feat: expose jwk prop on ECDSA and RSA keys (#3060)

achingbrain · web-flow · commit 78cd7d53ec18 · 2025-03-25T12:53:47.000+01:00
To allow easy use with webcrypto, expose the internally stored
JWK representation of the keys.
diff --git a/packages/crypto/src/keys/ecdsa/ecdsa.ts b/packages/crypto/src/keys/ecdsa/ecdsa.ts
@@ -11,12 +11,19 @@ import type { Uint8ArrayList } from 'uint8arraylist'
 
 export class ECDSAPublicKey implements ECDSAPublicKeyInterface {
   public readonly type = 'ECDSA'
-  public readonly raw: Uint8Array
-  private readonly _key: JsonWebKey
+  public readonly jwk: JsonWebKey
+  private _raw?: Uint8Array
 
-  constructor (publicKey: JsonWebKey) {
-    this._key = publicKey
-    this.raw = publicKeyToPKIMessage(publicKey)
+  constructor (jwk: JsonWebKey) {
+    this.jwk = jwk
+  }
+
+  get raw (): Uint8Array {
+    if (this._raw == null) {
+      this._raw = publicKeyToPKIMessage(this.jwk)
+    }
+
+    return this._raw
   }
 
   toMultihash (): Digest<0x0, number> {
@@ -40,22 +47,29 @@ export class ECDSAPublicKey implements ECDSAPublicKeyInterface {
   }
 
   async verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): Promise<boolean> {
-    return hashAndVerify(this._key, sig, data)
+    return hashAndVerify(this.jwk, sig, data)
   }
 }
 
 export class ECDSAPrivateKey implements ECDSAPrivateKeyInterface {
   public readonly type = 'ECDSA'
-  public readonly raw: Uint8Array
-  private readonly _key: JsonWebKey
+  public readonly jwk: JsonWebKey
   public readonly publicKey: ECDSAPublicKey
+  private _raw?: Uint8Array
 
-  constructor (privateKey: JsonWebKey, publicKey: JsonWebKey) {
-    this._key = privateKey
-    this.raw = privateKeyToPKIMessage(privateKey)
+  constructor (jwk: JsonWebKey, publicKey: JsonWebKey) {
+    this.jwk = jwk
     this.publicKey = new ECDSAPublicKey(publicKey)
   }
 
+  get raw (): Uint8Array {
+    if (this._raw == null) {
+      this._raw = privateKeyToPKIMessage(this.jwk)
+    }
+
+    return this._raw
+  }
+
   equals (key?: any): boolean {
     if (key == null || !(key.raw instanceof Uint8Array)) {
       return false
@@ -65,6 +79,6 @@ export class ECDSAPrivateKey implements ECDSAPrivateKeyInterface {
   }
 
   async sign (message: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
-    return hashAndSign(this._key, message)
+    return hashAndSign(this.jwk, message)
   }
 }
diff --git a/packages/crypto/src/keys/rsa/rsa.ts b/packages/crypto/src/keys/rsa/rsa.ts
@@ -8,18 +8,18 @@ import type { Uint8ArrayList } from 'uint8arraylist'
 
 export class RSAPublicKey implements RSAPublicKeyInterface {
   public readonly type = 'RSA'
-  private readonly _key: JsonWebKey
+  public readonly jwk: JsonWebKey
   private _raw?: Uint8Array
   private readonly _multihash: Digest<18, number>
 
-  constructor (key: JsonWebKey, digest: Digest<18, number>) {
-    this._key = key
+  constructor (jwk: JsonWebKey, digest: Digest<18, number>) {
+    this.jwk = jwk
     this._multihash = digest
   }
 
   get raw (): Uint8Array {
     if (this._raw == null) {
-      this._raw = utils.jwkToPkix(this._key)
+      this._raw = utils.jwkToPkix(this.jwk)
     }
 
     return this._raw
@@ -46,24 +46,24 @@ export class RSAPublicKey implements RSAPublicKeyInterface {
   }
 
   verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): boolean | Promise<boolean> {
-    return hashAndVerify(this._key, sig, data)
+    return hashAndVerify(this.jwk, sig, data)
   }
 }
 
 export class RSAPrivateKey implements RSAPrivateKeyInterface {
   public readonly type = 'RSA'
-  private readonly _key: JsonWebKey
+  public readonly jwk: JsonWebKey
   private _raw?: Uint8Array
   public readonly publicKey: RSAPublicKey
 
-  constructor (key: JsonWebKey, publicKey: RSAPublicKey) {
-    this._key = key
+  constructor (jwk: JsonWebKey, publicKey: RSAPublicKey) {
+    this.jwk = jwk
     this.publicKey = publicKey
   }
 
   get raw (): Uint8Array {
     if (this._raw == null) {
-      this._raw = utils.jwkToPkcs1(this._key)
+      this._raw = utils.jwkToPkcs1(this.jwk)
     }
 
     return this._raw
@@ -78,6 +78,6 @@ export class RSAPrivateKey implements RSAPrivateKeyInterface {
   }
 
   sign (message: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
-    return hashAndSign(this._key, message)
+    return hashAndSign(this.jwk, message)
   }
 }
diff --git a/packages/crypto/test/keys/ecdsa.spec.ts b/packages/crypto/test/keys/ecdsa.spec.ts
@@ -61,8 +61,7 @@ describe('ECDSA', function () {
       const keyMarshal = key.raw
       const key2 = unmarshalECDSAPrivateKey(keyMarshal)
 
-      // @ts-expect-error private field
-      expect(key._key.d).to.equal(key2._key.d)
+      expect(key.jwk.d).to.equal(key2.jwk.d)
 
       const keyMarshal2 = key2.raw
       expect(keyMarshal).to.equalBytes(keyMarshal2)
@@ -71,10 +70,8 @@ describe('ECDSA', function () {
       const pkMarshal = pk.raw
       const pk2 = unmarshalECDSAPublicKey(pkMarshal)
 
-      // @ts-expect-error private field
-      expect(pk._key.x).to.deep.equal(pk2._key.x)
-      // @ts-expect-error private field
-      expect(pk._key.y).to.deep.equal(pk2._key.y)
+      expect(pk.jwk.x).to.deep.equal(pk2.jwk.x)
+      expect(pk.jwk.y).to.deep.equal(pk2.jwk.y)
 
       const pkMarshal2 = pk2.raw
       expect(pkMarshal).to.equalBytes(pkMarshal2)
diff --git a/packages/interface/src/keys.ts b/packages/interface/src/keys.ts
@@ -15,6 +15,11 @@ export interface RSAPublicKey {
    */
   readonly raw: Uint8Array
 
+  /**
+   * The public key as a JSON web key
+   */
+  readonly jwk: JsonWebKey
+
   /**
    * Returns `true` if the passed object matches this key
    */
@@ -138,10 +143,15 @@ export interface ECDSAPublicKey {
   readonly type: 'ECDSA'
 
   /**
-   * The raw public key bytes
+   * The public key as a DER-encoded PKIMessage
    */
   readonly raw: Uint8Array
 
+  /**
+   * The public key as a JSON web key
+   */
+  readonly jwk: JsonWebKey
+
   /**
    * Returns `true` if the passed object matches this key
    */
@@ -211,6 +221,11 @@ export interface RSAPrivateKey {
    */
   readonly raw: Uint8Array
 
+  /**
+   * The private key as a JSON web key
+   */
+  readonly jwk: JsonWebKey
+
   /**
    * Returns `true` if the passed object matches this key
    */
@@ -291,10 +306,15 @@ export interface ECDSAPrivateKey {
   readonly publicKey: ECDSAPublicKey
 
   /**
-   * The raw private key bytes
+   * The private key as a DER-encoded PKIMessage
    */
   readonly raw: Uint8Array
 
+  /**
+   * The private key as a JSON web key
+   */
+  readonly jwk: JsonWebKey
+
   /**
    * Returns `true` if the passed object matches this key
    */

Original file line number	Diff line number	Diff line change
`@@ -8,18 +8,18 @@ import type { Uint8ArrayList } from 'uint8arraylist'`
`8`	`8`
`9`	`9`	`export class RSAPublicKey implements RSAPublicKeyInterface {`
`10`	`10`	`public readonly type = 'RSA'`
`11`		`- private readonly _key: JsonWebKey`
	`11`	`+ public readonly jwk: JsonWebKey`
`12`	`12`	`private _raw?: Uint8Array`
`13`	`13`	`private readonly _multihash: Digest<18, number>`
`14`	`14`
`15`		`- constructor (key: JsonWebKey, digest: Digest<18, number>) {`
`16`		`- this._key = key`
	`15`	`+ constructor (jwk: JsonWebKey, digest: Digest<18, number>) {`
	`16`	`+ this.jwk = jwk`
`17`	`17`	`this._multihash = digest`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`get raw (): Uint8Array {`
`21`	`21`	`if (this._raw == null) {`
`22`		`- this._raw = utils.jwkToPkix(this._key)`
	`22`	`+ this._raw = utils.jwkToPkix(this.jwk)`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`return this._raw`
`@@ -46,24 +46,24 @@ export class RSAPublicKey implements RSAPublicKeyInterface {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`verify (data: Uint8Array \| Uint8ArrayList, sig: Uint8Array): boolean \| Promise<boolean> {`
`49`		`- return hashAndVerify(this._key, sig, data)`
	`49`	`+ return hashAndVerify(this.jwk, sig, data)`
`50`	`50`	`}`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`export class RSAPrivateKey implements RSAPrivateKeyInterface {`
`54`	`54`	`public readonly type = 'RSA'`
`55`		`- private readonly _key: JsonWebKey`
	`55`	`+ public readonly jwk: JsonWebKey`
`56`	`56`	`private _raw?: Uint8Array`
`57`	`57`	`public readonly publicKey: RSAPublicKey`
`58`	`58`
`59`		`- constructor (key: JsonWebKey, publicKey: RSAPublicKey) {`
`60`		`- this._key = key`
	`59`	`+ constructor (jwk: JsonWebKey, publicKey: RSAPublicKey) {`
	`60`	`+ this.jwk = jwk`
`61`	`61`	`this.publicKey = publicKey`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`get raw (): Uint8Array {`
`65`	`65`	`if (this._raw == null) {`
`66`		`- this._raw = utils.jwkToPkcs1(this._key)`
	`66`	`+ this._raw = utils.jwkToPkcs1(this.jwk)`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`return this._raw`
`@@ -78,6 +78,6 @@ export class RSAPrivateKey implements RSAPrivateKeyInterface {`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`sign (message: Uint8Array \| Uint8ArrayList): Uint8Array \| Promise<Uint8Array> {`
`81`		`- return hashAndSign(this._key, message)`
	`81`	`+ return hashAndSign(this.jwk, message)`
`82`	`82`	`}`
`83`	`83`	`}`