allow to use pem with passphrase

[yaronn]

currently if a pem requires a passphrase than the user will be prompt to enter it. effectively this means a passphrase is not supported.

solution is to change signer.sign (also verify?) to accept an object as first parameter: https://nodejs.org/api/crypto.html#crypto_sign_sign_private_key_output_format

this is not available yet in node 0.10.33 (not sure starting which version it is). when used on non supported node version the object parameter to sign will throw:

crypto.js:429
  var ret = this._binding.sign(toBuf(key));
                      ^
TypeError: Not a buffer
    at Sign.sign (crypto.js:429:27)

[tngan]

Just for sharing, now I use this one digitalbazaar/forge to get the pem protected by a passphrase. They have an API pki.decryptRsaPrivateKey( file, passphrase ) to decrypt the pem.

[bjrmatos]

@tngan cool! i use forge in some of my apps to parse certificates.. we'll have forge in mind when find a solution, thnks

[marklagendijk]

I stumbled on the same problem. Full example for the solution using forge:

var signedXml = new SignedXml();
signedXml.signingKey = readPrivateKeyFromProtectedPem('myPrivateKey.pem', 'myPassword');

function readPrivateKeyFromProtectedPem(path, passphrase){
    var pem = fs.readFileSync(path).toString();
    var privateKey = pki.decryptRsaPrivateKey(pem, passphrase);
    return pki.privateKeyToPem(privateKey);
}

[chrisgh1]

has this changed in recent node versions? I'm getting the following error which looks like passphrase could be passed in? But I'm not familiar with how this module works.

crypto.js:283 var ret = this._handle.sign(toBuf(key), null, passphrase);

I'm on Node version 6.9.1

[cjbarth]

@yaronn , @tngan , would you be interested in creating a PR with a test suite to add that functionality to xml-crypto?