node-rsa - npm Package Compare versions

Comparing version 0.2.30 to 0.3.0

gruntfile.js

@@ -0,0 +0,0 @@ module.exports = function (grunt) {

package.json

 {
   "name": "node-rsa",
-  "version": "0.2.30",
+  "version": "0.3.0",
   "description": "Node.js RSA library",
@@ -37,8 +37,8 @@ "main": "src/NodeRSA.js",
     "chai": "2.0.0",
-    "grunt-contrib-jshint": "0.11.0"
+    "grunt-contrib-jshint": "0.11.0",
+    "lodash": "^4.0.0"
   },
   "dependencies": {
-    "asn1": "0.2.3",
-    "lodash": "3.3.0"
+    "asn1": "0.2.3"
   }
 }

README.md

@@ -107,3 +107,7 @@ # Node-RSA
 
-* keyData — `{string|buffer}` — key in PEM string **or** Buffer containing PEM string **or** Buffer containing DER encoded data.
+* keyData — `{string|buffer}` — may be:
+    * key in PEM string 
+    * Buffer containing PEM string 
+    * Buffer containing DER encoded data
+    * Object contains key components
 * format  — `{string}` — format id for export/import.
@@ -118,2 +122,3 @@
   * `'pkcs8'` — public key starts from `'-----BEGIN PUBLIC KEY-----'` header and private key starts from `'-----BEGIN PRIVATE KEY-----'` header
+  * `'components'` — use it for import/export key from/to raw components (see example below). For private key, importing data should contain all private key components, for public key: only public exponent (`e`) and modulus (`n`). All components (except `e`) should be Buffer, `e` could be Buffer or just normal Number.     
 
@@ -144,2 +149,25 @@ Key type — can be `'private'` or `'public'`. Default `'private'`<br/>
 
+```javascript
+key.importKey({
+    n: new Buffer('0086fa9ba066685845fc03833a9699c8baefb53cfbf19052a7f10f1eaa30488cec1ceb752bdff2df9fad6c64b3498956e7dbab4035b4823c99a44cc57088a23783', 'hex'),
+    e: 65537,
+    d: new Buffer('5d2f0dd982596ef781affb1cab73a77c46985c6da2aafc252cea3f4546e80f40c0e247d7d9467750ea1321cc5aa638871b3ed96d19dcc124916b0bcb296f35e1', 'hex'),
+    p: new Buffer('00c59419db615e56b9805cc45673a32d278917534804171edcf925ab1df203927f', 'hex'),
+    q: new Buffer('00aee3f86b66087abc069b8b1736e38ad6af624f7ea80e70b95f4ff2bf77cd90fd', 'hex'),
+    dmp1: new Buffer('008112f5a969fcb56f4e3a4c51a60dcdebec157ee4a7376b843487b53844e8ac85', 'hex'),
+    dmq1: new Buffer('1a7370470e0f8a4095df40922a430fe498720e03e1f70d257c3ce34202249d21', 'hex'),
+    coeff: new Buffer('00b399675e5e81506b729a777cc03026f0b2119853dfc5eb124610c0ab82999e45', 'hex')
+}, 'components');
+var publicComponents = key.exportKey('components-public');
+console.log(publicComponents);
+
+/*
+{ n: <Buffer 00 86 fa 9b a0 66 68 58 45 fc 03 83 3a 96 99 c8 ba ef b5 3c fb f1 90 52 a7 f1 0f 1e aa 30 48 8c ec 1c eb 75 2b df f2 df 9f ad 6c 64 b3 49 89 56 e7 db ... >,
+  e: 65537 
+}
+*/
+```
+
+
+
 ### Properties
@@ -215,2 +243,6 @@
 
+### 0.3.0
+ * Added import/export from/to raw key components. 
+ * Removed lodash from dependencies.
+
 ### 0.2.30
@@ -217,0 +249,0 @@ * Fixed a issue when the key was generated by 1 bit smaller than specified. It may slow down the generation of large keys.

src/encryptEngines/encryptEngines.js

@@ -0,0 +0,0 @@ var crypt = require('crypto');

src/encryptEngines/io.js

@@ -0,0 +0,0 @@ var crypto = require('crypto');

src/encryptEngines/js.js

@@ -0,0 +0,0 @@ var BigInteger = require('../libs/jsbn.js');

src/encryptEngines/node12.js

@@ -0,0 +0,0 @@ var crypto = require('crypto');

src/formats/formats.js

@@ -1,2 +0,2 @@
-var _ = require('lodash');
+var _ = require('../utils')._;
 
@@ -33,2 +33,3 @@ function formatParse(format) {
     pkcs8: require('./pkcs8'),
+    components: require('./components'),
 
@@ -82,3 +83,3 @@ isPrivateExport: function (format) {
                     if (!key.isPrivate()) {
-                        throw Error("It is not private key");
+                        throw Error("This is not private key");
                     }
@@ -88,3 +89,3 @@ return module.exports[fmt.scheme].privateExport(key, fmt.keyOpt);
                     if (!key.isPublic()) {
-                        throw Error("It is not public key");
+                        throw Error("This is not public key");
                     }
@@ -91,0 +92,0 @@ return module.exports[fmt.scheme].publicExport(key, fmt.keyOpt);

src/formats/pkcs1.js

 var ber = require('asn1').Ber;
-var _ = require('lodash');
+var _ = require('../utils')._;
 var utils = require('../utils');
@@ -4,0 +4,0 @@

src/formats/pkcs8.js

 var ber = require('asn1').Ber;
-var _ = require('lodash');
+var _ = require('../utils')._;
 var PUBLIC_RSA_OID = '1.2.840.113549.1.1.1';
@@ -4,0 +4,0 @@ var utils = require('../utils');

src/libs/jsbn.js

@@ -40,3 +40,3 @@ /*
 var crypt = require('crypto');
-var _ = require('lodash');
+var _ = require('../utils')._;
 
@@ -43,0 +43,0 @@ // Bits per digit

src/libs/rsa.js

@@ -42,3 +42,3 @@ /*
 
-var _ = require('lodash');
+var _ = require('../utils')._;
 var crypt = require('crypto');
@@ -145,5 +145,5 @@ var BigInteger = require('./jsbn.js');
     RSAKey.prototype.setPrivate = function (N, E, D, P, Q, DP, DQ, C) {
-        if (N && E && D && N.length > 0 && E.length > 0 && D.length > 0) {
+        if (N && E && D && N.length > 0 && (_.isNumber(E) || E.length > 0) && D.length > 0) {
             this.n = new BigInteger(N);
-            this.e = utils.get32IntFromBuffer(E, 0);
+            this.e = _.isNumber(E) ? E : utils.get32IntFromBuffer(E, 0);
             this.d = new BigInteger(D);
@@ -161,4 +161,5 @@
             this.$$recalculateCache();
-        } else
+        } else {
             throw Error("Invalid RSA private key");
+        }
     };
@@ -172,8 +173,9 @@
     RSAKey.prototype.setPublic = function (N, E) {
-        if (N && E && N.length > 0 && E.length > 0) {
+        if (N && E && N.length > 0 && (_.isNumber(E) || E.length > 0)) {
             this.n = new BigInteger(N);
-            this.e = utils.get32IntFromBuffer(E, 0);
+            this.e = _.isNumber(E) ? E : utils.get32IntFromBuffer(E, 0);
             this.$$recalculateCache();
-        } else
+        } else {
             throw Error("Invalid RSA public key");
+        }
     };
@@ -180,0 +182,0 @@

src/NodeRSA.js

@@ -13,3 +13,3 @@ /*!
 var ber = require('asn1').Ber;
-var _ = require('lodash');
+var _ = require('./utils')._;
 var utils = require('./utils');
@@ -35,3 +35,3 @@ var schemes = require('./schemes/schemes.js');
         'public': 'pkcs8-public-pem',
-        'public-der': 'pkcs8-public-der'
+        'public-der': 'pkcs8-public-der',
     };
@@ -93,3 +93,3 @@
                 if (signingScheme.length == 1) {
-                    if (_.indexOf(SUPPORTED_HASH_ALGORITHMS.node, signingScheme[0]) > -1) {
+                    if (SUPPORTED_HASH_ALGORITHMS.node.indexOf(signingScheme[0]) > -1) {
                         this.$options.signingSchemeOptions = {
@@ -121,3 +121,3 @@ hash: signingScheme[0]
             if (this.$options.signingSchemeOptions.hash &&
-                _.indexOf(SUPPORTED_HASH_ALGORITHMS[this.$options.environment], this.$options.signingSchemeOptions.hash) == -1) {
+                SUPPORTED_HASH_ALGORITHMS[this.$options.environment].indexOf(this.$options.signingSchemeOptions.hash) === -1) {
                 throw Error('Unsupported hashing algorithm for ' + this.$options.environment + ' environment');
@@ -141,3 +141,3 @@ }
             if (this.$options.encryptionSchemeOptions.hash &&
-                _.indexOf(SUPPORTED_HASH_ALGORITHMS[this.$options.environment], this.$options.encryptionSchemeOptions.hash) == -1) {
+                SUPPORTED_HASH_ALGORITHMS[this.$options.environment].indexOf(this.$options.encryptionSchemeOptions.hash) === -1) {
                 throw Error('Unsupported hashing algorithm for ' + this.$options.environment + ' environment');
@@ -172,3 +172,3 @@ }
      * Importing key
-     * @param keyData {string|buffer}
+     * @param keyData {string|buffer|Object}
      * @param format {string}
@@ -216,3 +216,3 @@ */
      * Check if key pair contains public key
-     * @param strict {boolean} - public key only, return false if have private exponent
+     * @param [strict] {boolean} - public key only, return false if have private exponent
      */
@@ -316,3 +316,3 @@ NodeRSA.prototype.isPublic = function (strict) {
         if (!this.isPrivate()) {
-            throw Error("It is not private key");
+            throw Error("This is not private key");
         }
@@ -340,3 +340,3 @@
         if (!this.isPublic()) {
-            throw Error("It is not public key");
+            throw Error("This is not public key");
         }
@@ -343,0 +343,0 @@ signature_encoding = (!signature_encoding || signature_encoding == 'buffer' ? null : signature_encoding);

src/schemes/oaep.js

@@ -0,0 +0,0 @@ /**

src/schemes/pkcs1.js

@@ -0,0 +0,0 @@ /**

src/schemes/pss.js

@@ -0,0 +0,0 @@ /**

src/schemes/schemes.js

@@ -0,0 +0,0 @@ module.exports = {

src/utils.js

@@ -56,1 +56,34 @@ /*
 };
+
+module.exports._ = {
+    isObject: function (value) {
+        var type = typeof value;
+        return !!value && (type == 'object' || type == 'function');
+    },
+
+    isString: function (value) {
+        return typeof value == 'string' || value instanceof String;
+    },
+
+    isNumber: function (value) {
+        return typeof value == 'number' || !isNaN(parseFloat(value)) && isFinite(value);
+    },
+
+    /**
+     * Returns copy of `obj` without `removeProp` field.
+     * @param obj
+     * @param removeProp
+     * @returns Object
+     */
+    omit: function (obj, removeProp) {
+        var newObj = {};
+        for (var prop in obj) {
+            if (!obj.hasOwnProperty(prop) || prop === removeProp) {
+                continue;
+            }
+            newObj[prop] = obj[prop];
+        }
+
+        return newObj;
+    }
+};

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1958492

increased by1100.63%

Dependency count

1

decreased by-50%

Number of package files

45

increased by50%

Lines of code

54900

increased by1670.97%

Number of lines in readme file

335

increased by10.56%

Worsened metrics

Dev dependency count

6

increased by20%

Number of low supply chain risk alerts

16

increased byInfinity%

Number of medium supply chain risk alerts

5

increased byInfinity%

Dependency changes

• - Removedlodash@3.3.0

• - Removedlodash@3.3.0(transitive)