From 6e9692913f0dc7ae75f42e683a68952a014adbd4 Mon Sep 17 00:00:00 2001
From: Richard Schneider <makaretu@gmail.com>
Date: Sat, 23 Dec 2017 06:07:24 +1300
Subject: [PATCH] feat: generate unique options for a key chain

---
 src/keychain.js       | 12 ++++++++++++
 test/keychain.spec.js |  7 +++++++
 2 files changed, 19 insertions(+)

diff --git a/src/keychain.js b/src/keychain.js
index 3d20504..2814834 100644
--- a/src/keychain.js
+++ b/src/keychain.js
@@ -138,6 +138,18 @@ class Keychain {
     return defaultOptions
   }
 
+  /**
+   * Generates the options for a keychain.  A random salt is produced.
+   *
+   * @returns {object}
+   */
+  static generateOptions () {
+    const options = Object.assign({}, defaultOptions)
+    const saltLength = Math.ceil(NIST.minSaltLength / 3) * 3 // no base64 padding
+    options.dek.salt = crypto.randomBytes(saltLength).toString('base64')
+    return options
+  }
+
   /**
    * Create a new key.
    *
diff --git a/test/keychain.spec.js b/test/keychain.spec.js
index aae21b1..32112dc 100644
--- a/test/keychain.spec.js
+++ b/test/keychain.spec.js
@@ -46,6 +46,13 @@ module.exports = (datastore1, datastore2) => {
       expect(() => new Keychain(datastore2, { passPhrase: passPhrase, dek: { hash: 'my-hash' } })).to.throw()
     })
 
+    it('can generate options', () => {
+      const options = Keychain.generateOptions()
+      options.passPhrase = passPhrase
+      const chain = new Keychain(datastore2, options)
+      expect(chain).to.exist()
+    })
+
     describe('key name', () => {
       it('is a valid filename and non-ASCII', () => {
         ks.removeKey('../../nasty', (err) => {