Package-level declarations
Types
SPKAC is a Certificate Signing Request mechanism originally implemented by Netscape and was specified formally as part of HTML5's keygen element.
The DiffieHellman class is a utility for creating Diffie-Hellman key exchanges.
Node.js uses a KeyObject class to represent a symmetric or asymmetric key, and each kind of key exposes different functions. The {@link createSecretKey}, {@link createPublicKey} and {@link createPrivateKey} methods are used to create KeyObjectinstances. KeyObject objects are not to be created directly using the newkeyword.
Encapsulates an X509 certificate and provides read-only access to its information.
Properties
Functions
Checks the primality of the candidate.
Checks the primality of the candidate.
Creates and returns a Cipher object, with the given algorithm, key and initialization vector (iv).
Creates and returns a Decipher object that uses the given algorithm, key and initialization vector (iv).
Creates a DiffieHellman key exchange object using the supplied prime and an optional specific generator.
An alias for {@link getDiffieHellman}
Creates an Elliptic Curve Diffie-Hellman (ECDH) key exchange object using a predefined curve specified by the curveName string. Use {@link getCurves} to obtain a list of available curve names. On recent OpenSSL releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.
Creates and returns a Hash object that can be used to generate hash digests using the given algorithm. Optional options argument controls stream behavior. For XOF hash functions such as 'shake256', the outputLength option can be used to specify the desired output length in bytes.
Creates and returns an Hmac object that uses the given algorithm and key. Optional options argument controls stream behavior.
Creates and returns a new key object containing a private key. If key is a string or Buffer, format is assumed to be 'pem'; otherwise, key must be an object with the properties described above.
Creates and returns a new key object containing a public key. If key is a string or Buffer, format is assumed to be 'pem'; if key is a KeyObject with type 'private', the public key is derived from the given private key; otherwise, key must be an object with the properties described above.
Creates and returns a new key object containing a secret key for symmetric encryption or Hmac.
Creates and returns a Sign object that uses the given algorithm. Use {@link getHashes} to obtain the names of the available digest algorithms. Optional options argument controls the stream.Writable behavior.
Creates and returns a Verify object that uses the given algorithm. Use {@link getHashes} to obtain an array of names of the available signing algorithms. Optional options argument controls the stream.Writable behavior.
Computes the Diffie-Hellman secret based on a privateKey and a publicKey. Both keys must have the same asymmetricKeyType, which must be one of 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).
Asynchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.
Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC, Ed25519, Ed448, X25519, X448, and DH are currently supported.
Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC, Ed25519, Ed448, X25519, X448, and DH are currently supported.
Synchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.
Generates a pseudorandom prime of size bits.
Generates a pseudorandom prime of size bits.
Returns information about a given cipher.
Creates a predefined DiffieHellmanGroup key exchange object. The supported groups are listed in the documentation for DiffieHellmanGroup.
A convenient alias for {@link webcrypto.getRandomValues}. This implementation is not compliant with the Web Crypto spec, to write web-compatible code use {@link webcrypto.getRandomValues} instead.
A utility for creating one-shot hash digests of data. It can be faster than the object-based crypto.createHash() when hashing a smaller amount of data (<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use crypto.createHash() instead. The algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256', 'sha512', etc. On recent releases of OpenSSL, openssl list -digest-algorithms will display the available digest algorithms.
HKDF is a simple key derivation function defined in RFC 5869\. The given ikm, salt and info are used with the digest to derive a key of keylen bytes.
Provides a synchronous HKDF key derivation function as defined in RFC 5869\. The given ikm, salt and info are used with the digest to derive a key of keylen bytes.
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.
Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.
Decrypts buffer with privateKey. buffer was previously encrypted using the corresponding public key, for example using {@link publicEncrypt}.
Encrypts buffer with privateKey. The returned data can be decrypted using the corresponding public key, for example using {@link publicDecrypt}.
Decrypts buffer with key.buffer was previously encrypted using the corresponding private key, for example using {@link privateEncrypt}.
Encrypts the content of buffer with key and returns a new Buffer with encrypted content. The returned data can be decrypted using the corresponding private key, for example using {@link privateDecrypt}.
Generates cryptographically strong pseudorandom data. The size argument is a number indicating the number of bytes to generate.
This function is similar to {@link randomBytes} but requires the first argument to be a Buffer that will be filled. It also requires that a callback is passed in.
Synchronous version of {@link randomFill}.
Return a random integer n such that min <= n < max. This implementation avoids modulo bias.
Generates a random RFC 4122 version 4 UUID. The UUID is generated using a cryptographic pseudorandom number generator.
Provides an asynchronous scrypt implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.
Provides a synchronous scrypt implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.
Calculates and returns the signature for data using the given private key and algorithm. If algorithm is null or undefined, then the algorithm is dependent upon the key type (especially Ed25519 and Ed448).
This function compares the underlying bytes that represent the given ArrayBuffer, TypedArray, or DataView instances using a constant-time algorithm.
Verifies the given signature for data using the given key and algorithm. If algorithm is null or undefined, then the algorithm is dependent upon the key type (especially Ed25519 and Ed448).