12 files changed, 66 insertions, 41 deletions

diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyAES.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyAES.cpp
index 17cbf48d9..ce23ce5dd 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyAES.cpp
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyAES.cpp
@@ -25,7 +25,7 @@
 
 #include "config.h"
 #include "CryptoKeyAES.h"
-
+#include "../wtf-bindings.h"
 #if ENABLE(WEB_CRYPTO)
 
 #include "CryptoAesKeyAlgorithm.h"
@@ -107,7 +107,7 @@ JsonWebKey CryptoKeyAES::exportJwk() const
 {
     JsonWebKey result;
     result.kty = "oct"_s;
-    result.k = base64URLEncodeToString(m_key);
+    result.k = Bun::base64URLEncodeToString(m_key);
     result.key_ops = usages();
     result.ext = extractable();
     return result;
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyEC.h b/src/bun.js/bindings/webcrypto/CryptoKeyEC.h
index f2cf7383f..8e8f5eb35 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyEC.h
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyEC.h
@@ -91,6 +91,8 @@ public:
     String namedCurveString() const;
     PlatformECKey platformKey() const { return m_platformKey.get(); }
     static bool isValidECAlgorithm(CryptoAlgorithmIdentifier);
+    static RefPtr<CryptoKeyEC> platformImportSpki(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyEC> platformImportPkcs8(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
 
 private:
     CryptoKeyEC(CryptoAlgorithmIdentifier, NamedCurve, CryptoKeyType, PlatformECKeyContainer&&, bool extractable, CryptoKeyUsageBitmap);
@@ -104,8 +106,6 @@ private:
     static RefPtr<CryptoKeyEC> platformImportRaw(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyEC> platformImportJWKPublic(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyEC> platformImportJWKPrivate(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, Vector<uint8_t>&& d, bool extractable, CryptoKeyUsageBitmap);
-    static RefPtr<CryptoKeyEC> platformImportSpki(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
-    static RefPtr<CryptoKeyEC> platformImportPkcs8(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
     Vector<uint8_t> platformExportRaw() const;
     bool platformAddFieldElements(JsonWebKey&) const;
     Vector<uint8_t> platformExportSpki() const;
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyECOpenSSL.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyECOpenSSL.cpp
index bb5dc5e62..c2b363b32 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyECOpenSSL.cpp
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyECOpenSSL.cpp
@@ -25,6 +25,7 @@
 
 #include "config.h"
 #include "CryptoKeyEC.h"
+#include "../wtf-bindings.h"
 
 #if ENABLE(WEB_CRYPTO)
 
@@ -408,15 +409,15 @@ bool CryptoKeyEC::platformAddFieldElements(JsonWebKey& jwk) const
         auto x = BIGNUMPtr(BN_new());
         auto y = BIGNUMPtr(BN_new());
         if (1 == EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key), publicKey, x.get(), y.get(), ctx.get())) {
-            jwk.x = base64URLEncodeToString(convertToBytesExpand(x.get(), keySizeInBytes));
-            jwk.y = base64URLEncodeToString(convertToBytesExpand(y.get(), keySizeInBytes));
+            jwk.x = Bun::base64URLEncodeToString(convertToBytesExpand(x.get(), keySizeInBytes));
+            jwk.y = Bun::base64URLEncodeToString(convertToBytesExpand(y.get(), keySizeInBytes));
         }
     }
 
     if (type() == Type::Private) {
         const BIGNUM* privateKey = EC_KEY_get0_private_key(key);
         if (privateKey)
-            jwk.d = base64URLEncodeToString(convertToBytes(privateKey));
+            jwk.d = Bun::base64URLEncodeToString(convertToBytes(privateKey));
     }
     return true;
 }
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.cpp
index aafb3b2fe..9428998cb 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.cpp
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.cpp
@@ -25,6 +25,7 @@
 
 #include "config.h"
 #include "CryptoKeyHMAC.h"
+#include "../wtf-bindings.h"
 
 #if ENABLE(WEB_CRYPTO)
 
@@ -69,6 +70,13 @@ CryptoKeyHMAC::CryptoKeyHMAC(Vector<uint8_t>&& key, CryptoAlgorithmIdentifier ha
 
 CryptoKeyHMAC::~CryptoKeyHMAC() = default;
 
+
+RefPtr<CryptoKeyHMAC> CryptoKeyHMAC::generateFromBytes(void* data, size_t byteLength, CryptoAlgorithmIdentifier hash, bool extractable, CryptoKeyUsageBitmap usages) {
+
+    Vector<uint8_t> vec_data((uint8_t*)data, byteLength);
+    return adoptRef(new CryptoKeyHMAC(vec_data, hash, extractable, usages));
+}
+
 RefPtr<CryptoKeyHMAC> CryptoKeyHMAC::generate(size_t lengthBits, CryptoAlgorithmIdentifier hash, bool extractable, CryptoKeyUsageBitmap usages)
 {
     if (!lengthBits) {
@@ -118,11 +126,13 @@ RefPtr<CryptoKeyHMAC> CryptoKeyHMAC::importJwk(size_t lengthBits, CryptoAlgorith
     return CryptoKeyHMAC::importRaw(lengthBits, hash, WTFMove(*octetSequence), extractable, usages);
 }
 
+
 JsonWebKey CryptoKeyHMAC::exportJwk() const
-{
+{   
+    
     JsonWebKey result;
     result.kty = "oct"_s;
-    result.k = base64URLEncodeToString(m_key);
+    result.k = Bun::base64URLEncodeToString(m_key);
     result.key_ops = usages();
     result.ext = extractable();
     return result;
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.h b/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.h
index 0c7ba38cb..714888019 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.h
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyHMAC.h
@@ -43,9 +43,11 @@ public:
     {
         return adoptRef(*new CryptoKeyHMAC(key, hash, extractable, usage));
     }
+    
     virtual ~CryptoKeyHMAC();
 
     static RefPtr<CryptoKeyHMAC> generate(size_t lengthBits, CryptoAlgorithmIdentifier hash, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyHMAC> generateFromBytes(void* data, size_t byteLength, CryptoAlgorithmIdentifier hash, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyHMAC> importRaw(size_t lengthBits, CryptoAlgorithmIdentifier hash, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
     using CheckAlgCallback = Function<bool(CryptoAlgorithmIdentifier, const String&)>;
     static RefPtr<CryptoKeyHMAC> importJwk(size_t lengthBits, CryptoAlgorithmIdentifier hash, JsonWebKey&&, bool extractable, CryptoKeyUsageBitmap, CheckAlgCallback&&);
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp
index b7dc55018..4b5d8d588 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp
@@ -119,14 +119,13 @@ RefPtr<CryptoKeyOKP> CryptoKeyOKP::importRaw(CryptoAlgorithmIdentifier identifie
     return create(identifier, namedCurve, usages & CryptoKeyUsageSign ? CryptoKeyType::Private : CryptoKeyType::Public, WTFMove(keyData), extractable, usages);
 }
 
-RefPtr<CryptoKeyOKP> CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier identifier, NamedCurve namedCurve, JsonWebKey&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
-{
+RefPtr<CryptoKeyOKP> CryptoKeyOKP::importJwkInternal(CryptoAlgorithmIdentifier identifier, NamedCurve namedCurve, JsonWebKey&& keyData, bool extractable, CryptoKeyUsageBitmap usages, bool onlyPublic) {
     if (!isPlatformSupportedCurve(namedCurve))
         return nullptr;
 
     switch (namedCurve) {
     case NamedCurve::Ed25519:
-        if (!keyData.d.isEmpty()) {
+        if (!keyData.d.isEmpty() && !onlyPublic) {
             if (usages & (CryptoKeyUsageEncrypt | CryptoKeyUsageDecrypt | CryptoKeyUsageVerify | CryptoKeyUsageDeriveKey | CryptoKeyUsageDeriveBits | CryptoKeyUsageWrapKey | CryptoKeyUsageUnwrapKey))
                 return nullptr;
         } else {
@@ -137,8 +136,6 @@ RefPtr<CryptoKeyOKP> CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier identifie
             return nullptr;
         if (keyData.crv != "Ed25519"_s)
             return nullptr;
-        if (!keyData.alg.isEmpty() && keyData.alg != "EdDSA"_s)
-            return nullptr;
         if (usages && !keyData.use.isEmpty() && keyData.use != "sig"_s)
             return nullptr;
         if (keyData.key_ops && ((keyData.usages & usages) != usages))
@@ -153,12 +150,14 @@ RefPtr<CryptoKeyOKP> CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier identifie
         break;
     }
 
-    if (!keyData.d.isNull()) {
-        // FIXME: Validate keyData.x is paired with keyData.d
-        auto d = base64URLDecode(keyData.d);
-        if (!d)
-            return nullptr;
-        return create(identifier, namedCurve, CryptoKeyType::Private, WTFMove(*d), extractable, usages);
+    if(!onlyPublic){
+        if (!keyData.d.isNull()) {
+            // FIXME: Validate keyData.x is paired with keyData.d
+            auto d = base64URLDecode(keyData.d);
+            if (!d)
+                return nullptr;
+            return create(identifier, namedCurve, CryptoKeyType::Private, WTFMove(*d), extractable, usages);
+        }
     }
 
     if (keyData.x.isNull())
@@ -168,6 +167,14 @@ RefPtr<CryptoKeyOKP> CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier identifie
     if (!x)
         return nullptr;
     return create(identifier, namedCurve, CryptoKeyType::Public, WTFMove(*x), extractable, usages);
+} 
+
+RefPtr<CryptoKeyOKP> CryptoKeyOKP::importPublicJwk(CryptoAlgorithmIdentifier identifier, NamedCurve namedCurve, JsonWebKey&& keyData, bool extractable, CryptoKeyUsageBitmap usages) {
+    return importJwkInternal(identifier, namedCurve, WTFMove(keyData), extractable, usages, true);
+}
+RefPtr<CryptoKeyOKP> CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier identifier, NamedCurve namedCurve, JsonWebKey&& keyData, bool extractable, CryptoKeyUsageBitmap usages) 
+{
+    return importJwkInternal(identifier, namedCurve, WTFMove(keyData), extractable, usages, false);
 }
 
 ExceptionOr<Vector<uint8_t>> CryptoKeyOKP::exportRaw() const
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h
index cc1fe2c73..4d521227f 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h
@@ -48,6 +48,7 @@ public:
 
     WEBCORE_EXPORT static ExceptionOr<CryptoKeyPair> generatePair(CryptoAlgorithmIdentifier, NamedCurve, bool extractable, CryptoKeyUsageBitmap);
     WEBCORE_EXPORT static RefPtr<CryptoKeyOKP> importRaw(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyOKP> importPublicJwk(CryptoAlgorithmIdentifier, NamedCurve, JsonWebKey&&, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyOKP> importJwk(CryptoAlgorithmIdentifier, NamedCurve, JsonWebKey&&, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyOKP> importSpki(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyOKP> importPkcs8(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
@@ -88,6 +89,7 @@ private:
     Vector<uint8_t> platformExportRaw() const;
     Vector<uint8_t> platformExportSpki() const;
     Vector<uint8_t> platformExportPkcs8() const;
+    static RefPtr<CryptoKeyOKP> importJwkInternal(CryptoAlgorithmIdentifier identifier, NamedCurve namedCurve, JsonWebKey&& keyData, bool extractable, CryptoKeyUsageBitmap usages, bool onlyPublic);
 
     NamedCurve m_curve;
     KeyMaterial m_data;
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp
index ea3a4d498..82e352d0a 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp
@@ -25,7 +25,7 @@
 
 #include "config.h"
 #include "CryptoKeyOKP.h"
-
+#include "../wtf-bindings.h"
 #if ENABLE(WEB_CRYPTO)
 
 #include "JsonWebKey.h"
@@ -296,9 +296,9 @@ String CryptoKeyOKP::generateJwkD() const
     ASSERT(type() == CryptoKeyType::Private);
     if (namedCurve() == NamedCurve::Ed25519) {
         ASSERT(m_exportKey);
-        return base64URLEncodeToString(*m_exportKey);
+        return Bun::base64URLEncodeToString(*m_exportKey);
     }
-    return base64URLEncodeToString(m_data);
+    return Bun::base64URLEncodeToString(m_data);
 }
 
 CryptoKeyOKP::KeyMaterial CryptoKeyOKP::ed25519PublicFromPrivate(const KeyMaterial& seed)
@@ -333,15 +333,15 @@ CryptoKeyOKP::KeyMaterial CryptoKeyOKP::ed25519PrivateFromSeed(KeyMaterial&& see
 String CryptoKeyOKP::generateJwkX() const
 {
     if (type() == CryptoKeyType::Public)
-        return base64URLEncodeToString(m_data);
+        return Bun::base64URLEncodeToString(m_data);
 
     ASSERT(type() == CryptoKeyType::Private);
 
     if (namedCurve() == NamedCurve::Ed25519)
-        return base64URLEncodeToString(WTFMove(ed25519PublicFromPrivate(const_cast<KeyMaterial&>(m_data))));
+        return Bun::base64URLEncodeToString(WTFMove(ed25519PublicFromPrivate(const_cast<KeyMaterial&>(m_data))));
 
     ASSERT(namedCurve() == NamedCurve::X25519);
-    return base64URLEncodeToString(WTFMove(x25519PublicFromPrivate(const_cast<KeyMaterial&>(m_data))));
+    return Bun::base64URLEncodeToString(WTFMove(x25519PublicFromPrivate(const_cast<KeyMaterial&>(m_data))));
 }
 
 CryptoKeyOKP::KeyMaterial CryptoKeyOKP::platformExportRaw() const
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyRSA.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyRSA.cpp
index 273218721..859767107 100644
--- a/src/bun.js/bindings/webcrypto/CryptoKeyRSA.cpp
+++ b/src/bun.js/bindings/webcrypto/CryptoKeyRSA.cpp
@@ -28,6 +28,7 @@
 
 #include "CryptoKeyRSAComponents.h"
 #include "JsonWebKey.h"
+#include "../wtf-bindings.h"
 #include <wtf/text/Base64.h>
 
 #if ENABLE(WEB_CRYPTO)
@@ -143,30 +144,30 @@ JsonWebKey CryptoKeyRSA::exportJwk() const
         return result;
 
     // public key
-    result.n = base64URLEncodeToString(rsaComponents->modulus());
-    result.e = base64URLEncodeToString(rsaComponents->exponent());
+    result.n = Bun::base64URLEncodeToString(rsaComponents->modulus());
+    result.e = Bun::base64URLEncodeToString(rsaComponents->exponent());
     if (rsaComponents->type() == CryptoKeyRSAComponents::Type::Public)
         return result;
 
     // private key
-    result.d = base64URLEncodeToString(rsaComponents->privateExponent());
+    result.d = Bun::base64URLEncodeToString(rsaComponents->privateExponent());
     if (!rsaComponents->hasAdditionalPrivateKeyParameters())
         return result;
 
-    result.p = base64URLEncodeToString(rsaComponents->firstPrimeInfo().primeFactor);
-    result.q = base64URLEncodeToString(rsaComponents->secondPrimeInfo().primeFactor);
-    result.dp = base64URLEncodeToString(rsaComponents->firstPrimeInfo().factorCRTExponent);
-    result.dq = base64URLEncodeToString(rsaComponents->secondPrimeInfo().factorCRTExponent);
-    result.qi = base64URLEncodeToString(rsaComponents->secondPrimeInfo().factorCRTCoefficient);
+    result.p = Bun::base64URLEncodeToString(rsaComponents->firstPrimeInfo().primeFactor);
+    result.q = Bun::base64URLEncodeToString(rsaComponents->secondPrimeInfo().primeFactor);
+    result.dp = Bun::base64URLEncodeToString(rsaComponents->firstPrimeInfo().factorCRTExponent);
+    result.dq = Bun::base64URLEncodeToString(rsaComponents->secondPrimeInfo().factorCRTExponent);
+    result.qi = Bun::base64URLEncodeToString(rsaComponents->secondPrimeInfo().factorCRTCoefficient);
     if (rsaComponents->otherPrimeInfos().isEmpty())
         return result;
 
     Vector<RsaOtherPrimesInfo> oth;
     for (const auto& info : rsaComponents->otherPrimeInfos()) {
         RsaOtherPrimesInfo otherInfo;
-        otherInfo.r = base64URLEncodeToString(info.primeFactor);
-        otherInfo.d = base64URLEncodeToString(info.factorCRTExponent);
-        otherInfo.t = base64URLEncodeToString(info.factorCRTCoefficient);
+        otherInfo.r = Bun::base64URLEncodeToString(info.primeFactor);
+        otherInfo.d = Bun::base64URLEncodeToString(info.factorCRTExponent);
+        otherInfo.t = Bun::base64URLEncodeToString(info.factorCRTCoefficient);
         oth.append(WTFMove(otherInfo));
     }
     result.oth = WTFMove(oth);
diff --git a/src/bun.js/bindings/webcrypto/JSCryptoKey.cpp b/src/bun.js/bindings/webcrypto/JSCryptoKey.cpp
index d2ec84afb..5b38d78c9 100644
--- a/src/bun.js/bindings/webcrypto/JSCryptoKey.cpp
+++ b/src/bun.js/bindings/webcrypto/JSCryptoKey.cpp
@@ -196,6 +196,8 @@ void JSCryptoKey::finishCreation(VM& vm)
     // static_assert(!std::is_base_of<ActiveDOMObject, CryptoKey>::value, "Interface is not marked as [ActiveDOMObject] even though implementation class subclasses ActiveDOMObject.");
 }
 
+
+
 JSObject* JSCryptoKey::createPrototype(VM& vm, JSDOMGlobalObject& globalObject)
 {
     return JSCryptoKeyPrototype::create(vm, &globalObject, JSCryptoKeyPrototype::createStructure(vm, &globalObject, globalObject.objectPrototype()));
diff --git a/src/bun.js/bindings/webcrypto/JSJsonWebKey.cpp b/src/bun.js/bindings/webcrypto/JSJsonWebKey.cpp
index 39ed1ff31..067421303 100644
--- a/src/bun.js/bindings/webcrypto/JSJsonWebKey.cpp
+++ b/src/bun.js/bindings/webcrypto/JSJsonWebKey.cpp
@@ -256,7 +256,7 @@ template<> JsonWebKey convertDictionary<JsonWebKey>(JSGlobalObject& lexicalGloba
     return result;
 }
 
-JSC::JSObject* convertDictionaryToJS(JSC::JSGlobalObject& lexicalGlobalObject, JSDOMGlobalObject& globalObject, const JsonWebKey& dictionary)
+JSC::JSObject* convertDictionaryToJS(JSC::JSGlobalObject& lexicalGlobalObject, JSDOMGlobalObject& globalObject, const JsonWebKey& dictionary, bool ignoreExtAndKeyOps)
 {
     auto& vm = JSC::getVM(&lexicalGlobalObject);
     auto throwScope = DECLARE_THROW_SCOPE(vm);
@@ -293,7 +293,7 @@ JSC::JSObject* convertDictionaryToJS(JSC::JSGlobalObject& lexicalGlobalObject, J
         RETURN_IF_EXCEPTION(throwScope, { });
         result->putDirect(vm, JSC::Identifier::fromString(vm, "e"_s), eValue);
     }
-    if (!IDLBoolean::isNullValue(dictionary.ext)) {
+    if (!ignoreExtAndKeyOps && !IDLBoolean::isNullValue(dictionary.ext)) {
         auto extValue = toJS<IDLBoolean>(lexicalGlobalObject, throwScope, IDLBoolean::extractValueFromNullable(dictionary.ext));
         RETURN_IF_EXCEPTION(throwScope, { });
         result->putDirect(vm, JSC::Identifier::fromString(vm, "ext"_s), extValue);
@@ -303,7 +303,7 @@ JSC::JSObject* convertDictionaryToJS(JSC::JSGlobalObject& lexicalGlobalObject, J
         RETURN_IF_EXCEPTION(throwScope, { });
         result->putDirect(vm, JSC::Identifier::fromString(vm, "k"_s), kValue);
     }
-    if (!IDLSequence<IDLEnumeration<CryptoKeyUsage>>::isNullValue(dictionary.key_ops)) {
+    if (!ignoreExtAndKeyOps && !IDLSequence<IDLEnumeration<CryptoKeyUsage>>::isNullValue(dictionary.key_ops)) {
         auto key_opsValue = toJS<IDLSequence<IDLEnumeration<CryptoKeyUsage>>>(lexicalGlobalObject, globalObject, throwScope, IDLSequence<IDLEnumeration<CryptoKeyUsage>>::extractValueFromNullable(dictionary.key_ops));
         RETURN_IF_EXCEPTION(throwScope, { });
         result->putDirect(vm, JSC::Identifier::fromString(vm, "key_ops"_s), key_opsValue);
diff --git a/src/bun.js/bindings/webcrypto/JSJsonWebKey.h b/src/bun.js/bindings/webcrypto/JSJsonWebKey.h
index 07e7960be..c1b287c4d 100644
--- a/src/bun.js/bindings/webcrypto/JSJsonWebKey.h
+++ b/src/bun.js/bindings/webcrypto/JSJsonWebKey.h
@@ -29,7 +29,7 @@ namespace WebCore {
 
 template<> JsonWebKey convertDictionary<JsonWebKey>(JSC::JSGlobalObject&, JSC::JSValue);
 
-JSC::JSObject* convertDictionaryToJS(JSC::JSGlobalObject&, JSDOMGlobalObject&, const JsonWebKey&);
+JSC::JSObject* convertDictionaryToJS(JSC::JSGlobalObject&, JSDOMGlobalObject&, const JsonWebKey&, bool ignoreExtAndKeyOps = false);
 
 } // namespace WebCore