Package-level declarations

SPKAC is a Certificate Signing Request mechanism originally implemented by Netscape and was specified formally as part of HTML5's keygen element.

Instances of the Cipheriv class are used to encrypt data. The class can be used in one of two ways:

Instances of the Decipheriv class are used to decrypt data. The class can be used in one of two ways:

The DiffieHellman class is a utility for creating Diffie-Hellman key exchanges.

The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) key exchanges.

The Hash class is a utility for creating hash digests of data. It can be used in one of two ways:

The Hmac class is a utility for creating cryptographic HMAC digests. It can be used in one of two ways:

Node.js uses a KeyObject class to represent a symmetric or asymmetric key, and each kind of key exposes different functions. The {@link createSecretKey}, {@link createPublicKey} and {@link createPrivateKey} methods are used to create KeyObjectinstances. KeyObject objects are not to be created directly using the newkeyword.

The Sign class is a utility for generating signatures. It can be used in one of two ways:

The Verify class is a utility for verifying signatures. It can be used in one of two ways:

Encapsulates an X509 certificate and provides read-only access to its information.

A convenient alias for crypto.webcrypto.subtle.

An implementation of the Web Crypto API standard.

Provides an asynchronous Argon2 implementation. Argon2 is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.

Provides a synchronous Argon2 implementation. Argon2 is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.

Checks the primality of the candidate.

Checks the primality of the candidate.

Creates and returns a Cipher object, with the given algorithm, key and initialization vector (iv).

Creates and returns a Decipheriv object that uses the given algorithm, key and initialization vector (iv).

Creates a DiffieHellman key exchange object using the supplied prime and an optional specific generator.

An alias for {@link getDiffieHellman}

Creates an Elliptic Curve Diffie-Hellman (ECDH) key exchange object using a predefined curve specified by the curveName string. Use {@link getCurves} to obtain a list of available curve names. On recent OpenSSL releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.

Creates and returns a Hash object that can be used to generate hash digests using the given algorithm. Optional options argument controls stream behavior. For XOF hash functions such as 'shake256', the outputLength option can be used to specify the desired output length in bytes.

Creates and returns an Hmac object that uses the given algorithm and key. Optional options argument controls stream behavior.

Creates and returns a new key object containing a private key. If key is a string or Buffer, format is assumed to be 'pem'; otherwise, key must be an object with the properties described above.

Creates and returns a new key object containing a public key. If key is a string or Buffer, format is assumed to be 'pem'; if key is a KeyObject with type 'private', the public key is derived from the given private key; otherwise, key must be an object with the properties described above.

Creates and returns a new key object containing a secret key for symmetric encryption or Hmac.

Creates and returns a Sign object that uses the given algorithm. Use {@link getHashes} to obtain the names of the available digest algorithms. Optional options argument controls the stream.Writable behavior.

Creates and returns a Verify object that uses the given algorithm. Use {@link getHashes} to obtain an array of names of the available signing algorithms. Optional options argument controls the stream.Writable behavior.

Key decapsulation using a KEM algorithm with a private key.

Computes the Diffie-Hellman shared secret based on a privateKey and a publicKey. Both keys must have the same asymmetricKeyType and must support either the DH or ECDH operation.

Key encapsulation using a KEM algorithm with a public key.

Asynchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.