Replace node-forge by native node crypto. #86
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
forty
force-pushed
the
forty/remove-node-forge
branch
from
f3daf8e
to
7f53cac
Compare
|
Hello maintainers! Any interest in having this merged? |
|
This PR would also fix #93 :) @gkwang @esarafianou are you still working on this project ? |
|
Hi @forty, seems like we missed your previous messages. I'll have the PR reviewed within the week. |
panva
reviewed
Jan 13, 2022
lib/xmlenc.js
Outdated
Comment on lines
259
to
260
| var private_key = crypto.createPrivateKey(options.key); | ||
| var decrypted = crypto.privateDecrypt({ key: private_key, padding: padding}, key); |
There was a problem hiding this comment.
Suggested change
| var private_key = crypto.createPrivateKey(options.key); | |
| var decrypted = crypto.privateDecrypt({ key: private_key, padding: padding}, key); | |
| var decrypted = crypto.privateDecrypt({ key: options.key, padding: padding}, key); |
lib/xmlenc.js
Outdated
Comment on lines
17
to
20
| var rsa_pub = crypto.createPublicKey(options.rsa_pub); | ||
| var encrypted = crypto.publicEncrypt({ | ||
| key: rsa_pub, | ||
| padding: padding | ||
| }, symmetricKeyBuffer); |
There was a problem hiding this comment.
Suggested change
| var rsa_pub = crypto.createPublicKey(options.rsa_pub); | |
| var encrypted = crypto.publicEncrypt({ | |
| key: rsa_pub, | |
| padding: padding | |
| }, symmetricKeyBuffer); | |
| var encrypted = crypto.publicEncrypt({ | |
| key: options.rsa_pub, | |
| padding: padding | |
| }, symmetricKeyBuffer); |
This requires dropping support for node 8, which is probably fine since node 8 is EoL since December 31, 2019.
forty
force-pushed
the
forty/remove-node-forge
branch
from
7f53cac
to
7aaa734
Compare
|
Thanks for the comments @panva ! @esarafianou I've just updated the PR. Thanks! |
esarafianou
approved these changes
Jan 13, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This requires dropping support for node 8, which is probably fine since
node 8 is EoL since December 31, 2019.
By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
Drop node-forge (which is a huge dep), use native nodejs crypto.
References
About node 8 support
https://blog.risingstack.com/update-nodejs-8-end-of-life-no-support/
Node Crypto
https://nodejs.org/api/crypto.html#crypto_crypto_publicencrypt_key_buffer
https://nodejs.org/api/crypto.html#crypto_crypto_privatedecrypt_privatekey_buffer
Testing
I updated first the encryption part, ran the tests (it was fine) then the decryption part (tests still fine).
This made sure the new encryption works well with the
Checklist
master