From d6e4e979394ca57f38a5b50dc18f86a5c10bd51a Mon Sep 17 00:00:00 2001
From: Martin Huschenbett <martin.huschenbett@posteo.me>
Date: Fri, 20 Mar 2020 23:45:50 +0100
Subject: [PATCH] Always return a boolean from NodeRSA.isPrivate

Currently, the `NodeRSA.isPrivate` method returns the `d` component of
the key when the key is indeed a private key. Obviously, this result
is truthy and hence does the job. However, I would classify it as a
security risk since the name `isPrivate` raises the expectation that
the result is a boolean and hence can safely be sent over the wire.
This might leak the most private part of the key though, which would
most likely be a disaster.
---
 src/libs/rsa.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libs/rsa.js b/src/libs/rsa.js
index 6f47b9d..158f745 100644
--- a/src/libs/rsa.js
+++ b/src/libs/rsa.js
@@ -272,7 +272,7 @@ module.exports.Key = (function () {
      * Check if key pair contains private key
      */
     RSAKey.prototype.isPrivate = function () {
-        return this.n && this.e && this.d || false;
+        return this.n && this.e && this.d && true || false;
     };
 
     /**