1'use strict'; 2 3const common = require('../common'); 4if (!common.hasCrypto) 5 common.skip('missing crypto'); 6 7const assert = require('assert'); 8const { 9 generateKeyPair, 10} = require('crypto'); 11const { 12 assertApproximateSize, 13 testEncryptDecrypt, 14 testSignVerify, 15} = require('../common/crypto'); 16 17// Test async RSA key generation with an encrypted private key, but encoded as DER. 18{ 19 generateKeyPair('rsa', { 20 publicExponent: 0x10001, 21 modulusLength: 512, 22 publicKeyEncoding: { 23 type: 'pkcs1', 24 format: 'der' 25 }, 26 privateKeyEncoding: { 27 type: 'pkcs8', 28 format: 'der', 29 cipher: 'aes-256-cbc', 30 passphrase: 'secret' 31 } 32 }, common.mustSucceed((publicKeyDER, privateKeyDER) => { 33 assert(Buffer.isBuffer(publicKeyDER)); 34 assertApproximateSize(publicKeyDER, 74); 35 36 assert(Buffer.isBuffer(privateKeyDER)); 37 38 // Since the private key is encrypted, signing shouldn't work anymore. 39 const publicKey = { 40 key: publicKeyDER, 41 type: 'pkcs1', 42 format: 'der', 43 }; 44 assert.throws(() => { 45 testSignVerify(publicKey, { 46 key: privateKeyDER, 47 format: 'der', 48 type: 'pkcs8' 49 }); 50 }, { 51 name: 'TypeError', 52 code: 'ERR_MISSING_PASSPHRASE', 53 message: 'Passphrase required for encrypted key' 54 }); 55 56 // Signing should work with the correct password. 57 58 const privateKey = { 59 key: privateKeyDER, 60 format: 'der', 61 type: 'pkcs8', 62 passphrase: 'secret' 63 }; 64 testEncryptDecrypt(publicKey, privateKey); 65 testSignVerify(publicKey, privateKey); 66 })); 67} 68