others have run into this issue as well: localForage/localForage#844 (comment) And it seems that the issue is also present on Safari (I'll rely on someone else to give that a shot 😉)

Solution

Unclear right now. Needs more investigation/discussion.

What's the path forward if we can't get ECDSA/ECDH keys in Firefox/Safari? RSA keys? Or use something other than WebCrypto/IndexedDB?

[dholms]

Current plan:

• implement both ECC (P-256) & RSA(2048 bit)
• default to ECC but fallback to RSA if it's not supported by the browser
• upgrade users to ECC if/when it becomes available
• upgrade from NIST curves (P-256) to Ed25519 if/when it becomes available

[autonome]

I updated the testcase on that Firefox issue to test storing ECDSA and ECDH keys in IndexedDB and it seems to work fine on both Firefox and Safari now.

https://bugzilla.mozilla.org/show_bug.cgi?id=1434898#c13