@@ -378,6 +378,30 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
378378 testSignVerify ( publicKey , privateKey ) ;
379379 } ) ) ;
380380
381+ // Test async elliptic curve key generation, e.g. for ECDSA, with a SEC1
382+ // private key with paramEncoding explicit.
383+ generateKeyPair ( 'ec' , {
384+ namedCurve : 'prime256v1' ,
385+ paramEncoding : 'explicit' ,
386+ publicKeyEncoding : {
387+ type : 'spki' ,
388+ format : 'pem'
389+ } ,
390+ privateKeyEncoding : {
391+ type : 'sec1' ,
392+ format : 'pem'
393+ }
394+ } , common . mustCall ( ( err , publicKey , privateKey ) => {
395+ assert . ifError ( err ) ;
396+
397+ assert . strictEqual ( typeof publicKey , 'string' ) ;
398+ assert ( spkiExp . test ( publicKey ) ) ;
399+ assert . strictEqual ( typeof privateKey , 'string' ) ;
400+ assert ( sec1Exp . test ( privateKey ) ) ;
401+
402+ testSignVerify ( publicKey , privateKey ) ;
403+ } ) ) ;
404+
381405 // Do the same with an encrypted private key.
382406 generateKeyPair ( 'ec' , {
383407 namedCurve : 'prime256v1' ,
@@ -409,6 +433,38 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
409433
410434 testSignVerify ( publicKey , { key : privateKey , passphrase : 'secret' } ) ;
411435 } ) ) ;
436+
437+ // Do the same with an encrypted private key with paramEncoding explicit.
438+ generateKeyPair ( 'ec' , {
439+ namedCurve : 'prime256v1' ,
440+ paramEncoding : 'explicit' ,
441+ publicKeyEncoding : {
442+ type : 'spki' ,
443+ format : 'pem'
444+ } ,
445+ privateKeyEncoding : {
446+ type : 'sec1' ,
447+ format : 'pem' ,
448+ cipher : 'aes-128-cbc' ,
449+ passphrase : 'secret'
450+ }
451+ } , common . mustCall ( ( err , publicKey , privateKey ) => {
452+ assert . ifError ( err ) ;
453+
454+ assert . strictEqual ( typeof publicKey , 'string' ) ;
455+ assert ( spkiExp . test ( publicKey ) ) ;
456+ assert . strictEqual ( typeof privateKey , 'string' ) ;
457+ assert ( sec1EncExp ( 'AES-128-CBC' ) . test ( privateKey ) ) ;
458+
459+ // Since the private key is encrypted, signing shouldn't work anymore.
460+ common . expectsError ( ( ) => testSignVerify ( publicKey , privateKey ) , {
461+ type : TypeError ,
462+ code : 'ERR_MISSING_PASSPHRASE' ,
463+ message : 'Passphrase required for encrypted key'
464+ } ) ;
465+
466+ testSignVerify ( publicKey , { key : privateKey , passphrase : 'secret' } ) ;
467+ } ) ) ;
412468}
413469
414470{
@@ -447,6 +503,42 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
447503 passphrase : 'top secret'
448504 } ) ;
449505 } ) ) ;
506+
507+ // Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
508+ // private key with paramEncoding explicit.
509+ generateKeyPair ( 'ec' , {
510+ namedCurve : 'P-256' ,
511+ paramEncoding : 'explicit' ,
512+ publicKeyEncoding : {
513+ type : 'spki' ,
514+ format : 'pem'
515+ } ,
516+ privateKeyEncoding : {
517+ type : 'pkcs8' ,
518+ format : 'pem' ,
519+ cipher : 'aes-128-cbc' ,
520+ passphrase : 'top secret'
521+ }
522+ } , common . mustCall ( ( err , publicKey , privateKey ) => {
523+ assert . ifError ( err ) ;
524+
525+ assert . strictEqual ( typeof publicKey , 'string' ) ;
526+ assert ( spkiExp . test ( publicKey ) ) ;
527+ assert . strictEqual ( typeof privateKey , 'string' ) ;
528+ assert ( pkcs8EncExp . test ( privateKey ) ) ;
529+
530+ // Since the private key is encrypted, signing shouldn't work anymore.
531+ common . expectsError ( ( ) => testSignVerify ( publicKey , privateKey ) , {
532+ type : TypeError ,
533+ code : 'ERR_MISSING_PASSPHRASE' ,
534+ message : 'Passphrase required for encrypted key'
535+ } ) ;
536+
537+ testSignVerify ( publicKey , {
538+ key : privateKey ,
539+ passphrase : 'top secret'
540+ } ) ;
541+ } ) ) ;
450542}
451543
452544// Test invalid parameter encoding.
0 commit comments