crypto: fix subtle.getPublicKey error for secret type key inputs

panva · targos · commit b7383186c748 · 2025-08-24T09:09:10.000+02:00
PR-URL: #59558 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
@@ -1090,7 +1090,8 @@ async function getPublicKey(key, keyUsages) {
   });
 
   if (key[kKeyType] !== 'private')
-    throw lazyDOMException('key must be a private key', 'InvalidAccessError');
+    throw lazyDOMException('key must be a private key',
+                           key[kKeyType] === 'secret' ? 'NotSupportedError' : 'InvalidAccessError');
 
   const keyObject = createPublicKey(key[kKeyObject]);
 
diff --git a/test/parallel/test-webcrypto-get-public-key.mjs b/test/parallel/test-webcrypto-get-public-key.mjs
@@ -41,11 +41,16 @@ for await (const { privateKey } of [
     name: 'SyntaxError',
     message: /Unsupported key usage/
   });
+
+  await assert.rejects(() => subtle.getPublicKey(publicKey, publicKey.usages), {
+    name: 'InvalidAccessError',
+    message: 'key must be a private key'
+  });
 }
 
 const secretKey = await subtle.generateKey(
   { name: 'AES-CBC', length: 128 }, true, ['encrypt', 'decrypt']);
 await assert.rejects(() => subtle.getPublicKey(secretKey, ['encrypt', 'decrypt']), {
-  name: 'InvalidAccessError',
+  name: 'NotSupportedError',
   message: 'key must be a private key'
 });
