하나의 공개 키로 여러 계정에 로그인할 수 있도록 구현

2025-12-16 23:18:48 +00:00 · 2024-12-29 01:37:44 +09:00
parent c16abca832
commit af51f04b94
7 changed files with 131 additions and 71 deletions
--- a/src/routes/(fullscreen)/key/export/service.ts
+++ b/src/routes/(fullscreen)/key/export/service.ts
@@ -1,5 +1,6 @@
 import { callAPI } from "$lib/hooks";
 import { storeKeyPairIntoIndexedDB } from "$lib/indexedDB";
+import { decryptRSACiphertext } from "$lib/modules/crypto";

 export const createBlobFromKeyPairBase64 = (pubKeyBase64: string, privKeyBase64: string) => {
  const pubKeyFormatted = pubKeyBase64.match(/.{1,64}/g)?.join("\n");
@@ -13,18 +14,6 @@ export const createBlobFromKeyPairBase64 = (pubKeyBase64: string, privKeyBase64:
  return new Blob([`${pubKeyPem}\n${privKeyPem}\n`], { type: "text/plain" });
 };

-const decryptChallenge = async (challenge: string, privateKey: CryptoKey) => {
-  const challengeBuffer = Uint8Array.from(atob(challenge), (c) => c.charCodeAt(0));
-  const answer = await window.crypto.subtle.decrypt(
-    {
-      name: "RSA-OAEP",
-    } satisfies RsaOaepParams,
-    privateKey,
-    challengeBuffer,
-  );
-  return btoa(String.fromCharCode(...new Uint8Array(answer)));
-};
-
 export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey: CryptoKey) => {
  let res = await callAPI("/api/key/register", {
    method: "POST",
@@ -37,7 +26,7 @@ export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey

  const data = await res.json();
  const challenge = data.challenge as string;
-  const answer = await decryptChallenge(challenge, privateKey);
+  const answer = await decryptRSACiphertext(challenge, privateKey);

  res = await callAPI("/api/key/verify", {
    method: "POST",
--- a/src/routes/(fullscreen)/key/generate/service.ts
+++ b/src/routes/(fullscreen)/key/generate/service.ts
@@ -1,44 +1,10 @@
+import {
+  generateRSAKeyPair,
+  makeRSAKeyNonextractable,
+  exportRSAKeyToBase64,
+} from "$lib/modules/crypto";
 import { keyPairStore } from "$lib/stores";

-type KeyType = "public" | "private";
-
-const generateRSAKeyPair = async () => {
-  const keyPair = await window.crypto.subtle.generateKey(
-    {
-      name: "RSA-OAEP",
-      modulusLength: 4096,
-      publicExponent: new Uint8Array([1, 0, 1]),
-      hash: "SHA-256",
-    } satisfies RsaHashedKeyGenParams,
-    true,
-    ["encrypt", "decrypt"],
-  );
-  return keyPair;
-};
-
-const makeRSAKeyNonextractable = async (key: CryptoKey, type: KeyType) => {
-  const format = type === "public" ? "spki" : "pkcs8";
-  const keyUsage = type === "public" ? "encrypt" : "decrypt";
-  return await window.crypto.subtle.importKey(
-    format,
-    await window.crypto.subtle.exportKey(format, key),
-    {
-      name: "RSA-OAEP",
-      hash: "SHA-256",
-    } satisfies RsaHashedImportParams,
-    false,
-    [keyUsage],
-  );
-};
-
-const exportKeyToBase64 = async (key: CryptoKey, type: KeyType) => {
-  const exportedKey = await window.crypto.subtle.exportKey(
-    type === "public" ? "spki" : "pkcs8",
-    key,
-  );
-  return btoa(String.fromCharCode(...new Uint8Array(exportedKey)));
-};
-
 export const generateKeyPair = async () => {
  const keyPair = await generateRSAKeyPair();
  const privKeySecured = await makeRSAKeyNonextractable(keyPair.privateKey, "private");
@@ -49,7 +15,7 @@ export const generateKeyPair = async () => {
  });

  return {
-    pubKeyBase64: await exportKeyToBase64(keyPair.publicKey, "public"),
-    privKeyBase64: await exportKeyToBase64(keyPair.privateKey, "private"),
+    pubKeyBase64: await exportRSAKeyToBase64(keyPair.publicKey, "public"),
+    privKeyBase64: await exportRSAKeyToBase64(keyPair.privateKey, "private"),
  };
 };