[WebCrypto] Implement API to get public key from private key for RSA and EC

whyoleg · whyoleg · commit 01d2383e15c8 · 2025-11-30T09:32:11.000+02:00
diff --git a/cryptography-providers/webcrypto/src/commonMain/kotlin/algorithms/WebCryptoEc.kt b/cryptography-providers/webcrypto/src/commonMain/kotlin/algorithms/WebCryptoEc.kt
@@ -14,7 +14,7 @@ import dev.whyoleg.cryptography.serialization.asn1.*
 import dev.whyoleg.cryptography.serialization.asn1.modules.*
 import dev.whyoleg.cryptography.serialization.pem.*
 
-internal sealed class WebCryptoEc<PublicK : EC.PublicKey, PrivateK : EC.PrivateKey, KP : EC.KeyPair<PublicK, PrivateK>>(
+internal sealed class WebCryptoEc<PublicK : EC.PublicKey, PrivateK : EC.PrivateKey<PublicK>, KP : EC.KeyPair<PublicK, PrivateK>>(
     protected val algorithmName: String,
     private val publicKeyWrapper: WebCryptoKeyWrapper<PublicK>,
     private val privateKeyWrapper: WebCryptoKeyWrapper<PrivateK>,
@@ -48,10 +48,20 @@ internal sealed class WebCryptoEc<PublicK : EC.PublicKey, PrivateK : EC.PrivateK
         keyProcessor = EcPublicKeyProcessor
     ), EC.PublicKey
 
-    protected abstract class EcPrivateKey(val privateKey: CryptoKey) : WebCryptoEncodableKey<EC.PrivateKey.Format>(
+    protected abstract inner class EcPrivateKey(val privateKey: CryptoKey) : WebCryptoEncodableKey<EC.PrivateKey.Format>(
         key = privateKey,
         keyProcessor = EcPrivateKeyProcessor
-    ), EC.PrivateKey
+    ), EC.PrivateKey<PublicK> {
+        final override suspend fun getPublicKey(): PublicK = publicKeyWrapper.wrap(
+            WebCrypto.reimportPrivateKeyAsPublicKey(
+                privateKey = privateKey,
+                extractable = true,
+                keyUsages = publicKeyWrapper.usages,
+            )
+        )
+
+        final override fun getPublicKeyBlocking(): PublicK = nonBlocking()
+    }
 }
 
 private object EcPublicKeyProcessor : WebCryptoKeyProcessor<EC.PublicKey.Format>() {
@@ -77,7 +87,7 @@ private object EcPublicKeyProcessor : WebCryptoKeyProcessor<EC.PublicKey.Format>
     override fun afterEncoding(format: EC.PublicKey.Format, key: ByteArray): ByteArray = when (format) {
         EC.PublicKey.Format.JWK -> key
         EC.PublicKey.Format.RAW -> key
-        EC.PublicKey.Format.RAW.Compressed
+        EC.PublicKey.Format.RAW.Compressed,
                                 -> compressPublicKey(key)
         EC.PublicKey.Format.DER -> key
         EC.PublicKey.Format.PEM -> wrapPem(PemLabel.PublicKey, key)
diff --git a/cryptography-providers/webcrypto/src/commonMain/kotlin/algorithms/WebCryptoRsa.kt b/cryptography-providers/webcrypto/src/commonMain/kotlin/algorithms/WebCryptoRsa.kt
@@ -15,7 +15,7 @@ import dev.whyoleg.cryptography.serialization.asn1.*
 import dev.whyoleg.cryptography.serialization.asn1.modules.*
 import dev.whyoleg.cryptography.serialization.pem.*
 
-internal abstract class WebCryptoRsa<PublicK : RSA.PublicKey, PrivateK : RSA.PrivateKey, KP : RSA.KeyPair<PublicK, PrivateK>>(
+internal abstract class WebCryptoRsa<PublicK : RSA.PublicKey, PrivateK : RSA.PrivateKey<PublicK>, KP : RSA.KeyPair<PublicK, PrivateK>>(
     protected val algorithmName: String,
     private val publicKeyWrapper: WebCryptoKeyWrapper<PublicK>,
     private val privateKeyWrapper: WebCryptoKeyWrapper<PrivateK>,
@@ -62,10 +62,20 @@ internal abstract class WebCryptoRsa<PublicK : RSA.PublicKey, PrivateK : RSA.Pri
         keyProcessor = RsaPublicKeyProcessor
     ), RSA.PublicKey
 
-    protected abstract class RsaPrivateKey(protected val privateKey: CryptoKey) : WebCryptoEncodableKey<RSA.PrivateKey.Format>(
+    protected abstract inner class RsaPrivateKey(protected val privateKey: CryptoKey) : WebCryptoEncodableKey<RSA.PrivateKey.Format>(
         key = privateKey,
         keyProcessor = RsaPrivateKeyProcessor
-    ), RSA.PrivateKey
+    ), RSA.PrivateKey<PublicK> {
+        final override suspend fun getPublicKey(): PublicK = publicKeyWrapper.wrap(
+            WebCrypto.reimportPrivateKeyAsPublicKey(
+                privateKey = privateKey,
+                extractable = true,
+                keyUsages = publicKeyWrapper.usages,
+            )
+        )
+
+        final override fun getPublicKeyBlocking(): PublicK = nonBlocking()
+    }
 }
 
 private object RsaPublicKeyProcessor : WebCryptoKeyProcessor<RSA.PublicKey.Format>() {
diff --git a/cryptography-providers/webcrypto/src/commonMain/kotlin/internal/WebCrypto.kt b/cryptography-providers/webcrypto/src/commonMain/kotlin/internal/WebCrypto.kt
@@ -58,6 +58,20 @@ internal object WebCrypto {
         }
     }
 
+    // for private -> public key conversion
+    suspend fun reimportPrivateKeyAsPublicKey(
+        privateKey: CryptoKey,
+        extractable: Boolean,
+        keyUsages: Array<String>,
+    ): CryptoKey {
+        val jwkKey = subtle.exportKey("jwk", privateKey).await()
+        // `d` contains secret value, by which, WebCrypto decides, if it's public or private key
+        deleteObjectField(jwkKey, "d")
+        // jwk `key_ops` = WebCrypto `keyUsages`
+        setObjectField(jwkKey, "key_ops", keyUsages.toJsArray())
+        return subtle.importKey("jwk", jwkKey, privateKey.algorithm, extractable, keyUsages.toJsArray()).await()
+    }
+
     suspend fun generateKey(algorithm: Algorithm, extractable: Boolean, keyUsages: Array<String>): CryptoKey {
         return subtle.generateKey(algorithm, extractable, keyUsages.toJsArray()).await()
     }
@@ -69,3 +83,5 @@ internal object WebCrypto {
 
 private fun jsonParse(string: String): JsAny = js("JSON.parse(string)")
 private fun jsonStringify(any: JsAny): String = js("JSON.stringify(any)")
+private fun deleteObjectField(obj: JsAny, key: String): Unit = js("delete obj[key]")
+private fun setObjectField(obj: JsAny, key: String, value: JsArray<JsString>): Unit = js("obj[key] = value")
