crypto: add key object API by tniessen · Pull Request #24234 · nodejs/node
added
the
semver-minor
label
Nov 7, 2018labels
Nov 7, 2018
This commit makes multiple important changes: 1. A new key object API is introduced. The KeyObject class itself is not exposed to users, instead, several new APIs can be used to construct key objects: createSecretKey, createPrivateKey and createPublicKey. The new API also allows to convert between different key formats, and even though the API itself is not compatible to the WebCrypto standard in any way, it makes interoperability much simpler. 2. Key objects can be used instead of the raw key material in all relevant crypto APIs. 3. The handling of asymmetric keys has been unified and greatly improved. Node.js now fully supports both PEM-encoded and DER-encoded public and private keys. 4. Conversions between buffers and strings have been moved to native code for sensitive data such as symmetric keys due to security considerations such as zeroing temporary buffers. 5. For compatibility with older versions of the crypto API, this change allows to specify Buffers and strings as the "passphrase" option when reading or writing an encoded key. Note that this can result in unexpected behavior if the password contains a null byte.
MylesBorins pushed a commit that referenced this pull request
Dec 26, 2018
This commit makes multiple important changes: 1. A new key object API is introduced. The KeyObject class itself is not exposed to users, instead, several new APIs can be used to construct key objects: createSecretKey, createPrivateKey and createPublicKey. The new API also allows to convert between different key formats, and even though the API itself is not compatible to the WebCrypto standard in any way, it makes interoperability much simpler. 2. Key objects can be used instead of the raw key material in all relevant crypto APIs. 3. The handling of asymmetric keys has been unified and greatly improved. Node.js now fully supports both PEM-encoded and DER-encoded public and private keys. 4. Conversions between buffers and strings have been moved to native code for sensitive data such as symmetric keys due to security considerations such as zeroing temporary buffers. 5. For compatibility with older versions of the crypto API, this change allows to specify Buffers and strings as the "passphrase" option when reading or writing an encoded key. Note that this can result in unexpected behavior if the password contains a null byte. PR-URL: #24234 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins pushed a commit that referenced this pull request
Dec 26, 2018
PR-URL: #24234 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins added a commit that referenced this pull request
Dec 26, 2018
Notable Changes:
* cli:
- add --max-http-header-size flag (cjihrig)
#24811
* crypto:
- always accept certificates as public keys (Tobias Nießen)
#24234
- add key object API (Tobias Nießen) [#24234](#24234)
- update root certificates (Sam Roberts)
#25113
* deps:
- upgrade to libuv 1.24.1 (cjihrig)
#25078
- upgrade npm to 6.5.0 (Audrey Eschright)
#24734
* http:
- add maxHeaderSize property (cjihrig)
#24860
PR-URL: #25175
MylesBorins added a commit that referenced this pull request
Dec 26, 2018
Notable Changes:
* cli:
- add --max-http-header-size flag (cjihrig)
#24811
* crypto:
- always accept certificates as public keys (Tobias Nießen)
#24234
- add key object API (Tobias Nießen) [#24234](#24234)
- update root certificates (Sam Roberts)
#25113
* deps:
- upgrade to libuv 1.24.1 (cjihrig)
#25078
- upgrade npm to 6.5.0 (Audrey Eschright)
#24734
* http:
- add maxHeaderSize property (cjihrig)
#24860
PR-URL: #25175
cjihrig added a commit to cjihrig/node that referenced this pull request
Dec 26, 2018
During the time between nodejs#24234 being opened and it landing, a V8 update occurred that deprecated several APIs. This commit fixes the following compiler warnings: ../src/node_crypto.cc:3342:11: warning: 'Set' is deprecated: Use maybe version ../src/node_crypto.cc:3345:13: warning: 'GetFunction' is deprecated: Use maybe version PR-URL: nodejs#25205 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
MylesBorins added a commit that referenced this pull request
Dec 26, 2018
Notable Changes:
* cli:
- add --max-http-header-size flag (cjihrig)
#24811
* crypto:
- always accept certificates as public keys (Tobias Nießen)
#24234
- add key object API (Tobias Nießen) [#24234](#24234)
- update root certificates (Sam Roberts)
#25113
* deps:
- upgrade to libuv 1.24.1 (cjihrig)
#25078
- upgrade npm to 6.5.0 (Audrey Eschright)
#24734
* http:
- add maxHeaderSize property (cjihrig)
#24860
PR-URL: #25175
targos pushed a commit that referenced this pull request
Jan 1, 2019
During the time between #24234 being opened and it landing, a V8 update occurred that deprecated several APIs. This commit fixes the following compiler warnings: ../src/node_crypto.cc:3342:11: warning: 'Set' is deprecated: Use maybe version ../src/node_crypto.cc:3345:13: warning: 'GetFunction' is deprecated: Use maybe version PR-URL: #25205 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
refack pushed a commit to refack/node that referenced this pull request
Jan 14, 2019
This commit makes multiple important changes: 1. A new key object API is introduced. The KeyObject class itself is not exposed to users, instead, several new APIs can be used to construct key objects: createSecretKey, createPrivateKey and createPublicKey. The new API also allows to convert between different key formats, and even though the API itself is not compatible to the WebCrypto standard in any way, it makes interoperability much simpler. 2. Key objects can be used instead of the raw key material in all relevant crypto APIs. 3. The handling of asymmetric keys has been unified and greatly improved. Node.js now fully supports both PEM-encoded and DER-encoded public and private keys. 4. Conversions between buffers and strings have been moved to native code for sensitive data such as symmetric keys due to security considerations such as zeroing temporary buffers. 5. For compatibility with older versions of the crypto API, this change allows to specify Buffers and strings as the "passphrase" option when reading or writing an encoded key. Note that this can result in unexpected behavior if the password contains a null byte. PR-URL: nodejs#24234 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
refack pushed a commit to refack/node that referenced this pull request
Jan 14, 2019
PR-URL: nodejs#24234 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
refack pushed a commit to refack/node that referenced this pull request
Jan 14, 2019
During the time between nodejs#24234 being opened and it landing, a V8 update occurred that deprecated several APIs. This commit fixes the following compiler warnings: ../src/node_crypto.cc:3342:11: warning: 'Set' is deprecated: Use maybe version ../src/node_crypto.cc:3345:13: warning: 'GetFunction' is deprecated: Use maybe version PR-URL: nodejs#25205 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
panva
mentioned this pull request
4 tasks
paroga added a commit to paroga/node that referenced this pull request
Mar 2, 2019
Expose the size of asymetric keys of crypto key object from the crypto module added in v11.6.0 (nodejs#24234)
BridgeAR pushed a commit to BridgeAR/node that referenced this pull request
Mar 6, 2019
Expose the size of asymetric keys of crypto key object from the crypto module added in v11.6.0. PR-URL: nodejs#26387 Refs: nodejs#24234 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
BridgeAR pushed a commit to BridgeAR/node that referenced this pull request
Mar 12, 2019
Expose the size of asymetric keys of crypto key object from the crypto module added in v11.6.0. PR-URL: nodejs#26387 Refs: nodejs#24234 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
kt3k
mentioned this pull request
nodejs-github-bot pushed a commit that referenced this pull request
May 6, 2025
I added this class in 823d86c in 2018 when we did not yet use `std::optional`. The last uses were removed in 5b9bf39, so remove it. Refs: #24234 Refs: #55368 PR-URL: #58168 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos pushed a commit that referenced this pull request
May 16, 2025
I added this class in 823d86c in 2018 when we did not yet use `std::optional`. The last uses were removed in 5b9bf39, so remove it. Refs: #24234 Refs: #55368 PR-URL: #58168 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request
Jun 10, 2025
I added this class in 823d86c in 2018 when we did not yet use `std::optional`. The last uses were removed in 5b9bf39, so remove it. Refs: #24234 Refs: #55368 PR-URL: #58168 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters