From 1149af626578fbaf16c5ddf7cd06ee5ba57bff99 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 20 Nov 2020 12:59:13 +0100 Subject: [PATCH] crypto: add keyObject.asymmetricKeyDetails for asymmetric keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This API exposes key details. It is conceptually different from the previously discussed keyObject.fields property since it does not give access to information that could compromise the security of the key, and the obtained information cannot be used to uniquely identify a key. The intended purpose is to determine "security properties" of keys, e.g. to generate a new key pair with the same parameters, or to decide whether a key is secure enough. closes #30045 PR-URL: https://github.com/nodejs/node/pull/36188 Reviewed-By: Matteo Collina Reviewed-By: Tobias Nießen Reviewed-By: Rich Trott --- doc/api/crypto.md | 19 ++++++ lib/internal/crypto/keys.js | 29 +++++++++ lib/internal/crypto/util.js | 13 ++++ test/parallel/test-crypto-key-objects.js | 1 + test/parallel/test-crypto-keygen.js | 81 ++++++++++++++++++++++-- 5 files changed, 139 insertions(+), 4 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 18f52eb4f8ec5d..b56420bce9a1c7 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1284,6 +1284,25 @@ passing keys as strings or `Buffer`s due to improved security features. The receiver obtains a cloned `KeyObject`, and the `KeyObject` does not need to be listed in the `transferList` argument. +### `keyObject.asymmetricKeyDetails` + + +* {Object} + * `modulusLength`: {number} Key size in bits (RSA, DSA). + * `publicExponent`: {bigint} Public exponent (RSA). + * `divisorLength`: {number} Size of `q` in bits (DSA). + * `namedCurve`: {string} Name of the curve (EC). + +This property exists only on asymmetric keys. Depending on the type of the key, +this object contains information about the key. None of the information obtained +through this property can be used to uniquely identify a key or to compromise +the security of the key. + +RSA-PSS parameters, DH, or any future key type details might be exposed via this +API using additional attributes. + ### `keyObject.asymmetricKeyType`