Always return a boolean from NodeRSA.isPrivate

Currently, the `NodeRSA.isPrivate` method returns the `d` component of the key when the key is indeed a private key. Obviously, this result is truthy and hence does the job. However, I would classify it as a security risk since the name `isPrivate` raises the expectation that the result is a boolean and hence can safely be sent over the wire. This might leak the most private part of the key though, which would most likely be a disaster.
rzcoder · Mar 20, 2020 · d6e4e97 · d6e4e97
1 parent 14dcb98
commit d6e4e97
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/libs/rsa.js b/src/libs/rsa.js
@@ -272,7 +272,7 @@ module.exports.Key = (function () {
      * Check if key pair contains private key
      */
     RSAKey.prototype.isPrivate = function () {
-        return this.n && this.e && this.d || false;
+        return this.n && this.e && this.d && true || false;
     };
 
     /**