Using JWK as encoding format for public key in crypto.generateKeyPairSync() throws an error

[johannesnydahl]

• Version: v16.4.0
• Platform: Microsoft Windows NT 10.0.18363.0 x64
• Subsystem: Crypto

What steps will reproduce the bug?

main.js

const crypto = require("crypto");

const keys = crypto.generateKeyPairSync("ec", {
	namedCurve: "P-384",
	publicKeyEncoding: { type: "spki", format: "jwk" },
	privateKeyEncoding: { type: "pkcs8", format: "pem" }
});

console.log(keys.publicKey);

then just execute the command node main.js

How often does it reproduce? Is there a required condition?

Everytime. If I change the public key encoding format to "pem" or "der" it dosen't throw an error. It seems like "jwk" is the only broken format.

What is the expected behavior?

Should probably look something like the output below. I used the keyObject.export() to create this output because as mentioned above, crypto.generateKeyPairSync() dosen't work at all with "jwk".

Code to produce the expected output:

const crypto = require("crypto");

const keys = crypto.generateKeyPairSync("ec", {
	namedCurve: "P-384"
});

console.log(keys.publicKey.export({ format: "jwk" }));

Expected output:

{
  crv: 'P-384',
  kty: 'EC',
  x: 'BC-y_ZyH6rYMv_YAREfUainM1c9iwhHc9KEPPRD1u2zGJMuGV1LvEWh2igD3kAS5',
  y: 'LX7TofWICe4_nJZNBkS0rtqDCDoTp9_TuKHqKQHh1wDH3hvgSZjPWZN1TnrvbfR4'
}

What do you see instead?

node:internal/crypto/keys:268
  throw new ERR_INVALID_ARG_VALUE(optionName, formatStr);
  ^

TypeError [ERR_INVALID_ARG_VALUE]: The property 'options.publicKeyEncoding.format' is invalid. Received 'jwk'
    at new NodeError (node:internal/errors:363:5)
    at parseKeyFormat (node:internal/crypto/keys:268:9)
    at parseKeyFormatAndType (node:internal/crypto/keys:304:18)
    at parseKeyEncoding (node:internal/crypto/keys:332:7)
    at parsePublicKeyEncoding (node:internal/crypto/keys:371:10)
    at parseKeyEncoding (node:internal/crypto/keygen:125:9)
    at createJob (node:internal/crypto/keygen:161:42)
    at Object.generateKeyPairSync (node:internal/crypto/keygen:95:22)
    at Object.<anonymous> (C:\Users\johannes.nydahl\Desktop\Playground\main.js:3:21)
    at Module._compile (node:internal/modules/cjs/loader:1095:14) {
  code: 'ERR_INVALID_ARG_VALUE'
}

Additional information

Tested on both node version v16.4.0 and v15.9.0 (v15.9.0 was when keyObject.export() first started to support "jwk" as format.

[tniessen]

cc @nodejs/crypto (especially @panva @jasnell)

[tniessen]

The combination { type: "spki", format: "jwk" } makes little sense. SPKI is a traditional cryptographic format, JWK is a new format that's incompatible with these older formats.

[johannesnydahl]

@tniessen

My cryptographic skills are lacking so I just picked "spki" because it was the only type that private EC keys supported according to the documentation. But from what I've tested, not using the "type" option at all throws the same error.

[panva]

🤦‍♂️ i forgot about this interaction

If a publicKeyEncoding or privateKeyEncoding was specified, this function behaves as if keyObject.export() had been called on its result.

A simple { format: 'jwk' } should work for the supported key types but currently doesn't.

[himself65]

I code something, there need last one step to finish write to jwk

Index: src/crypto/crypto_keys.h
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/src/crypto/crypto_keys.h b/src/crypto/crypto_keys.h
--- a/src/crypto/crypto_keys.h	(revision cf2fd0e5617d0bfe3da455685bcbba23e45a90c9)
+++ b/src/crypto/crypto_keys.h	(date 1625734732561)
@@ -31,7 +31,8 @@
 
 enum PKFormatType {
   kKeyFormatDER,
-  kKeyFormatPEM
+  kKeyFormatPEM,
+  kKeyFormatJWK
 };
 
 enum KeyType {
Index: lib/internal/crypto/keys.js
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js
--- a/lib/internal/crypto/keys.js	(revision cf2fd0e5617d0bfe3da455685bcbba23e45a90c9)
+++ b/lib/internal/crypto/keys.js	(date 1625734843024)
@@ -17,6 +17,7 @@
   kKeyTypePrivate,
   kKeyFormatPEM,
   kKeyFormatDER,
+  kKeyFormatJWK,
   kKeyEncodingPKCS1,
   kKeyEncodingPKCS8,
   kKeyEncodingSPKI,
@@ -265,6 +266,8 @@
     return kKeyFormatPEM;
   else if (formatStr === 'der')
     return kKeyFormatDER;
+  else if (formatStr === 'jwk')
+    return kKeyFormatJWK;
   throw new ERR_INVALID_ARG_VALUE(optionName, formatStr);
 }
 
Index: src/crypto/crypto_keys.cc
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
--- a/src/crypto/crypto_keys.cc	(revision cf2fd0e5617d0bfe3da455685bcbba23e45a90c9)
+++ b/src/crypto/crypto_keys.cc	(date 1625736605694)
@@ -405,6 +405,9 @@
     if (config.format_ == kKeyFormatPEM) {
       // Encode SPKI as PEM.
       return PEM_write_bio_PUBKEY(bio.get(), pkey) == 1;
+    } else if (config.format_ == kKeyFormatJWK) {
+      // todo: support jwk
+      return call_something();
     } else {
       // Encode SPKI as DER.
       CHECK_EQ(config.format_, kKeyFormatDER);
@@ -1380,6 +1383,7 @@
   NODE_DEFINE_CONSTANT(target, kKeyEncodingSEC1);
   NODE_DEFINE_CONSTANT(target, kKeyFormatDER);
   NODE_DEFINE_CONSTANT(target, kKeyFormatPEM);
+  NODE_DEFINE_CONSTANT(target, kKeyFormatJWK);
   NODE_DEFINE_CONSTANT(target, kKeyTypeSecret);
   NODE_DEFINE_CONSTANT(target, kKeyTypePublic);
   NODE_DEFINE_CONSTANT(target, kKeyTypePrivate);