-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: deprecate KeyObject.from but support CryptoKeys in create*Key #37240
Conversation
cc @nodejs/crypto for opinions and input. For context: #37198 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can close #37198 and, if docs are added here for the renamed method, accept this change.
I'm indifferent to whether non-extractable can be passed or not. It one really wants the keyobject they can get the kKeyObkect handle symbol anyway.
Co-authored-by: Filip Skokan <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm -1 on this. The naming was intentionally generic. While this only works with CryptoKey
now, there's no reason it cannot support other inputs in the future...
If we don't want KeyObject.from()
, if anything, let's make the crypto.create(Private|Public|Secret)Key()
variants accept a CryptoKey
and make it unwrap the KeyObject
from the CryptoKey
instead of creating a new instance.
@jasnell Well, that's really the question that it boils down to. What other inputs could we safely handle here that aren't already covered by other APIs? I don't think JWK is a safe candidate here because it's not a uniquely identifiable data type, and because the user would have no control over the resulting key type (public versus private). |
FYI crypto.create(Private|Public|Secret)Key() for JWK is coming along nicely. |
Adding to #37240 (comment)...
@jasnell I can change this PR to match that if you and/or other people from @nodejs/crypto prefer this. Maybe I'm wrong and |
So far crypto.create(Private|Public|Secret)Key() has been used for key material - pem, der, coming jwk. CryptoKey is already a representantion of a parsed key material. One exception to that is passing private keyobject to createPublicKey. |
Let's just add CryptoKey as an option for the create variants, then we can deprecate KeyObject.from |
On it, but not ready yet. |
This renamesKeyObject.from
toKeyObject.fromCryptoKey
. Currently, it only acceptsCryptoKey
instances as inputs, and I don't see that changing any time soon.This is mainly for API safety.
KeyObject.from
is a very generic name for something that has a very specific purpose. Also, the name says absolutely nothing about the type of the parameter:The function is currently undocumented, I'll update this if/when #37198 lands.I don't think this function is being tested at all, but I might have missed it. I'd love to hear other opinions if someone thinks we should keep the function as it is (modulo being documented).This deprecates
KeyObject.from
and adds support forCryptoKey
instances tocreatePrivateKey
etc.It's also questionable that non-
extractable
instances ofCryptoKey
can apparently be converted to unprotectedKeyObject
s , which then allow extracting the key material. Not sure if that's a feature or a bug.