- Version: v15.0.1
- Platform: Darwin DaveMBP.local 18.7.0 Darwin Kernel Version 18.7.0: Mon Aug 31 20:53:32 PDT 2020; root:xnu-4903.278.44~1/RELEASE_X86_64 x86_64
- Subsystem: crypto
What steps will reproduce the bug?
const crypto = require('crypto');
crypto.generateKeyPair('rsa', {
modulusLength: 2048,
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: '', // <-- blank string passphrase
},
publicKeyEncoding: { type: 'spki', format: 'pem' },
}, (err, publicKey, privateKey) => console.log(`got key\n\n${publicKey}\n\n${privateKey}`));What is the expected behaviour?
In NodeJS 14 and below, the above generates an output without any prompts.
What do you see instead?
Since NodeJS 15, the above issues a prompt on the terminal:
Which hangs until the user provides input (i.e. forever on a CI server).
Additional information
It seems reasonable for a blank string to be rejected as an input here if a cipher is being used, but it should either work or throw an exception. Triggering a command-line prompt is not a good user experience, and makes this relatively difficult to track-down.
In my particular case, I allow users of my project to configure a blank passphrase to mean "don't bother encrypting this", which I can achieve myself by detecting a blank passphrase and passing undefined for both cipher and passphrase in Node 15, which is fine. My personal preference would be for this to throw if given a blank passphrase, but that would still be a breaking change from 14, so maybe the way to go is to allow blank passphrases as before.
What steps will reproduce the bug?
What is the expected behaviour?
In NodeJS 14 and below, the above generates an output without any prompts.
What do you see instead?
Since NodeJS 15, the above issues a prompt on the terminal:
Which hangs until the user provides input (i.e. forever on a CI server).
Additional information
It seems reasonable for a blank string to be rejected as an input here if a cipher is being used, but it should either work or throw an exception. Triggering a command-line prompt is not a good user experience, and makes this relatively difficult to track-down.
In my particular case, I allow users of my project to configure a blank passphrase to mean "don't bother encrypting this", which I can achieve myself by detecting a blank passphrase and passing
undefinedfor bothcipherandpassphrasein Node 15, which is fine. My personal preference would be for this to throw if given a blank passphrase, but that would still be a breaking change from 14, so maybe the way to go is to allow blank passphrases as before.