option to export private keys

[korki43]

First of all thanks for this great library! I've been using it a lot lately and stumbled over a small feature I'm missing.

I'm missing an option to allow exporting of private keys in the browser runtime. I know that it's often not a good idea to export private keys, but for keys which are used for signing this is necessary. There are also certain use cases in which you would want to extract the key to use it elsewhere.

My suggestion is to add another option to generateSecret and generateKeyPair to allow exporting. This option should be disabled by default and can be ignored on Node, because (in my understanding) all Node KeyObjects are exportable.

I'm currently using the web crypto api directly to create an exportable key pair. This works, but I would really love to see an option for this directly in jose as it's one of the core aspects of a key if it's exportable or not.

I would love to hear your opinion about this or to open a PR for this feature.

[panva]

but for keys which are used for signing this is necessary

Please elaborate, why would it be necessary?

[korki43]

When I create a keypair in the client, and want to use it for signing, I have to export the private key (for example as jwk) to send it to other users/store it.

[panva]

Here's where i disconnect. You do not send private keys around. That makes them not private anymore. And to store these CryptoKry instances use IndexedDB.