Skip to content

Commit

Permalink
crypto: fix key object wrapping in sync keygen
Browse files Browse the repository at this point in the history
PR-URL: #25326
Fixes: #25322
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
tniessen authored and addaleax committed Jan 8, 2019
1 parent 456f76a commit 32e45b2
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 15 deletions.
23 changes: 9 additions & 14 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -1951,27 +1951,22 @@ changes:
- `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
- `divisorLength`: {number} Size of `q` in bits (DSA).
- `namedCurve`: {string} Name of the curve to use (EC).
- `publicKeyEncoding`: {Object}
- `type`: {string} Must be one of `'pkcs1'` (RSA only) or `'spki'`.
- `format`: {string} Must be `'pem'` or `'der'`.
- `privateKeyEncoding`: {Object}
- `type`: {string} Must be one of `'pkcs1'` (RSA only), `'pkcs8'` or
`'sec1'` (EC only).
- `format`: {string} Must be `'pem'` or `'der'`.
- `cipher`: {string} If specified, the private key will be encrypted with
the given `cipher` and `passphrase` using PKCS#5 v2.0 password based
encryption.
- `passphrase`: {string | Buffer} The passphrase to use for encryption, see
`cipher`.
- `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
- `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
* Returns: {Object}
- `publicKey`: {string | Buffer | KeyObject}
- `privateKey`: {string | Buffer | KeyObject}

Generates a new asymmetric key pair of the given `type`. Only RSA, DSA and EC
are currently supported.

It is recommended to encode public keys as `'spki'` and private keys as
`'pkcs8'` with encryption:
If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
the respective part of the key is returned as a [`KeyObject`].

When encoding public keys, it is recommended to use `'spki'`. When encoding
private keys, it is recommended to use `'pks8'` with a strong passphrase, and to
keep the passphrase confidential.

```js
const { generateKeyPairSync } = require('crypto');
Expand Down
6 changes: 5 additions & 1 deletion lib/internal/crypto/keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,11 @@ function handleError(impl, wrap) {
if (err !== undefined)
throw err;

return { publicKey, privateKey };
// If no encoding was chosen, return key objects instead.
return {
publicKey: wrapKey(publicKey, PublicKeyObject),
privateKey: wrapKey(privateKey, PrivateKeyObject)
};
}

function parseKeyEncoding(keyType, options) {
Expand Down
15 changes: 15 additions & 0 deletions test/parallel/test-crypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,21 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
testSignVerify(publicKey, privateKey);
}

{
// Test sync key generation with key objects.
const { publicKey, privateKey } = generateKeyPairSync('rsa', {
modulusLength: 512
});

assert.strictEqual(typeof publicKey, 'object');
assert.strictEqual(publicKey.type, 'public');
assert.strictEqual(publicKey.asymmetricKeyType, 'rsa');

assert.strictEqual(typeof privateKey, 'object');
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'rsa');
}

{
const publicKeyEncoding = {
type: 'pkcs1',
Expand Down

0 comments on commit 32e45b2

Please sign in to comment.