browserify-sign - npm Package Compare versions

Comparing version 2.1.0 to 2.2.0

asn1.js

@@ -40,2 +40,24 @@ // from https://github.com/indutny/self-signed/blob/gh-pages/lib/asn1.js
 exports.PrivateKey = PrivateKeyInfo;
+var EncryptedPrivateKeyInfo = asn1.define('EncryptedPrivateKeyInfo', function() {
+  this.seq().obj(
+    this.key('algorithm').seq().obj(
+      this.key('id').objid(),
+      this.key('decrypt').seq().obj(
+        this.key('kde').seq().obj(
+          this.key('id').objid(),
+          this.key('kdeparams').seq().obj(
+            this.key('salt').octstr(),
+            this.key('iters').int()
+          )
+        ),
+        this.key('cipher').seq().obj(
+          this.key('algo').objid(),
+          this.key('iv').octstr()
+        )
+      )
+    ),
+    this.key('subjectPrivateKey').octstr()
+  );
+});
+exports.EncryptedPrivateKey = EncryptedPrivateKeyInfo;
 var GeneralName = asn1.define('GeneralName', function() {
@@ -42,0 +64,0 @@ this.choice({

inject.js

@@ -24,2 +24,3 @@ var sign = require('./sign');
 	this._tag = data.id;
+	this._crypto = crypto;
 };
@@ -38,3 +39,3 @@ Sign.prototype._write = function _write(data, _, done) {
 	var hash = this._hash.digest();
-	var sig = sign(Buffer.concat([this._tag, hash]), key);
+	var sig = sign(Buffer.concat([this._tag, hash]), key, this._crypto);
 	if (enc) {
@@ -41,0 +42,0 @@ sig = sig.toString(enc);

package.json

 {
   "name": "browserify-sign",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "",
@@ -5,0 +5,0 @@ "main": "index.js",

parseKeys.js

 var pemstrip = require('pemstrip');
 var asn1 = require('./asn1');
+var aesid = require('./aesid.json');
 module.exports = parseKeys;
 
-function parseKeys(buffer) {
+function parseKeys(buffer, crypto) {
+	var password;
+	if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
+		password = buffer.passphrase;
+		buffer = buffer.key;
+	}
 	var stripped = pemstrip.strip(buffer);
@@ -20,2 +26,6 @@ var type = stripped.tag;
 		  throw new Error('unknown key type ' +  type);
+		case 'ENCRYPTED PRIVATE KEY':
+		  data = asn1.EncryptedPrivateKey.decode(data, 'der');
+		  data = decrypt(crypto, data, password);
+		  //falling through
 		case 'PRIVATE KEY':
@@ -36,2 +46,16 @@ data = asn1.PrivateKey.decode(data, 'der');
 	}
+}
+function decrypt(crypto, data, password) {
+  var salt = data.algorithm.decrypt.kde.kdeparams.salt;
+  var iters = data.algorithm.decrypt.kde.kdeparams.iters;
+  var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')];
+  var iv = data.algorithm.decrypt.cipher.iv;
+  var cipherText = data.subjectPrivateKey;
+  var keylen = parseInt(algo.split('-')[1], 10)/8;
+  var key = crypto.pbkdf2Sync(password, salt, iters, keylen);
+  var cipher = crypto.createDecipheriv(algo, key, iv);
+  var out = [];
+  out.push(cipher.update(cipherText));
+  out.push(cipher.final());
+  return Buffer.concat(out);
 }

readme.md

@@ -18,2 +18,2 @@ browserify-sign [![Build Status](https://travis-ci.org/calvinmetcalf/browserify-sign.svg)](https://travis-ci.org/calvinmetcalf/browserify-sign)
 - dsa keys?
-- keys with passwords
+- ~~keys with passwords~~

sign.js

@@ -5,4 +5,4 @@ // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
 module.exports = sign;
-function sign(hash, key) {
-  var priv = parseKeys(key);
+function sign(hash, key, crypto) {
+  var priv = parseKeys(key, crypto);
   var len = priv.modulus.byteLength();
@@ -9,0 +9,0 @@ var pad = [ 0, 1 ];

test/index.js

@@ -16,2 +16,12 @@ var test = require('tape');
 }
+var pass1024 = {
+	private: {
+		passphrase: 'fooo',
+		key:fs.readFileSync(__dirname + '/pass.1024.priv')
+	},
+	public: fs.readFileSync(__dirname + '/pass.1024.pub')
+}
+function isNode10() {
+  return process.version && process.version.split('.').length === 3 && parseInt(process.version.split('.')[1], 10) <= 10;
+}
 var nodeCrypto = require('crypto');
@@ -36,2 +46,3 @@ var myCrypto = require('../');
 }
+
 testIt(rsa1024, new Buffer('sha224 with 1024 keys'), 'RSA-SHA224');
@@ -48,2 +59,8 @@ testIt(nonrsa1024, new Buffer('sha224 with 1024 keys non-rsa key'), 'RSA-SHA224');
 testIt(nonrsa1024, new Buffer('sha512 with 1024 keys non-rsa key'), 'RSA-SHA512');
-testIt(rsa2028, new Buffer('SHA512 with 2028 keys'), 'RSA-SHA512');
+testIt(rsa2028, new Buffer('SHA512 with 2028 keys'), 'RSA-SHA512');
+if (!isNode10()) {
+	testIt(pass1024, new Buffer('sha224 with 1024 keys and password'), 'RSA-SHA224');
+	testIt(pass1024, new Buffer('sha256 with 1024 keys and password'), 'RSA-SHA256');
+	testIt(pass1024, new Buffer('sha384 with 1024 keys and password'), 'RSA-SHA384');
+	testIt(pass1024, new Buffer('sha512 with 1024 keys and password'), 'RSA-SHA512');
+}

No alert changes

Improved metrics

Total package byte prevSize

18964

increased by27.87%

Number of package files

20

increased by17.65%

Lines of code

345

increased by27.78%

No dependency changes