I believe a KeyObject having asymmetricKeyType of ec will use ECDSA to produce a signature, but I cannot find confirmation of this. Is ECDSA the signing algorithm used by an ec key?

CodePudding user response：

Short answer: yes.

Node.js doesn't seem to have the same API as e.g. .NET where algorithms and key objects are intermingled (thank goodness). So it is not as Object Oriented as it can be: instead of using key.Sign, you'd create a Sign object and use that. However, the key type may indeed play part in the selection of the actual signing algorithm.

It's not that easy to see indeed what algorithm is used if you just supply a hash as algorithm. However, there is a strong indication in the documentation of Sign.createSign.

In some cases, a Sign instance can be created using the name of a signature algorithm, such as 'RSA-SHA256', instead of a digest algorithm. This will use the corresponding digest algorithm. This does not work for all signature algorithms, such as 'ecdsa-with-SHA256', so it is best to always use digest algorithm names.

Which is of course completely ridiculous; in source code you would want to clearly specify the algorithm that you are using. Now for EC where ECDSA is almost ubiquitous it might make some sense. However, for RSA you can use PKCS#1 based padding or PSS based padding, and both are considered secure. And that's without diving into more esoteric algorithms such as the deterministic version of ECDSA.

To be honest, I consider this to be a bug in the crypto library of Node.js: you should always be able to specify the full algorithm & algorithm configuration explicitly. The key should then comply with the algorithm used, rather than to help define it.