Always return a boolean from NodeRSA.isPrivate

hurryabit · hurryabit · commit d6e4e979394c · 2020-03-20T23:45:50.000+01:00
Currently, the `NodeRSA.isPrivate` method returns the `d` component of
the key when the key is indeed a private key. Obviously, this result
is truthy and hence does the job. However, I would classify it as a
security risk since the name `isPrivate` raises the expectation that
the result is a boolean and hence can safely be sent over the wire.
This might leak the most private part of the key though, which would
most likely be a disaster.
diff --git a/src/libs/rsa.js b/src/libs/rsa.js
@@ -272,7 +272,7 @@ module.exports.Key = (function () {
      * Check if key pair contains private key
      */
     RSAKey.prototype.isPrivate = function () {
-        return this.n && this.e && this.d || false;
+        return this.n && this.e && this.d && true || false;
     };
 
     /**
