From 7afdfaec083310baa66c05daf33409a7b55528dd Mon Sep 17 00:00:00 2001
From: Tobias Nießen <tniessen@tnie.de>
Date: Thu, 3 Jan 2019 18:59:34 +0100
Subject: crypto: fix key object wrapping in sync keygen

PR-URL: https://github.com/nodejs/node/pull/25326
Fixes: https://github.com/nodejs/node/issues/25322
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 doc/api/crypto.md | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

(limited to 'doc/api/crypto.md')

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index bc842062d0..95b1e9114a 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -1951,18 +1951,8 @@ changes:
   - `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
   - `divisorLength`: {number} Size of `q` in bits (DSA).
   - `namedCurve`: {string} Name of the curve to use (EC).
-  - `publicKeyEncoding`: {Object}
-    - `type`: {string} Must be one of `'pkcs1'` (RSA only) or `'spki'`.
-    - `format`: {string} Must be `'pem'` or `'der'`.
-  - `privateKeyEncoding`: {Object}
-    - `type`: {string} Must be one of `'pkcs1'` (RSA only), `'pkcs8'` or
-      `'sec1'` (EC only).
-    - `format`: {string} Must be `'pem'` or `'der'`.
-    - `cipher`: {string} If specified, the private key will be encrypted with
-      the given `cipher` and `passphrase` using PKCS#5 v2.0 password based
-      encryption.
-    - `passphrase`: {string | Buffer} The passphrase to use for encryption, see
-      `cipher`.
+  - `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
+  - `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
 * Returns: {Object}
   - `publicKey`: {string | Buffer | KeyObject}
   - `privateKey`: {string | Buffer | KeyObject}
@@ -1970,8 +1960,13 @@ changes:
 Generates a new asymmetric key pair of the given `type`. Only RSA, DSA and EC
 are currently supported.
 
-It is recommended to encode public keys as `'spki'` and private keys as
-`'pkcs8'` with encryption:
+If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
+behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
+the respective part of the key is returned as a [`KeyObject`].
+
+When encoding public keys, it is recommended to use `'spki'`. When encoding
+private keys, it is recommended to use `'pks8'` with a strong passphrase, and to
+keep the passphrase confidential.
 
 ```js
 const { generateKeyPairSync } = require('crypto');
-- 
cgit v1.2.3