@relaycorp/dnssec - npm Package Compare versions

Comparing version 1.1.1 to 1.1.2

build/lib/lib/DnssecAlgorithm.d.ts

@@ -7,3 +7,2 @@ /**
 export declare enum DnssecAlgorithm {
-    DSA = 3,
     RSASHA1 = 5,
@@ -10,0 +9,0 @@ RSASHA256 = 8,

build/lib/lib/DnssecAlgorithm.js

@@ -8,3 +8,3 @@ /**
 (function (DnssecAlgorithm) {
-    DnssecAlgorithm[DnssecAlgorithm["DSA"] = 3] = "DSA";
+    // DSA = 3, // See: https://github.com/relaycorp/dnssec-js/issues/50
     DnssecAlgorithm[DnssecAlgorithm["RSASHA1"] = 5] = "RSASHA1";
@@ -11,0 +11,0 @@ DnssecAlgorithm[DnssecAlgorithm["RSASHA256"] = 8] = "RSASHA256";

build/lib/lib/rdata/DnskeyData.js

 import { Parser } from 'binary-parser';
 import { MalformedRdataError } from '../verification/MalformedRdataError';
-import { deserialisePublicKey, serialisePublicKey } from '../utils/keySerialisation';
+import { deserialisePublicKey, serialisePublicKey } from '../utils/crypto/keySerialisation';
 const PARSER = new Parser()
@@ -5,0 +5,0 @@ .endianness('big')

build/lib/lib/rdata/DsData.js

 import { Parser } from 'binary-parser';
 import { MalformedRdataError } from '../verification/MalformedRdataError';
-import { generateDigest } from '../utils/crypto';
+import { generateDigest } from '../utils/crypto/hashing';
 import { serialiseName } from '../dns/name';
@@ -5,0 +5,0 @@ const PARSER = new Parser()

build/lib/lib/rdata/RrsigData.js

@@ -6,3 +6,3 @@ import { sign as cryptoSign, verify as cryptoVerify } from 'node:crypto';
 import { MalformedRdataError } from '../verification/MalformedRdataError';
-import { getNodejsHashAlgorithmFromDnssecAlgo } from '../utils/crypto';
+import { getNodejsHashAlgorithmFromDnssecAlgo } from '../utils/crypto/hashing';
 const PARSER = new Parser()
@@ -9,0 +9,0 @@ .endianness('big')

build/lib/lib/signing/keyGen.d.ts

 /// <reference types="node" />
-import { generateKeyPair } from 'node:crypto';
+import { generateKeyPair as cryptoGenerateKeyPair, KeyObject } from 'node:crypto';
 import { DnssecAlgorithm } from '../DnssecAlgorithm';
-export declare const generateKeyPairAsync: typeof generateKeyPair.__promisify__;
-interface KeyGenOptions {
-    readonly type: string;
-    readonly options?: object;
+export declare const generateKeyPairAsync: typeof cryptoGenerateKeyPair.__promisify__;
+export interface KeyPair {
+    readonly publicKey: KeyObject;
+    readonly privateKey: KeyObject;
 }
-export declare function getKeyGenOptions(dnssecAlgorithm: DnssecAlgorithm): KeyGenOptions;
-export {};
+export declare function generateKeyPair(algorithm: DnssecAlgorithm): Promise<KeyPair>;

build/lib/lib/signing/keyGen.js

@@ -1,5 +0,5 @@
-import { generateKeyPair } from 'node:crypto';
+import { generateKeyPair as cryptoGenerateKeyPair } from 'node:crypto';
 import { promisify } from 'node:util';
 import { DnssecAlgorithm } from '../DnssecAlgorithm';
-export const generateKeyPairAsync = promisify(generateKeyPair);
+export const generateKeyPairAsync = promisify(cryptoGenerateKeyPair);
 const RSA_OPTIONS = {
@@ -10,3 +10,2 @@ type: 'rsa',
 const KEY_GEN_OPTIONS = {
-    [DnssecAlgorithm.DSA]: { type: 'dsa' },
     [DnssecAlgorithm.ECDSAP256SHA256]: { type: 'ec', options: { namedCurve: 'prime256v1' } },
@@ -20,9 +19,9 @@ [DnssecAlgorithm.ECDSAP384SHA384]: { type: 'ec', options: { namedCurve: 'secp384r1' } },
 };
-export function getKeyGenOptions(dnssecAlgorithm) {
-    const algorithm = KEY_GEN_OPTIONS[dnssecAlgorithm];
-    if (!algorithm) {
-        throw new Error(`Unsupported algorithm (${dnssecAlgorithm})`);
+export async function generateKeyPair(algorithm) {
+    const options = KEY_GEN_OPTIONS[algorithm];
+    if (!options) {
+        throw new Error(`Unsupported algorithm (${algorithm})`);
     }
-    return algorithm;
+    return generateKeyPairAsync(options.type, options.options);
 }
 //# sourceMappingURL=keyGen.js.map

build/lib/lib/signing/ZoneSigner.js

 import { addSeconds, setMilliseconds } from 'date-fns';
 import { Record } from '../dns/Record';
 import { DNSClass } from '../dns/DNSClass';
-import { generateKeyPairAsync, getKeyGenOptions } from './keyGen';
+import { generateKeyPair } from './keyGen';
 import { DigestType } from '../DigestType';
@@ -21,4 +21,3 @@ import { DnssecRecordType } from '../DnssecRecordType';
     static async generate(algorithm, zoneName) {
-        const keyGenOptions = getKeyGenOptions(algorithm);
-        const keyPair = await generateKeyPairAsync(keyGenOptions.type, keyGenOptions.options);
+        const keyPair = await generateKeyPair(algorithm);
         return new ZoneSigner(keyPair.privateKey, keyPair.publicKey, zoneName, algorithm);
@@ -25,0 +24,0 @@ }

package.json

 {
   "name": "@relaycorp/dnssec",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "author": {
@@ -5,0 +5,0 @@ "email": "no-reply@relaycorp.tech",

README.md

@@ -49,4 +49,5 @@ # `@relaycorp/dnssec`
 
+- DSA (`3`) because [it's too insecure and hardly used](https://github.com/relaycorp/dnssec-js/issues/50).
 - NSEC3 (`6` and `7`) because [we don't currently support Denial of Existence records](https://github.com/relaycorp/dnssec-js/issues/17).
 - [GOST](https://en.wikipedia.org/wiki/GOST) (`12`) due to lack of support in Node.js, and its lack of popularity and security doesn't seem to justify integrating a third party NPM package supporting it (assuming a suitable one exists).
 - Private algorithms (`253` and `254`) because we have no use for those, but we'd welcome PRs to implement them.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Number of package files

126

increased by0.8%

Number of lines in readme file

53

increased by1.92%

Worsened metrics

Total package byte prevSize

115488

decreased by-0.04%

Lines of code

1623

decreased by-0.25%

No dependency changes