workerd 🐛 Bug Report — Runtime APIs node:crypto 'Unrecognized or unimplemented EC curve "id-ecPublicKey" requested.'

Unrecognized or unimplemented EC curve \"id-ecPublicKey\" requested when use crypto with compatibility_flags = ["nodejs_compat_v2"] & wrangler v3.78.7.

Here is the error source:

https://github.com/agisboye/app-store-server-api/blob/main/src/Decoding.ts#L47

Here is the error detail: 截屏2024-09-19 21 17 04

So my question is, the X509 implemented by workerd seems to be completely unusable when using the decodeJWS function of /app-store-server-api.

Did I make a mistake, or does the X509 implementation in workerd indeed throw an error when trying to get the public key with cert.publicKey? Below is my business code (for reproduction):

const app_store_api = getAppStoreApi()
const res_subscription = await app_store_api.getSubscriptionStatuses(tid!)

const item = res_subscription.data[0].lastTransactions.find(item => item.originalTransactionId === tid)!

const res_transaction = await decodeTransaction(item.signedTransactionInfo)

Sep 22 '24 01:09 1yasa

any progress？

Oct 01 '24 15:10 1yasa

The runtime has a much more limited set of curves that it supports than Node.js and id-ec-PublicKey is not on that list.

From: src/workerd/api/crypto/ec.c++ ...

EllipticCurveInfo lookupEllipticCurve(kj::StringPtr curveName) {
  static const std::map<kj::StringPtr, EllipticCurveInfo, CiLess> registeredCurves{
    {"P-256", {"P-256", NID_X9_62_prime256v1, 32}},
    {"P-384", {"P-384", NID_secp384r1, 48}},
    {"P-521", {"P-521", NID_secp521r1, 66}},
  };

  auto iter = registeredCurves.find(curveName);
  JSG_REQUIRE(iter != registeredCurves.end(), DOMNotSupportedError,
      "Unrecognized or unimplemented EC curve \"", curveName, "\" requested.");
  return iter->second;
}

The node:crypto implementation is still an active WIP so some functionality may still be limited or missing.

Oct 02 '24 16:10 jasnell

The runtime has a much more limited set of curves that it supports than Node.js and id-ec-PublicKey is not on that list.

From: src/workerd/api/crypto/ec.c++ ...
EllipticCurveInfo lookupEllipticCurve(kj::StringPtr curveName) {
  static const std::map<kj::StringPtr, EllipticCurveInfo, CiLess> registeredCurves{
    {"P-256", {"P-256", NID_X9_62_prime256v1, 32}},
    {"P-384", {"P-384", NID_secp384r1, 48}},
    {"P-521", {"P-521", NID_secp521r1, 66}},
  };

  auto iter = registeredCurves.find(curveName);
  JSG_REQUIRE(iter != registeredCurves.end(), DOMNotSupportedError,
      "Unrecognized or unimplemented EC curve \"", curveName, "\" requested.");
  return iter->second;
}
The node:crypto implementation is still an active WIP so some functionality may still be limited or missing.

Get.

Oct 03 '24 10:10 1yasa

any time support id-ec-PublicKey?

Oct 10 '24 03:10 1yasa

Apple App Store Server API needs this feature to verify it's signed objects.

Nov 07 '24 12:11 aspirin2d

Apple App Store Server API needs this feature to verify it's signed objects.

haha, met the same problems.

Nov 07 '24 12:11 ricky0603

Marking as a feature request. Will investigate.

Nov 08 '24 11:11 jasnell

@1yasa I see you closed this issue, yet I'm still having the same issue. Is there a work around?

Feb 23 '25 02:02 oeed

I see you closed this issue, yet I'm still having the same issue. Is there a work around?

No, I commented out the relevant code and then executed the package

Feb 24 '25 11:02 1yasa

Could you please then reopen the issue so it can be fixed?

Feb 24 '25 23:02 oeed

Could you please then reopen the issue so it can be fixed?

But i review the relative pr，it's been done a few days ago. Maybe you should make a new issue for this after you confirm that.

Feb 25 '25 01:02 1yasa

Still facing the same, even after updating to 4.4.0

Nov 07 '25 10:11 PiyushInfocusp