fix: handle private EC keys without public component (#86)

Only possible to handle when KeyObject API is available in the runtime. closes #85
2026-05-24 12:35:36 +00:00 · 2020-07-01 13:13:34 +02:00 · 2020-07-01 13:13:34 +02:00 · e8ad38993e
commit e8ad38993e
parent 899d60130f
2 changed files with 41 additions and 4 deletions
--- a/lib/help/key_utils.js
+++ b/lib/help/key_utils.js
@ -4,6 +4,7 @@ const { EOL } = require('os')
 const errors = require('../errors')
 const { keyObjectSupported } = require('./runtime_support')
 const { createPublicKey } = require('./key_object')
 const base64url = require('./base64url')
 const asn1 = require('./asn1')
@ -89,10 +90,21 @@ const keyObjectToJWK = {
      const ECPrivateKey = asn1.get('ECPrivateKey')
      const { privateKey, algorithm: { parameters: { value: crv } } } = PrivateKeyInfo.decode(der)
-      const { privateKey: d, publicKey: { data: publicKey } } = ECPrivateKey.decode(privateKey)
+      const { privateKey: d, publicKey } = ECPrivateKey.decode(privateKey)
-      const x = publicKey.slice(1, ((publicKey.length - 1) / 2) + 1)
+      if (typeof publicKey === 'undefined') {
-      const y = publicKey.slice(((publicKey.length - 1) / 2) + 1)
+        if (keyObjectSupported) {
          return {
            ...keyObjectToJWK.ec.public(createPublicKey(keyObject)),
            d: base64url.encodeBuffer(d)
          }
        }
        throw new errors.JOSENotSupported('Private EC keys without the public key embedded are not supported in your Node.js runtime version')
      }
      const x = publicKey.data.slice(1, ((publicKey.data.length - 1) / 2) + 1)
      const y = publicKey.data.slice(((publicKey.data.length - 1) / 2) + 1)
      return {
        kty: 'EC',
--- a/test/jwk/import.test.js
+++ b/test/jwk/import.test.js
@ -3,7 +3,7 @@ const test = require('ava')
 const { JWS, JWE, JWK: { asKey, importKey, generate }, errors } = require('../..')
 const { edDSASupported, keyObjectSupported } = require('../../lib/help/runtime_support')
-const { createSecretKey } = require('../../lib/help/key_object')
+const { createSecretKey, createPrivateKey } = require('../../lib/help/key_object')
 const { generateKeyPairSync } = require('../macros/generate')
 const fixtures = require('../fixtures')
@ -177,3 +177,28 @@ if (keyObjectSupported) {
    }, { instanceOf: errors.JOSENotSupported, code: 'ERR_JOSE_NOT_SUPPORTED', message: 'X.509 certificates are not supported in your Node.js runtime version' })
  })
 }
 // https://github.com/panva/jose/issues/85
 {
  const pem = `-----BEGIN PRIVATE KEY-----
 MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCCXpUVoM4DfOtMyRVtC
 eGSpVL+1tMBirnUGJHY6Y7mSHg==
 -----END PRIVATE KEY-----`
  if (keyObjectSupported) {
    test('EC private keys without public one', t => {
      asKey(createPrivateKey(pem))
      asKey(pem)
      t.pass()
    })
  } else {
    test('EC private keys without public one', t => {
      t.throws(() => {
        asKey(createPrivateKey(pem))
      }, { instanceOf: errors.JOSENotSupported, code: 'ERR_JOSE_NOT_SUPPORTED', message: 'Private EC keys without the public key embedded are not supported in your Node.js runtime version' })
      t.throws(() => {
        asKey(pem)
      }, { instanceOf: errors.JOSENotSupported, code: 'ERR_JOSE_NOT_SUPPORTED', message: 'Private EC keys without the public key embedded are not supported in your Node.js runtime version' })
    })
  }
 }