@@ -47,7 +47,7 @@ async function verifyAndParseBundleData(bundle, organizationId) {
4747 bundleObj . data
4848 ) ;
4949 if ( ! verified ) {
50- throw new Error ( `failed to verify enclave signature: ${ bundle } ) ;
50+ throw new Error ( `failed to verify enclave signature: ${ bundleObj . dataSignature } ) ;
5151 }
5252
5353 const signedData = JSON . parse (
@@ -413,12 +413,29 @@ async function rawP256PrivateKeyToJwk(rawPrivateKeyBytes) {
413413 ) ;
414414 }
415415
416- // PKCS8 DER prefix for a P-256 private key (without optional public key field)
417- // SEQUENCE {
418- // INTEGER 0 (version)
419- // SEQUENCE { OID ecPublicKey, OID P-256 }
420- // OCTET STRING { SEQUENCE { INTEGER 1, OCTET STRING(32) <key> } }
421- // }
416+ // Fixed PKCS#8 DER prefix for a P-256 private key (36 bytes).
417+ // This wraps a raw 32-byte scalar into the PrivateKeyInfo structure
418+ // that WebCrypto's importKey("pkcs8", ...) expects.
419+ //
420+ // Structure (per RFC 5958 §2 / RFC 5208 §5):
421+ // SEQUENCE {
422+ // INTEGER 0 -- version (v1)
423+ // SEQUENCE { -- AlgorithmIdentifier (RFC 5480 §2.1.1)
424+ // OID 1.2.840.10045.2.1 -- id-ecPublicKey
425+ // OID 1.2.840.10045.3.1.7 -- secp256r1 (P-256)
426+ // }
427+ // OCTET STRING { -- privateKey (SEC 1 §C.4 / RFC 5915 §3)
428+ // SEQUENCE {
429+ // INTEGER 1 -- version
430+ // OCTET STRING (32 bytes) -- raw private key scalar
431+ // }
432+ // }
433+ // }
434+ //
435+ // References:
436+ // - RFC 5958 / RFC 5208: PKCS#8 PrivateKeyInfo
437+ // - RFC 5480 §2.1.1: ECC AlgorithmIdentifier (OIDs)
438+ // - RFC 5915 / SEC 1 v2 §C.4: ECPrivateKey encoding
422439 const pkcs8Prefix = new Uint8Array ( [
423440 0x30 , 0x41 , 0x02 , 0x01 , 0x00 , 0x30 , 0x13 , 0x06 , 0x07 , 0x2a , 0x86 , 0x48 ,
424441 0xce , 0x3d , 0x02 , 0x01 , 0x06 , 0x08 , 0x2a , 0x86 , 0x48 , 0xce , 0x3d , 0x03 ,
0 commit comments