feat: add exporting/importing of non rsa keys in libp2p-key format #179
Conversation
|
FYI, I am planning to release this as 0.17.9, if there are concerns let me know. |
You mean a future breaking change, right? |
src/ciphers/aes-gcm.browser.js
Outdated
| /** | ||
| * | ||
| * @param {object} param0 | ||
| * @param {string} [param0.algorithm] Defaults to 'aes-128-gcm' |
There was a problem hiding this comment.
Can we add the defaults in the params, according to the jsdoc docs? This might be useful when we auto generate from jsdoc
src/ciphers/aes-gcm.js
Outdated
| /** | ||
| * | ||
| * @param {object} param0 | ||
| * @param {Number} [param0.algorithmTagLength] Defaults to 16 |
| if (format === 'libp2p-key') { | ||
| return exporter.export(this.bytes, password) | ||
| } else { | ||
| throw errcode(new Error(`export format '${format}' is not supported`), 'ERR_INVALID_EXPORT_FORMAT') |
There was a problem hiding this comment.
We should add a notice for this in the README
src/keys/rsa-class.js
Outdated
| const options = { | ||
| algorithm: 'aes256', | ||
| count: 10000, | ||
| saltSize: 128 / 8, | ||
| prfAlgorithm: 'sha512' | ||
| } | ||
| pem = forge.pki.encryptRsaPrivateKey(privateKey, password, options) | ||
| key = forge.pki.encryptRsaPrivateKey(privateKey, password, options) |
There was a problem hiding this comment.
Should we return here instead and not have the let key
src/keys/secp256k1-class.js
Outdated
| * Exports the key into a password protected `format` | ||
| * | ||
| * @param {string} password - The password to encrypt the key | ||
| * @param {string} [format] - Defaults to 'libp2p-key'. |
There was a problem hiding this comment.
Can we put the default as jsdoc?
Yes, I fixed the description. |
This PR adds support for exporting/importing all keys in the
libp2p-keyformat discussed in #145 (comment). This is designed to be a non breaking change. A future breaking change should update the default export of rsa to also belibp2p-keyand provide an example for how to perform the migration of previously used keys.Exported keys are encrypted via the AES-GCM algorithm using password derived PBKDF2 keys. They are exported as base64 encoded strings. I originally considered prefixing the exported bytes with a multibase prefix/multicodec prefix to make it easier to determine key type, but this would violate other formats like PEM, so we wouldn't get any meaningful reusability out of this.
This leverages Node.js and Webcrypto support only.
js-libp2p (including interop with go) and js-ipfs test suites are passing using this module. There pertinent PRs are referenced in the history below.