Specification: https://w3c.github.io/webcrypto/

WebCrypto API Level 2 has three RSA algorithms, each with five operations.

• RSASSA-PKCS1-v1_5: https://w3c.github.io/webcrypto/#rsassa-pkcs1
  • Sign
  • Verify
  • Generate key
  • Import key
  • Export key
• RSA-PSS: https://w3c.github.io/webcrypto/#rsa-pss
  • Sign
  • Verify
  • Generate key
  • Import key
  • Export key
• RSA-OAEP: https://w3c.github.io/webcrypto/#rsa-oaep
  • Encrypt
  • Decrypt
  • Generate key
  • Import key
  • Export key

We will use the rsa crate (https://crates.io/crates/rsa) from RustCrypto to support the RSA cryptographic calculation.

Remark: There is a RUSTSEC report (https://rustsec.org/advisories/RUSTSEC-2023-0071.html), indicating the latest stable version of the rsa crate is vulnerable to Marvin Attack, which is a potential key recovery through timing sidechannels. The upstream project has already had a proposed patch in the release candidate of next version, but we are not sure when it will become a stable version. We can first implement the RSA support in WebCrypto API with the (vulnerable) stable version. When the patch is released, we will then bump the dependency version (with little code changes since the API of the rsa crate will slightly change.)

Previous discussion in Zulip: https://servo.zulipchat.com/#narrow/channel/263398-general/topic/RSA.20implementation.20in.20WebCrypto.20API/with/561790400