암호 키 생성 페이지에서 검증키와 서명키를 함께 생성하도록 변경

src/lib/hooks/gotoStateful.ts

@@ -4,8 +4,14 @@ type Path = "/key/export";
 
 interface KeyExportState {
   redirectPath: string;
-  pubKeyBase64: string;
-  privKeyBase64: string;
+  encKeyPair: {
+    pubKeyBase64: string;
+    privKeyBase64: string;
+  };
+  sigKeyPair: {
+    pubKeyBase64: string;
+    privKeyBase64: string;
+  };
   mekDraft: ArrayBuffer;
 }
 

src/lib/indexedDB.ts

@@ -1,33 +1,31 @@
 import { Dexie, type EntityTable } from "dexie";
 
-interface KeyPair {
-  type: "publicKey" | "privateKey";
+type RSAKeyUsage = "encrypt" | "decrypt" | "sign" | "verify";
+
+interface RSAKey {
+  usage: RSAKeyUsage;
   key: CryptoKey;
 }
 
 const keyStore = new Dexie("keyStore") as Dexie & {
-  keyPair: EntityTable<KeyPair, "type">;
+  rsaKey: EntityTable<RSAKey, "usage">;
 };
 
 keyStore.version(1).stores({
-  keyPair: "type",
+  rsaKey: "usage, key",
 });
 
-export const getKeyPairFromIndexedDB = async () => {
-  const pubKey = await keyStore.keyPair.get("publicKey");
-  const privKey = await keyStore.keyPair.get("privateKey");
-  return {
-    pubKey: pubKey?.key ?? null,
-    privKey: privKey?.key ?? null,
-  };
+export const getRSAKey = async (usage: RSAKeyUsage) => {
+  const key = await keyStore.rsaKey.get(usage);
+  return key?.key ?? null;
 };
 
-export const storeKeyPairIntoIndexedDB = async (pubKey: CryptoKey, privKey: CryptoKey) => {
-  if (!pubKey.extractable) throw new Error("Public key must be extractable");
-  if (privKey.extractable) throw new Error("Private key must be non-extractable");
+export const storeRSAKey = async (key: CryptoKey, usage: RSAKeyUsage) => {
+  if ((usage === "encrypt" || usage === "verify") && !key.extractable) {
+    throw new Error("Public key must be extractable");
+  } else if ((usage === "decrypt" || usage === "sign") && key.extractable) {
+    throw new Error("Private key must be non-extractable");
+  }
 
-  await keyStore.keyPair.bulkPut([
-    { type: "publicKey", key: pubKey },
-    { type: "privateKey", key: privKey },
-  ]);
+  await keyStore.rsaKey.put({ usage, key });
 };

src/lib/modules/crypto.ts

@@ -8,7 +8,7 @@ export const decodeFromBase64 = (data: string) => {
   return Uint8Array.from(atob(data), (c) => c.charCodeAt(0)).buffer;
 };
 
-export const generateRSAKeyPair = async () => {
+export const generateRSAEncKeyPair = async () => {
   const keyPair = await window.crypto.subtle.generateKey(
     {
       name: "RSA-OAEP",
@@ -22,6 +22,20 @@ export const generateRSAKeyPair = async () => {
   return keyPair;
 };
 
+export const generateRSASigKeyPair = async () => {
+  const keyPair = await window.crypto.subtle.generateKey(
+    {
+      name: "RSA-PSS",
+      modulusLength: 4096,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: "SHA-256",
+    } satisfies RsaHashedKeyGenParams,
+    true,
+    ["sign", "verify"],
+  );
+  return keyPair;
+};
+
 export const makeRSAKeyNonextractable = async (key: CryptoKey, type: RSAKeyType) => {
   const { format, key: exportedKey } = await exportRSAKey(key, type);
   return await window.crypto.subtle.importKey(
@@ -64,6 +78,17 @@ export const decryptRSACiphertext = async (ciphertext: ArrayBuffer, privateKey:
   );
 };
 
+export const signRSAMessage = async (message: ArrayBuffer, privateKey: CryptoKey) => {
+  return await window.crypto.subtle.sign(
+    {
+      name: "RSA-PSS",
+      saltLength: 32,
+    } satisfies RsaPssParams,
+    privateKey,
+    message,
+  );
+};
+
 export const generateAESKey = async () => {
   return await window.crypto.subtle.generateKey(
     {

src/lib/stores/key.ts

@@ -1,4 +1,9 @@
 import { writable } from "svelte/store";
 
-export const keyPairStore = writable<CryptoKeyPair | null>(null);
+interface KeyPairs {
+  encKeyPair: CryptoKeyPair;
+  sigKeyPair: CryptoKeyPair;
+}
+
+export const keyPairsStore = writable<KeyPairs | null>(null);
 export const mekStore = writable<Map<number, CryptoKey>>(new Map());