1'use strict'; 2 3const common = require('../common'); 4if (!common.hasCrypto) 5 common.skip('missing crypto'); 6 7const assert = require('assert'); 8const { 9 generateKeyPair, 10} = require('crypto'); 11const { 12 testSignVerify, 13 spkiExp, 14 pkcs8EncExp, 15} = require('../common/crypto'); 16 17// Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted 18// private key. 19{ 20 generateKeyPair('ec', { 21 namedCurve: 'P-256', 22 paramEncoding: 'named', 23 publicKeyEncoding: { 24 type: 'spki', 25 format: 'pem' 26 }, 27 privateKeyEncoding: { 28 type: 'pkcs8', 29 format: 'pem', 30 cipher: 'aes-128-cbc', 31 passphrase: 'top secret' 32 } 33 }, common.mustSucceed((publicKey, privateKey) => { 34 assert.strictEqual(typeof publicKey, 'string'); 35 assert.match(publicKey, spkiExp); 36 assert.strictEqual(typeof privateKey, 'string'); 37 assert.match(privateKey, pkcs8EncExp); 38 39 // Since the private key is encrypted, signing shouldn't work anymore. 40 assert.throws(() => testSignVerify(publicKey, privateKey), 41 common.hasOpenSSL3 ? { 42 message: 'error:07880109:common libcrypto ' + 43 'routines::interrupted or cancelled' 44 } : { 45 name: 'TypeError', 46 code: 'ERR_MISSING_PASSPHRASE', 47 message: 'Passphrase required for encrypted key' 48 }); 49 50 testSignVerify(publicKey, { 51 key: privateKey, 52 passphrase: 'top secret' 53 }); 54 })); 55} 56