From f1056542f0cf2520e122d93afbaada6b6599e49b Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 11 Mar 2019 21:26:22 +0100 Subject: [PATCH] crypto: expose KeyObject class MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/26438 Reviewed-By: Sam Roberts Reviewed-By: Tobias Nießen --- doc/api/crypto.md | 16 ++++++++++------ lib/crypto.js | 4 +++- lib/internal/crypto/keys.js | 1 + 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 1b30633221d895..0653fcedaad1f1 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1109,14 +1109,18 @@ This can be called many times with new data as it is streamed. ## Class: KeyObject -Node.js uses an internal `KeyObject` class which should not be accessed -directly. Instead, factory functions exist to create instances of this class -in a secure manner, see [`crypto.createSecretKey()`][], -[`crypto.createPublicKey()`][] and [`crypto.createPrivateKey()`][]. A -`KeyObject` can represent a symmetric or asymmetric key, and each kind of key -exposes different functions. +Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key, +and each kind of key exposes different functions. The +[`crypto.createSecretKey()`][], [`crypto.createPublicKey()`][] and +[`crypto.createPrivateKey()`][] methods are used to create `KeyObject` +instances. `KeyObject` objects are not to be created directly using the `new` +keyword. Most applications should consider using the new `KeyObject` API instead of passing keys as strings or `Buffer`s due to improved security features. diff --git a/lib/crypto.js b/lib/crypto.js index 8f26ac6c136fb5..673a198466ec5c 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -60,7 +60,8 @@ const { const { createSecretKey, createPublicKey, - createPrivateKey + createPrivateKey, + KeyObject, } = require('internal/crypto/keys'); const { DiffieHellman, @@ -191,6 +192,7 @@ module.exports = exports = { ECDH, Hash, Hmac, + KeyObject, Sign, Verify }; diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index a0c2148b305b88..1eb4a6f7be7006 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -333,6 +333,7 @@ module.exports = { createSecretKey, createPublicKey, createPrivateKey, + KeyObject, // These are designed for internal use only and should not be exposed. parsePublicKeyEncoding,