From 74c6f57aed229ec0e1464cd7065e782a8412464a Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 11 Mar 2019 21:26:22 +0100 Subject: [PATCH] crypto: expose KeyObject class MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/26438 Reviewed-By: Sam Roberts Reviewed-By: Tobias Nießen --- doc/api/crypto.md | 16 ++++++++++------ lib/crypto.js | 4 +++- lib/internal/crypto/keys.js | 1 + 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 7644ff7d632a22..85c4336f78906a 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1109,14 +1109,18 @@ This can be called many times with new data as it is streamed. ## Class: KeyObject -Node.js uses an internal `KeyObject` class which should not be accessed -directly. Instead, factory functions exist to create instances of this class -in a secure manner, see [`crypto.createSecretKey()`][], -[`crypto.createPublicKey()`][] and [`crypto.createPrivateKey()`][]. A -`KeyObject` can represent a symmetric or asymmetric key, and each kind of key -exposes different functions. +Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key, +and each kind of key exposes different functions. The +[`crypto.createSecretKey()`][], [`crypto.createPublicKey()`][] and +[`crypto.createPrivateKey()`][] methods are used to create `KeyObject` +instances. `KeyObject` objects are not to be created directly using the `new` +keyword. Most applications should consider using the new `KeyObject` API instead of passing keys as strings or `Buffer`s due to improved security features. diff --git a/lib/crypto.js b/lib/crypto.js index 0c956ecd107b0a..626073ed5e3eb5 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -60,7 +60,8 @@ const { const { createSecretKey, createPublicKey, - createPrivateKey + createPrivateKey, + KeyObject, } = require('internal/crypto/keys'); const { DiffieHellman, @@ -192,6 +193,7 @@ module.exports = exports = { ECDH, Hash, Hmac, + KeyObject, Sign, Verify }; diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index ecd747d947516f..a7a94b222d1d3d 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -318,6 +318,7 @@ module.exports = { createSecretKey, createPublicKey, createPrivateKey, + KeyObject, // These are designed for internal use only and should not be exposed. parsePublicKeyEncoding,