fail on private export with a passphrase

panva · panva · commit a6d1e961774a · 2021-02-02T18:56:46.000+01:00
diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js
@@ -228,6 +228,10 @@ const [
 
     export(options) {
       if (options && options.format === 'jwk') {
+        if (options.passphrase !== undefined) {
+          throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
+            'jwk', 'does not support encryption');
+        }
         const properties = this[kAsymmetricKeyJWKProperties]();
         return this[kHandle].exportJwk(properties);
       }
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
@@ -199,6 +199,15 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
     jwk
   );
 
+  // Exporting the key using JWK should not work since this format does not
+  // support key encryption
+  assert.throws(() => {
+    privateKey.export({ format: 'jwk', passphrase: 'secret' });
+  }, {
+    message: 'The selected key encoding jwk does not support encryption.',
+    code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
+  });
+
   const publicDER = publicKey.export({
     format: 'der',
     type: 'pkcs1'
