coolaj86
/
rasha.js
2
1
Förgrening 0
Kod Ärenden 4 Pull-förfrågningar Släpp Wiki Aktiviteter
Etiketter Milstenar
Nytt Ärende

Support "passphrase" option in crytpo.generateKeyPair #3

Öppen
by Ghost opened 5 år sedan · 5 kommentarer
Ghost kommenterad 5 år sedan

It would be nice to be able to provide a passphrase, and have that used in the creation of the private key. This is per the options available on crypto's generateKeyPair.

It would be nice to be able to provide a passphrase, and have that used in the creation of the private key. This is per the options available on crypto's generateKeyPair.
coolaj86 kommenterad 5 år sedan
Ägare

👍 Agreed.

Would you mind pasting an example of how this works in node, for reference, and also check to see if and how this could be supported in the browser?

I'm planning to get Rasha and Eckles ported to the browser this weekend and I'm hoping to keep the APIs consistent.

This could be added PEM-only at first - which means that the x509/asn1 code would need to be updated to support it - and I believe there's something in the JOSE spec that dictates how it's done for JWK as well.

:thumbsup: Agreed. Would you mind pasting an example of how this works in node, for reference, and also check to see if and how this could be supported in the browser? I'm planning to get Rasha and Eckles ported to the browser this weekend and I'm hoping to keep the APIs consistent. This could be added PEM-only at first - which means that the x509/asn1 code would need to be updated to support it - and I believe there's something in the JOSE spec that dictates how it's done for JWK as well.
Ghost kommenterad 5 år sedan

This is just copy-pasted from the Crypto docs:

const { generateKeyPair } = require('crypto');
generateKeyPair('rsa', {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
    cipher: 'aes-256-cbc',
    passphrase: 'top secret'
  }
}, (err, publicKey, privateKey) => {
  // Handle errors and use the generated key pair.
});

Since in lib/rasha.js:57 crypto's generateKeyPair is being called, it should be possible to just pass in passphrase as part of the privateKeyEncoding parameter.

As for whether it's available in the browser, I'm looking right now.

This is just copy-pasted from the Crypto docs: ``` const { generateKeyPair } = require('crypto'); generateKeyPair('rsa', { modulusLength: 4096, publicKeyEncoding: { type: 'spki', format: 'pem' }, privateKeyEncoding: { type: 'pkcs8', format: 'pem', cipher: 'aes-256-cbc', passphrase: 'top secret' } }, (err, publicKey, privateKey) => { // Handle errors and use the generated key pair. }); ``` Since in lib/rasha.js:57 crypto's generateKeyPair is being called, it should be possible to just pass in `passphrase` as part of the `privateKeyEncoding` parameter. As for whether it's available in the browser, I'm looking right now.
Ghost kommenterad 5 år sedan

Crypto in the browser is new to me, but this seems like it may be related: https://stackoverflow.com/a/38425525

Crypto in the browser is new to me, but this seems like it may be related: https://stackoverflow.com/a/38425525
coolaj86 kommenterad 5 år sedan
Ägare

Passing it in would seem simple enough, but Rasha is intended to do signing with jwk and jose, so the change would affect multiple layers of the code.

I'll do a little more to check if WebCrypto supports it, but from that post it looks like not. Though they're talking about 3DES, which was broken wide open years ago and offers no security benefit in today's world. There's probably an AES version that might work in WebCrypto.

This isn't a priority for me, but I'm very willing to work with you to help get it implemented, documented and tested, and I'm okay if we have to document that it works for a, b and c calls in the API, but not x, y, and z.

Passing it in would seem simple enough, but Rasha is intended to do signing with jwk and jose, so the change would affect multiple layers of the code. I'll do a little more to check if WebCrypto supports it, but from that post it looks like not. Though they're talking about 3DES, which was broken wide open years ago and offers no security benefit in today's world. There's probably an AES version that might work in WebCrypto. This isn't a priority for me, but I'm very willing to work with you to help get it implemented, documented and tested, and I'm okay if we have to document that it works for `a`, `b` and `c` calls in the API, but not `x`, `y`, and `z`.
coolaj86 kommenterad 5 år sedan
Ägare

In other words: I'm actively maintaining this and I have a policy of "move to approve" when it comes to PRs, so I'm not going to ask you to do 11,000 things, be super nit-picky, and then ignore your commits for 2 whole years...

(I've had some bad experiences in open source...)

In other words: I'm actively maintaining this and I have a policy of "move to approve" when it comes to PRs, so I'm not going to ask you to do 11,000 things, be super nit-picky, and then ignore your commits for 2 whole years... (I've had some bad experiences in open source...)
Logga in för att delta i denna konversation.
Ingen branch/Tag specificerad
Grenar Taggar
master
Etiketter
Tillämpa etiketter
Rensa etiketter
Inga objekt
Ingen Etikett
Milsten
Ange milstolpe
Rensa milstenar
Inga objekt
Ingen Milsten
Tilldelade
Tilldela användare
Rensa tilldelade
Ingen tilldelad
2 Deltagare
Notiser
Förfallodatum

Inget förfallodatum satt.

Beroenden

Det här ärendet har för närvarande inga beroenden.

Skriv Förhandsgranska
Laddar…
Avbryt
Spara
Det finns inget innehåll än.
Ta bort branch '%!s(MISSING)'

Borttagning utav en branch är permanent. Detta KAN INTE ångras. Vill du fortsätta?

Nej
Ja