elliptic icon indicating copy to clipboard operation
elliptic copied to clipboard

Published 20 hours ago verified publisher icon indutny

ec.keyFromPrivate returns a KeyPair with a private key even when receiving a random input

Open ziccardi opened this issue 5 years ago • 1 comments

I need to perform some validation on received ECDSA keys. I tried the following code:

const key = Buffer.from('asdfasf', 'base64').toString('ascii'));
const kp = ec.keyFromPrivate(key);

I was expecting to receive an error or a null result. It surprised me to receive a KeyPair object populated with a private key. Is there any way to validate the input to be sure that received data is really a private key?

Just for completeness, that does not happens with keyFromPublic.

ziccardi avatar Oct 02 '19 13:10 ziccardi

There no validation in elliptic right now. It's probably will work when indutny/bn.js will have encoding validation on creation and version will be updated in elliptic.

fanatid avatar Oct 04 '19 13:10 fanatid