Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto: modernize DH/ECDH/ECDH-ES #31178
This adds support for DH/ECDH/ECDH-ES via the
(Note that the current API does not support "raw" DH keys, only SPKI/PKCS#8 keys are supported as of now. That will likely change via the previously discussed
I can confirm the missing ECDH-ES JWA algorithm support for x25519 and x448 keys is solved with this (closes #26626).
@tniessen would it be possible to split the change to
Reason I ask is i'd like to see 1) backported to lts/erbium and in order to do that It would likely be easier if the change was as simple as possible.
Lots of infrastructure failures, but this error is related and concerning, especially since it disappeared after resuming CI:
The problem is that OpenSSL sometimes returns a shorter secret key than the implementation expects. Should be fixed now :)
Currently, Node.js has separate (stateful) APIs for DH/ECDH, and no support for ECDH-ES. This commit adds a single stateless function to compute the DH/ECDH/ECDH-ES secret based on two KeyObjects.