Private keys may be used along with publicEncrypt since the private key
includes the public one. This adds the ability to use encrypted private
keys which previously threw an error. This commit also makes sure the
user exposed functions have names.
PR-URL: https://github.com/iojs/io.js/pull/626
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Adds a note that the default padding for publicDecrypt/privateEncrypt
is RSA_PKCS1_PADDING instead of RSA_PKCS1_OAEP_PADDING as it is for
privateDecrypt/publicEncrypt.
PR-URL: https://github.com/iojs/io.js/pull/659
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Previously pseudoRandomBytes worked similarly to randomBytes but in the
event of insufficient entropy would silently return non-secure values.
As of f68a116, the entropy pool blocks if there is insufficient entropy
instead of giving an error so there is now no longer a case where
pseudoRandomBytes would act differently than randomBytes.
Docs are updated to remove pseudoRandomBytes and to clarify that
randomBytes now does block instead of erring when entropy is low.
PR-URL: https://github.com/iojs/io.js/pull/557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Updates the docs for the crypto.pseudoRandomBytes function
to more explicitly detail how it's the same as crypto.randomBytes
just without a safety net (e.g. it doesn't throw an error when
there is low entropy).
PR-URL: https://github.com/iojs/io.js/pull/545
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
adds a note to the crypto docs passing along
the advice that openssl gives about what
key derivation function they recommend.
PR-URL: https://github.com/joyent/node/pull/8580
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Cherry-picked-from: 7dbc024c85
The parameter parser specifically looked for the old bracket syntax.
This generated a lot of warnings when building the docs. Those warnings
have been fixed by changing the parsing logic.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Documentation incorrectly used bracket notation for optional parameters.
This caused inconsistencies in usage because of examples like the
following:
fs.write(fd, data[, position[, encoding]], callback)
This simply fixes all uses of bracket notation in documentation.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Make the HMAC digest method configurable. Update crypto.pbkdf2() and
crypto.pbkdf2Sync() to take an extra, optional digest argument.
Before this commit, SHA-1 (admittedly the most common method) was used
exclusively.
Fixes #6553.
This adds two new member functions getAuthTag and setAuthTag that
are useful for AES-GCM encryption modes. Use getAuthTag after
Cipheriv.final, transmit the tag along with the data and use
Decipheriv.setAuthTag to have the encrypted data verified.
Previous behaviour was to drop to an openssl prompt
("Enter PEM pass phrase:") when supplying a private key with a
passphrase. This change adds a fourth, optional, paramter that
will be used as the passphrase.
To include this parameter in a backwards compatible way it was
necessary to expose the previously undocumented (and unexposed)
feature of being able to explitly setting the output encoding.
Commit f53441a added crypto.getCiphers() as a function that returns the
names of SSL ciphers.
Commit 14a6c4e then added crypto.getHashes(), which returns the names of
digest algorithms, but that creates a subtle inconsistency: the return
values of crypto.getHashes() are valid arguments to crypto.createHash()
but that is not true for crypto.getCiphers() - the returned values are
only valid for SSL/TLS functions.
Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
return proper cipher names.
This is a flag to make it easier for users to upgrade through the
breaking crypto change, and easier for us to switch it back if it's a
problem.
Explicitly set default encoding to 'buffer' in other tests, in case it
ever changes back.
crypto: Hash and Hmac default to buffers
crypto: Move Cipher encoding logic to JS
crypto: Move Cipheriv encoding logic to JS
crypto: Move Decipher encoding logic to JS
crypto: Move Decipheriv into JS, default to buffers
crypto: Move Sign class to JS
crypto: Better encoding handling in Hash.update
crypto: Move Verify class to JS
crypto: Move DiffieHellman to JS, default to buffers
crypto: Move DiffieHellmanGroup to JS, default to buffers
Also, create a test for this feature
