Closed denis-evteev closed 4 years ago
Sure. Do you want to create a PR to fix this? You're clearly familiar with the code...
Yup. Will do. But apparently this is going to be a breaking change.
Don't worry, plenty of those going around. it'll be folded into steel_crypt 2.0, probably.
I’ve managed to fix the issue without introducing any breaking changes, but I’d recommend deprecating the private/public key getters in the upcoming 1.x version and removing them completely in 2.0.
I’d also recommend making all the RsaCrypt
’s methods static, because they all rely only on the incoming parameters to do their job.
Also, I think that you could rename the would-be static encrypt
and decrypt
methods into encryptWithKey
and decryptWithKey
and instantiate the RsaCrypt
object based on a specific keypair like so:
///Pair of asymmetric keys.
final AsymmetricKeyPair keyPair;
///Instance Constructor.
RsaCrypt([AsymmetricKeyPair keyPair]) : keyPair = keyPair ?? generateKeyPair();
This approach does justify generating a random keypair when no keypair is provided to the constructor, because the instance’s (i.e. non-static) encrypt
and decrypt
methods should use the instance’s keyPair
property to execute.
Done in 2.0.
The latter points are moot because I'm deprecating RSA functionality. It's too much work for me to maintain it.
I come up with another issue, which I cannot really explain.
Is there any specific reason why each time an instance of
RsaCrypt
is created, it generates a new random key pair? It takes time and hardware computing power to do that, but why waste these precious resources if this random key pair is not needed at all?I think that it’ll make more sense to move this task to a separate method, which could be called when and if required.