node icon indicating copy to clipboard operation
node copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Comment field on `crypto.generateKeyPair`

Open jonahbron opened this issue 3 weeks ago • 8 comments

What is the problem this feature will solve?

Currently when generating a private key with crypto.generatePrivateKey, the resulting key has no Comment field. This limits its usefulness.

What is the feature you are proposing to solve the problem?

The options parameter should accept a comment field to allow attaching a comment to the private key.

What alternatives have you considered?

I'm sure there are npm packages that can generate private keys with a comment, but this is a pretty fundamental feature and I'd prefer to not need yet another dependency.

jonahbron avatar Apr 20 '24 07:04 jonahbron

@nodejs/crypto

benjamingr avatar Apr 21 '24 17:04 benjamingr

Hi! Were you thinking something like:

const crypto = require('crypto');

const keyPair = crypto.generateKeyPairSync('rsa', {
    modulusLength: 4096,
    publicKeyEncoding: {
        type: 'spki',
        format: 'pem',
        fields: {
            'Comment': '... add a comment here ...',
        }
    },
    privateKeyEncoding: {
        type: 'pkcs8',
        format: 'pem',
        fields: {
            'Comment': '... add a comment here ...',
        }
    }
});

(This isn't a feature right now, but is it what you were looking for?)

RedYetiDev avatar Apr 22 '24 19:04 RedYetiDev

Yes something like that looks about right

jonahbron avatar Apr 28 '24 00:04 jonahbron

@jonahbron @RedYetiDev Could you please point me to where that comment would be stored in the respective formats? I know that SSH keys can contain comments, but they do not strictly adhere to standard cryptographic formats.

tniessen avatar Apr 28 '24 11:04 tniessen

IIUC,

PGP keys can have comments, so I was imagining it with those keys,

AFAIK they are documented at https://www.rfc-editor.org/rfc/rfc4880

RedYetiDev avatar Apr 28 '24 11:04 RedYetiDev

generateKeyPair does not support the PGP key format, nor does OpenSSL as far as I am aware.

tniessen avatar Apr 28 '24 19:04 tniessen

Oh, well, I'm no crypto expert, so I don't really know.

RedYetiDev avatar Apr 28 '24 19:04 RedYetiDev

I don't know enough about the details of cryptographic code to be able to answer that. I know the sshpk library can parse a key and extract the comment, its code might yield some hints. See the first example in the readme where it parses a key and than has a comment field.

https://github.com/TritonDataCenter/node-sshpk?tab=readme-ov-file#examples

jonahbron avatar May 01 '24 05:05 jonahbron

@jonahbron That first example explicitly refers to an "OpenSSH-format public key", which is a key format that is specific to OpenSSH and not supported by Node.js.

Unless someone can point me to a comment field in a standardized key format that Node.js supports (or at least OpenSSL), there's nothing to be done here.

If the ask is to support OpenSSH or PGP keys, please open a new issue with that feature request.

tniessen avatar May 01 '24 07:05 tniessen