-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: always accept private keys as public keys #25217
crypto: always accept private keys as public keys #25217
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technical contents of the PR LGTM % a rebase.
what if the user passes a public and a private key (both in the same PEM string) to createPublicKey? With this change, the public key would be used
Personally, I'd expect it to use the private key as that's the ultimate source of truth.
Some APIs already accept private keys instead of public keys. This changes all relevant crypto APIs to do so.
c2d1597
to
bd5e127
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one tiny suggestion on the doc text, but otherwise LGTM
Landed in ae2d1f0 |
Some APIs already accept private keys instead of public keys. This changes all relevant crypto APIs to do so. PR-URL: #25217 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Sam Roberts <[email protected]>
Some APIs already accept private keys instead of public keys. This changes all relevant crypto APIs to do so. PR-URL: #25217 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Sam Roberts <[email protected]>
Some APIs already accept private keys instead of public keys. This changes all relevant crypto APIs to do so. PR-URL: nodejs#25217 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Sam Roberts <[email protected]>
Hi @tniessen Not sure if this is related to the nightly node build i'm using or a bug with the implementation, i tried In essence if i pass a private key loaded from the filesystem it works fine, but when i pass an existing instance of
|
@panva Mhhh weird, that should throw in the JS layer. I'll have a look at it tomorrow, I wanted to add support for that operation anyway. |
Notable Changes * compression / zlib: * Added brotli support (Anna Henningsen and Zach Vacura) nodejs#24938 * console: * Added `inspectOptions` option (Ruben Bridgewater) nodejs#24978 * crypto: * Always accept private keys as public keys (Tobias Nießen) nodejs#25217 * deps: * Upgrade npm to v6.5.0 (Jordan Harband) nodejs#25234 * fs: * Use internalBinding('fs') internally instead of process.binding('fs') (Masashi Hirano) nodejs#22478 * http(s): * Support overriding http\\s.globalAgent (Roy Sommer) nodejs#25170 * util: * Inspect ArrayBuffers contents closely (Ruben Bridgewater) nodejs#25006 * worker: * Expose workers by default and remove `--experimental-worker` flag (Anna Henningsen) nodejs#25361 PR-URL: nodejs#25537
no problem, @tniessen the fix suggests that this operation is not intended, is that not intended "yet" and it'll be supported in the future? |
Notable Changes * compression / zlib: * Added brotli support (Anna Henningsen and Zach Vacura) #24938 * console: * Added `inspectOptions` option (Ruben Bridgewater) #24978 * crypto: * Always accept private keys as public keys (Tobias Nießen) #25217 * deps: * Upgrade npm to v6.5.0 (Jordan Harband) #25234 * fs: * Use internalBinding('fs') internally instead of process.binding('fs') (Masashi Hirano) #22478 * http(s): * Support overriding http\\s.globalAgent (Roy Sommer) #25170 * util: * Inspect ArrayBuffers contents closely (Ruben Bridgewater) #25006 * worker: * Expose workers by default and remove `--experimental-worker` flag (Anna Henningsen) #25361 PR-URL: #25537
@panva It is not intended yet, I'm trying to improve the API in small incremental changes, allowing to derive public key objects from private key objects is one of those. |
Great, thanks for the heads up! I appreciate the changes you're making, what you call small incremental changes are huge leaps in nodejs crypto usability. |
Some APIs already accept private keys instead of public keys. This changes all relevant crypto APIs to do so.
As a nice side effect, this also allows to derive public keys from private keys using the new KeyObject API.
I am not 100% sure whether this is the best way to go, so I would love opinions from @nodejs/crypto or other people! Allowing private keys to be passed to
verify
makes sense in my opinion, but what if the user passes a public and a private key (both in the same PEM string) tocreatePublicKey
? With this change, the public key would be used, but we should make sure to be on the same page about this.Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes