diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-01-26 13:28:55 +0100 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2019-03-05 16:32:19 +0100 |
commit | fe7162915e2a9de85bb550d8d50679832e46983e (patch) | |
tree | d0639862a806e942fec9ab925935eabf91c29cd8 /doc/api/crypto.md | |
parent | 84ebaaa339ffc67cbada5b2ae59061c26efd39ce (diff) | |
download | android-node-v8-fe7162915e2a9de85bb550d8d50679832e46983e.tar.gz android-node-v8-fe7162915e2a9de85bb550d8d50679832e46983e.tar.bz2 android-node-v8-fe7162915e2a9de85bb550d8d50679832e46983e.zip |
crypto: allow deriving public from private keys
This change allows passing private key objects to
crypto.createPublicKey, resulting in a key object that represents a
valid public key for the given private key. The returned public key
object can be used and exported safely without revealing information
about the private key.
PR-URL: https://github.com/nodejs/node/pull/26278
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'doc/api/crypto.md')
-rw-r--r-- | doc/api/crypto.md | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 7644ff7d63..328d7daac1 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1813,11 +1813,15 @@ must be an object with the properties described above. <!-- YAML added: v11.6.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/26278 + description: The `key` argument can now be a `KeyObject` with type + `private`. - version: v11.7.0 pr-url: https://github.com/nodejs/node/pull/25217 description: The `key` argument can now be a private key. --> -* `key` {Object | string | Buffer} +* `key` {Object | string | Buffer | KeyObject} - `key`: {string | Buffer} - `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`. - `type`: {string} Must be `'pkcs1'` or `'spki'`. This option is required @@ -1825,16 +1829,19 @@ changes: * Returns: {KeyObject} Creates and returns a new key object containing a public key. If `key` is a -string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key` -must be an object with the properties described above. +string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject` +with type `'private'`, the public key is derived from the given private key; +otherwise, `key` must be an object with the properties described above. If the format is `'pem'`, the `'key'` may also be an X.509 certificate. Because public keys can be derived from private keys, a private key may be passed instead of a public key. In that case, this function behaves as if [`crypto.createPrivateKey()`][] had been called, except that the type of the -returned `KeyObject` will be `public` and that the private key cannot be -extracted from the returned `KeyObject`. +returned `KeyObject` will be `'public'` and that the private key cannot be +extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type +`'private'` is given, a new `KeyObject` with type `'public'` will be returned +and it will be impossible to extract the private key from the returned object. ### crypto.createSecretKey(key) <!-- YAML |