crypto: add support for PEM-level encryption #23151
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds support for PEM-level encryption as defined in RFC 1421. PEM-level encryption is intentionally unsupported for PKCS#8 private keys since PKCS#8 defines a newer encryption format. Refs: nodejs#22660
nodejs-github-bot
added
c++
tniessen
added
the
semver-minor
bnoordhuis
approved these changes
Sep 29, 2018
|
CI: https://ci.nodejs.org/job/node-test-pull-request/17560/ cc @nodejs/crypto |
jasnell
approved these changes
Oct 1, 2018
tniessen
added
the
author ready
|
Landed in 0a1c650, thanks for reviewing. |
tniessen
added a commit
that referenced
this pull request
Oct 2, 2018
This adds support for PEM-level encryption as defined in RFC 1421. PEM-level encryption is intentionally unsupported for PKCS#8 private keys since PKCS#8 defines a newer encryption format. PR-URL: #23151 Refs: #22660 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
jasnell
added a commit
that referenced
this pull request
Oct 2, 2018
Notable changes: * Build * FreeBSD 10 is no longer supported. [#22617](#22617) * `child_process` * The default value of the `windowsHide` option has been changed to `true`. [#21316](#21316) * `console` * `console.countReset()` will emit a warning if the timer being reset does not exist. [#21649](#21649) * `console.time()` will no longer reset a timer if it already exists. [#20442](#20442) * `crypto` * PEM-level encryption is now supported. [#23151](#23151) * An API for key pair generation has been added. [#22660](#22660) * Dependencies * V8 has been updated to 7.0. [#22754](#22754) * `fs` * The `fs.read()` method now requires a callback. [#22146](#22146) * The previously deprecated `fs.SyncWriteStream` utility has been removed.[#20735](#20735) * `http` * The `http`, `https`, and `tls` modules now use the WHATWG URL parser by default. [#20270](#20270) * `http2` * An event will be emitted when a `PING` frame is received. [#23009](#23009) * Support for the `ORIGIN` frame has been added. [#22956](#22956) * General * Use of `process.binding()` has been deprecated. Userland code using `process.binding()` should re-evaluate that use and begin migrating. * An experimental implementation of `queueMicrotask()` has been added. [#22951](#22951) * Internal * Windows performance-counter support has been removed. [#22485](#22485) * The `--expose-http2` command-line option has been removed. [#20887](#20887) * Promises * A new `multipleResolves` event will be emitted when a Promise is resolved (or rejected) more than once. [#22218](#22218) * Timers * Interval timers will be rescheduled even if previous interval threw an error. [#20002](#20002) * `util` * The WHATWG `TextEncoder` and `TextDecoder` are now globals. [#22281](#22281) * `util.inspect()` output size is limited to 128 MB by default. [#22756](#22756) * A runtime warning will be emitted when `NODE_DEBUG` is set for either `http` or `http2`. [#21914](#21914)
targos
pushed a commit
that referenced
this pull request
Oct 3, 2018
This adds support for PEM-level encryption as defined in RFC 1421. PEM-level encryption is intentionally unsupported for PKCS#8 private keys since PKCS#8 defines a newer encryption format. PR-URL: #23151 Refs: #22660 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
4 tasks
targos
added a commit
that referenced
this pull request
Oct 7, 2018
Notable changes:
* assert
* The diff output is now a tiny bit improved by sorting object
properties when inspecting the values that are compared with each
other. #22788
* cli
* The options parser now normalizes `_` to `-` in all multi-word
command-line flags, e.g. `--no_warnings` has the same effect as
`--no-warnings`. #23020
* Added bash completion for the `node` binary. To generate a bash
completion script, run `node --completion-bash`. The output can be
saved to a file which can be sourced to enable completion.
#20713
* crypto
* Added support for PEM-level encryption.
#23151
* Added an API asymmetric key pair generation. The new methods
`crypto.generateKeyPair` and `crypto.generateKeyPairSync` can be
used to generate public and private key pairs. The API supports
RSA, DSA and EC and a variety of key encodings (both PEM and DER).
#22660
* fs
* Added a `recursive` option to `fs.mkdir` and `fs.mkdirSync`. If
this option is set to true, non-existing parent folders will be
automatically created. #21875
* http2
* Added a `'ping'` event to `Http2Session` that is emitted whenever a
non-ack `PING` is received.
#23009
* Added support for the `ORIGIN` frame.
#22956
* module
* Added `module.createRequireFromPath(filename)`. This new method can
be used to create a custom require function that will resolve
modules relative to the filename path.
#19360
* process
* Added a `'multipleResolves'` process event that is emitted whenever
a `Promise` is attempted to be resolved multiple times, e.g. if the
`resolve` and `reject` functions are both called in a `Promise`
executor. #22218
* **url**
* Added `url.fileURLToPath(url)` and `url.pathToFileURL(path)`. These
methods can be used to correctly convert between file: URLs and
absolute paths. #22506
* **util**
* Added the `sorted` option to `util.inspect()`. If set to `true`,
all properties of an object and Set and Map entries will be sorted
in the returned string. If set to a function, it is used as a
compare function. #22788
* The `util.instpect.custom` symbol is now defined in the global
symbol registry as `Symbol.for('nodejs.util.inspect.custom')`.
#20857
* **Windows**
* The Windows msi installer now provides an option to automatically
install the tools required to build native modules.
#22645
* **Added new collaborators**:
* digitalinfinity - Hitesh Kanwathirtha
PR-URL: #23313
targos
added a commit
that referenced
this pull request
Oct 10, 2018
Notable changes:
* assert
* The diff output is now a tiny bit improved by sorting object
properties when inspecting the values that are compared with each
other. #22788
* cli
* The options parser now normalizes `_` to `-` in all multi-word
command-line flags, e.g. `--no_warnings` has the same effect as
`--no-warnings`. #23020
* Added bash completion for the `node` binary. To generate a bash
completion script, run `node --completion-bash`. The output can be
saved to a file which can be sourced to enable completion.
#20713
* crypto
* Added support for PEM-level encryption.
#23151
* Added an API asymmetric key pair generation. The new methods
`crypto.generateKeyPair` and `crypto.generateKeyPairSync` can be
used to generate public and private key pairs. The API supports
RSA, DSA and EC and a variety of key encodings (both PEM and DER).
#22660
* fs
* Added a `recursive` option to `fs.mkdir` and `fs.mkdirSync`. If
this option is set to true, non-existing parent folders will be
automatically created. #21875
* http2
* Added a `'ping'` event to `Http2Session` that is emitted whenever a
non-ack `PING` is received.
#23009
* Added support for the `ORIGIN` frame.
#22956
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect
protocol support to allow use of WebSockets over HTTP/2.
#23284
* module
* Added `module.createRequireFromPath(filename)`. This new method can
be used to create a custom require function that will resolve
modules relative to the filename path.
#19360
* process
* Added a `'multipleResolves'` process event that is emitted whenever
a `Promise` is attempted to be resolved multiple times, e.g. if the
`resolve` and `reject` functions are both called in a `Promise`
executor. #22218
* url
* Added `url.fileURLToPath(url)` and `url.pathToFileURL(path)`. These
methods can be used to correctly convert between file: URLs and
absolute paths. #22506
* util
* Added the `sorted` option to `util.inspect()`. If set to `true`,
all properties of an object and Set and Map entries will be sorted
in the returned string. If set to a function, it is used as a
compare function. #22788
* The `util.instpect.custom` symbol is now defined in the global
symbol registry as `Symbol.for('nodejs.util.inspect.custom')`.
#20857
* Added support for `BigInt` numbers in `util.format()`.
#22097
* V8 API
* A number of V8 C++ APIs have been marked as deprecated since they
have been removed in the upstream repository. Replacement APIs
are added where necessary. #23159
* Windows
* The Windows msi installer now provides an option to automatically
install the tools required to build native modules.
#22645
* Workers
* Debugging support for Workers using the DevTools protocol has been
implemented. #21364
* The public `inspector` module is now enabled in Workers.
#22769
* Added new collaborators:
* digitalinfinity - Hitesh Kanwathirtha
PR-URL: #23313
targos
added a commit
that referenced
this pull request
Oct 10, 2018
Notable changes:
* assert
* The diff output is now a tiny bit improved by sorting object
properties when inspecting the values that are compared with each
other. #22788
* cli
* The options parser now normalizes `_` to `-` in all multi-word
command-line flags, e.g. `--no_warnings` has the same effect as
`--no-warnings`. #23020
* Added bash completion for the `node` binary. To generate a bash
completion script, run `node --completion-bash`. The output can be
saved to a file which can be sourced to enable completion.
#20713
* crypto
* Added support for PEM-level encryption.
#23151
* Added an API asymmetric key pair generation. The new methods
`crypto.generateKeyPair` and `crypto.generateKeyPairSync` can be
used to generate public and private key pairs. The API supports
RSA, DSA and EC and a variety of key encodings (both PEM and DER).
#22660
* fs
* Added a `recursive` option to `fs.mkdir` and `fs.mkdirSync`. If
this option is set to true, non-existing parent folders will be
automatically created. #21875
* http2
* Added a `'ping'` event to `Http2Session` that is emitted whenever a
non-ack `PING` is received.
#23009
* Added support for the `ORIGIN` frame.
#22956
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect
protocol support to allow use of WebSockets over HTTP/2.
#23284
* module
* Added `module.createRequireFromPath(filename)`. This new method can
be used to create a custom require function that will resolve
modules relative to the filename path.
#19360
* process
* Added a `'multipleResolves'` process event that is emitted whenever
a `Promise` is attempted to be resolved multiple times, e.g. if the
`resolve` and `reject` functions are both called in a `Promise`
executor. #22218
* url
* Added `url.fileURLToPath(url)` and `url.pathToFileURL(path)`. These
methods can be used to correctly convert between file: URLs and
absolute paths. #22506
* util
* Added the `sorted` option to `util.inspect()`. If set to `true`,
all properties of an object and Set and Map entries will be sorted
in the returned string. If set to a function, it is used as a
compare function. #22788
* The `util.instpect.custom` symbol is now defined in the global
symbol registry as `Symbol.for('nodejs.util.inspect.custom')`.
#20857
* Added support for `BigInt` numbers in `util.format()`.
#22097
* V8 API
* A number of V8 C++ APIs have been marked as deprecated since they
have been removed in the upstream repository. Replacement APIs
are added where necessary. #23159
* Windows
* The Windows msi installer now provides an option to automatically
install the tools required to build native modules.
#22645
* Workers
* Debugging support for Workers using the DevTools protocol has been
implemented. #21364
* The public `inspector` module is now enabled in Workers.
#22769
* Added new collaborators:
* digitalinfinity - Hitesh Kanwathirtha
PR-URL: #23313
targos
added a commit
that referenced
this pull request
Oct 10, 2018
Notable changes:
* assert
* The diff output is now a tiny bit improved by sorting object
properties when inspecting the values that are compared with each
other. #22788
* cli
* The options parser now normalizes `_` to `-` in all multi-word
command-line flags, e.g. `--no_warnings` has the same effect as
`--no-warnings`. #23020
* Added bash completion for the `node` binary. To generate a bash
completion script, run `node --completion-bash`. The output can be
saved to a file which can be sourced to enable completion.
#20713
* crypto
* Added support for PEM-level encryption.
#23151
* Added an API asymmetric key pair generation. The new methods
`crypto.generateKeyPair` and `crypto.generateKeyPairSync` can be
used to generate public and private key pairs. The API supports
RSA, DSA and EC and a variety of key encodings (both PEM and DER).
#22660
* fs
* Added a `recursive` option to `fs.mkdir` and `fs.mkdirSync`. If
this option is set to true, non-existing parent folders will be
automatically created. #21875
* http2
* Added a `'ping'` event to `Http2Session` that is emitted whenever a
non-ack `PING` is received.
#23009
* Added support for the `ORIGIN` frame.
#22956
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect
protocol support to allow use of WebSockets over HTTP/2.
#23284
* module
* Added `module.createRequireFromPath(filename)`. This new method can
be used to create a custom require function that will resolve
modules relative to the filename path.
#19360
* process
* Added a `'multipleResolves'` process event that is emitted whenever
a `Promise` is attempted to be resolved multiple times, e.g. if the
`resolve` and `reject` functions are both called in a `Promise`
executor. #22218
* url
* Added `url.fileURLToPath(url)` and `url.pathToFileURL(path)`. These
methods can be used to correctly convert between file: URLs and
absolute paths. #22506
* util
* Added the `sorted` option to `util.inspect()`. If set to `true`,
all properties of an object and Set and Map entries will be sorted
in the returned string. If set to a function, it is used as a
compare function. #22788
* The `util.instpect.custom` symbol is now defined in the global
symbol registry as `Symbol.for('nodejs.util.inspect.custom')`.
#20857
* Added support for `BigInt` numbers in `util.format()`.
#22097
* V8 API
* A number of V8 C++ APIs have been marked as deprecated since they
have been removed in the upstream repository. Replacement APIs
are added where necessary. #23159
* Windows
* The Windows msi installer now provides an option to automatically
install the tools required to build native modules.
#22645
* Workers
* Debugging support for Workers using the DevTools protocol has been
implemented. #21364
* The public `inspector` module is now enabled in Workers.
#22769
* Added new collaborators:
* digitalinfinity - Hitesh Kanwathirtha
PR-URL: #23313
This was referenced Oct 10, 2018
This was referenced Oct 11, 2018
jasnell
pushed a commit
that referenced
this pull request
Oct 17, 2018
Notable changes:
* assert
* The diff output is now a tiny bit improved by sorting object
properties when inspecting the values that are compared with each
other. #22788
* cli
* The options parser now normalizes `_` to `-` in all multi-word
command-line flags, e.g. `--no_warnings` has the same effect as
`--no-warnings`. #23020
* Added bash completion for the `node` binary. To generate a bash
completion script, run `node --completion-bash`. The output can be
saved to a file which can be sourced to enable completion.
#20713
* crypto
* Added support for PEM-level encryption.
#23151
* Added an API asymmetric key pair generation. The new methods
`crypto.generateKeyPair` and `crypto.generateKeyPairSync` can be
used to generate public and private key pairs. The API supports
RSA, DSA and EC and a variety of key encodings (both PEM and DER).
#22660
* fs
* Added a `recursive` option to `fs.mkdir` and `fs.mkdirSync`. If
this option is set to true, non-existing parent folders will be
automatically created. #21875
* http2
* Added a `'ping'` event to `Http2Session` that is emitted whenever a
non-ack `PING` is received.
#23009
* Added support for the `ORIGIN` frame.
#22956
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect
protocol support to allow use of WebSockets over HTTP/2.
#23284
* module
* Added `module.createRequireFromPath(filename)`. This new method can
be used to create a custom require function that will resolve
modules relative to the filename path.
#19360
* process
* Added a `'multipleResolves'` process event that is emitted whenever
a `Promise` is attempted to be resolved multiple times, e.g. if the
`resolve` and `reject` functions are both called in a `Promise`
executor. #22218
* url
* Added `url.fileURLToPath(url)` and `url.pathToFileURL(path)`. These
methods can be used to correctly convert between file: URLs and
absolute paths. #22506
* util
* Added the `sorted` option to `util.inspect()`. If set to `true`,
all properties of an object and Set and Map entries will be sorted
in the returned string. If set to a function, it is used as a
compare function. #22788
* The `util.instpect.custom` symbol is now defined in the global
symbol registry as `Symbol.for('nodejs.util.inspect.custom')`.
#20857
* Added support for `BigInt` numbers in `util.format()`.
#22097
* V8 API
* A number of V8 C++ APIs have been marked as deprecated since they
have been removed in the upstream repository. Replacement APIs
are added where necessary. #23159
* Windows
* The Windows msi installer now provides an option to automatically
install the tools required to build native modules.
#22645
* Workers
* Debugging support for Workers using the DevTools protocol has been
implemented. #21364
* The public `inspector` module is now enabled in Workers.
#22769
* Added new collaborators:
* digitalinfinity - Hitesh Kanwathirtha
PR-URL: #23313
tniessen
removed
the
author ready
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for PEM-level encryption as defined in RFC 1421. PEM-level encryption is intentionally unsupported for PKCS#8 private keys since PKCS#8 defines a newer encryption format.
/cc @bnoordhuis who suggested this feature in #22660 (comment).
Refs: #22660
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes