		@@ -16,2 +16,4 @@ /*!
		var NOBJ = {};
		var DEFAULT_BITLEN = 2048;
		var DEFAULT_EXPONENT = 65537;

		@@ -26,3 +28,3 @@ function create(deps) {
		try {
		RSA._URSA = require('ursa');
		RSA._URSA = require('ursa-optional');
		} catch(e) {
		@@ -60,3 +62,16 @@ // ignore

		RSA.generateKeypair = function (length, exponent, options, cb) {
		// length, exponent, options, cb
		RSA.generateKeypair = function (options, cb, extra1, extra2) {
		var length;
		var exponent;
		if ('function' === typeof extra2) {
		length = options \|\| DEFAULT_BITLEN;
		exponent = cb \|\| DEFAULT_EXPONENT;
		options = extra1 \|\| NOBJ;
		cb = extra2;
		} else {
		if (!options) { options = NOBJ; }
		length = options.bitlen \|\| DEFAULT_BITLEN;
		exponent = options.exp \|\| DEFAULT_EXPONENT;
		}
		if (!RSA._URSA && /arm\|mips/i.test(require('os').arch) && !RSA._SLOW_WARN) {
		@@ -90,4 +105,2 @@ console.warn("================================================================");

		options = options \|\| NOBJ;

		RSA._internal.generateKeypair(length, exponent, options, function (err, keys) {
		@@ -124,3 +137,7 @@ if (false !== options.jwk \|\| options.thumbprint) {

		RSA.import = function (keypair/, options/) {
		RSA.import = function (options/, options/) {
		var keypair = options;
		if (keypair.key) {
		keypair = keypair.key;
		}
		keypair = RSA._internal.import(keypair, { internal: true });
		@@ -127,0 +144,0 @@ keypair = RSA._internal.importForge(keypair, { internal: true });

package.json

		{
		"name": "rsa-compat",
		"version": "1.4.2",
		"version": "1.5.0",
		"description": "RSA utils that work on Windows, Mac, and Linux with or without C compiler",
		@@ -44,2 +44,5 @@ "main": "node.js",
		},
		"optionalDependencies": {
		"ursa-optional": "^0.9.4"
		},
		"trulyOptionalDependencies": {
		@@ -46,0 +49,0 @@ "buffer-v6-polyfill": "^1.0.3",

README.md

		# rsa-compat.js
		!["Lifetime Downloads"](https://img.shields.io/npm/dt/rsa-compat.svg "Lifetime Download Count can't be shown")
		!["Monthly Downloads"](https://img.shields.io/npm/dm/rsa-compat.svg "Monthly Download Count can't be shown")
		!["Weekly Downloads"](https://img.shields.io/npm/dw/rsa-compat.svg "Weekly Download Count can't be shown")

		@@ -23,9 +26,2 @@ \| Sponsored by [ppl](https://ppl.family).

		For more efficient RSA key generation:
		<small>(I dropped `ursa` as an "optional dependency" because the non-fatal error messages on unsupported platforms and node versions were confusing people, but I still recommend installing it)</small>

		```bash
		npm install --save ursa
		```

		Node < v6 support:
		@@ -43,3 +39,2 @@


		Usage
		@@ -66,7 +61,5 @@ =====

		var bitlen = 2048;
		var exp = 65537;
		var options = { public: true, pem: true, internal: true };
		var options = { bitlen: 2048, exp: 65537, public: true, pem: true, internal: true };

		RSA.generateKeypair(bitlen, exp, options, function (err, keypair) {
		RSA.generateKeypair(options, function (err, keypair) {
		console.log(keypair);
		@@ -111,7 +104,28 @@ });

		Security and Compatibility
		------

		TL;DR: Use the default values 2048 and 65537 unless you have a really, really good reason to do otherwise.

		Various platforms require these values.

		Most security experts agree that 4096-bit is no more "secure" than 2048-bit -
		a fundamental vulnerability in the RSA algorithm which causes 2048 to be broken
		will most likely also cause 4096 to be broken
		(i.e. if someone can prove mathematically prove P=NP or a way to predict prime numbers).
		Also, many platforms
		only support 2048 bit keys due to the insecurity of 1024-bit keys (which are not 1/2 secure
		but rather 1/(2^1028) less secure) and the excess computational
		cost of 4096-bit keys (it's not a 2x increase, it's more like a 2^2048 increase).

		As to why 65537 is even optional as a prime exponent or why it matters... no idea,
		but it does matter.

		API
		---

		* `RSA.generateKeypair(bitlen, exp, options, cb)`
		* `RSA.import(keypair, options)`
		* `RSA.generateKeypair(options, cb)`
		* (deprecated `RSA.generateKeypair(bitlen, exp, options, cb)`)
		* `RSA.import(options)`
		* (deprecated `RSA.import(keypair, options)`)
		* `RSA.exportPrivatePem(keypair)`
		@@ -128,3 +142,3 @@ * `RSA.exportPublicPem(keypair)`

		### RSA.generateKeypair(bitlen, exp, options, cb)
		### RSA.generateKeypair(options, cb)

		@@ -134,11 +148,9 @@ Create a private keypair and export it as PEM, JWK, and/or internal formats
		```javascript
		RSA.generateKeypair(null, null, null, function (keypair) { /.../ });
		RSA.generateKeypair(null, function (keypair) { /.../ });

		RSA.generateKeypair(2048, 65537, { pem: false, public: false, internal: false }, function (keypair) { /.../ });
		RSA.generateKeypair({
		bitlen: 2048, exp: 65537, pem: false, public: false, internal: false
		}, function (keypair) { /.../ });
		```

		`bitlen`: 2048 or 4096

		`exp`: 65537 (default)

		`options`:
		@@ -155,3 +167,3 @@ ```javascript

		### RSA.import(keypair, options)
		### RSA.import(options)

		@@ -161,3 +173,3 @@ Imports keypair as JWKs and internal values `_ursa` and `_forge`.
		```javascript
		var keypair = RSA.import({ privateKeyPem: '...'});
		var keypair = RSA.import({ type: 'RSA', privateKeyPem: '...' });

		@@ -164,0 +176,0 @@ console.log(keypair);

rsa-compat - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics