diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-03-16 23:51:26 +0100 |
---|---|---|
committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2019-04-08 09:22:32 +0200 |
commit | 969bd1eb7b56fda3573ad3d41745a491f2b06dde (patch) | |
tree | eb6a429995c6bc99105ab944a72cc0b85c463043 /doc | |
parent | d834275a48bc1f85e2289bf7e52a5035a4d97f7e (diff) | |
download | android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.tar.gz android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.tar.bz2 android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.zip |
crypto: add support for RSA-PSS keys
This commit adds support for RSA-PSS keys, including
- KeyObjects of type rsa-pss,
- key pair generation for RSA-PSS, and
- signing and verification using RSA-PSS keys.
PR-URL: https://github.com/nodejs/node/pull/26960
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/crypto.md | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 4cacde0d8e..9ba401f153 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1130,6 +1130,9 @@ passing keys as strings or `Buffer`s due to improved security features. added: v11.6.0 changes: - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/26960 + description: Added support for `'rsa-pss'` + - version: REPLACEME pr-url: https://github.com/nodejs/node/pull/26786 description: This property now returns `undefined` for KeyObject instances of unrecognized type instead of aborting. @@ -1142,8 +1145,18 @@ changes: --> * {string} -For asymmetric keys, this property represents the type of the embedded key -(`'rsa'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'` or `'x448'`). +For asymmetric keys, this property represents the type of the key. Supported key +types are: + +* `'rsa'` (OID 1.2.840.113549.1.1.1) +* `'rsa-pss'` (OID 1.2.840.113549.1.1.10) +* `'dsa'` (OID 1.2.840.10040.4.1) +* `'ec'` (OID 1.2.840.10045.2.1) +* `'x25519'` (OID 1.3.101.110) +* `'x448'` (OID 1.3.101.111) +* `'ed25519'` (OID 1.3.101.112) +* `'ed448'` (OID 1.3.101.113) + This property is `undefined` for unrecognized `KeyObject` types and symmetric keys. @@ -1271,6 +1284,9 @@ console.log(verify.verify(publicKey, signature)); <!-- YAML added: v0.1.92 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/26960 + description: This function now supports RSA-PSS keys. - version: v11.6.0 pr-url: https://github.com/nodejs/node/pull/24234 description: This function now supports key objects. @@ -1296,7 +1312,9 @@ object, the following additional properties can be passed: * `crypto.constants.RSA_PKCS1_PSS_PADDING` Note that `RSA_PKCS1_PSS_PADDING` will use MGF1 with the same hash function - used to sign the message as specified in section 3.1 of [RFC 4055][]. + used to sign the message as specified in section 3.1 of [RFC 4055][], unless + an MGF1 hash function has been specified as part of the key in compliance with + section 3.3 of [RFC 4055][]. * `saltLength`: {integer} - salt length for when padding is `RSA_PKCS1_PSS_PADDING`. The special value `crypto.constants.RSA_PSS_SALTLEN_DIGEST` sets the salt length to the digest @@ -1369,6 +1387,9 @@ This can be called many times with new data as it is streamed. <!-- YAML added: v0.1.92 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/26960 + description: This function now supports RSA-PSS keys. - version: v11.7.0 pr-url: https://github.com/nodejs/node/pull/25217 description: The key can now be a private key. @@ -1395,7 +1416,9 @@ object, the following additional properties can be passed: * `crypto.constants.RSA_PKCS1_PSS_PADDING` Note that `RSA_PKCS1_PSS_PADDING` will use MGF1 with the same hash function - used to verify the message as specified in section 3.1 of [RFC 4055][]. + used to verify the message as specified in section 3.1 of [RFC 4055][], unless + an MGF1 hash function has been specified as part of the key in compliance with + section 3.3 of [RFC 4055][]. * `saltLength`: {integer} - salt length for when padding is `RSA_PKCS1_PSS_PADDING`. The special value `crypto.constants.RSA_PSS_SALTLEN_DIGEST` sets the salt length to the digest |