crypto: unify asymmetric key import through KeyObjectHandle::Init by panva · Pull Request #62499 · nodejs/node

panva · 2026-03-29T19:44:59Z

Consolidate all asymmetric key import paths (DER/PEM, JWK, raw) into a single KeyObjectHandle::Init() entry point with a uniform signature.

Remove the per-type C++ init methods (InitECRaw, InitEDRaw, InitPqcRaw, InitJwk, InitECPrivateRaw) and their JS-side callers, replacing them with shared C++ and JS helpers.

createPublicKey, createPrivateKey, sign, verify, and other operations that accept key material now handle JWK and raw formats directly in C++, removing redundant JS-to-C++ key handle round-trips.

nodejs-github-bot · 2026-03-29T19:45:05Z

Review requested:

@nodejs/crypto
@nodejs/security-wg

codecov · 2026-03-29T22:49:35Z

Codecov Report

❌ Patch coverage is 88.16667% with 71 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.70%. Comparing base (c3042c6) to head (e862156).
⚠️ Report is 12 commits behind head on main.

Files with missing lines	Patch %	Lines
src/crypto/crypto_keys.cc	76.47%	22 Missing and 30 partials ⚠️
src/crypto/crypto_ec.cc	81.81%	3 Missing and 7 partials ⚠️
src/crypto/crypto_ml_dsa.cc	88.67%	1 Missing and 5 partials ⚠️
lib/internal/crypto/keys.js	95.83%	1 Missing ⚠️
lib/internal/crypto/webcrypto_util.js	98.92%	0 Missing and 1 partial ⚠️
src/crypto/crypto_rsa.cc	90.90%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #62499      +/-   ##
==========================================
- Coverage   89.70%   89.70%   -0.01%     
==========================================
  Files         692      693       +1     
  Lines      214167   213849     -318     
  Branches    41113    40957     -156     
==========================================
- Hits       192121   191830     -291     
+ Misses      14116    14080      -36     
- Partials     7930     7939       +9

Files with missing lines	Coverage Δ
lib/internal/crypto/aes.js	`89.89% <100.00%> (+1.43%)`	⬆️
lib/internal/crypto/cfrg.js	`93.23% <100.00%> (-1.24%)`	⬇️
lib/internal/crypto/chacha20_poly1305.js	`92.05% <100.00%> (-0.72%)`	⬇️
lib/internal/crypto/cipher.js	`97.94% <100.00%> (ø)`
lib/internal/crypto/ec.js	`94.17% <100.00%> (-0.61%)`	⬇️
lib/internal/crypto/kem.js	`97.41% <100.00%> (+0.09%)`	⬆️
lib/internal/crypto/mac.js	`92.70% <100.00%> (+1.57%)`	⬆️
lib/internal/crypto/ml_dsa.js	`95.39% <100.00%> (+0.35%)`	⬆️
lib/internal/crypto/ml_kem.js	`92.45% <100.00%> (+0.56%)`	⬆️
lib/internal/crypto/rsa.js	`94.51% <100.00%> (+2.10%)`	⬆️
... and 11 more

... and 24 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Consolidate all asymmetric key import paths (DER/PEM, JWK, raw) into a single KeyObjectHandle::Init() entry point with a uniform signature. Remove the per-type C++ init methods (InitECRaw, InitEDRaw, InitPqcRaw, InitJwk, InitECPrivateRaw) and their JS-side callers, replacing them with shared C++ and JS helpers. createPublicKey, createPrivateKey, sign, verify, and other operations that accept key material now handle JWK and raw formats directly in C++, removing redundant JS-to-C++ key handle round-trips. Signed-off-by: Filip Skokan <panva.ip@gmail.com>

lib/internal/crypto/rsa.js

lib/internal/crypto/webcrypto_util.js

src/crypto/crypto_ec.cc

lib/internal/crypto/aes.js

nodejs-github-bot · 2026-03-31T06:22:19Z

CI: https://ci.nodejs.org/job/node-test-pull-request/72332/

nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Mar 29, 2026

panva marked this pull request as ready for review March 29, 2026 21:29

panva force-pushed the key-refactor branch from bdfec98 to e862156 Compare March 30, 2026 19:36

panva requested review from anonrig and jasnell March 30, 2026 19:37

anonrig reviewed Mar 30, 2026

View reviewed changes

lib/internal/crypto/rsa.js Show resolved Hide resolved

lib/internal/crypto/webcrypto_util.js Show resolved Hide resolved

src/crypto/crypto_ec.cc Show resolved Hide resolved

lib/internal/crypto/aes.js Show resolved Hide resolved

panva added request-ci Add this label to start a Jenkins CI on a PR. and removed request-ci Add this label to start a Jenkins CI on a PR. labels Mar 31, 2026

panva requested review from anonrig and tniessen March 31, 2026 14:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

crypto: unify asymmetric key import through KeyObjectHandle::Init#62499

crypto: unify asymmetric key import through KeyObjectHandle::Init#62499
panva wants to merge 1 commit intonodejs:mainfrom
panva:key-refactor

panva commented Mar 29, 2026 •

edited

Loading

Uh oh!

nodejs-github-bot commented Mar 29, 2026

Uh oh!

codecov bot commented Mar 29, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nodejs-github-bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

panva commented Mar 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Mar 29, 2026

Uh oh!

codecov bot commented Mar 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nodejs-github-bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

panva commented Mar 29, 2026 •

edited

Loading

codecov bot commented Mar 29, 2026 •

edited

Loading