Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accepting CryptoKey in node:crypto APIs #55293

Open
panva opened this issue Oct 6, 2024 · 2 comments
Open

Accepting CryptoKey in node:crypto APIs #55293

panva opened this issue Oct 6, 2024 · 2 comments
Labels
crypto Issues and PRs related to the crypto subsystem. discuss Issues opened for discussions and feedbacks. never-stale Mark issue so that it is never considered stale webcrypto

Comments

@panva
Copy link
Member

panva commented Oct 6, 2024
edited
Loading

The following APIs accept a CryptoKey instance and process the operation despite the restrictions put forth on the CryptoKey instance (e.g. algorithm, usages, extractable)

  • KeyObject.from (ignores extractable)
  • crypto.publicDecrypt
  • crypto.publicEncrypt
  • crypto.privateDecrypt
  • crypto.privateEncrypt
  • crypto.sign
  • crypto.verify
  • Sign.sign
  • Verify.verify
  • Cipher.final
  • Decipher.final
  • Hmac.digest

This list is according to the docs, but i suspect it's possible that hkdf and pbkdf2 allow this too.

This issue is to discuss a way forward to deal with this issues.

KeyObject.from

#37240 attempted to do something about KeyObject.from but i think the outcome would not solve the issues above.

I believe that converting key representations is not an issue so long as the more restrictive key representation's properties are upheld.

We can take a drastic stance and deprecate / in due time remove KeyObject.from entirely, or make KeyObject.from respect the extractable property and duly document that once the key is converted the CryptoKey restrictions are not upheld anymore. I'd much rather see the latter.

Another possible approach would be to disable KeyObject.export on keys that came from non-extractable CryptoKey.

APIs accepting CryptoKey but ignoring its parameters.

We could deprecate the use of CryptoKey in these APIs entirely or emulate WebCryptoAPI behaviour and check the CryptoKey usages and algorithm slots, either way this would be a doc-only deprecation at first, then --pending-deprecation, runtime deprecation, throw behaviour at the end.
@panva
Copy link
Member Author

panva commented Oct 6, 2024

cc @nodejs/crypto

@panva
Copy link
Member Author

panva commented Oct 6, 2024
edited
Loading

My preferred state is to have a way to convert KeyObject <> CryptoKey both ways (KeyObject.from (while respecting extractable) and #55262) but not have node:crypto APIs accept CryptoKey and not have SubtleCrypto accept KeyObject (already not possible).

This is even with my jose author/maintainer hat on. I don't make use of CryptoKey in node:crypto APIs. I do make use of KeyObject.from, but before KeyObject.from conversion I do check the CryptoKey properties and the resulting KeyObject is never returned to the user.

@panva panva added crypto Issues and PRs related to the crypto subsystem. discuss Issues opened for discussions and feedbacks. webcrypto never-stale Mark issue so that it is never considered stale labels Oct 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. discuss Issues opened for discussions and feedbacks. never-stale Mark issue so that it is never considered stale webcrypto
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@panva