crypto: expose crypto.isKeyObject() helper

doc/api/crypto.md

@@ -1121,6 +1121,9 @@ exposes different functions.
 Most applications should consider using the new `KeyObject` API instead of
 passing keys as strings or `Buffer`s due to improved security features.
 
+See [`crypto.isKeyObject()`][] for checking whether a given input is
+a `KeyObject` instance.
+
 ### keyObject.asymmetricKeyType
 <!-- YAML
 added: v11.6.0
@@ -1910,7 +1913,7 @@ are currently supported.
 
 If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
 behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
-the respective part of the key is returned as a [`KeyObject`].
+the respective part of the key is returned as a [`KeyObject`][].
 
 It is recommended to encode public keys as `'spki'` and private keys as
 `'pkcs8'` with encryption for long-term storage:
@@ -1966,7 +1969,7 @@ are currently supported.
 
 If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
 behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
-the respective part of the key is returned as a [`KeyObject`].
+the respective part of the key is returned as a [`KeyObject`][].
 
 When encoding public keys, it is recommended to use `'spki'`. When encoding
 private keys, it is recommended to use `'pks8'` with a strong passphrase, and to
@@ -2070,6 +2073,23 @@ const hashes = crypto.getHashes();
 console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
 ```
 
+### crypto.isKeyObject(value)
+<!-- YAML
+added: REPLACEME
+-->
+
+* `value` {any}
+* Returns: {boolean}
+
+Returns `true` if the value is a [`KeyObject`][] instance.
+
+```js
+const crypto = require('crypto');
+const keypair = crypto.generateKeyPairSync('ec', { namedCurve: 'P-256' });
+
+crypto.isKeyObject(keypair.privateKey);  // Returns true
+```
+
 ### crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)
 <!-- YAML
 added: v0.5.5

lib/crypto.js

@@ -60,6 +60,7 @@ const {
   generateKeyPairSync
 } = require('internal/crypto/keygen');
 const {
+  isKeyObject,
   createSecretKey,
   createPublicKey,
   createPrivateKey
@@ -164,6 +165,7 @@ module.exports = exports = {
   getHashes,
   pbkdf2,
   pbkdf2Sync,
+  isKeyObject,
   generateKeyPair,
   generateKeyPairSync,
   privateDecrypt,

lib/internal/crypto/keys.js

@@ -318,6 +318,7 @@ module.exports = {
   createSecretKey,
   createPublicKey,
   createPrivateKey,
+  isKeyObject,
 
   // These are designed for internal use only and should not be exposed.
   parsePublicKeyEncoding,
@@ -327,6 +328,5 @@ module.exports = {
   prepareSecretKey,
   SecretKeyObject,
   PublicKeyObject,
-  PrivateKeyObject,
-  isKeyObject
+  PrivateKeyObject
 };

test/parallel/test-crypto.js

@@ -300,3 +300,12 @@ testEncoding({
 testEncoding({
   defaultEncoding: 'latin1'
 }, assertionHashLatin1);
+
+// isKeyObject checks
+assert(crypto.isKeyObject(crypto.createSecretKey(Buffer.from('foo'))));
+const keypair = crypto.generateKeyPairSync('ec', { namedCurve: 'P-256' });
+assert(crypto.isKeyObject(keypair.privateKey));
+assert(crypto.isKeyObject(keypair.publicKey));
+[null, undefined, false, 5, 'foo', {}, Buffer].forEach((value) => {
+  assert(!crypto.isKeyObject(value));
+});