crypto: support passwords in publicEncrypt

calvinmetcalf · bnoordhuis · commit 6561274d2377 · 2015-02-02T23:21:49.000+01:00
Private keys may be used along with publicEncrypt since the private key includes the public one. This adds the ability to use encrypted private keys which previously threw an error. This commit also makes sure the user exposed functions have names. PR-URL: #626 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
diff --git a/doc/api/crypto.markdown b/doc/api/crypto.markdown
@@ -678,10 +678,13 @@ Encrypts `buffer` with `public_key`. Only RSA is currently supported.
 
 `public_key` can be an object or a string. If `public_key` is a string, it is
 treated as the key with no passphrase and will use `RSA_PKCS1_OAEP_PADDING`.
+Since RSA public keys may be derived from private keys you may pass a private
+key to this method.
 
 `public_key`:
 
 * `key` : A string holding the PEM encoded private key
+* `passphrase` : An optional string of passphrase for the private key
 * `padding` : An optional padding value, one of the following:
   * `constants.RSA_NO_PADDING`
   * `constants.RSA_PKCS1_PADDING`
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -340,7 +340,8 @@ function rsaPublic(method, defaultPadding) {
   return function(options, buffer) {
     var key = options.key || options;
     var padding = options.padding || defaultPadding;
-    return method(toBuf(key), buffer, padding);
+    var passphrase = options.passphrase || null;
+    return method(toBuf(key), buffer, padding, passphrase);
   };
 }
 
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
@@ -831,6 +831,28 @@ assert.equal(bad_dh.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
   }, encryptedBuffer);
   assert.equal(input, decryptedBufferWithPassword.toString());
 
+  encryptedBuffer = crypto.publicEncrypt({
+    key: rsaKeyPemEncrypted,
+    passphrase: 'password'
+  }, bufferToEncrypt);
+
+  decryptedBufferWithPassword = crypto.privateDecrypt({
+    key: rsaKeyPemEncrypted,
+    passphrase: 'password'
+  }, encryptedBuffer);
+  assert.equal(input, decryptedBufferWithPassword.toString());
+
+  encryptedBuffer = crypto.privateEncrypt({
+    key: rsaKeyPemEncrypted,
+    passphrase: new Buffer('password')
+  }, bufferToEncrypt);
+
+  decryptedBufferWithPassword = crypto.publicDecrypt({
+    key: rsaKeyPemEncrypted,
+    passphrase: new Buffer('password')
+  }, encryptedBuffer);
+  assert.equal(input, decryptedBufferWithPassword.toString());
+
   encryptedBuffer = crypto.publicEncrypt(certPem, bufferToEncrypt);
 
   decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer);
@@ -850,6 +872,25 @@ assert.equal(bad_dh.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
     crypto.privateDecrypt({
       key: rsaKeyPemEncrypted,
       passphrase: 'wrong'
+    }, bufferToEncrypt);
+  });
+
+  assert.throws(function() {
+    crypto.publicEncrypt({
+      key: rsaKeyPemEncrypted,
+      passphrase: 'wrong'
+    }, encryptedBuffer);
+  });
+
+  encryptedBuffer = crypto.privateEncrypt({
+    key: rsaKeyPemEncrypted,
+    passphrase: new Buffer('password')
+  }, bufferToEncrypt);
+
+  assert.throws(function() {
+    crypto.publicDecrypt({
+      key: rsaKeyPemEncrypted,
+      passphrase: [].concat.apply([], new Buffer('password'))
     }, encryptedBuffer);
   });
 })();

Original file line number	Diff line number	Diff line change
`@@ -340,7 +340,8 @@ function rsaPublic(method, defaultPadding) {`
`340`	`340`	`return function(options, buffer) {`
`341`	`341`	`var key = options.key \|\| options;`
`342`	`342`	`var padding = options.padding \|\| defaultPadding;`
`343`		`- return method(toBuf(key), buffer, padding);`
	`343`	`+ var passphrase = options.passphrase \|\| null;`
	`344`	`+ return method(toBuf(key), buffer, padding, passphrase);`
`344`	`345`	`};`
`345`	`346`	`}`
`346`	`347`