exportPEMKey options

README.md

@@ -107,13 +107,13 @@ const { privateKey, publicKey } = await generateKeyPair("RS512");
 const key = await generateKeyPair({ algorithm: "HS512" });
 ```
 
-- **`exportPEMKey(key: CryptoKey, filePath?: string): Promise<string>`** (Experimental)
+- **`exportPEMKey(key: CryptoKey, filePathOrOptions?: string | ExportPEMKeyOptions): Promise<string>`** (Experimental)
 - **`importPEMKey(keyDataOrPath: string, algorithm: SupportedKeyPairAlgorithms): Promise<CryptoKey>`** (Experimental)
 
 ```javascript
 // Experimental.
 
-// Generate and export RS512 keys in PEM-format.
+// Generate and export RS512 keys in PEM-format. (filePath and write mode can be supplied as optional second parameter at export)
 const { privateKey, publicKey } = await generateKeyPair("RS512");
 await exportPEMKey(privateKey, "./private_key_RS512.pem");
 await exportPEMKey(publicKey, "./public_key_RS512.pem");

deno.jsonc

@@ -1,6 +1,6 @@
 {
     "name": "@cross/jwt",
-    "version": "0.4.6",
+    "version": "0.4.7",
     "exports": "./mod.ts",
 
     "tasks": {

mod.ts

@@ -3,6 +3,7 @@ export { signJWT } from "./src/sign.ts";
 export { unsafeParseJWT, validateJWT } from "./src/validate.ts";
 export { exportPEMKey, generateKey, generateKeyPair, importPEMKey } from "./src/cryptokeys.ts";
 export type {
+    ExportPEMKeyOptions,
     GenerateKeyOptions,
     GenerateKeyPairOptions,
     SupportedKeyAlgorithms,

src/cryptokeys.ts

@@ -168,14 +168,41 @@ export async function generateKeyPair(
     }
 }
 
+// Options for PEM formatted file write.
+export interface ExportPEMKeyOptions {
+    // Optional path to write the PEM-formatted key to
+    filePath?: string;
+    // Optional for file write mode
+    mode?: number;
+}
+
+// Overload 1: Export without writing to a file
+export function exportPEMKey(key: CryptoKey): Promise<string>;
+
+// Overload 2: Export with a file path (default mode)
+export function exportPEMKey(key: CryptoKey, filePath: string): Promise<string>;
+
+// Overload 3: Export with custom options
+export function exportPEMKey(key: CryptoKey, options: ExportPEMKeyOptions): Promise<string>;
+
 /**
  * Exports a CryptoKey to PEM format and optionally writes it to a file.
  *
  * @param key - The CryptoKey to export.
- * @param filePath - (Optional) Path to write the PEM-formatted key to.
+ * @param filePathOrOptions - (Optional) Path to write the PEM-formatted key to, or an ExportPEMKeyOptions object.
  * @returns {Promise<string>} A Promise resolving to the PEM-formatted key string.
  */
-export async function exportPEMKey(key: CryptoKey, filePath?: string): Promise<string> {
+export async function exportPEMKey(key: CryptoKey, filePathOrOptions?: string | ExportPEMKeyOptions): Promise<string> {
+    let filePath: string | undefined;
+    let options: ExportPEMKeyOptions | undefined;
+
+    if (typeof filePathOrOptions === "string") {
+        filePath = filePathOrOptions;
+    } else {
+        options = filePathOrOptions;
+        filePath = options?.filePath;
+    }
+
     const keyType = key.type;
 
     const exportedKey = await window.crypto.subtle.exportKey(
@@ -186,7 +213,7 @@ export async function exportPEMKey(key: CryptoKey, filePath?: string): Promise<s
     const pemKey = formatAsPem(keyType === "private" ? "PRIVATE KEY" : "PUBLIC KEY", exportedKey);
 
     if (filePath) {
-        await writeFile(filePath, pemKey);
+        await writeFile(filePath, pemKey, { mode: options?.mode ?? 0o600 });
     }
 
     return pemKey;