1<!DOCTYPE html> 2<html lang="en"> 3<head> 4 <meta charset="utf-8"> 5 <meta name="viewport" content="width=device-width"> 6 <meta name="nodejs.org:node-version" content="v14.19.1"> 7 <title>Crypto | Node.js v14.19.1 Documentation</title> 8 <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic&display=fallback"> 9 <link rel="stylesheet" href="assets/style.css"> 10 <link rel="stylesheet" href="assets/hljs.css"> 11 <link rel="canonical" href="https://nodejs.org/api/crypto.html"> 12</head> 13<body class="alt apidoc" id="api-section-crypto"> 14 <div id="content" class="clearfix"> 15 <div id="column2" class="interior"> 16 <div id="intro" class="interior"> 17 <a href="/" title="Go back to the home page"> 18 Node.js 19 </a> 20 </div> 21 <ul> 22<li><a href="documentation.html" class="nav-documentation">About this documentation</a></li> 23<li><a href="synopsis.html" class="nav-synopsis">Usage and example</a></li> 24</ul> 25<hr class="line"> 26<ul> 27<li><a href="assert.html" class="nav-assert">Assertion testing</a></li> 28<li><a href="async_hooks.html" class="nav-async_hooks">Async hooks</a></li> 29<li><a href="buffer.html" class="nav-buffer">Buffer</a></li> 30<li><a href="addons.html" class="nav-addons">C++ addons</a></li> 31<li><a href="n-api.html" class="nav-n-api">C/C++ addons with Node-API</a></li> 32<li><a href="embedding.html" class="nav-embedding">C++ embedder API</a></li> 33<li><a href="child_process.html" class="nav-child_process">Child processes</a></li> 34<li><a href="cluster.html" class="nav-cluster">Cluster</a></li> 35<li><a href="cli.html" class="nav-cli">Command-line options</a></li> 36<li><a href="console.html" class="nav-console">Console</a></li> 37<li><a href="corepack.html" class="nav-corepack">Corepack</a></li> 38<li><a href="crypto.html" class="nav-crypto active">Crypto</a></li> 39<li><a href="debugger.html" class="nav-debugger">Debugger</a></li> 40<li><a href="deprecations.html" class="nav-deprecations">Deprecated APIs</a></li> 41<li><a href="diagnostics_channel.html" class="nav-diagnostics_channel">Diagnostics Channel</a></li> 42<li><a href="dns.html" class="nav-dns">DNS</a></li> 43<li><a href="domain.html" class="nav-domain">Domain</a></li> 44<li><a href="errors.html" class="nav-errors">Errors</a></li> 45<li><a href="events.html" class="nav-events">Events</a></li> 46<li><a href="fs.html" class="nav-fs">File system</a></li> 47<li><a href="globals.html" class="nav-globals">Globals</a></li> 48<li><a href="http.html" class="nav-http">HTTP</a></li> 49<li><a href="http2.html" class="nav-http2">HTTP/2</a></li> 50<li><a href="https.html" class="nav-https">HTTPS</a></li> 51<li><a href="inspector.html" class="nav-inspector">Inspector</a></li> 52<li><a href="intl.html" class="nav-intl">Internationalization</a></li> 53<li><a href="modules.html" class="nav-modules">Modules: CommonJS modules</a></li> 54<li><a href="esm.html" class="nav-esm">Modules: ECMAScript modules</a></li> 55<li><a href="module.html" class="nav-module">Modules: <code>module</code> API</a></li> 56<li><a href="packages.html" class="nav-packages">Modules: Packages</a></li> 57<li><a href="net.html" class="nav-net">Net</a></li> 58<li><a href="os.html" class="nav-os">OS</a></li> 59<li><a href="path.html" class="nav-path">Path</a></li> 60<li><a href="perf_hooks.html" class="nav-perf_hooks">Performance hooks</a></li> 61<li><a href="policy.html" class="nav-policy">Policies</a></li> 62<li><a href="process.html" class="nav-process">Process</a></li> 63<li><a href="punycode.html" class="nav-punycode">Punycode</a></li> 64<li><a href="querystring.html" class="nav-querystring">Query strings</a></li> 65<li><a href="readline.html" class="nav-readline">Readline</a></li> 66<li><a href="repl.html" class="nav-repl">REPL</a></li> 67<li><a href="report.html" class="nav-report">Report</a></li> 68<li><a href="stream.html" class="nav-stream">Stream</a></li> 69<li><a href="string_decoder.html" class="nav-string_decoder">String decoder</a></li> 70<li><a href="timers.html" class="nav-timers">Timers</a></li> 71<li><a href="tls.html" class="nav-tls">TLS/SSL</a></li> 72<li><a href="tracing.html" class="nav-tracing">Trace events</a></li> 73<li><a href="tty.html" class="nav-tty">TTY</a></li> 74<li><a href="dgram.html" class="nav-dgram">UDP/datagram</a></li> 75<li><a href="url.html" class="nav-url">URL</a></li> 76<li><a href="util.html" class="nav-util">Utilities</a></li> 77<li><a href="v8.html" class="nav-v8">V8</a></li> 78<li><a href="vm.html" class="nav-vm">VM</a></li> 79<li><a href="wasi.html" class="nav-wasi">WASI</a></li> 80<li><a href="worker_threads.html" class="nav-worker_threads">Worker threads</a></li> 81<li><a href="zlib.html" class="nav-zlib">Zlib</a></li> 82</ul> 83<hr class="line"> 84<ul> 85<li><a href="https://github.com/nodejs/node" class="nav-https-github-com-nodejs-node">Code repository and issue tracker</a></li> 86</ul> 87 </div> 88 89 <div id="column1" data-id="crypto" class="interior"> 90 <header> 91 <div class="header-container"> 92 <h1>Node.js v14.19.1 documentation</h1> 93 <button class="theme-toggle-btn" id="theme-toggle-btn" title="Toggle dark mode/light mode" aria-label="Toggle dark mode/light mode" hidden> 94 <svg xmlns="http://www.w3.org/2000/svg" class="icon dark-icon" height="24" width="24"> 95 <path fill="none" d="M0 0h24v24H0z" /> 96 <path d="M11.1 12.08c-2.33-4.51-.5-8.48.53-10.07C6.27 2.2 1.98 6.59 1.98 12c0 .14.02.28.02.42.62-.27 1.29-.42 2-.42 1.66 0 3.18.83 4.1 2.15A4.01 4.01 0 0111 18c0 1.52-.87 2.83-2.12 3.51.98.32 2.03.5 3.11.5 3.5 0 6.58-1.8 8.37-4.52-2.36.23-6.98-.97-9.26-5.41z"/> 97 <path d="M7 16h-.18C6.4 14.84 5.3 14 4 14c-1.66 0-3 1.34-3 3s1.34 3 3 3h3c1.1 0 2-.9 2-2s-.9-2-2-2z"/> 98 </svg> 99 <svg xmlns="http://www.w3.org/2000/svg" class="icon light-icon" height="24" width="24"> 100 <path d="M0 0h24v24H0z" fill="none" /> 101 <path d="M6.76 4.84l-1.8-1.79-1.41 1.41 1.79 1.79 1.42-1.41zM4 10.5H1v2h3v-2zm9-9.95h-2V3.5h2V.55zm7.45 3.91l-1.41-1.41-1.79 1.79 1.41 1.41 1.79-1.79zm-3.21 13.7l1.79 1.8 1.41-1.41-1.8-1.79-1.4 1.4zM20 10.5v2h3v-2h-3zm-8-5c-3.31 0-6 2.69-6 6s2.69 6 6 6 6-2.69 6-6-2.69-6-6-6zm-1 16.95h2V19.5h-2v2.95zm-7.45-3.91l1.41 1.41 1.79-1.8-1.41-1.41-1.79 1.8z"/> 102 </svg> 103 </button> 104 </div> 105 <div id="gtoc"> 106 <ul> 107 <li> 108 <a href="index.html">Index</a> 109 </li> 110 <li> 111 <a href="all.html">View on single page</a> 112 </li> 113 <li> 114 <a href="crypto.json">View as JSON</a> 115 </li> 116 117 <li class="version-picker"> 118 <a href="#">View another version <span>▼</span></a> 119 <ol class="version-picker"><li><a href="https://nodejs.org/docs/latest-v17.x/api/crypto.html">17.x</a></li> 120<li><a href="https://nodejs.org/docs/latest-v16.x/api/crypto.html">16.x <b>LTS</b></a></li> 121<li><a href="https://nodejs.org/docs/latest-v15.x/api/crypto.html">15.x</a></li> 122<li><a href="https://nodejs.org/docs/latest-v14.x/api/crypto.html">14.x <b>LTS</b></a></li> 123<li><a href="https://nodejs.org/docs/latest-v13.x/api/crypto.html">13.x</a></li> 124<li><a href="https://nodejs.org/docs/latest-v12.x/api/crypto.html">12.x <b>LTS</b></a></li> 125<li><a href="https://nodejs.org/docs/latest-v11.x/api/crypto.html">11.x</a></li> 126<li><a href="https://nodejs.org/docs/latest-v10.x/api/crypto.html">10.x</a></li> 127<li><a href="https://nodejs.org/docs/latest-v9.x/api/crypto.html">9.x</a></li> 128<li><a href="https://nodejs.org/docs/latest-v8.x/api/crypto.html">8.x</a></li> 129<li><a href="https://nodejs.org/docs/latest-v7.x/api/crypto.html">7.x</a></li> 130<li><a href="https://nodejs.org/docs/latest-v6.x/api/crypto.html">6.x</a></li> 131<li><a href="https://nodejs.org/docs/latest-v5.x/api/crypto.html">5.x</a></li> 132<li><a href="https://nodejs.org/docs/latest-v4.x/api/crypto.html">4.x</a></li> 133<li><a href="https://nodejs.org/docs/latest-v0.12.x/api/crypto.html">0.12.x</a></li> 134<li><a href="https://nodejs.org/docs/latest-v0.10.x/api/crypto.html">0.10.x</a></li></ol> 135 </li> 136 137 <li class="edit_on_github"><a href="https://github.com/nodejs/node/edit/master/doc/api/crypto.md">Edit on GitHub</a></li> 138 </ul> 139 </div> 140 <hr> 141 </header> 142 143 <details id="toc" open><summary>Table of contents</summary><ul> 144<li><span class="stability_2"><a href="#crypto_crypto">Crypto</a></span> 145<ul> 146<li><a href="#crypto_determining_if_crypto_support_is_unavailable">Determining if crypto support is unavailable</a></li> 147<li><a href="#crypto_class_certificate">Class: <code>Certificate</code></a> 148<ul> 149<li><a href="#crypto_certificate_exportchallenge_spkac"><code>Certificate.exportChallenge(spkac)</code></a></li> 150<li><a href="#crypto_certificate_exportpublickey_spkac_encoding"><code>Certificate.exportPublicKey(spkac[, encoding])</code></a></li> 151<li><a href="#crypto_certificate_verifyspkac_spkac"><code>Certificate.verifySpkac(spkac)</code></a></li> 152<li><span class="stability_0"><a href="#crypto_legacy_api">Legacy API</a></span> 153<ul> 154<li><a href="#crypto_new_crypto_certificate"><code>new crypto.Certificate()</code></a></li> 155<li><a href="#crypto_certificate_exportchallenge_spkac_1"><code>certificate.exportChallenge(spkac)</code></a></li> 156<li><a href="#crypto_certificate_exportpublickey_spkac"><code>certificate.exportPublicKey(spkac)</code></a></li> 157<li><a href="#crypto_certificate_verifyspkac_spkac_1"><code>certificate.verifySpkac(spkac)</code></a></li> 158</ul> 159</li> 160</ul> 161</li> 162<li><a href="#crypto_class_cipher">Class: <code>Cipher</code></a> 163<ul> 164<li><a href="#crypto_cipher_final_outputencoding"><code>cipher.final([outputEncoding])</code></a></li> 165<li><a href="#crypto_cipher_getauthtag"><code>cipher.getAuthTag()</code></a></li> 166<li><a href="#crypto_cipher_setaad_buffer_options"><code>cipher.setAAD(buffer[, options])</code></a></li> 167<li><a href="#crypto_cipher_setautopadding_autopadding"><code>cipher.setAutoPadding([autoPadding])</code></a></li> 168<li><a href="#crypto_cipher_update_data_inputencoding_outputencoding"><code>cipher.update(data[, inputEncoding][, outputEncoding])</code></a></li> 169</ul> 170</li> 171<li><a href="#crypto_class_decipher">Class: <code>Decipher</code></a> 172<ul> 173<li><a href="#crypto_decipher_final_outputencoding"><code>decipher.final([outputEncoding])</code></a></li> 174<li><a href="#crypto_decipher_setaad_buffer_options"><code>decipher.setAAD(buffer[, options])</code></a></li> 175<li><a href="#crypto_decipher_setauthtag_buffer"><code>decipher.setAuthTag(buffer)</code></a></li> 176<li><a href="#crypto_decipher_setautopadding_autopadding"><code>decipher.setAutoPadding([autoPadding])</code></a></li> 177<li><a href="#crypto_decipher_update_data_inputencoding_outputencoding"><code>decipher.update(data[, inputEncoding][, outputEncoding])</code></a></li> 178</ul> 179</li> 180<li><a href="#crypto_class_diffiehellman">Class: <code>DiffieHellman</code></a> 181<ul> 182<li><a href="#crypto_diffiehellman_computesecret_otherpublickey_inputencoding_outputencoding"><code>diffieHellman.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])</code></a></li> 183<li><a href="#crypto_diffiehellman_generatekeys_encoding"><code>diffieHellman.generateKeys([encoding])</code></a></li> 184<li><a href="#crypto_diffiehellman_getgenerator_encoding"><code>diffieHellman.getGenerator([encoding])</code></a></li> 185<li><a href="#crypto_diffiehellman_getprime_encoding"><code>diffieHellman.getPrime([encoding])</code></a></li> 186<li><a href="#crypto_diffiehellman_getprivatekey_encoding"><code>diffieHellman.getPrivateKey([encoding])</code></a></li> 187<li><a href="#crypto_diffiehellman_getpublickey_encoding"><code>diffieHellman.getPublicKey([encoding])</code></a></li> 188<li><a href="#crypto_diffiehellman_setprivatekey_privatekey_encoding"><code>diffieHellman.setPrivateKey(privateKey[, encoding])</code></a></li> 189<li><a href="#crypto_diffiehellman_setpublickey_publickey_encoding"><code>diffieHellman.setPublicKey(publicKey[, encoding])</code></a></li> 190<li><a href="#crypto_diffiehellman_verifyerror"><code>diffieHellman.verifyError</code></a></li> 191</ul> 192</li> 193<li><a href="#crypto_class_diffiehellmangroup">Class: <code>DiffieHellmanGroup</code></a></li> 194<li><a href="#crypto_class_ecdh">Class: <code>ECDH</code></a> 195<ul> 196<li><a href="#crypto_static_method_ecdh_convertkey_key_curve_inputencoding_outputencoding_format">Static method: <code>ECDH.convertKey(key, curve[, inputEncoding[, outputEncoding[, format]]])</code></a></li> 197<li><a href="#crypto_ecdh_computesecret_otherpublickey_inputencoding_outputencoding"><code>ecdh.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])</code></a></li> 198<li><a href="#crypto_ecdh_generatekeys_encoding_format"><code>ecdh.generateKeys([encoding[, format]])</code></a></li> 199<li><a href="#crypto_ecdh_getprivatekey_encoding"><code>ecdh.getPrivateKey([encoding])</code></a></li> 200<li><a href="#crypto_ecdh_getpublickey_encoding_format"><code>ecdh.getPublicKey([encoding][, format])</code></a></li> 201<li><a href="#crypto_ecdh_setprivatekey_privatekey_encoding"><code>ecdh.setPrivateKey(privateKey[, encoding])</code></a></li> 202<li><span class="stability_0"><a href="#crypto_ecdh_setpublickey_publickey_encoding"><code>ecdh.setPublicKey(publicKey[, encoding])</code></a></span></li> 203</ul> 204</li> 205<li><a href="#crypto_class_hash">Class: <code>Hash</code></a> 206<ul> 207<li><a href="#crypto_hash_copy_options"><code>hash.copy([options])</code></a></li> 208<li><a href="#crypto_hash_digest_encoding"><code>hash.digest([encoding])</code></a></li> 209<li><a href="#crypto_hash_update_data_inputencoding"><code>hash.update(data[, inputEncoding])</code></a></li> 210</ul> 211</li> 212<li><a href="#crypto_class_hmac">Class: <code>Hmac</code></a> 213<ul> 214<li><a href="#crypto_hmac_digest_encoding"><code>hmac.digest([encoding])</code></a></li> 215<li><a href="#crypto_hmac_update_data_inputencoding"><code>hmac.update(data[, inputEncoding])</code></a></li> 216</ul> 217</li> 218<li><a href="#crypto_class_keyobject">Class: <code>KeyObject</code></a> 219<ul> 220<li><a href="#crypto_keyobject_asymmetrickeytype"><code>keyObject.asymmetricKeyType</code></a></li> 221<li><a href="#crypto_keyobject_export_options"><code>keyObject.export([options])</code></a></li> 222<li><a href="#crypto_keyobject_symmetrickeysize"><code>keyObject.symmetricKeySize</code></a></li> 223<li><a href="#crypto_keyobject_type"><code>keyObject.type</code></a></li> 224</ul> 225</li> 226<li><a href="#crypto_class_sign">Class: <code>Sign</code></a> 227<ul> 228<li><a href="#crypto_sign_sign_privatekey_outputencoding"><code>sign.sign(privateKey[, outputEncoding])</code></a></li> 229<li><a href="#crypto_sign_update_data_inputencoding"><code>sign.update(data[, inputEncoding])</code></a></li> 230</ul> 231</li> 232<li><a href="#crypto_class_verify">Class: <code>Verify</code></a> 233<ul> 234<li><a href="#crypto_verify_update_data_inputencoding"><code>verify.update(data[, inputEncoding])</code></a></li> 235<li><a href="#crypto_verify_verify_object_signature_signatureencoding"><code>verify.verify(object, signature[, signatureEncoding])</code></a></li> 236</ul> 237</li> 238<li><a href="#crypto_crypto_module_methods_and_properties"><code>crypto</code> module methods and properties</a> 239<ul> 240<li><a href="#crypto_crypto_constants"><code>crypto.constants</code></a></li> 241<li><span class="stability_0"><a href="#crypto_crypto_default_encoding"><code>crypto.DEFAULT_ENCODING</code></a></span></li> 242<li><span class="stability_0"><a href="#crypto_crypto_fips"><code>crypto.fips</code></a></span></li> 243<li><span class="stability_0"><a href="#crypto_crypto_createcipher_algorithm_password_options"><code>crypto.createCipher(algorithm, password[, options])</code></a></span></li> 244<li><a href="#crypto_crypto_createcipheriv_algorithm_key_iv_options"><code>crypto.createCipheriv(algorithm, key, iv[, options])</code></a></li> 245<li><span class="stability_0"><a href="#crypto_crypto_createdecipher_algorithm_password_options"><code>crypto.createDecipher(algorithm, password[, options])</code></a></span></li> 246<li><a href="#crypto_crypto_createdecipheriv_algorithm_key_iv_options"><code>crypto.createDecipheriv(algorithm, key, iv[, options])</code></a></li> 247<li><a href="#crypto_crypto_creatediffiehellman_prime_primeencoding_generator_generatorencoding"><code>crypto.createDiffieHellman(prime[, primeEncoding][, generator][, generatorEncoding])</code></a></li> 248<li><a href="#crypto_crypto_creatediffiehellman_primelength_generator"><code>crypto.createDiffieHellman(primeLength[, generator])</code></a></li> 249<li><a href="#crypto_crypto_creatediffiehellmangroup_name"><code>crypto.createDiffieHellmanGroup(name)</code></a></li> 250<li><a href="#crypto_crypto_createecdh_curvename"><code>crypto.createECDH(curveName)</code></a></li> 251<li><a href="#crypto_crypto_createhash_algorithm_options"><code>crypto.createHash(algorithm[, options])</code></a></li> 252<li><a href="#crypto_crypto_createhmac_algorithm_key_options"><code>crypto.createHmac(algorithm, key[, options])</code></a></li> 253<li><a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey(key)</code></a></li> 254<li><a href="#crypto_crypto_createpublickey_key"><code>crypto.createPublicKey(key)</code></a></li> 255<li><a href="#crypto_crypto_createsecretkey_key"><code>crypto.createSecretKey(key)</code></a></li> 256<li><a href="#crypto_crypto_createsign_algorithm_options"><code>crypto.createSign(algorithm[, options])</code></a></li> 257<li><a href="#crypto_crypto_createverify_algorithm_options"><code>crypto.createVerify(algorithm[, options])</code></a></li> 258<li><a href="#crypto_crypto_diffiehellman_options"><code>crypto.diffieHellman(options)</code></a></li> 259<li><a href="#crypto_crypto_generatekeypair_type_options_callback"><code>crypto.generateKeyPair(type, options, callback)</code></a></li> 260<li><a href="#crypto_crypto_generatekeypairsync_type_options"><code>crypto.generateKeyPairSync(type, options)</code></a></li> 261<li><a href="#crypto_crypto_getciphers"><code>crypto.getCiphers()</code></a></li> 262<li><a href="#crypto_crypto_getcurves"><code>crypto.getCurves()</code></a></li> 263<li><a href="#crypto_crypto_getdiffiehellman_groupname"><code>crypto.getDiffieHellman(groupName)</code></a></li> 264<li><a href="#crypto_crypto_getfips"><code>crypto.getFips()</code></a></li> 265<li><a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a></li> 266<li><a href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback"><code>crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)</code></a></li> 267<li><a href="#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest"><code>crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)</code></a></li> 268<li><a href="#crypto_crypto_privatedecrypt_privatekey_buffer"><code>crypto.privateDecrypt(privateKey, buffer)</code></a></li> 269<li><a href="#crypto_crypto_privateencrypt_privatekey_buffer"><code>crypto.privateEncrypt(privateKey, buffer)</code></a></li> 270<li><a href="#crypto_crypto_publicdecrypt_key_buffer"><code>crypto.publicDecrypt(key, buffer)</code></a></li> 271<li><a href="#crypto_crypto_publicencrypt_key_buffer"><code>crypto.publicEncrypt(key, buffer)</code></a></li> 272<li><a href="#crypto_crypto_randombytes_size_callback"><code>crypto.randomBytes(size[, callback])</code></a></li> 273<li><a href="#crypto_crypto_randomfillsync_buffer_offset_size"><code>crypto.randomFillSync(buffer[, offset][, size])</code></a></li> 274<li><a href="#crypto_crypto_randomfill_buffer_offset_size_callback"><code>crypto.randomFill(buffer[, offset][, size], callback)</code></a></li> 275<li><a href="#crypto_crypto_randomint_min_max_callback"><code>crypto.randomInt([min, ]max[, callback])</code></a></li> 276<li><a href="#crypto_crypto_randomuuid_options"><code>crypto.randomUUID([options])</code></a></li> 277<li><a href="#crypto_crypto_scrypt_password_salt_keylen_options_callback"><code>crypto.scrypt(password, salt, keylen[, options], callback)</code></a></li> 278<li><a href="#crypto_crypto_scryptsync_password_salt_keylen_options"><code>crypto.scryptSync(password, salt, keylen[, options])</code></a></li> 279<li><a href="#crypto_crypto_setengine_engine_flags"><code>crypto.setEngine(engine[, flags])</code></a></li> 280<li><a href="#crypto_crypto_setfips_bool"><code>crypto.setFips(bool)</code></a></li> 281<li><a href="#crypto_crypto_sign_algorithm_data_key"><code>crypto.sign(algorithm, data, key)</code></a></li> 282<li><a href="#crypto_crypto_timingsafeequal_a_b"><code>crypto.timingSafeEqual(a, b)</code></a></li> 283<li><a href="#crypto_crypto_verify_algorithm_data_key_signature"><code>crypto.verify(algorithm, data, key, signature)</code></a></li> 284</ul> 285</li> 286<li><a href="#crypto_notes">Notes</a> 287<ul> 288<li><a href="#crypto_legacy_streams_api_prior_to_node_js_0_10">Legacy streams API (prior to Node.js 0.10)</a></li> 289<li><a href="#crypto_recent_ecdh_changes">Recent ECDH changes</a></li> 290<li><a href="#crypto_support_for_weak_or_compromised_algorithms">Support for weak or compromised algorithms</a></li> 291<li><a href="#crypto_ccm_mode">CCM mode</a></li> 292</ul> 293</li> 294<li><a href="#crypto_crypto_constants_1">Crypto constants</a> 295<ul> 296<li><a href="#crypto_openssl_options">OpenSSL options</a></li> 297<li><a href="#crypto_openssl_engine_constants">OpenSSL engine constants</a></li> 298<li><a href="#crypto_other_openssl_constants">Other OpenSSL constants</a></li> 299<li><a href="#crypto_node_js_crypto_constants">Node.js crypto constants</a></li> 300</ul> 301</li> 302</ul> 303</li> 304</ul></details> 305 306 <div id="apicontent"> 307 <h2>Crypto<span><a class="mark" href="#crypto_crypto" id="crypto_crypto">#</a></span></h2> 308 309<p></p><div class="api_stability api_stability_2"><a href="documentation.html#documentation_stability_index">Stability: 2</a> - Stable</div><p></p> 310<p><strong>Source Code:</strong> <a href="https://github.com/nodejs/node/blob/v14.19.1/lib/crypto.js">lib/crypto.js</a></p> 311<p>The <code>crypto</code> module provides cryptographic functionality that includes a set of 312wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions.</p> 313<p>Use <code>require('crypto')</code> to access this module.</p> 314<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 315 316<span class="hljs-keyword">const</span> secret = <span class="hljs-string">'abcdefg'</span>; 317<span class="hljs-keyword">const</span> hash = crypto.<span class="hljs-title function_">createHmac</span>(<span class="hljs-string">'sha256'</span>, secret) 318 .<span class="hljs-title function_">update</span>(<span class="hljs-string">'I love cupcakes'</span>) 319 .<span class="hljs-title function_">digest</span>(<span class="hljs-string">'hex'</span>); 320<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hash); 321<span class="hljs-comment">// Prints:</span> 322<span class="hljs-comment">// c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e</span></code></pre> 323<section><h3>Determining if crypto support is unavailable<span><a class="mark" href="#crypto_determining_if_crypto_support_is_unavailable" id="crypto_determining_if_crypto_support_is_unavailable">#</a></span></h3> 324<p>It is possible for Node.js to be built without including support for the 325<code>crypto</code> module. In such cases, calling <code>require('crypto')</code> will result in an 326error being thrown.</p> 327<pre><code class="language-js"><span class="hljs-keyword">let</span> crypto; 328<span class="hljs-keyword">try</span> { 329 crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 330} <span class="hljs-keyword">catch</span> (err) { 331 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">'crypto support is disabled!'</span>); 332}</code></pre> 333</section><section><h3>Class: <code>Certificate</code><span><a class="mark" href="#crypto_class_certificate" id="crypto_class_certificate">#</a></span></h3> 334<div class="api_metadata"> 335<span>Added in: v0.11.8</span> 336</div> 337<p>SPKAC is a Certificate Signing Request mechanism originally implemented by 338Netscape and was specified formally as part of <a href="https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen">HTML5's <code>keygen</code> element</a>.</p> 339<p><code><keygen></code> is deprecated since <a href="https://www.w3.org/TR/html52/changes.html#features-removed">HTML 5.2</a> and new projects 340should not use this element anymore.</p> 341<p>The <code>crypto</code> module provides the <code>Certificate</code> class for working with SPKAC 342data. The most common usage is handling output generated by the HTML5 343<code><keygen></code> element. Node.js uses <a href="https://www.openssl.org/docs/man1.1.0/apps/openssl-spkac.html">OpenSSL's SPKAC implementation</a> internally.</p> 344<h4><code>Certificate.exportChallenge(spkac)</code><span><a class="mark" href="#crypto_certificate_exportchallenge_spkac" id="crypto_certificate_exportchallenge_spkac">#</a></span></h4> 345<div class="api_metadata"> 346<span>Added in: v9.0.0</span> 347</div> 348<ul> 349<li><code>spkac</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 350<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The challenge component of the <code>spkac</code> data structure, which 351includes a public key and a challenge.</li> 352</ul> 353<pre><code class="language-js"><span class="hljs-keyword">const</span> { <span class="hljs-title class_">Certificate</span> } = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 354<span class="hljs-keyword">const</span> spkac = <span class="hljs-title function_">getSpkacSomehow</span>(); 355<span class="hljs-keyword">const</span> challenge = <span class="hljs-title class_">Certificate</span>.<span class="hljs-title function_">exportChallenge</span>(spkac); 356<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(challenge.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'utf8'</span>)); 357<span class="hljs-comment">// Prints: the challenge as a UTF8 string</span></code></pre> 358<h4><code>Certificate.exportPublicKey(spkac[, encoding])</code><span><a class="mark" href="#crypto_certificate_exportpublickey_spkac_encoding" id="crypto_certificate_exportpublickey_spkac_encoding">#</a></span></h4> 359<div class="api_metadata"> 360<span>Added in: v9.0.0</span> 361</div> 362<ul> 363<li><code>spkac</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 364<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>spkac</code> string.</li> 365<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The public key component of the <code>spkac</code> data structure, 366which includes a public key and a challenge.</li> 367</ul> 368<pre><code class="language-js"><span class="hljs-keyword">const</span> { <span class="hljs-title class_">Certificate</span> } = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 369<span class="hljs-keyword">const</span> spkac = <span class="hljs-title function_">getSpkacSomehow</span>(); 370<span class="hljs-keyword">const</span> publicKey = <span class="hljs-title class_">Certificate</span>.<span class="hljs-title function_">exportPublicKey</span>(spkac); 371<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(publicKey); 372<span class="hljs-comment">// Prints: the public key as <Buffer ...></span></code></pre> 373<h4><code>Certificate.verifySpkac(spkac)</code><span><a class="mark" href="#crypto_certificate_verifyspkac_spkac" id="crypto_certificate_verifyspkac_spkac">#</a></span></h4> 374<div class="api_metadata"> 375<span>Added in: v9.0.0</span> 376</div> 377<ul> 378<li><code>spkac</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 379<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> <code>true</code> if the given <code>spkac</code> data structure is valid, 380<code>false</code> otherwise.</li> 381</ul> 382<pre><code class="language-js"><span class="hljs-keyword">const</span> { <span class="hljs-title class_">Certificate</span> } = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 383<span class="hljs-keyword">const</span> spkac = <span class="hljs-title function_">getSpkacSomehow</span>(); 384<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Certificate</span>.<span class="hljs-title function_">verifySpkac</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(spkac))); 385<span class="hljs-comment">// Prints: true or false</span></code></pre> 386<h4>Legacy API<span><a class="mark" href="#crypto_legacy_api" id="crypto_legacy_api">#</a></span></h4> 387<p></p><div class="api_stability api_stability_0"><a href="documentation.html#documentation_stability_index">Stability: 0</a> - Deprecated</div><p></p> 388<p>As a legacy interface, it is possible to create new instances of 389the <code>crypto.Certificate</code> class as illustrated in the examples below.</p> 390<h5><code>new crypto.Certificate()</code><span><a class="mark" href="#crypto_new_crypto_certificate" id="crypto_new_crypto_certificate">#</a></span></h5> 391<p>Instances of the <code>Certificate</code> class can be created using the <code>new</code> keyword 392or by calling <code>crypto.Certificate()</code> as a function:</p> 393<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 394 395<span class="hljs-keyword">const</span> cert1 = <span class="hljs-keyword">new</span> crypto.<span class="hljs-title class_">Certificate</span>(); 396<span class="hljs-keyword">const</span> cert2 = crypto.<span class="hljs-title class_">Certificate</span>();</code></pre> 397<h5><code>certificate.exportChallenge(spkac)</code><span><a class="mark" href="#crypto_certificate_exportchallenge_spkac_1" id="crypto_certificate_exportchallenge_spkac_1">#</a></span></h5> 398<div class="api_metadata"> 399<span>Added in: v0.11.8</span> 400</div> 401<ul> 402<li><code>spkac</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 403<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The challenge component of the <code>spkac</code> data structure, which 404includes a public key and a challenge.</li> 405</ul> 406<pre><code class="language-js"><span class="hljs-keyword">const</span> cert = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>).<span class="hljs-title class_">Certificate</span>(); 407<span class="hljs-keyword">const</span> spkac = <span class="hljs-title function_">getSpkacSomehow</span>(); 408<span class="hljs-keyword">const</span> challenge = cert.<span class="hljs-title function_">exportChallenge</span>(spkac); 409<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(challenge.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'utf8'</span>)); 410<span class="hljs-comment">// Prints: the challenge as a UTF8 string</span></code></pre> 411<h5><code>certificate.exportPublicKey(spkac)</code><span><a class="mark" href="#crypto_certificate_exportpublickey_spkac" id="crypto_certificate_exportpublickey_spkac">#</a></span></h5> 412<div class="api_metadata"> 413<span>Added in: v0.11.8</span> 414</div> 415<ul> 416<li><code>spkac</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 417<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The public key component of the <code>spkac</code> data structure, 418which includes a public key and a challenge.</li> 419</ul> 420<pre><code class="language-js"><span class="hljs-keyword">const</span> cert = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>).<span class="hljs-title class_">Certificate</span>(); 421<span class="hljs-keyword">const</span> spkac = <span class="hljs-title function_">getSpkacSomehow</span>(); 422<span class="hljs-keyword">const</span> publicKey = cert.<span class="hljs-title function_">exportPublicKey</span>(spkac); 423<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(publicKey); 424<span class="hljs-comment">// Prints: the public key as <Buffer ...></span></code></pre> 425<h5><code>certificate.verifySpkac(spkac)</code><span><a class="mark" href="#crypto_certificate_verifyspkac_spkac_1" id="crypto_certificate_verifyspkac_spkac_1">#</a></span></h5> 426<div class="api_metadata"> 427<span>Added in: v0.11.8</span> 428</div> 429<ul> 430<li><code>spkac</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 431<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> <code>true</code> if the given <code>spkac</code> data structure is valid, 432<code>false</code> otherwise.</li> 433</ul> 434<pre><code class="language-js"><span class="hljs-keyword">const</span> cert = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>).<span class="hljs-title class_">Certificate</span>(); 435<span class="hljs-keyword">const</span> spkac = <span class="hljs-title function_">getSpkacSomehow</span>(); 436<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(cert.<span class="hljs-title function_">verifySpkac</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(spkac))); 437<span class="hljs-comment">// Prints: true or false</span></code></pre> 438</section><section><h3>Class: <code>Cipher</code><span><a class="mark" href="#crypto_class_cipher" id="crypto_class_cipher">#</a></span></h3> 439<div class="api_metadata"> 440<span>Added in: v0.1.94</span> 441</div> 442<ul> 443<li>Extends: <a href="stream.html#stream_class_stream_transform" class="type"><stream.Transform></a></li> 444</ul> 445<p>Instances of the <code>Cipher</code> class are used to encrypt data. The class can be 446used in one of two ways:</p> 447<ul> 448<li>As a <a href="stream.html">stream</a> that is both readable and writable, where plain unencrypted 449data is written to produce encrypted data on the readable side, or</li> 450<li>Using the <a href="#crypto_cipher_update_data_inputencoding_outputencoding"><code>cipher.update()</code></a> and <a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a> methods to produce 451the encrypted data.</li> 452</ul> 453<p>The <a href="#crypto_crypto_createcipher_algorithm_password_options"><code>crypto.createCipher()</code></a> or <a href="#crypto_crypto_createcipheriv_algorithm_key_iv_options"><code>crypto.createCipheriv()</code></a> methods are 454used to create <code>Cipher</code> instances. <code>Cipher</code> objects are not to be created 455directly using the <code>new</code> keyword.</p> 456<p>Example: Using <code>Cipher</code> objects as streams:</p> 457<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 458 459<span class="hljs-keyword">const</span> algorithm = <span class="hljs-string">'aes-192-cbc'</span>; 460<span class="hljs-keyword">const</span> password = <span class="hljs-string">'Password used to generate key'</span>; 461<span class="hljs-comment">// Key length is dependent on the algorithm. In this case for aes192, it is</span> 462<span class="hljs-comment">// 24 bytes (192 bits).</span> 463<span class="hljs-comment">// Use async `crypto.scrypt()` instead.</span> 464<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">scryptSync</span>(password, <span class="hljs-string">'salt'</span>, <span class="hljs-number">24</span>); 465<span class="hljs-comment">// Use `crypto.randomBytes()` to generate a random iv instead of the static iv</span> 466<span class="hljs-comment">// shown here.</span> 467<span class="hljs-keyword">const</span> iv = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">16</span>, <span class="hljs-number">0</span>); <span class="hljs-comment">// Initialization vector.</span> 468 469<span class="hljs-keyword">const</span> cipher = crypto.<span class="hljs-title function_">createCipheriv</span>(algorithm, key, iv); 470 471<span class="hljs-keyword">let</span> encrypted = <span class="hljs-string">''</span>; 472cipher.<span class="hljs-title function_">on</span>(<span class="hljs-string">'readable'</span>, <span class="hljs-function">() =></span> { 473 <span class="hljs-keyword">let</span> chunk; 474 <span class="hljs-keyword">while</span> (<span class="hljs-literal">null</span> !== (chunk = cipher.<span class="hljs-title function_">read</span>())) { 475 encrypted += chunk.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>); 476 } 477}); 478cipher.<span class="hljs-title function_">on</span>(<span class="hljs-string">'end'</span>, <span class="hljs-function">() =></span> { 479 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(encrypted); 480 <span class="hljs-comment">// Prints: e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa</span> 481}); 482 483cipher.<span class="hljs-title function_">write</span>(<span class="hljs-string">'some clear text data'</span>); 484cipher.<span class="hljs-title function_">end</span>();</code></pre> 485<p>Example: Using <code>Cipher</code> and piped streams:</p> 486<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 487<span class="hljs-keyword">const</span> fs = <span class="hljs-built_in">require</span>(<span class="hljs-string">'fs'</span>); 488 489<span class="hljs-keyword">const</span> algorithm = <span class="hljs-string">'aes-192-cbc'</span>; 490<span class="hljs-keyword">const</span> password = <span class="hljs-string">'Password used to generate key'</span>; 491<span class="hljs-comment">// Use the async `crypto.scrypt()` instead.</span> 492<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">scryptSync</span>(password, <span class="hljs-string">'salt'</span>, <span class="hljs-number">24</span>); 493<span class="hljs-comment">// Use `crypto.randomBytes()` to generate a random iv instead of the static iv</span> 494<span class="hljs-comment">// shown here.</span> 495<span class="hljs-keyword">const</span> iv = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">16</span>, <span class="hljs-number">0</span>); <span class="hljs-comment">// Initialization vector.</span> 496 497<span class="hljs-keyword">const</span> cipher = crypto.<span class="hljs-title function_">createCipheriv</span>(algorithm, key, iv); 498 499<span class="hljs-keyword">const</span> input = fs.<span class="hljs-title function_">createReadStream</span>(<span class="hljs-string">'test.js'</span>); 500<span class="hljs-keyword">const</span> output = fs.<span class="hljs-title function_">createWriteStream</span>(<span class="hljs-string">'test.enc'</span>); 501 502input.<span class="hljs-title function_">pipe</span>(cipher).<span class="hljs-title function_">pipe</span>(output);</code></pre> 503<p>Example: Using the <a href="#crypto_cipher_update_data_inputencoding_outputencoding"><code>cipher.update()</code></a> and <a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a> methods:</p> 504<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 505 506<span class="hljs-keyword">const</span> algorithm = <span class="hljs-string">'aes-192-cbc'</span>; 507<span class="hljs-keyword">const</span> password = <span class="hljs-string">'Password used to generate key'</span>; 508<span class="hljs-comment">// Use the async `crypto.scrypt()` instead.</span> 509<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">scryptSync</span>(password, <span class="hljs-string">'salt'</span>, <span class="hljs-number">24</span>); 510<span class="hljs-comment">// Use `crypto.randomBytes` to generate a random iv instead of the static iv</span> 511<span class="hljs-comment">// shown here.</span> 512<span class="hljs-keyword">const</span> iv = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">16</span>, <span class="hljs-number">0</span>); <span class="hljs-comment">// Initialization vector.</span> 513 514<span class="hljs-keyword">const</span> cipher = crypto.<span class="hljs-title function_">createCipheriv</span>(algorithm, key, iv); 515 516<span class="hljs-keyword">let</span> encrypted = cipher.<span class="hljs-title function_">update</span>(<span class="hljs-string">'some clear text data'</span>, <span class="hljs-string">'utf8'</span>, <span class="hljs-string">'hex'</span>); 517encrypted += cipher.<span class="hljs-title function_">final</span>(<span class="hljs-string">'hex'</span>); 518<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(encrypted); 519<span class="hljs-comment">// Prints: e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa</span></code></pre> 520<h4><code>cipher.final([outputEncoding])</code><span><a class="mark" href="#crypto_cipher_final_outputencoding" id="crypto_cipher_final_outputencoding">#</a></span></h4> 521<div class="api_metadata"> 522<span>Added in: v0.1.94</span> 523</div> 524<ul> 525<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 526<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Any remaining enciphered contents. 527If <code>outputEncoding</code> is specified, a string is 528returned. If an <code>outputEncoding</code> is not provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.</li> 529</ul> 530<p>Once the <code>cipher.final()</code> method has been called, the <code>Cipher</code> object can no 531longer be used to encrypt data. Attempts to call <code>cipher.final()</code> more than 532once will result in an error being thrown.</p> 533<h4><code>cipher.getAuthTag()</code><span><a class="mark" href="#crypto_cipher_getauthtag" id="crypto_cipher_getauthtag">#</a></span></h4> 534<div class="api_metadata"> 535<span>Added in: v1.0.0</span> 536</div> 537<ul> 538<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> When using an authenticated encryption mode (<code>GCM</code>, <code>CCM</code> 539and <code>OCB</code> are currently supported), the <code>cipher.getAuthTag()</code> method returns a 540<a href="buffer.html"><code>Buffer</code></a> containing the <em>authentication tag</em> that has been computed from 541the given data.</li> 542</ul> 543<p>The <code>cipher.getAuthTag()</code> method should only be called after encryption has 544been completed using the <a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a> method.</p> 545<h4><code>cipher.setAAD(buffer[, options])</code><span><a class="mark" href="#crypto_cipher_setaad_buffer_options" id="crypto_cipher_setaad_buffer_options">#</a></span></h4> 546<div class="api_metadata"> 547<span>Added in: v1.0.0</span> 548</div> 549<ul> 550<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 551<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a> 552<ul> 553<li><code>plaintextLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 554</ul> 555</li> 556<li>Returns: <a href="crypto.html#crypto_class_cipher" class="type"><Cipher></a> for method chaining.</li> 557</ul> 558<p>When using an authenticated encryption mode (<code>GCM</code>, <code>CCM</code> and <code>OCB</code> are 559currently supported), the <code>cipher.setAAD()</code> method sets the value used for the 560<em>additional authenticated data</em> (AAD) input parameter.</p> 561<p>The <code>options</code> argument is optional for <code>GCM</code> and <code>OCB</code>. When using <code>CCM</code>, the 562<code>plaintextLength</code> option must be specified and its value must match the length 563of the plaintext in bytes. See <a href="#crypto_ccm_mode">CCM mode</a>.</p> 564<p>The <code>cipher.setAAD()</code> method must be called before <a href="#crypto_cipher_update_data_inputencoding_outputencoding"><code>cipher.update()</code></a>.</p> 565<h4><code>cipher.setAutoPadding([autoPadding])</code><span><a class="mark" href="#crypto_cipher_setautopadding_autopadding" id="crypto_cipher_setautopadding_autopadding">#</a></span></h4> 566<div class="api_metadata"> 567<span>Added in: v0.7.1</span> 568</div> 569<ul> 570<li><code>autoPadding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> <strong>Default:</strong> <code>true</code></li> 571<li>Returns: <a href="crypto.html#crypto_class_cipher" class="type"><Cipher></a> for method chaining.</li> 572</ul> 573<p>When using block encryption algorithms, the <code>Cipher</code> class will automatically 574add padding to the input data to the appropriate block size. To disable the 575default padding call <code>cipher.setAutoPadding(false)</code>.</p> 576<p>When <code>autoPadding</code> is <code>false</code>, the length of the entire input data must be a 577multiple of the cipher's block size or <a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a> will throw an error. 578Disabling automatic padding is useful for non-standard padding, for instance 579using <code>0x0</code> instead of PKCS padding.</p> 580<p>The <code>cipher.setAutoPadding()</code> method must be called before 581<a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a>.</p> 582<h4><code>cipher.update(data[, inputEncoding][, outputEncoding])</code><span><a class="mark" href="#crypto_cipher_update_data_inputencoding_outputencoding" id="crypto_cipher_update_data_inputencoding_outputencoding">#</a></span></h4> 583<div class="api_metadata"> 584<details class="changelog"><summary>History</summary> 585<table> 586<tbody><tr><th>Version</th><th>Changes</th></tr> 587<tr><td>v6.0.0</td> 588<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 589<tr><td>v0.1.94</td> 590<td><p><span>Added in: v0.1.94</span></p></td></tr> 591</tbody></table> 592</details> 593</div> 594<ul> 595<li><code>data</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 596<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the data.</li> 597<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 598<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 599</ul> 600<p>Updates the cipher with <code>data</code>. If the <code>inputEncoding</code> argument is given, 601the <code>data</code> 602argument is a string using the specified encoding. If the <code>inputEncoding</code> 603argument is not given, <code>data</code> must be a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or 604<code>DataView</code>. If <code>data</code> is a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or <code>DataView</code>, then 605<code>inputEncoding</code> is ignored.</p> 606<p>The <code>outputEncoding</code> specifies the output format of the enciphered 607data. If the <code>outputEncoding</code> 608is specified, a string using the specified encoding is returned. If no 609<code>outputEncoding</code> is provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 610<p>The <code>cipher.update()</code> method can be called multiple times with new data until 611<a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a> is called. Calling <code>cipher.update()</code> after 612<a href="#crypto_cipher_final_outputencoding"><code>cipher.final()</code></a> will result in an error being thrown.</p> 613</section><section><h3>Class: <code>Decipher</code><span><a class="mark" href="#crypto_class_decipher" id="crypto_class_decipher">#</a></span></h3> 614<div class="api_metadata"> 615<span>Added in: v0.1.94</span> 616</div> 617<ul> 618<li>Extends: <a href="stream.html#stream_class_stream_transform" class="type"><stream.Transform></a></li> 619</ul> 620<p>Instances of the <code>Decipher</code> class are used to decrypt data. The class can be 621used in one of two ways:</p> 622<ul> 623<li>As a <a href="stream.html">stream</a> that is both readable and writable, where plain encrypted 624data is written to produce unencrypted data on the readable side, or</li> 625<li>Using the <a href="#crypto_decipher_update_data_inputencoding_outputencoding"><code>decipher.update()</code></a> and <a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> methods to 626produce the unencrypted data.</li> 627</ul> 628<p>The <a href="#crypto_crypto_createdecipher_algorithm_password_options"><code>crypto.createDecipher()</code></a> or <a href="#crypto_crypto_createdecipheriv_algorithm_key_iv_options"><code>crypto.createDecipheriv()</code></a> methods are 629used to create <code>Decipher</code> instances. <code>Decipher</code> objects are not to be created 630directly using the <code>new</code> keyword.</p> 631<p>Example: Using <code>Decipher</code> objects as streams:</p> 632<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 633 634<span class="hljs-keyword">const</span> algorithm = <span class="hljs-string">'aes-192-cbc'</span>; 635<span class="hljs-keyword">const</span> password = <span class="hljs-string">'Password used to generate key'</span>; 636<span class="hljs-comment">// Key length is dependent on the algorithm. In this case for aes192, it is</span> 637<span class="hljs-comment">// 24 bytes (192 bits).</span> 638<span class="hljs-comment">// Use the async `crypto.scrypt()` instead.</span> 639<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">scryptSync</span>(password, <span class="hljs-string">'salt'</span>, <span class="hljs-number">24</span>); 640<span class="hljs-comment">// The IV is usually passed along with the ciphertext.</span> 641<span class="hljs-keyword">const</span> iv = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">16</span>, <span class="hljs-number">0</span>); <span class="hljs-comment">// Initialization vector.</span> 642 643<span class="hljs-keyword">const</span> decipher = crypto.<span class="hljs-title function_">createDecipheriv</span>(algorithm, key, iv); 644 645<span class="hljs-keyword">let</span> decrypted = <span class="hljs-string">''</span>; 646decipher.<span class="hljs-title function_">on</span>(<span class="hljs-string">'readable'</span>, <span class="hljs-function">() =></span> { 647 <span class="hljs-keyword">while</span> (<span class="hljs-literal">null</span> !== (chunk = decipher.<span class="hljs-title function_">read</span>())) { 648 decrypted += chunk.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'utf8'</span>); 649 } 650}); 651decipher.<span class="hljs-title function_">on</span>(<span class="hljs-string">'end'</span>, <span class="hljs-function">() =></span> { 652 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(decrypted); 653 <span class="hljs-comment">// Prints: some clear text data</span> 654}); 655 656<span class="hljs-comment">// Encrypted with same algorithm, key and iv.</span> 657<span class="hljs-keyword">const</span> encrypted = 658 <span class="hljs-string">'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa'</span>; 659decipher.<span class="hljs-title function_">write</span>(encrypted, <span class="hljs-string">'hex'</span>); 660decipher.<span class="hljs-title function_">end</span>();</code></pre> 661<p>Example: Using <code>Decipher</code> and piped streams:</p> 662<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 663<span class="hljs-keyword">const</span> fs = <span class="hljs-built_in">require</span>(<span class="hljs-string">'fs'</span>); 664 665<span class="hljs-keyword">const</span> algorithm = <span class="hljs-string">'aes-192-cbc'</span>; 666<span class="hljs-keyword">const</span> password = <span class="hljs-string">'Password used to generate key'</span>; 667<span class="hljs-comment">// Use the async `crypto.scrypt()` instead.</span> 668<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">scryptSync</span>(password, <span class="hljs-string">'salt'</span>, <span class="hljs-number">24</span>); 669<span class="hljs-comment">// The IV is usually passed along with the ciphertext.</span> 670<span class="hljs-keyword">const</span> iv = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">16</span>, <span class="hljs-number">0</span>); <span class="hljs-comment">// Initialization vector.</span> 671 672<span class="hljs-keyword">const</span> decipher = crypto.<span class="hljs-title function_">createDecipheriv</span>(algorithm, key, iv); 673 674<span class="hljs-keyword">const</span> input = fs.<span class="hljs-title function_">createReadStream</span>(<span class="hljs-string">'test.enc'</span>); 675<span class="hljs-keyword">const</span> output = fs.<span class="hljs-title function_">createWriteStream</span>(<span class="hljs-string">'test.js'</span>); 676 677input.<span class="hljs-title function_">pipe</span>(decipher).<span class="hljs-title function_">pipe</span>(output);</code></pre> 678<p>Example: Using the <a href="#crypto_decipher_update_data_inputencoding_outputencoding"><code>decipher.update()</code></a> and <a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> methods:</p> 679<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 680 681<span class="hljs-keyword">const</span> algorithm = <span class="hljs-string">'aes-192-cbc'</span>; 682<span class="hljs-keyword">const</span> password = <span class="hljs-string">'Password used to generate key'</span>; 683<span class="hljs-comment">// Use the async `crypto.scrypt()` instead.</span> 684<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">scryptSync</span>(password, <span class="hljs-string">'salt'</span>, <span class="hljs-number">24</span>); 685<span class="hljs-comment">// The IV is usually passed along with the ciphertext.</span> 686<span class="hljs-keyword">const</span> iv = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">16</span>, <span class="hljs-number">0</span>); <span class="hljs-comment">// Initialization vector.</span> 687 688<span class="hljs-keyword">const</span> decipher = crypto.<span class="hljs-title function_">createDecipheriv</span>(algorithm, key, iv); 689 690<span class="hljs-comment">// Encrypted using same algorithm, key and iv.</span> 691<span class="hljs-keyword">const</span> encrypted = 692 <span class="hljs-string">'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa'</span>; 693<span class="hljs-keyword">let</span> decrypted = decipher.<span class="hljs-title function_">update</span>(encrypted, <span class="hljs-string">'hex'</span>, <span class="hljs-string">'utf8'</span>); 694decrypted += decipher.<span class="hljs-title function_">final</span>(<span class="hljs-string">'utf8'</span>); 695<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(decrypted); 696<span class="hljs-comment">// Prints: some clear text data</span></code></pre> 697<h4><code>decipher.final([outputEncoding])</code><span><a class="mark" href="#crypto_decipher_final_outputencoding" id="crypto_decipher_final_outputencoding">#</a></span></h4> 698<div class="api_metadata"> 699<span>Added in: v0.1.94</span> 700</div> 701<ul> 702<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 703<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Any remaining deciphered contents. 704If <code>outputEncoding</code> is specified, a string is 705returned. If an <code>outputEncoding</code> is not provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.</li> 706</ul> 707<p>Once the <code>decipher.final()</code> method has been called, the <code>Decipher</code> object can 708no longer be used to decrypt data. Attempts to call <code>decipher.final()</code> more 709than once will result in an error being thrown.</p> 710<h4><code>decipher.setAAD(buffer[, options])</code><span><a class="mark" href="#crypto_decipher_setaad_buffer_options" id="crypto_decipher_setaad_buffer_options">#</a></span></h4> 711<div class="api_metadata"> 712<details class="changelog"><summary>History</summary> 713<table> 714<tbody><tr><th>Version</th><th>Changes</th></tr> 715<tr><td>v7.2.0</td> 716<td><p>This method now returns a reference to <code>decipher</code>.</p></td></tr> 717<tr><td>v1.0.0</td> 718<td><p><span>Added in: v1.0.0</span></p></td></tr> 719</tbody></table> 720</details> 721</div> 722<ul> 723<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 724<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a> 725<ul> 726<li><code>plaintextLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 727</ul> 728</li> 729<li>Returns: <a href="crypto.html#crypto_class_decipher" class="type"><Decipher></a> for method chaining.</li> 730</ul> 731<p>When using an authenticated encryption mode (<code>GCM</code>, <code>CCM</code> and <code>OCB</code> are 732currently supported), the <code>decipher.setAAD()</code> method sets the value used for the 733<em>additional authenticated data</em> (AAD) input parameter.</p> 734<p>The <code>options</code> argument is optional for <code>GCM</code>. When using <code>CCM</code>, the 735<code>plaintextLength</code> option must be specified and its value must match the length 736of the ciphertext in bytes. See <a href="#crypto_ccm_mode">CCM mode</a>.</p> 737<p>The <code>decipher.setAAD()</code> method must be called before <a href="#crypto_decipher_update_data_inputencoding_outputencoding"><code>decipher.update()</code></a>.</p> 738<h4><code>decipher.setAuthTag(buffer)</code><span><a class="mark" href="#crypto_decipher_setauthtag_buffer" id="crypto_decipher_setauthtag_buffer">#</a></span></h4> 739<div class="api_metadata"> 740<details class="changelog"><summary>History</summary> 741<table> 742<tbody><tr><th>Version</th><th>Changes</th></tr> 743<tr><td>v11.0.0</td> 744<td><p>This method now throws if the GCM tag length is invalid.</p></td></tr> 745<tr><td>v7.2.0</td> 746<td><p>This method now returns a reference to <code>decipher</code>.</p></td></tr> 747<tr><td>v1.0.0</td> 748<td><p><span>Added in: v1.0.0</span></p></td></tr> 749</tbody></table> 750</details> 751</div> 752<ul> 753<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 754<li>Returns: <a href="crypto.html#crypto_class_decipher" class="type"><Decipher></a> for method chaining.</li> 755</ul> 756<p>When using an authenticated encryption mode (<code>GCM</code>, <code>CCM</code> and <code>OCB</code> are 757currently supported), the <code>decipher.setAuthTag()</code> method is used to pass in the 758received <em>authentication tag</em>. If no tag is provided, or if the cipher text 759has been tampered with, <a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> will throw, indicating that the 760cipher text should be discarded due to failed authentication. If the tag length 761is invalid according to <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf">NIST SP 800-38D</a> or does not match the value of the 762<code>authTagLength</code> option, <code>decipher.setAuthTag()</code> will throw an error.</p> 763<p>The <code>decipher.setAuthTag()</code> method must be called before <a href="#crypto_decipher_update_data_inputencoding_outputencoding"><code>decipher.update()</code></a> 764for <code>CCM</code> mode or before <a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> for <code>GCM</code> and <code>OCB</code> modes. 765<code>decipher.setAuthTag()</code> can only be called once.</p> 766<h4><code>decipher.setAutoPadding([autoPadding])</code><span><a class="mark" href="#crypto_decipher_setautopadding_autopadding" id="crypto_decipher_setautopadding_autopadding">#</a></span></h4> 767<div class="api_metadata"> 768<span>Added in: v0.7.1</span> 769</div> 770<ul> 771<li><code>autoPadding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> <strong>Default:</strong> <code>true</code></li> 772<li>Returns: <a href="crypto.html#crypto_class_decipher" class="type"><Decipher></a> for method chaining.</li> 773</ul> 774<p>When data has been encrypted without standard block padding, calling 775<code>decipher.setAutoPadding(false)</code> will disable automatic padding to prevent 776<a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> from checking for and removing padding.</p> 777<p>Turning auto padding off will only work if the input data's length is a 778multiple of the ciphers block size.</p> 779<p>The <code>decipher.setAutoPadding()</code> method must be called before 780<a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a>.</p> 781<h4><code>decipher.update(data[, inputEncoding][, outputEncoding])</code><span><a class="mark" href="#crypto_decipher_update_data_inputencoding_outputencoding" id="crypto_decipher_update_data_inputencoding_outputencoding">#</a></span></h4> 782<div class="api_metadata"> 783<details class="changelog"><summary>History</summary> 784<table> 785<tbody><tr><th>Version</th><th>Changes</th></tr> 786<tr><td>v6.0.0</td> 787<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 788<tr><td>v0.1.94</td> 789<td><p><span>Added in: v0.1.94</span></p></td></tr> 790</tbody></table> 791</details> 792</div> 793<ul> 794<li><code>data</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 795<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>data</code> string.</li> 796<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 797<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 798</ul> 799<p>Updates the decipher with <code>data</code>. If the <code>inputEncoding</code> argument is given, 800the <code>data</code> 801argument is a string using the specified encoding. If the <code>inputEncoding</code> 802argument is not given, <code>data</code> must be a <a href="buffer.html"><code>Buffer</code></a>. If <code>data</code> is a 803<a href="buffer.html"><code>Buffer</code></a> then <code>inputEncoding</code> is ignored.</p> 804<p>The <code>outputEncoding</code> specifies the output format of the enciphered 805data. If the <code>outputEncoding</code> 806is specified, a string using the specified encoding is returned. If no 807<code>outputEncoding</code> is provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 808<p>The <code>decipher.update()</code> method can be called multiple times with new data until 809<a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> is called. Calling <code>decipher.update()</code> after 810<a href="#crypto_decipher_final_outputencoding"><code>decipher.final()</code></a> will result in an error being thrown.</p> 811</section><section><h3>Class: <code>DiffieHellman</code><span><a class="mark" href="#crypto_class_diffiehellman" id="crypto_class_diffiehellman">#</a></span></h3> 812<div class="api_metadata"> 813<span>Added in: v0.5.0</span> 814</div> 815<p>The <code>DiffieHellman</code> class is a utility for creating Diffie-Hellman key 816exchanges.</p> 817<p>Instances of the <code>DiffieHellman</code> class can be created using the 818<a href="#crypto_crypto_creatediffiehellman_prime_primeencoding_generator_generatorencoding"><code>crypto.createDiffieHellman()</code></a> function.</p> 819<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 820<span class="hljs-keyword">const</span> assert = <span class="hljs-built_in">require</span>(<span class="hljs-string">'assert'</span>); 821 822<span class="hljs-comment">// Generate Alice's keys...</span> 823<span class="hljs-keyword">const</span> alice = crypto.<span class="hljs-title function_">createDiffieHellman</span>(<span class="hljs-number">2048</span>); 824<span class="hljs-keyword">const</span> aliceKey = alice.<span class="hljs-title function_">generateKeys</span>(); 825 826<span class="hljs-comment">// Generate Bob's keys...</span> 827<span class="hljs-keyword">const</span> bob = crypto.<span class="hljs-title function_">createDiffieHellman</span>(alice.<span class="hljs-title function_">getPrime</span>(), alice.<span class="hljs-title function_">getGenerator</span>()); 828<span class="hljs-keyword">const</span> bobKey = bob.<span class="hljs-title function_">generateKeys</span>(); 829 830<span class="hljs-comment">// Exchange and generate the secret...</span> 831<span class="hljs-keyword">const</span> aliceSecret = alice.<span class="hljs-title function_">computeSecret</span>(bobKey); 832<span class="hljs-keyword">const</span> bobSecret = bob.<span class="hljs-title function_">computeSecret</span>(aliceKey); 833 834<span class="hljs-comment">// OK</span> 835assert.<span class="hljs-title function_">strictEqual</span>(aliceSecret.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>), bobSecret.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>));</code></pre> 836<h4><code>diffieHellman.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])</code><span><a class="mark" href="#crypto_diffiehellman_computesecret_otherpublickey_inputencoding_outputencoding" id="crypto_diffiehellman_computesecret_otherpublickey_inputencoding_outputencoding">#</a></span></h4> 837<div class="api_metadata"> 838<span>Added in: v0.5.0</span> 839</div> 840<ul> 841<li><code>otherPublicKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 842<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of an <code>otherPublicKey</code> string.</li> 843<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 844<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 845</ul> 846<p>Computes the shared secret using <code>otherPublicKey</code> as the other 847party's public key and returns the computed shared secret. The supplied 848key is interpreted using the specified <code>inputEncoding</code>, and secret is 849encoded using specified <code>outputEncoding</code>. 850If the <code>inputEncoding</code> is not 851provided, <code>otherPublicKey</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>, 852<code>TypedArray</code>, or <code>DataView</code>.</p> 853<p>If <code>outputEncoding</code> is given a string is returned; otherwise, a 854<a href="buffer.html"><code>Buffer</code></a> is returned.</p> 855<h4><code>diffieHellman.generateKeys([encoding])</code><span><a class="mark" href="#crypto_diffiehellman_generatekeys_encoding" id="crypto_diffiehellman_generatekeys_encoding">#</a></span></h4> 856<div class="api_metadata"> 857<span>Added in: v0.5.0</span> 858</div> 859<ul> 860<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 861<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 862</ul> 863<p>Generates private and public Diffie-Hellman key values, and returns 864the public key in the specified <code>encoding</code>. This key should be 865transferred to the other party. 866If <code>encoding</code> is provided a string is returned; otherwise a 867<a href="buffer.html"><code>Buffer</code></a> is returned.</p> 868<h4><code>diffieHellman.getGenerator([encoding])</code><span><a class="mark" href="#crypto_diffiehellman_getgenerator_encoding" id="crypto_diffiehellman_getgenerator_encoding">#</a></span></h4> 869<div class="api_metadata"> 870<span>Added in: v0.5.0</span> 871</div> 872<ul> 873<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 874<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 875</ul> 876<p>Returns the Diffie-Hellman generator in the specified <code>encoding</code>. 877If <code>encoding</code> is provided a string is 878returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 879<h4><code>diffieHellman.getPrime([encoding])</code><span><a class="mark" href="#crypto_diffiehellman_getprime_encoding" id="crypto_diffiehellman_getprime_encoding">#</a></span></h4> 880<div class="api_metadata"> 881<span>Added in: v0.5.0</span> 882</div> 883<ul> 884<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 885<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 886</ul> 887<p>Returns the Diffie-Hellman prime in the specified <code>encoding</code>. 888If <code>encoding</code> is provided a string is 889returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 890<h4><code>diffieHellman.getPrivateKey([encoding])</code><span><a class="mark" href="#crypto_diffiehellman_getprivatekey_encoding" id="crypto_diffiehellman_getprivatekey_encoding">#</a></span></h4> 891<div class="api_metadata"> 892<span>Added in: v0.5.0</span> 893</div> 894<ul> 895<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 896<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 897</ul> 898<p>Returns the Diffie-Hellman private key in the specified <code>encoding</code>. 899If <code>encoding</code> is provided a 900string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 901<h4><code>diffieHellman.getPublicKey([encoding])</code><span><a class="mark" href="#crypto_diffiehellman_getpublickey_encoding" id="crypto_diffiehellman_getpublickey_encoding">#</a></span></h4> 902<div class="api_metadata"> 903<span>Added in: v0.5.0</span> 904</div> 905<ul> 906<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 907<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 908</ul> 909<p>Returns the Diffie-Hellman public key in the specified <code>encoding</code>. 910If <code>encoding</code> is provided a 911string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 912<h4><code>diffieHellman.setPrivateKey(privateKey[, encoding])</code><span><a class="mark" href="#crypto_diffiehellman_setprivatekey_privatekey_encoding" id="crypto_diffiehellman_setprivatekey_privatekey_encoding">#</a></span></h4> 913<div class="api_metadata"> 914<span>Added in: v0.5.0</span> 915</div> 916<ul> 917<li><code>privateKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 918<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>privateKey</code> string.</li> 919</ul> 920<p>Sets the Diffie-Hellman private key. If the <code>encoding</code> argument is provided, 921<code>privateKey</code> is expected 922to be a string. If no <code>encoding</code> is provided, <code>privateKey</code> is expected 923to be a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or <code>DataView</code>.</p> 924<h4><code>diffieHellman.setPublicKey(publicKey[, encoding])</code><span><a class="mark" href="#crypto_diffiehellman_setpublickey_publickey_encoding" id="crypto_diffiehellman_setpublickey_publickey_encoding">#</a></span></h4> 925<div class="api_metadata"> 926<span>Added in: v0.5.0</span> 927</div> 928<ul> 929<li><code>publicKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 930<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>publicKey</code> string.</li> 931</ul> 932<p>Sets the Diffie-Hellman public key. If the <code>encoding</code> argument is provided, 933<code>publicKey</code> is expected 934to be a string. If no <code>encoding</code> is provided, <code>publicKey</code> is expected 935to be a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or <code>DataView</code>.</p> 936<h4><code>diffieHellman.verifyError</code><span><a class="mark" href="#crypto_diffiehellman_verifyerror" id="crypto_diffiehellman_verifyerror">#</a></span></h4> 937<div class="api_metadata"> 938<span>Added in: v0.11.12</span> 939</div> 940<p>A bit field containing any warnings and/or errors resulting from a check 941performed during initialization of the <code>DiffieHellman</code> object.</p> 942<p>The following values are valid for this property (as defined in <code>constants</code> 943module):</p> 944<ul> 945<li><code>DH_CHECK_P_NOT_SAFE_PRIME</code></li> 946<li><code>DH_CHECK_P_NOT_PRIME</code></li> 947<li><code>DH_UNABLE_TO_CHECK_GENERATOR</code></li> 948<li><code>DH_NOT_SUITABLE_GENERATOR</code></li> 949</ul> 950</section><section><h3>Class: <code>DiffieHellmanGroup</code><span><a class="mark" href="#crypto_class_diffiehellmangroup" id="crypto_class_diffiehellmangroup">#</a></span></h3> 951<div class="api_metadata"> 952<span>Added in: v0.7.5</span> 953</div> 954<p>The <code>DiffieHellmanGroup</code> class takes a well-known modp group as its argument. 955It works the same as <code>DiffieHellman</code>, except that it does not allow changing 956its keys after creation. In other words, it does not implement <code>setPublicKey()</code> 957or <code>setPrivateKey()</code> methods.</p> 958<pre><code class="language-js"><span class="hljs-keyword">const</span> name = <span class="hljs-string">'modp1'</span>; 959<span class="hljs-keyword">const</span> dh = crypto.<span class="hljs-title function_">createDiffieHellmanGroup</span>(name);</code></pre> 960<p><code>name</code> is taken from <a href="https://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a> (modp1 and 2) and <a href="https://www.rfc-editor.org/rfc/rfc3526.txt">RFC 3526</a>:</p> 961<pre><code class="language-console"><span class="hljs-meta">$ </span><span class="language-bash">perl -ne <span class="hljs-string">'print "$1\n" if /"(modp\d+)"/'</span> src/node_crypto_groups.h</span> 962modp1 # 768 bits 963modp2 # 1024 bits 964modp5 # 1536 bits 965modp14 # 2048 bits 966modp15 # etc. 967modp16 968modp17 969modp18</code></pre> 970</section><section><h3>Class: <code>ECDH</code><span><a class="mark" href="#crypto_class_ecdh" id="crypto_class_ecdh">#</a></span></h3> 971<div class="api_metadata"> 972<span>Added in: v0.11.14</span> 973</div> 974<p>The <code>ECDH</code> class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) 975key exchanges.</p> 976<p>Instances of the <code>ECDH</code> class can be created using the 977<a href="#crypto_crypto_createecdh_curvename"><code>crypto.createECDH()</code></a> function.</p> 978<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 979<span class="hljs-keyword">const</span> assert = <span class="hljs-built_in">require</span>(<span class="hljs-string">'assert'</span>); 980 981<span class="hljs-comment">// Generate Alice's keys...</span> 982<span class="hljs-keyword">const</span> alice = crypto.<span class="hljs-title function_">createECDH</span>(<span class="hljs-string">'secp521r1'</span>); 983<span class="hljs-keyword">const</span> aliceKey = alice.<span class="hljs-title function_">generateKeys</span>(); 984 985<span class="hljs-comment">// Generate Bob's keys...</span> 986<span class="hljs-keyword">const</span> bob = crypto.<span class="hljs-title function_">createECDH</span>(<span class="hljs-string">'secp521r1'</span>); 987<span class="hljs-keyword">const</span> bobKey = bob.<span class="hljs-title function_">generateKeys</span>(); 988 989<span class="hljs-comment">// Exchange and generate the secret...</span> 990<span class="hljs-keyword">const</span> aliceSecret = alice.<span class="hljs-title function_">computeSecret</span>(bobKey); 991<span class="hljs-keyword">const</span> bobSecret = bob.<span class="hljs-title function_">computeSecret</span>(aliceKey); 992 993assert.<span class="hljs-title function_">strictEqual</span>(aliceSecret.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>), bobSecret.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 994<span class="hljs-comment">// OK</span></code></pre> 995<h4>Static method: <code>ECDH.convertKey(key, curve[, inputEncoding[, outputEncoding[, format]]])</code><span><a class="mark" href="#crypto_static_method_ecdh_convertkey_key_curve_inputencoding_outputencoding_format" id="crypto_static_method_ecdh_convertkey_key_curve_inputencoding_outputencoding_format">#</a></span></h4> 996<div class="api_metadata"> 997<span>Added in: v10.0.0</span> 998</div> 999<ul> 1000<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1001<li><code>curve</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1002<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>key</code> string.</li> 1003<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1004<li><code>format</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> <strong>Default:</strong> <code>'uncompressed'</code></li> 1005<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1006</ul> 1007<p>Converts the EC Diffie-Hellman public key specified by <code>key</code> and <code>curve</code> to the 1008format specified by <code>format</code>. The <code>format</code> argument specifies point encoding 1009and can be <code>'compressed'</code>, <code>'uncompressed'</code> or <code>'hybrid'</code>. The supplied key is 1010interpreted using the specified <code>inputEncoding</code>, and the returned key is encoded 1011using the specified <code>outputEncoding</code>.</p> 1012<p>Use <a href="#crypto_crypto_getcurves"><code>crypto.getCurves()</code></a> to obtain a list of available curve names. 1013On recent OpenSSL releases, <code>openssl ecparam -list_curves</code> will also display 1014the name and description of each available elliptic curve.</p> 1015<p>If <code>format</code> is not specified the point will be returned in <code>'uncompressed'</code> 1016format.</p> 1017<p>If the <code>inputEncoding</code> is not provided, <code>key</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>, 1018<code>TypedArray</code>, or <code>DataView</code>.</p> 1019<p>Example (uncompressing a key):</p> 1020<pre><code class="language-js"><span class="hljs-keyword">const</span> { createECDH, <span class="hljs-variable constant_">ECDH</span> } = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1021 1022<span class="hljs-keyword">const</span> ecdh = <span class="hljs-title function_">createECDH</span>(<span class="hljs-string">'secp256k1'</span>); 1023ecdh.<span class="hljs-title function_">generateKeys</span>(); 1024 1025<span class="hljs-keyword">const</span> compressedKey = ecdh.<span class="hljs-title function_">getPublicKey</span>(<span class="hljs-string">'hex'</span>, <span class="hljs-string">'compressed'</span>); 1026 1027<span class="hljs-keyword">const</span> uncompressedKey = <span class="hljs-variable constant_">ECDH</span>.<span class="hljs-title function_">convertKey</span>(compressedKey, 1028 <span class="hljs-string">'secp256k1'</span>, 1029 <span class="hljs-string">'hex'</span>, 1030 <span class="hljs-string">'hex'</span>, 1031 <span class="hljs-string">'uncompressed'</span>); 1032 1033<span class="hljs-comment">// The converted key and the uncompressed public key should be the same</span> 1034<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(uncompressedKey === ecdh.<span class="hljs-title function_">getPublicKey</span>(<span class="hljs-string">'hex'</span>));</code></pre> 1035<h4><code>ecdh.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])</code><span><a class="mark" href="#crypto_ecdh_computesecret_otherpublickey_inputencoding_outputencoding" id="crypto_ecdh_computesecret_otherpublickey_inputencoding_outputencoding">#</a></span></h4> 1036<div class="api_metadata"> 1037<details class="changelog"><summary>History</summary> 1038<table> 1039<tbody><tr><th>Version</th><th>Changes</th></tr> 1040<tr><td>v10.0.0</td> 1041<td><p>Changed error format to better support invalid public key error.</p></td></tr> 1042<tr><td>v6.0.0</td> 1043<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 1044<tr><td>v0.11.14</td> 1045<td><p><span>Added in: v0.11.14</span></p></td></tr> 1046</tbody></table> 1047</details> 1048</div> 1049<ul> 1050<li><code>otherPublicKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1051<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>otherPublicKey</code> string.</li> 1052<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1053<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1054</ul> 1055<p>Computes the shared secret using <code>otherPublicKey</code> as the other 1056party's public key and returns the computed shared secret. The supplied 1057key is interpreted using specified <code>inputEncoding</code>, and the returned secret 1058is encoded using the specified <code>outputEncoding</code>. 1059If the <code>inputEncoding</code> is not 1060provided, <code>otherPublicKey</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or 1061<code>DataView</code>.</p> 1062<p>If <code>outputEncoding</code> is given a string will be returned; otherwise a 1063<a href="buffer.html"><code>Buffer</code></a> is returned.</p> 1064<p><code>ecdh.computeSecret</code> will throw an 1065<code>ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY</code> error when <code>otherPublicKey</code> 1066lies outside of the elliptic curve. Since <code>otherPublicKey</code> is 1067usually supplied from a remote user over an insecure network, 1068be sure to handle this exception accordingly.</p> 1069<h4><code>ecdh.generateKeys([encoding[, format]])</code><span><a class="mark" href="#crypto_ecdh_generatekeys_encoding_format" id="crypto_ecdh_generatekeys_encoding_format">#</a></span></h4> 1070<div class="api_metadata"> 1071<span>Added in: v0.11.14</span> 1072</div> 1073<ul> 1074<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1075<li><code>format</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> <strong>Default:</strong> <code>'uncompressed'</code></li> 1076<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1077</ul> 1078<p>Generates private and public EC Diffie-Hellman key values, and returns 1079the public key in the specified <code>format</code> and <code>encoding</code>. This key should be 1080transferred to the other party.</p> 1081<p>The <code>format</code> argument specifies point encoding and can be <code>'compressed'</code> or 1082<code>'uncompressed'</code>. If <code>format</code> is not specified, the point will be returned in 1083<code>'uncompressed'</code> format.</p> 1084<p>If <code>encoding</code> is provided a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> 1085is returned.</p> 1086<h4><code>ecdh.getPrivateKey([encoding])</code><span><a class="mark" href="#crypto_ecdh_getprivatekey_encoding" id="crypto_ecdh_getprivatekey_encoding">#</a></span></h4> 1087<div class="api_metadata"> 1088<span>Added in: v0.11.14</span> 1089</div> 1090<ul> 1091<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1092<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The EC Diffie-Hellman in the specified <code>encoding</code>.</li> 1093</ul> 1094<p>If <code>encoding</code> is specified, a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is 1095returned.</p> 1096<h4><code>ecdh.getPublicKey([encoding][, format])</code><span><a class="mark" href="#crypto_ecdh_getpublickey_encoding_format" id="crypto_ecdh_getpublickey_encoding_format">#</a></span></h4> 1097<div class="api_metadata"> 1098<span>Added in: v0.11.14</span> 1099</div> 1100<ul> 1101<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1102<li><code>format</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> <strong>Default:</strong> <code>'uncompressed'</code></li> 1103<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The EC Diffie-Hellman public key in the specified 1104<code>encoding</code> and <code>format</code>.</li> 1105</ul> 1106<p>The <code>format</code> argument specifies point encoding and can be <code>'compressed'</code> or 1107<code>'uncompressed'</code>. If <code>format</code> is not specified the point will be returned in 1108<code>'uncompressed'</code> format.</p> 1109<p>If <code>encoding</code> is specified, a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is 1110returned.</p> 1111<h4><code>ecdh.setPrivateKey(privateKey[, encoding])</code><span><a class="mark" href="#crypto_ecdh_setprivatekey_privatekey_encoding" id="crypto_ecdh_setprivatekey_privatekey_encoding">#</a></span></h4> 1112<div class="api_metadata"> 1113<span>Added in: v0.11.14</span> 1114</div> 1115<ul> 1116<li><code>privateKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1117<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>privateKey</code> string.</li> 1118</ul> 1119<p>Sets the EC Diffie-Hellman private key. 1120If <code>encoding</code> is provided, <code>privateKey</code> is expected 1121to be a string; otherwise <code>privateKey</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>, 1122<code>TypedArray</code>, or <code>DataView</code>.</p> 1123<p>If <code>privateKey</code> is not valid for the curve specified when the <code>ECDH</code> object was 1124created, an error is thrown. Upon setting the private key, the associated 1125public point (key) is also generated and set in the <code>ECDH</code> object.</p> 1126<h4><code>ecdh.setPublicKey(publicKey[, encoding])</code><span><a class="mark" href="#crypto_ecdh_setpublickey_publickey_encoding" id="crypto_ecdh_setpublickey_publickey_encoding">#</a></span></h4> 1127<div class="api_metadata"> 1128<span>Added in: v0.11.14</span><span>Deprecated since: v5.2.0</span> 1129</div> 1130<p></p><div class="api_stability api_stability_0"><a href="documentation.html#documentation_stability_index">Stability: 0</a> - Deprecated</div><p></p> 1131<ul> 1132<li><code>publicKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1133<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>publicKey</code> string.</li> 1134</ul> 1135<p>Sets the EC Diffie-Hellman public key. 1136If <code>encoding</code> is provided <code>publicKey</code> is expected to 1137be a string; otherwise a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or <code>DataView</code> is expected.</p> 1138<p>There is not normally a reason to call this method because <code>ECDH</code> 1139only requires a private key and the other party's public key to compute the 1140shared secret. Typically either <a href="#crypto_ecdh_generatekeys_encoding_format"><code>ecdh.generateKeys()</code></a> or 1141<a href="#crypto_ecdh_setprivatekey_privatekey_encoding"><code>ecdh.setPrivateKey()</code></a> will be called. The <a href="#crypto_ecdh_setprivatekey_privatekey_encoding"><code>ecdh.setPrivateKey()</code></a> method 1142attempts to generate the public point/key associated with the private key being 1143set.</p> 1144<p>Example (obtaining a shared secret):</p> 1145<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1146<span class="hljs-keyword">const</span> alice = crypto.<span class="hljs-title function_">createECDH</span>(<span class="hljs-string">'secp256k1'</span>); 1147<span class="hljs-keyword">const</span> bob = crypto.<span class="hljs-title function_">createECDH</span>(<span class="hljs-string">'secp256k1'</span>); 1148 1149<span class="hljs-comment">// This is a shortcut way of specifying one of Alice's previous private</span> 1150<span class="hljs-comment">// keys. It would be unwise to use such a predictable private key in a real</span> 1151<span class="hljs-comment">// application.</span> 1152alice.<span class="hljs-title function_">setPrivateKey</span>( 1153 crypto.<span class="hljs-title function_">createHash</span>(<span class="hljs-string">'sha256'</span>).<span class="hljs-title function_">update</span>(<span class="hljs-string">'alice'</span>, <span class="hljs-string">'utf8'</span>).<span class="hljs-title function_">digest</span>() 1154); 1155 1156<span class="hljs-comment">// Bob uses a newly generated cryptographically strong</span> 1157<span class="hljs-comment">// pseudorandom key pair</span> 1158bob.<span class="hljs-title function_">generateKeys</span>(); 1159 1160<span class="hljs-keyword">const</span> aliceSecret = alice.<span class="hljs-title function_">computeSecret</span>(bob.<span class="hljs-title function_">getPublicKey</span>(), <span class="hljs-literal">null</span>, <span class="hljs-string">'hex'</span>); 1161<span class="hljs-keyword">const</span> bobSecret = bob.<span class="hljs-title function_">computeSecret</span>(alice.<span class="hljs-title function_">getPublicKey</span>(), <span class="hljs-literal">null</span>, <span class="hljs-string">'hex'</span>); 1162 1163<span class="hljs-comment">// aliceSecret and bobSecret should be the same shared secret value</span> 1164<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(aliceSecret === bobSecret);</code></pre> 1165</section><section><h3>Class: <code>Hash</code><span><a class="mark" href="#crypto_class_hash" id="crypto_class_hash">#</a></span></h3> 1166<div class="api_metadata"> 1167<span>Added in: v0.1.92</span> 1168</div> 1169<ul> 1170<li>Extends: <a href="stream.html#stream_class_stream_transform" class="type"><stream.Transform></a></li> 1171</ul> 1172<p>The <code>Hash</code> class is a utility for creating hash digests of data. It can be 1173used in one of two ways:</p> 1174<ul> 1175<li>As a <a href="stream.html">stream</a> that is both readable and writable, where data is written 1176to produce a computed hash digest on the readable side, or</li> 1177<li>Using the <a href="#crypto_hash_update_data_inputencoding"><code>hash.update()</code></a> and <a href="#crypto_hash_digest_encoding"><code>hash.digest()</code></a> methods to produce the 1178computed hash.</li> 1179</ul> 1180<p>The <a href="#crypto_crypto_createhash_algorithm_options"><code>crypto.createHash()</code></a> method is used to create <code>Hash</code> instances. <code>Hash</code> 1181objects are not to be created directly using the <code>new</code> keyword.</p> 1182<p>Example: Using <code>Hash</code> objects as streams:</p> 1183<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1184<span class="hljs-keyword">const</span> hash = crypto.<span class="hljs-title function_">createHash</span>(<span class="hljs-string">'sha256'</span>); 1185 1186hash.<span class="hljs-title function_">on</span>(<span class="hljs-string">'readable'</span>, <span class="hljs-function">() =></span> { 1187 <span class="hljs-comment">// Only one element is going to be produced by the</span> 1188 <span class="hljs-comment">// hash stream.</span> 1189 <span class="hljs-keyword">const</span> data = hash.<span class="hljs-title function_">read</span>(); 1190 <span class="hljs-keyword">if</span> (data) { 1191 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(data.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 1192 <span class="hljs-comment">// Prints:</span> 1193 <span class="hljs-comment">// 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50</span> 1194 } 1195}); 1196 1197hash.<span class="hljs-title function_">write</span>(<span class="hljs-string">'some data to hash'</span>); 1198hash.<span class="hljs-title function_">end</span>();</code></pre> 1199<p>Example: Using <code>Hash</code> and piped streams:</p> 1200<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1201<span class="hljs-keyword">const</span> fs = <span class="hljs-built_in">require</span>(<span class="hljs-string">'fs'</span>); 1202<span class="hljs-keyword">const</span> hash = crypto.<span class="hljs-title function_">createHash</span>(<span class="hljs-string">'sha256'</span>); 1203 1204<span class="hljs-keyword">const</span> input = fs.<span class="hljs-title function_">createReadStream</span>(<span class="hljs-string">'test.js'</span>); 1205input.<span class="hljs-title function_">pipe</span>(hash).<span class="hljs-title function_">setEncoding</span>(<span class="hljs-string">'hex'</span>).<span class="hljs-title function_">pipe</span>(process.<span class="hljs-property">stdout</span>);</code></pre> 1206<p>Example: Using the <a href="#crypto_hash_update_data_inputencoding"><code>hash.update()</code></a> and <a href="#crypto_hash_digest_encoding"><code>hash.digest()</code></a> methods:</p> 1207<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1208<span class="hljs-keyword">const</span> hash = crypto.<span class="hljs-title function_">createHash</span>(<span class="hljs-string">'sha256'</span>); 1209 1210hash.<span class="hljs-title function_">update</span>(<span class="hljs-string">'some data to hash'</span>); 1211<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hash.<span class="hljs-title function_">digest</span>(<span class="hljs-string">'hex'</span>)); 1212<span class="hljs-comment">// Prints:</span> 1213<span class="hljs-comment">// 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50</span></code></pre> 1214<h4><code>hash.copy([options])</code><span><a class="mark" href="#crypto_hash_copy_options" id="crypto_hash_copy_options">#</a></span></h4> 1215<div class="api_metadata"> 1216<span>Added in: v13.1.0</span> 1217</div> 1218<ul> 1219<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 1220<li>Returns: <a href="crypto.html#crypto_class_hash" class="type"><Hash></a></li> 1221</ul> 1222<p>Creates a new <code>Hash</code> object that contains a deep copy of the internal state 1223of the current <code>Hash</code> object.</p> 1224<p>The optional <code>options</code> argument controls stream behavior. For XOF hash 1225functions such as <code>'shake256'</code>, the <code>outputLength</code> option can be used to 1226specify the desired output length in bytes.</p> 1227<p>An error is thrown when an attempt is made to copy the <code>Hash</code> object after 1228its <a href="#crypto_hash_digest_encoding"><code>hash.digest()</code></a> method has been called.</p> 1229<pre><code class="language-js"><span class="hljs-comment">// Calculate a rolling hash.</span> 1230<span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1231<span class="hljs-keyword">const</span> hash = crypto.<span class="hljs-title function_">createHash</span>(<span class="hljs-string">'sha256'</span>); 1232 1233hash.<span class="hljs-title function_">update</span>(<span class="hljs-string">'one'</span>); 1234<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hash.<span class="hljs-title function_">copy</span>().<span class="hljs-title function_">digest</span>(<span class="hljs-string">'hex'</span>)); 1235 1236hash.<span class="hljs-title function_">update</span>(<span class="hljs-string">'two'</span>); 1237<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hash.<span class="hljs-title function_">copy</span>().<span class="hljs-title function_">digest</span>(<span class="hljs-string">'hex'</span>)); 1238 1239hash.<span class="hljs-title function_">update</span>(<span class="hljs-string">'three'</span>); 1240<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hash.<span class="hljs-title function_">copy</span>().<span class="hljs-title function_">digest</span>(<span class="hljs-string">'hex'</span>)); 1241 1242<span class="hljs-comment">// Etc.</span></code></pre> 1243<h4><code>hash.digest([encoding])</code><span><a class="mark" href="#crypto_hash_digest_encoding" id="crypto_hash_digest_encoding">#</a></span></h4> 1244<div class="api_metadata"> 1245<span>Added in: v0.1.92</span> 1246</div> 1247<ul> 1248<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1249<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1250</ul> 1251<p>Calculates the digest of all of the data passed to be hashed (using the 1252<a href="#crypto_hash_update_data_inputencoding"><code>hash.update()</code></a> method). 1253If <code>encoding</code> is provided a string will be returned; otherwise 1254a <a href="buffer.html"><code>Buffer</code></a> is returned.</p> 1255<p>The <code>Hash</code> object can not be used again after <code>hash.digest()</code> method has been 1256called. Multiple calls will cause an error to be thrown.</p> 1257<h4><code>hash.update(data[, inputEncoding])</code><span><a class="mark" href="#crypto_hash_update_data_inputencoding" id="crypto_hash_update_data_inputencoding">#</a></span></h4> 1258<div class="api_metadata"> 1259<details class="changelog"><summary>History</summary> 1260<table> 1261<tbody><tr><th>Version</th><th>Changes</th></tr> 1262<tr><td>v6.0.0</td> 1263<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 1264<tr><td>v0.1.92</td> 1265<td><p><span>Added in: v0.1.92</span></p></td></tr> 1266</tbody></table> 1267</details> 1268</div> 1269<ul> 1270<li><code>data</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1271<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>data</code> string.</li> 1272</ul> 1273<p>Updates the hash content with the given <code>data</code>, the encoding of which 1274is given in <code>inputEncoding</code>. 1275If <code>encoding</code> is not provided, and the <code>data</code> is a string, an 1276encoding of <code>'utf8'</code> is enforced. If <code>data</code> is a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or 1277<code>DataView</code>, then <code>inputEncoding</code> is ignored.</p> 1278<p>This can be called many times with new data as it is streamed.</p> 1279</section><section><h3>Class: <code>Hmac</code><span><a class="mark" href="#crypto_class_hmac" id="crypto_class_hmac">#</a></span></h3> 1280<div class="api_metadata"> 1281<span>Added in: v0.1.94</span> 1282</div> 1283<ul> 1284<li>Extends: <a href="stream.html#stream_class_stream_transform" class="type"><stream.Transform></a></li> 1285</ul> 1286<p>The <code>Hmac</code> class is a utility for creating cryptographic HMAC digests. It can 1287be used in one of two ways:</p> 1288<ul> 1289<li>As a <a href="stream.html">stream</a> that is both readable and writable, where data is written 1290to produce a computed HMAC digest on the readable side, or</li> 1291<li>Using the <a href="#crypto_hmac_update_data_inputencoding"><code>hmac.update()</code></a> and <a href="#crypto_hmac_digest_encoding"><code>hmac.digest()</code></a> methods to produce the 1292computed HMAC digest.</li> 1293</ul> 1294<p>The <a href="#crypto_crypto_createhmac_algorithm_key_options"><code>crypto.createHmac()</code></a> method is used to create <code>Hmac</code> instances. <code>Hmac</code> 1295objects are not to be created directly using the <code>new</code> keyword.</p> 1296<p>Example: Using <code>Hmac</code> objects as streams:</p> 1297<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1298<span class="hljs-keyword">const</span> hmac = crypto.<span class="hljs-title function_">createHmac</span>(<span class="hljs-string">'sha256'</span>, <span class="hljs-string">'a secret'</span>); 1299 1300hmac.<span class="hljs-title function_">on</span>(<span class="hljs-string">'readable'</span>, <span class="hljs-function">() =></span> { 1301 <span class="hljs-comment">// Only one element is going to be produced by the</span> 1302 <span class="hljs-comment">// hash stream.</span> 1303 <span class="hljs-keyword">const</span> data = hmac.<span class="hljs-title function_">read</span>(); 1304 <span class="hljs-keyword">if</span> (data) { 1305 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(data.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 1306 <span class="hljs-comment">// Prints:</span> 1307 <span class="hljs-comment">// 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e</span> 1308 } 1309}); 1310 1311hmac.<span class="hljs-title function_">write</span>(<span class="hljs-string">'some data to hash'</span>); 1312hmac.<span class="hljs-title function_">end</span>();</code></pre> 1313<p>Example: Using <code>Hmac</code> and piped streams:</p> 1314<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1315<span class="hljs-keyword">const</span> fs = <span class="hljs-built_in">require</span>(<span class="hljs-string">'fs'</span>); 1316<span class="hljs-keyword">const</span> hmac = crypto.<span class="hljs-title function_">createHmac</span>(<span class="hljs-string">'sha256'</span>, <span class="hljs-string">'a secret'</span>); 1317 1318<span class="hljs-keyword">const</span> input = fs.<span class="hljs-title function_">createReadStream</span>(<span class="hljs-string">'test.js'</span>); 1319input.<span class="hljs-title function_">pipe</span>(hmac).<span class="hljs-title function_">pipe</span>(process.<span class="hljs-property">stdout</span>);</code></pre> 1320<p>Example: Using the <a href="#crypto_hmac_update_data_inputencoding"><code>hmac.update()</code></a> and <a href="#crypto_hmac_digest_encoding"><code>hmac.digest()</code></a> methods:</p> 1321<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1322<span class="hljs-keyword">const</span> hmac = crypto.<span class="hljs-title function_">createHmac</span>(<span class="hljs-string">'sha256'</span>, <span class="hljs-string">'a secret'</span>); 1323 1324hmac.<span class="hljs-title function_">update</span>(<span class="hljs-string">'some data to hash'</span>); 1325<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hmac.<span class="hljs-title function_">digest</span>(<span class="hljs-string">'hex'</span>)); 1326<span class="hljs-comment">// Prints:</span> 1327<span class="hljs-comment">// 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e</span></code></pre> 1328<h4><code>hmac.digest([encoding])</code><span><a class="mark" href="#crypto_hmac_digest_encoding" id="crypto_hmac_digest_encoding">#</a></span></h4> 1329<div class="api_metadata"> 1330<span>Added in: v0.1.94</span> 1331</div> 1332<ul> 1333<li><code>encoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1334<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1335</ul> 1336<p>Calculates the HMAC digest of all of the data passed using <a href="#crypto_hmac_update_data_inputencoding"><code>hmac.update()</code></a>. 1337If <code>encoding</code> is 1338provided a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned;</p> 1339<p>The <code>Hmac</code> object can not be used again after <code>hmac.digest()</code> has been 1340called. Multiple calls to <code>hmac.digest()</code> will result in an error being thrown.</p> 1341<h4><code>hmac.update(data[, inputEncoding])</code><span><a class="mark" href="#crypto_hmac_update_data_inputencoding" id="crypto_hmac_update_data_inputencoding">#</a></span></h4> 1342<div class="api_metadata"> 1343<details class="changelog"><summary>History</summary> 1344<table> 1345<tbody><tr><th>Version</th><th>Changes</th></tr> 1346<tr><td>v6.0.0</td> 1347<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 1348<tr><td>v0.1.94</td> 1349<td><p><span>Added in: v0.1.94</span></p></td></tr> 1350</tbody></table> 1351</details> 1352</div> 1353<ul> 1354<li><code>data</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1355<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>data</code> string.</li> 1356</ul> 1357<p>Updates the <code>Hmac</code> content with the given <code>data</code>, the encoding of which 1358is given in <code>inputEncoding</code>. 1359If <code>encoding</code> is not provided, and the <code>data</code> is a string, an 1360encoding of <code>'utf8'</code> is enforced. If <code>data</code> is a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or 1361<code>DataView</code>, then <code>inputEncoding</code> is ignored.</p> 1362<p>This can be called many times with new data as it is streamed.</p> 1363</section><section><h3>Class: <code>KeyObject</code><span><a class="mark" href="#crypto_class_keyobject" id="crypto_class_keyobject">#</a></span></h3> 1364<div class="api_metadata"> 1365<details class="changelog"><summary>History</summary> 1366<table> 1367<tbody><tr><th>Version</th><th>Changes</th></tr> 1368<tr><td>v14.5.0</td> 1369<td><p>Instances of this class can now be passed to worker threads using <code>postMessage</code>.</p></td></tr> 1370<tr><td>v11.13.0</td> 1371<td><p>This class is now exported.</p></td></tr> 1372<tr><td>v11.6.0</td> 1373<td><p><span>Added in: v11.6.0</span></p></td></tr> 1374</tbody></table> 1375</details> 1376</div> 1377<p>Node.js uses a <code>KeyObject</code> class to represent a symmetric or asymmetric key, 1378and each kind of key exposes different functions. The 1379<a href="#crypto_crypto_createsecretkey_key"><code>crypto.createSecretKey()</code></a>, <a href="#crypto_crypto_createpublickey_key"><code>crypto.createPublicKey()</code></a> and 1380<a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey()</code></a> methods are used to create <code>KeyObject</code> 1381instances. <code>KeyObject</code> objects are not to be created directly using the <code>new</code> 1382keyword.</p> 1383<p>Most applications should consider using the new <code>KeyObject</code> API instead of 1384passing keys as strings or <code>Buffer</code>s due to improved security features.</p> 1385<p><code>KeyObject</code> instances can be passed to other threads via <a href="worker_threads.html#worker_threads_port_postmessage_value_transferlist"><code>postMessage()</code></a>. 1386The receiver obtains a cloned <code>KeyObject</code>, and the <code>KeyObject</code> does not need to 1387be listed in the <code>transferList</code> argument.</p> 1388<h4><code>keyObject.asymmetricKeyType</code><span><a class="mark" href="#crypto_keyobject_asymmetrickeytype" id="crypto_keyobject_asymmetrickeytype">#</a></span></h4> 1389<div class="api_metadata"> 1390<details class="changelog"><summary>History</summary> 1391<table> 1392<tbody><tr><th>Version</th><th>Changes</th></tr> 1393<tr><td>v13.9.0</td> 1394<td><p>Added support for <code>'dh'</code>.</p></td></tr> 1395<tr><td>v12.0.0</td> 1396<td><p>Added support for <code>'rsa-pss'</code>.</p></td></tr> 1397<tr><td>v12.0.0</td> 1398<td><p>This property now returns <code>undefined</code> for KeyObject instances of unrecognized type instead of aborting.</p></td></tr> 1399<tr><td>v12.0.0</td> 1400<td><p>Added support for <code>'x25519'</code> and <code>'x448'</code>.</p></td></tr> 1401<tr><td>v12.0.0</td> 1402<td><p>Added support for <code>'ed25519'</code> and <code>'ed448'</code>.</p></td></tr> 1403<tr><td>v11.6.0</td> 1404<td><p><span>Added in: v11.6.0</span></p></td></tr> 1405</tbody></table> 1406</details> 1407</div> 1408<ul> 1409<li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1410</ul> 1411<p>For asymmetric keys, this property represents the type of the key. Supported key 1412types are:</p> 1413<ul> 1414<li><code>'rsa'</code> (OID 1.2.840.113549.1.1.1)</li> 1415<li><code>'rsa-pss'</code> (OID 1.2.840.113549.1.1.10)</li> 1416<li><code>'dsa'</code> (OID 1.2.840.10040.4.1)</li> 1417<li><code>'ec'</code> (OID 1.2.840.10045.2.1)</li> 1418<li><code>'x25519'</code> (OID 1.3.101.110)</li> 1419<li><code>'x448'</code> (OID 1.3.101.111)</li> 1420<li><code>'ed25519'</code> (OID 1.3.101.112)</li> 1421<li><code>'ed448'</code> (OID 1.3.101.113)</li> 1422<li><code>'dh'</code> (OID 1.2.840.113549.1.3.1)</li> 1423</ul> 1424<p>This property is <code>undefined</code> for unrecognized <code>KeyObject</code> types and symmetric 1425keys.</p> 1426<h4><code>keyObject.export([options])</code><span><a class="mark" href="#crypto_keyobject_export_options" id="crypto_keyobject_export_options">#</a></span></h4> 1427<div class="api_metadata"> 1428<span>Added in: v11.6.0</span> 1429</div> 1430<ul> 1431<li><code>options</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a></li> 1432<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 1433</ul> 1434<p>For symmetric keys, this function allocates a <code>Buffer</code> containing the key 1435material and ignores any options.</p> 1436<p>For asymmetric keys, the <code>options</code> parameter is used to determine the export 1437format.</p> 1438<p>For public keys, the following encoding options can be used:</p> 1439<ul> 1440<li><code>type</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be one of <code>'pkcs1'</code> (RSA only) or <code>'spki'</code>.</li> 1441<li><code>format</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'pem'</code> or <code>'der'</code>.</li> 1442</ul> 1443<p>For private keys, the following encoding options can be used:</p> 1444<ul> 1445<li><code>type</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be one of <code>'pkcs1'</code> (RSA only), <code>'pkcs8'</code> or 1446<code>'sec1'</code> (EC only).</li> 1447<li><code>format</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'pem'</code> or <code>'der'</code>.</li> 1448<li><code>cipher</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> If specified, the private key will be encrypted with 1449the given <code>cipher</code> and <code>passphrase</code> using PKCS#5 v2.0 password based 1450encryption.</li> 1451<li><code>passphrase</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The passphrase to use for encryption, see 1452<code>cipher</code>.</li> 1453</ul> 1454<p>When PEM encoding was selected, the result will be a string, otherwise it will 1455be a buffer containing the data encoded as DER.</p> 1456<p>PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of 1457the <code>cipher</code> and <code>format</code> options. The PKCS#8 <code>type</code> can be used with any 1458<code>format</code> to encrypt any key algorithm (RSA, EC, or DH) by specifying a 1459<code>cipher</code>. PKCS#1 and SEC1 can only be encrypted by specifying a <code>cipher</code> 1460when the PEM <code>format</code> is used. For maximum compatibility, use PKCS#8 for 1461encrypted private keys. Since PKCS#8 defines its own 1462encryption mechanism, PEM-level encryption is not supported when encrypting 1463a PKCS#8 key. See <a href="https://www.rfc-editor.org/rfc/rfc5208.txt">RFC 5208</a> for PKCS#8 encryption and <a href="https://www.rfc-editor.org/rfc/rfc1421.txt">RFC 1421</a> for 1464PKCS#1 and SEC1 encryption.</p> 1465<h4><code>keyObject.symmetricKeySize</code><span><a class="mark" href="#crypto_keyobject_symmetrickeysize" id="crypto_keyobject_symmetrickeysize">#</a></span></h4> 1466<div class="api_metadata"> 1467<span>Added in: v11.6.0</span> 1468</div> 1469<ul> 1470<li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 1471</ul> 1472<p>For secret keys, this property represents the size of the key in bytes. This 1473property is <code>undefined</code> for asymmetric keys.</p> 1474<h4><code>keyObject.type</code><span><a class="mark" href="#crypto_keyobject_type" id="crypto_keyobject_type">#</a></span></h4> 1475<div class="api_metadata"> 1476<span>Added in: v11.6.0</span> 1477</div> 1478<ul> 1479<li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1480</ul> 1481<p>Depending on the type of this <code>KeyObject</code>, this property is either 1482<code>'secret'</code> for secret (symmetric) keys, <code>'public'</code> for public (asymmetric) keys 1483or <code>'private'</code> for private (asymmetric) keys.</p> 1484</section><section><h3>Class: <code>Sign</code><span><a class="mark" href="#crypto_class_sign" id="crypto_class_sign">#</a></span></h3> 1485<div class="api_metadata"> 1486<span>Added in: v0.1.92</span> 1487</div> 1488<ul> 1489<li>Extends: <a href="stream.html#stream_class_stream_writable" class="type"><stream.Writable></a></li> 1490</ul> 1491<p>The <code>Sign</code> class is a utility for generating signatures. It can be used in one 1492of two ways:</p> 1493<ul> 1494<li>As a writable <a href="stream.html">stream</a>, where data to be signed is written and the 1495<a href="#crypto_sign_sign_privatekey_outputencoding"><code>sign.sign()</code></a> method is used to generate and return the signature, or</li> 1496<li>Using the <a href="#crypto_sign_update_data_inputencoding"><code>sign.update()</code></a> and <a href="#crypto_sign_sign_privatekey_outputencoding"><code>sign.sign()</code></a> methods to produce the 1497signature.</li> 1498</ul> 1499<p>The <a href="#crypto_crypto_createsign_algorithm_options"><code>crypto.createSign()</code></a> method is used to create <code>Sign</code> instances. The 1500argument is the string name of the hash function to use. <code>Sign</code> objects are not 1501to be created directly using the <code>new</code> keyword.</p> 1502<p>Example: Using <code>Sign</code> and <a href="#crypto_class_verify"><code>Verify</code></a> objects as streams:</p> 1503<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1504 1505<span class="hljs-keyword">const</span> { privateKey, publicKey } = crypto.<span class="hljs-title function_">generateKeyPairSync</span>(<span class="hljs-string">'ec'</span>, { 1506 <span class="hljs-attr">namedCurve</span>: <span class="hljs-string">'sect239k1'</span> 1507}); 1508 1509<span class="hljs-keyword">const</span> sign = crypto.<span class="hljs-title function_">createSign</span>(<span class="hljs-string">'SHA256'</span>); 1510sign.<span class="hljs-title function_">write</span>(<span class="hljs-string">'some data to sign'</span>); 1511sign.<span class="hljs-title function_">end</span>(); 1512<span class="hljs-keyword">const</span> signature = sign.<span class="hljs-title function_">sign</span>(privateKey, <span class="hljs-string">'hex'</span>); 1513 1514<span class="hljs-keyword">const</span> verify = crypto.<span class="hljs-title function_">createVerify</span>(<span class="hljs-string">'SHA256'</span>); 1515verify.<span class="hljs-title function_">write</span>(<span class="hljs-string">'some data to sign'</span>); 1516verify.<span class="hljs-title function_">end</span>(); 1517<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(verify.<span class="hljs-title function_">verify</span>(publicKey, signature, <span class="hljs-string">'hex'</span>)); 1518<span class="hljs-comment">// Prints: true</span></code></pre> 1519<p>Example: Using the <a href="#crypto_sign_update_data_inputencoding"><code>sign.update()</code></a> and <a href="#crypto_verify_update_data_inputencoding"><code>verify.update()</code></a> methods:</p> 1520<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 1521 1522<span class="hljs-keyword">const</span> { privateKey, publicKey } = crypto.<span class="hljs-title function_">generateKeyPairSync</span>(<span class="hljs-string">'rsa'</span>, { 1523 <span class="hljs-attr">modulusLength</span>: <span class="hljs-number">2048</span>, 1524}); 1525 1526<span class="hljs-keyword">const</span> sign = crypto.<span class="hljs-title function_">createSign</span>(<span class="hljs-string">'SHA256'</span>); 1527sign.<span class="hljs-title function_">update</span>(<span class="hljs-string">'some data to sign'</span>); 1528sign.<span class="hljs-title function_">end</span>(); 1529<span class="hljs-keyword">const</span> signature = sign.<span class="hljs-title function_">sign</span>(privateKey); 1530 1531<span class="hljs-keyword">const</span> verify = crypto.<span class="hljs-title function_">createVerify</span>(<span class="hljs-string">'SHA256'</span>); 1532verify.<span class="hljs-title function_">update</span>(<span class="hljs-string">'some data to sign'</span>); 1533verify.<span class="hljs-title function_">end</span>(); 1534<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(verify.<span class="hljs-title function_">verify</span>(publicKey, signature)); 1535<span class="hljs-comment">// Prints: true</span></code></pre> 1536<h4><code>sign.sign(privateKey[, outputEncoding])</code><span><a class="mark" href="#crypto_sign_sign_privatekey_outputencoding" id="crypto_sign_sign_privatekey_outputencoding">#</a></span></h4> 1537<div class="api_metadata"> 1538<details class="changelog"><summary>History</summary> 1539<table> 1540<tbody><tr><th>Version</th><th>Changes</th></tr> 1541<tr><td>v13.2.0, v12.16.0</td> 1542<td><p>This function now supports IEEE-P1363 DSA and ECDSA signatures.</p></td></tr> 1543<tr><td>v12.0.0</td> 1544<td><p>This function now supports RSA-PSS keys.</p></td></tr> 1545<tr><td>v11.6.0</td> 1546<td><p>This function now supports key objects.</p></td></tr> 1547<tr><td>v8.0.0</td> 1548<td><p>Support for RSASSA-PSS and additional options was added.</p></td></tr> 1549<tr><td>v0.1.92</td> 1550<td><p><span>Added in: v0.1.92</span></p></td></tr> 1551</tbody></table> 1552</details> 1553</div> 1554<ul> 1555<li><code>privateKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 1556<ul> 1557<li><code>dsaEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1558<li><code>padding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a></li> 1559<li><code>saltLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a></li> 1560</ul> 1561</li> 1562<li><code>outputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the return value.</li> 1563<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1564</ul> 1565<p>Calculates the signature on all the data passed through using either 1566<a href="#crypto_sign_update_data_inputencoding"><code>sign.update()</code></a> or <a href="stream.html#stream_writable_write_chunk_encoding_callback"><code>sign.write()</code></a>.</p> 1567<p>If <code>privateKey</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if 1568<code>privateKey</code> had been passed to <a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey()</code></a>. If it is an 1569object, the following additional properties can be passed:</p> 1570<ul> 1571<li> 1572<p><code>dsaEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> For DSA and ECDSA, this option specifies the 1573format of the generated signature. It can be one of the following:</p> 1574<ul> 1575<li><code>'der'</code> (default): DER-encoded ASN.1 signature structure encoding <code>(r, s)</code>.</li> 1576<li><code>'ieee-p1363'</code>: Signature format <code>r || s</code> as proposed in IEEE-P1363.</li> 1577</ul> 1578</li> 1579<li> 1580<p><code>padding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Optional padding value for RSA, one of the following:</p> 1581<ul> 1582<li><code>crypto.constants.RSA_PKCS1_PADDING</code> (default)</li> 1583<li><code>crypto.constants.RSA_PKCS1_PSS_PADDING</code></li> 1584</ul> 1585<p><code>RSA_PKCS1_PSS_PADDING</code> will use MGF1 with the same hash function 1586used to sign the message as specified in section 3.1 of <a href="https://www.rfc-editor.org/rfc/rfc4055.txt">RFC 4055</a>, unless 1587an MGF1 hash function has been specified as part of the key in compliance with 1588section 3.3 of <a href="https://www.rfc-editor.org/rfc/rfc4055.txt">RFC 4055</a>.</p> 1589</li> 1590<li> 1591<p><code>saltLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Salt length for when padding is 1592<code>RSA_PKCS1_PSS_PADDING</code>. The special value 1593<code>crypto.constants.RSA_PSS_SALTLEN_DIGEST</code> sets the salt length to the digest 1594size, <code>crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN</code> (default) sets it to the 1595maximum permissible value.</p> 1596</li> 1597</ul> 1598<p>If <code>outputEncoding</code> is provided a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> 1599is returned.</p> 1600<p>The <code>Sign</code> object can not be again used after <code>sign.sign()</code> method has been 1601called. Multiple calls to <code>sign.sign()</code> will result in an error being thrown.</p> 1602<h4><code>sign.update(data[, inputEncoding])</code><span><a class="mark" href="#crypto_sign_update_data_inputencoding" id="crypto_sign_update_data_inputencoding">#</a></span></h4> 1603<div class="api_metadata"> 1604<details class="changelog"><summary>History</summary> 1605<table> 1606<tbody><tr><th>Version</th><th>Changes</th></tr> 1607<tr><td>v6.0.0</td> 1608<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 1609<tr><td>v0.1.92</td> 1610<td><p><span>Added in: v0.1.92</span></p></td></tr> 1611</tbody></table> 1612</details> 1613</div> 1614<ul> 1615<li><code>data</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1616<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>data</code> string.</li> 1617</ul> 1618<p>Updates the <code>Sign</code> content with the given <code>data</code>, the encoding of which 1619is given in <code>inputEncoding</code>. 1620If <code>encoding</code> is not provided, and the <code>data</code> is a string, an 1621encoding of <code>'utf8'</code> is enforced. If <code>data</code> is a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or 1622<code>DataView</code>, then <code>inputEncoding</code> is ignored.</p> 1623<p>This can be called many times with new data as it is streamed.</p> 1624</section><section><h3>Class: <code>Verify</code><span><a class="mark" href="#crypto_class_verify" id="crypto_class_verify">#</a></span></h3> 1625<div class="api_metadata"> 1626<span>Added in: v0.1.92</span> 1627</div> 1628<ul> 1629<li>Extends: <a href="stream.html#stream_class_stream_writable" class="type"><stream.Writable></a></li> 1630</ul> 1631<p>The <code>Verify</code> class is a utility for verifying signatures. It can be used in one 1632of two ways:</p> 1633<ul> 1634<li>As a writable <a href="stream.html">stream</a> where written data is used to validate against the 1635supplied signature, or</li> 1636<li>Using the <a href="#crypto_verify_update_data_inputencoding"><code>verify.update()</code></a> and <a href="#crypto_verify_verify_object_signature_signatureencoding"><code>verify.verify()</code></a> methods to verify 1637the signature.</li> 1638</ul> 1639<p>The <a href="#crypto_crypto_createverify_algorithm_options"><code>crypto.createVerify()</code></a> method is used to create <code>Verify</code> instances. 1640<code>Verify</code> objects are not to be created directly using the <code>new</code> keyword.</p> 1641<p>See <a href="#crypto_class_sign"><code>Sign</code></a> for examples.</p> 1642<h4><code>verify.update(data[, inputEncoding])</code><span><a class="mark" href="#crypto_verify_update_data_inputencoding" id="crypto_verify_update_data_inputencoding">#</a></span></h4> 1643<div class="api_metadata"> 1644<details class="changelog"><summary>History</summary> 1645<table> 1646<tbody><tr><th>Version</th><th>Changes</th></tr> 1647<tr><td>v6.0.0</td> 1648<td><p>The default <code>inputEncoding</code> changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 1649<tr><td>v0.1.92</td> 1650<td><p><span>Added in: v0.1.92</span></p></td></tr> 1651</tbody></table> 1652</details> 1653</div> 1654<ul> 1655<li><code>data</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1656<li><code>inputEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>data</code> string.</li> 1657</ul> 1658<p>Updates the <code>Verify</code> content with the given <code>data</code>, the encoding of which 1659is given in <code>inputEncoding</code>. 1660If <code>inputEncoding</code> is not provided, and the <code>data</code> is a string, an 1661encoding of <code>'utf8'</code> is enforced. If <code>data</code> is a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or 1662<code>DataView</code>, then <code>inputEncoding</code> is ignored.</p> 1663<p>This can be called many times with new data as it is streamed.</p> 1664<h4><code>verify.verify(object, signature[, signatureEncoding])</code><span><a class="mark" href="#crypto_verify_verify_object_signature_signatureencoding" id="crypto_verify_verify_object_signature_signatureencoding">#</a></span></h4> 1665<div class="api_metadata"> 1666<details class="changelog"><summary>History</summary> 1667<table> 1668<tbody><tr><th>Version</th><th>Changes</th></tr> 1669<tr><td>v13.2.0, v12.16.0</td> 1670<td><p>This function now supports IEEE-P1363 DSA and ECDSA signatures.</p></td></tr> 1671<tr><td>v12.0.0</td> 1672<td><p>This function now supports RSA-PSS keys.</p></td></tr> 1673<tr><td>v11.7.0</td> 1674<td><p>The key can now be a private key.</p></td></tr> 1675<tr><td>v8.0.0</td> 1676<td><p>Support for RSASSA-PSS and additional options was added.</p></td></tr> 1677<tr><td>v0.1.92</td> 1678<td><p><span>Added in: v0.1.92</span></p></td></tr> 1679</tbody></table> 1680</details> 1681</div> 1682<ul> 1683<li><code>object</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 1684<ul> 1685<li><code>dsaEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1686<li><code>padding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a></li> 1687<li><code>saltLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a></li> 1688</ul> 1689</li> 1690<li><code>signature</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1691<li><code>signatureEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>signature</code> string.</li> 1692<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> <code>true</code> or <code>false</code> depending on the validity of the 1693signature for the data and public key.</li> 1694</ul> 1695<p>Verifies the provided data using the given <code>object</code> and <code>signature</code>.</p> 1696<p>If <code>object</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if 1697<code>object</code> had been passed to <a href="#crypto_crypto_createpublickey_key"><code>crypto.createPublicKey()</code></a>. If it is an 1698object, the following additional properties can be passed:</p> 1699<ul> 1700<li> 1701<p><code>dsaEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> For DSA and ECDSA, this option specifies the 1702format of the signature. It can be one of the following:</p> 1703<ul> 1704<li><code>'der'</code> (default): DER-encoded ASN.1 signature structure encoding <code>(r, s)</code>.</li> 1705<li><code>'ieee-p1363'</code>: Signature format <code>r || s</code> as proposed in IEEE-P1363.</li> 1706</ul> 1707</li> 1708<li> 1709<p><code>padding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Optional padding value for RSA, one of the following:</p> 1710<ul> 1711<li><code>crypto.constants.RSA_PKCS1_PADDING</code> (default)</li> 1712<li><code>crypto.constants.RSA_PKCS1_PSS_PADDING</code></li> 1713</ul> 1714<p><code>RSA_PKCS1_PSS_PADDING</code> will use MGF1 with the same hash function 1715used to verify the message as specified in section 3.1 of <a href="https://www.rfc-editor.org/rfc/rfc4055.txt">RFC 4055</a>, unless 1716an MGF1 hash function has been specified as part of the key in compliance with 1717section 3.3 of <a href="https://www.rfc-editor.org/rfc/rfc4055.txt">RFC 4055</a>.</p> 1718</li> 1719<li> 1720<p><code>saltLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Salt length for when padding is 1721<code>RSA_PKCS1_PSS_PADDING</code>. The special value 1722<code>crypto.constants.RSA_PSS_SALTLEN_DIGEST</code> sets the salt length to the digest 1723size, <code>crypto.constants.RSA_PSS_SALTLEN_AUTO</code> (default) causes it to be 1724determined automatically.</p> 1725</li> 1726</ul> 1727<p>The <code>signature</code> argument is the previously calculated signature for the data, in 1728the <code>signatureEncoding</code>. 1729If a <code>signatureEncoding</code> is specified, the <code>signature</code> is expected to be a 1730string; otherwise <code>signature</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>, 1731<code>TypedArray</code>, or <code>DataView</code>.</p> 1732<p>The <code>verify</code> object can not be used again after <code>verify.verify()</code> has been 1733called. Multiple calls to <code>verify.verify()</code> will result in an error being 1734thrown.</p> 1735<p>Because public keys can be derived from private keys, a private key may 1736be passed instead of a public key.</p> 1737</section><section><h3><code>crypto</code> module methods and properties<span><a class="mark" href="#crypto_crypto_module_methods_and_properties" id="crypto_crypto_module_methods_and_properties">#</a></span></h3> 1738<h4><code>crypto.constants</code><span><a class="mark" href="#crypto_crypto_constants" id="crypto_crypto_constants">#</a></span></h4> 1739<div class="api_metadata"> 1740<span>Added in: v6.3.0</span> 1741</div> 1742<ul> 1743<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> An object containing commonly used constants for crypto and 1744security related operations. The specific constants currently defined are 1745described in <a href="#crypto_crypto_constants_1">Crypto constants</a>.</li> 1746</ul> 1747<h4><code>crypto.DEFAULT_ENCODING</code><span><a class="mark" href="#crypto_crypto_default_encoding" id="crypto_crypto_default_encoding">#</a></span></h4> 1748<div class="api_metadata"> 1749<span>Added in: v0.9.3</span><span>Deprecated since: v10.0.0</span> 1750</div> 1751<p></p><div class="api_stability api_stability_0"><a href="documentation.html#documentation_stability_index">Stability: 0</a> - Deprecated</div><p></p> 1752<p>The default encoding to use for functions that can take either strings 1753or <a href="buffer.html">buffers</a>. The default value is <code>'buffer'</code>, which makes methods 1754default to <a href="buffer.html"><code>Buffer</code></a> objects.</p> 1755<p>The <code>crypto.DEFAULT_ENCODING</code> mechanism is provided for backward compatibility 1756with legacy programs that expect <code>'latin1'</code> to be the default encoding.</p> 1757<p>New applications should expect the default to be <code>'buffer'</code>.</p> 1758<p>This property is deprecated.</p> 1759<h4><code>crypto.fips</code><span><a class="mark" href="#crypto_crypto_fips" id="crypto_crypto_fips">#</a></span></h4> 1760<div class="api_metadata"> 1761<span>Added in: v6.0.0</span><span>Deprecated since: v10.0.0</span> 1762</div> 1763<p></p><div class="api_stability api_stability_0"><a href="documentation.html#documentation_stability_index">Stability: 0</a> - Deprecated</div><p></p> 1764<p>Property for checking and controlling whether a FIPS compliant crypto provider 1765is currently in use. Setting to true requires a FIPS build of Node.js.</p> 1766<p>This property is deprecated. Please use <code>crypto.setFips()</code> and 1767<code>crypto.getFips()</code> instead.</p> 1768<h4><code>crypto.createCipher(algorithm, password[, options])</code><span><a class="mark" href="#crypto_crypto_createcipher_algorithm_password_options" id="crypto_crypto_createcipher_algorithm_password_options">#</a></span></h4> 1769<div class="api_metadata"> 1770<details class="changelog"><summary>History</summary> 1771<table> 1772<tbody><tr><th>Version</th><th>Changes</th></tr> 1773<tr><td>v10.10.0</td> 1774<td><p>Ciphers in OCB mode are now supported.</p></td></tr> 1775<tr><td>v10.2.0</td> 1776<td><p>The <code>authTagLength</code> option can now be used to produce shorter authentication tags in GCM mode and defaults to 16 bytes.</p></td></tr> 1777<tr><td>v10.0.0</td> 1778<td><p><span>Deprecated since: v10.0.0</span></p></td></tr> 1779<tr><td>v0.1.94</td> 1780<td><p><span>Added in: v0.1.94</span></p></td></tr> 1781</tbody></table> 1782</details> 1783</div> 1784<p></p><div class="api_stability api_stability_0"><a href="documentation.html#documentation_stability_index">Stability: 0</a> - Deprecated: Use <a href="#crypto_crypto_createcipheriv_algorithm_key_iv_options"><code>crypto.createCipheriv()</code></a> instead.</div><p></p> 1785<ul> 1786<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1787<li><code>password</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1788<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 1789<li>Returns: <a href="crypto.html#crypto_class_cipher" class="type"><Cipher></a></li> 1790</ul> 1791<p>Creates and returns a <code>Cipher</code> object that uses the given <code>algorithm</code> and 1792<code>password</code>.</p> 1793<p>The <code>options</code> argument controls stream behavior and is optional except when a 1794cipher in CCM or OCB mode is used (e.g. <code>'aes-128-ccm'</code>). In that case, the 1795<code>authTagLength</code> option is required and specifies the length of the 1796authentication tag in bytes, see <a href="#crypto_ccm_mode">CCM mode</a>. In GCM mode, the <code>authTagLength</code> 1797option is not required but can be used to set the length of the authentication 1798tag that will be returned by <code>getAuthTag()</code> and defaults to 16 bytes.</p> 1799<p>The <code>algorithm</code> is dependent on OpenSSL, examples are <code>'aes192'</code>, etc. On 1800recent OpenSSL releases, <code>openssl list -cipher-algorithms</code> 1801(<code>openssl list-cipher-algorithms</code> for older versions of OpenSSL) will 1802display the available cipher algorithms.</p> 1803<p>The <code>password</code> is used to derive the cipher key and initialization vector (IV). 1804The value must be either a <code>'latin1'</code> encoded string, a <a href="buffer.html"><code>Buffer</code></a>, a 1805<code>TypedArray</code>, or a <code>DataView</code>.</p> 1806<p>The implementation of <code>crypto.createCipher()</code> derives keys using the OpenSSL 1807function <a href="https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> with the digest algorithm set to MD5, one 1808iteration, and no salt. The lack of salt allows dictionary attacks as the same 1809password always creates the same key. The low iteration count and 1810non-cryptographically secure hash algorithm allow passwords to be tested very 1811rapidly.</p> 1812<p>In line with OpenSSL's recommendation to use a more modern algorithm instead of 1813<a href="https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> it is recommended that developers derive a key and IV on 1814their own using <a href="#crypto_crypto_scrypt_password_salt_keylen_options_callback"><code>crypto.scrypt()</code></a> and to use <a href="#crypto_crypto_createcipheriv_algorithm_key_iv_options"><code>crypto.createCipheriv()</code></a> 1815to create the <code>Cipher</code> object. Users should not use ciphers with counter mode 1816(e.g. CTR, GCM, or CCM) in <code>crypto.createCipher()</code>. A warning is emitted when 1817they are used in order to avoid the risk of IV reuse that causes 1818vulnerabilities. For the case when IV is reused in GCM, see <a href="https://github.com/nonce-disrespect/nonce-disrespect">Nonce-Disrespecting 1819Adversaries</a> for details.</p> 1820<h4><code>crypto.createCipheriv(algorithm, key, iv[, options])</code><span><a class="mark" href="#crypto_crypto_createcipheriv_algorithm_key_iv_options" id="crypto_crypto_createcipheriv_algorithm_key_iv_options">#</a></span></h4> 1821<div class="api_metadata"> 1822<details class="changelog"><summary>History</summary> 1823<table> 1824<tbody><tr><th>Version</th><th>Changes</th></tr> 1825<tr><td>v11.6.0</td> 1826<td><p>The <code>key</code> argument can now be a <code>KeyObject</code>.</p></td></tr> 1827<tr><td>v11.2.0, v10.17.0</td> 1828<td><p>The cipher <code>chacha20-poly1305</code> is now supported.</p></td></tr> 1829<tr><td>v10.10.0</td> 1830<td><p>Ciphers in OCB mode are now supported.</p></td></tr> 1831<tr><td>v10.2.0</td> 1832<td><p>The <code>authTagLength</code> option can now be used to produce shorter authentication tags in GCM mode and defaults to 16 bytes.</p></td></tr> 1833<tr><td>v9.9.0</td> 1834<td><p>The <code>iv</code> parameter may now be <code>null</code> for ciphers which do not need an initialization vector.</p></td></tr> 1835<tr><td>v0.1.94</td> 1836<td><p><span>Added in: v0.1.94</span></p></td></tr> 1837</tbody></table> 1838</details> 1839</div> 1840<ul> 1841<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1842<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 1843<li><code>iv</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Null_type" class="type"><null></a></li> 1844<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 1845<li>Returns: <a href="crypto.html#crypto_class_cipher" class="type"><Cipher></a></li> 1846</ul> 1847<p>Creates and returns a <code>Cipher</code> object, with the given <code>algorithm</code>, <code>key</code> and 1848initialization vector (<code>iv</code>).</p> 1849<p>The <code>options</code> argument controls stream behavior and is optional except when a 1850cipher in CCM or OCB mode is used (e.g. <code>'aes-128-ccm'</code>). In that case, the 1851<code>authTagLength</code> option is required and specifies the length of the 1852authentication tag in bytes, see <a href="#crypto_ccm_mode">CCM mode</a>. In GCM mode, the <code>authTagLength</code> 1853option is not required but can be used to set the length of the authentication 1854tag that will be returned by <code>getAuthTag()</code> and defaults to 16 bytes.</p> 1855<p>The <code>algorithm</code> is dependent on OpenSSL, examples are <code>'aes192'</code>, etc. On 1856recent OpenSSL releases, <code>openssl list -cipher-algorithms</code> 1857(<code>openssl list-cipher-algorithms</code> for older versions of OpenSSL) will 1858display the available cipher algorithms.</p> 1859<p>The <code>key</code> is the raw key used by the <code>algorithm</code> and <code>iv</code> is an 1860<a href="https://en.wikipedia.org/wiki/Initialization_vector">initialization vector</a>. Both arguments must be <code>'utf8'</code> encoded strings, 1861<a href="buffer.html">Buffers</a>, <code>TypedArray</code>, or <code>DataView</code>s. The <code>key</code> may optionally be 1862a <a href="#crypto_class_keyobject"><code>KeyObject</code></a> of type <code>secret</code>. If the cipher does not need 1863an initialization vector, <code>iv</code> may be <code>null</code>.</p> 1864<p>Initialization vectors should be unpredictable and unique; ideally, they will be 1865cryptographically random. They do not have to be secret: IVs are typically just 1866added to ciphertext messages unencrypted. It may sound contradictory that 1867something has to be unpredictable and unique, but does not have to be secret; 1868remember that an attacker must not be able to predict ahead of time what a 1869given IV will be.</p> 1870<h4><code>crypto.createDecipher(algorithm, password[, options])</code><span><a class="mark" href="#crypto_crypto_createdecipher_algorithm_password_options" id="crypto_crypto_createdecipher_algorithm_password_options">#</a></span></h4> 1871<div class="api_metadata"> 1872<details class="changelog"><summary>History</summary> 1873<table> 1874<tbody><tr><th>Version</th><th>Changes</th></tr> 1875<tr><td>v10.10.0</td> 1876<td><p>Ciphers in OCB mode are now supported.</p></td></tr> 1877<tr><td>v10.0.0</td> 1878<td><p><span>Deprecated since: v10.0.0</span></p></td></tr> 1879<tr><td>v0.1.94</td> 1880<td><p><span>Added in: v0.1.94</span></p></td></tr> 1881</tbody></table> 1882</details> 1883</div> 1884<p></p><div class="api_stability api_stability_0"><a href="documentation.html#documentation_stability_index">Stability: 0</a> - Deprecated: Use <a href="#crypto_crypto_createdecipheriv_algorithm_key_iv_options"><code>crypto.createDecipheriv()</code></a> instead.</div><p></p> 1885<ul> 1886<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1887<li><code>password</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1888<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 1889<li>Returns: <a href="crypto.html#crypto_class_decipher" class="type"><Decipher></a></li> 1890</ul> 1891<p>Creates and returns a <code>Decipher</code> object that uses the given <code>algorithm</code> and 1892<code>password</code> (key).</p> 1893<p>The <code>options</code> argument controls stream behavior and is optional except when a 1894cipher in CCM or OCB mode is used (e.g. <code>'aes-128-ccm'</code>). In that case, the 1895<code>authTagLength</code> option is required and specifies the length of the 1896authentication tag in bytes, see <a href="#crypto_ccm_mode">CCM mode</a>.</p> 1897<p>The implementation of <code>crypto.createDecipher()</code> derives keys using the OpenSSL 1898function <a href="https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> with the digest algorithm set to MD5, one 1899iteration, and no salt. The lack of salt allows dictionary attacks as the same 1900password always creates the same key. The low iteration count and 1901non-cryptographically secure hash algorithm allow passwords to be tested very 1902rapidly.</p> 1903<p>In line with OpenSSL's recommendation to use a more modern algorithm instead of 1904<a href="https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> it is recommended that developers derive a key and IV on 1905their own using <a href="#crypto_crypto_scrypt_password_salt_keylen_options_callback"><code>crypto.scrypt()</code></a> and to use <a href="#crypto_crypto_createdecipheriv_algorithm_key_iv_options"><code>crypto.createDecipheriv()</code></a> 1906to create the <code>Decipher</code> object.</p> 1907<h4><code>crypto.createDecipheriv(algorithm, key, iv[, options])</code><span><a class="mark" href="#crypto_crypto_createdecipheriv_algorithm_key_iv_options" id="crypto_crypto_createdecipheriv_algorithm_key_iv_options">#</a></span></h4> 1908<div class="api_metadata"> 1909<details class="changelog"><summary>History</summary> 1910<table> 1911<tbody><tr><th>Version</th><th>Changes</th></tr> 1912<tr><td>v11.6.0</td> 1913<td><p>The <code>key</code> argument can now be a <code>KeyObject</code>.</p></td></tr> 1914<tr><td>v11.2.0, v10.17.0</td> 1915<td><p>The cipher <code>chacha20-poly1305</code> is now supported.</p></td></tr> 1916<tr><td>v10.10.0</td> 1917<td><p>Ciphers in OCB mode are now supported.</p></td></tr> 1918<tr><td>v10.2.0</td> 1919<td><p>The <code>authTagLength</code> option can now be used to restrict accepted GCM authentication tag lengths.</p></td></tr> 1920<tr><td>v9.9.0</td> 1921<td><p>The <code>iv</code> parameter may now be <code>null</code> for ciphers which do not need an initialization vector.</p></td></tr> 1922<tr><td>v0.1.94</td> 1923<td><p><span>Added in: v0.1.94</span></p></td></tr> 1924</tbody></table> 1925</details> 1926</div> 1927<ul> 1928<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 1929<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 1930<li><code>iv</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Null_type" class="type"><null></a></li> 1931<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 1932<li>Returns: <a href="crypto.html#crypto_class_decipher" class="type"><Decipher></a></li> 1933</ul> 1934<p>Creates and returns a <code>Decipher</code> object that uses the given <code>algorithm</code>, <code>key</code> 1935and initialization vector (<code>iv</code>).</p> 1936<p>The <code>options</code> argument controls stream behavior and is optional except when a 1937cipher in CCM or OCB mode is used (e.g. <code>'aes-128-ccm'</code>). In that case, the 1938<code>authTagLength</code> option is required and specifies the length of the 1939authentication tag in bytes, see <a href="#crypto_ccm_mode">CCM mode</a>. In GCM mode, the <code>authTagLength</code> 1940option is not required but can be used to restrict accepted authentication tags 1941to those with the specified length.</p> 1942<p>The <code>algorithm</code> is dependent on OpenSSL, examples are <code>'aes192'</code>, etc. On 1943recent OpenSSL releases, <code>openssl list -cipher-algorithms</code> 1944(<code>openssl list-cipher-algorithms</code> for older versions of OpenSSL) will 1945display the available cipher algorithms.</p> 1946<p>The <code>key</code> is the raw key used by the <code>algorithm</code> and <code>iv</code> is an 1947<a href="https://en.wikipedia.org/wiki/Initialization_vector">initialization vector</a>. Both arguments must be <code>'utf8'</code> encoded strings, 1948<a href="buffer.html">Buffers</a>, <code>TypedArray</code>, or <code>DataView</code>s. The <code>key</code> may optionally be 1949a <a href="#crypto_class_keyobject"><code>KeyObject</code></a> of type <code>secret</code>. If the cipher does not need 1950an initialization vector, <code>iv</code> may be <code>null</code>.</p> 1951<p>Initialization vectors should be unpredictable and unique; ideally, they will be 1952cryptographically random. They do not have to be secret: IVs are typically just 1953added to ciphertext messages unencrypted. It may sound contradictory that 1954something has to be unpredictable and unique, but does not have to be secret; 1955remember that an attacker must not be able to predict ahead of time what a given 1956IV will be.</p> 1957<h4><code>crypto.createDiffieHellman(prime[, primeEncoding][, generator][, generatorEncoding])</code><span><a class="mark" href="#crypto_crypto_creatediffiehellman_prime_primeencoding_generator_generatorencoding" id="crypto_crypto_creatediffiehellman_prime_primeencoding_generator_generatorencoding">#</a></span></h4> 1958<div class="api_metadata"> 1959<details class="changelog"><summary>History</summary> 1960<table> 1961<tbody><tr><th>Version</th><th>Changes</th></tr> 1962<tr><td>v8.0.0</td> 1963<td><p>The <code>prime</code> argument can be any <code>TypedArray</code> or <code>DataView</code> now.</p></td></tr> 1964<tr><td>v8.0.0</td> 1965<td><p>The <code>prime</code> argument can be a <code>Uint8Array</code> now.</p></td></tr> 1966<tr><td>v6.0.0</td> 1967<td><p>The default for the encoding parameters changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 1968<tr><td>v0.11.12</td> 1969<td><p><span>Added in: v0.11.12</span></p></td></tr> 1970</tbody></table> 1971</details> 1972</div> 1973<ul> 1974<li><code>prime</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 1975<li><code>primeEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>prime</code> string.</li> 1976<li><code>generator</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> <strong>Default:</strong> 1977<code>2</code></li> 1978<li><code>generatorEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The <a href="buffer.html#buffer_buffers_and_character_encodings">encoding</a> of the <code>generator</code> string.</li> 1979<li>Returns: <a href="crypto.html#crypto_class_diffiehellman" class="type"><DiffieHellman></a></li> 1980</ul> 1981<p>Creates a <code>DiffieHellman</code> key exchange object using the supplied <code>prime</code> and an 1982optional specific <code>generator</code>.</p> 1983<p>The <code>generator</code> argument can be a number, string, or <a href="buffer.html"><code>Buffer</code></a>. If 1984<code>generator</code> is not specified, the value <code>2</code> is used.</p> 1985<p>If <code>primeEncoding</code> is specified, <code>prime</code> is expected to be a string; otherwise 1986a <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or <code>DataView</code> is expected.</p> 1987<p>If <code>generatorEncoding</code> is specified, <code>generator</code> is expected to be a string; 1988otherwise a number, <a href="buffer.html"><code>Buffer</code></a>, <code>TypedArray</code>, or <code>DataView</code> is expected.</p> 1989<h4><code>crypto.createDiffieHellman(primeLength[, generator])</code><span><a class="mark" href="#crypto_crypto_creatediffiehellman_primelength_generator" id="crypto_crypto_creatediffiehellman_primelength_generator">#</a></span></h4> 1990<div class="api_metadata"> 1991<span>Added in: v0.5.0</span> 1992</div> 1993<ul> 1994<li><code>primeLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 1995<li><code>generator</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>2</code></li> 1996<li>Returns: <a href="crypto.html#crypto_class_diffiehellman" class="type"><DiffieHellman></a></li> 1997</ul> 1998<p>Creates a <code>DiffieHellman</code> key exchange object and generates a prime of 1999<code>primeLength</code> bits using an optional specific numeric <code>generator</code>. 2000If <code>generator</code> is not specified, the value <code>2</code> is used.</p> 2001<h4><code>crypto.createDiffieHellmanGroup(name)</code><span><a class="mark" href="#crypto_crypto_creatediffiehellmangroup_name" id="crypto_crypto_creatediffiehellmangroup_name">#</a></span></h4> 2002<div class="api_metadata"> 2003<span>Added in: v0.9.3</span> 2004</div> 2005<ul> 2006<li><code>name</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2007<li>Returns: <a href="crypto.html#crypto_class_diffiehellmangroup" class="type"><DiffieHellmanGroup></a></li> 2008</ul> 2009<p>An alias for <a href="#crypto_crypto_getdiffiehellman_groupname"><code>crypto.getDiffieHellman()</code></a></p> 2010<h4><code>crypto.createECDH(curveName)</code><span><a class="mark" href="#crypto_crypto_createecdh_curvename" id="crypto_crypto_createecdh_curvename">#</a></span></h4> 2011<div class="api_metadata"> 2012<span>Added in: v0.11.14</span> 2013</div> 2014<ul> 2015<li><code>curveName</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2016<li>Returns: <a href="crypto.html#crypto_class_ecdh" class="type"><ECDH></a></li> 2017</ul> 2018<p>Creates an Elliptic Curve Diffie-Hellman (<code>ECDH</code>) key exchange object using a 2019predefined curve specified by the <code>curveName</code> string. Use 2020<a href="#crypto_crypto_getcurves"><code>crypto.getCurves()</code></a> to obtain a list of available curve names. On recent 2021OpenSSL releases, <code>openssl ecparam -list_curves</code> will also display the name 2022and description of each available elliptic curve.</p> 2023<h4><code>crypto.createHash(algorithm[, options])</code><span><a class="mark" href="#crypto_crypto_createhash_algorithm_options" id="crypto_crypto_createhash_algorithm_options">#</a></span></h4> 2024<div class="api_metadata"> 2025<details class="changelog"><summary>History</summary> 2026<table> 2027<tbody><tr><th>Version</th><th>Changes</th></tr> 2028<tr><td>v12.8.0</td> 2029<td><p>The <code>outputLength</code> option was added for XOF hash functions.</p></td></tr> 2030<tr><td>v0.1.92</td> 2031<td><p><span>Added in: v0.1.92</span></p></td></tr> 2032</tbody></table> 2033</details> 2034</div> 2035<ul> 2036<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2037<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 2038<li>Returns: <a href="crypto.html#crypto_class_hash" class="type"><Hash></a></li> 2039</ul> 2040<p>Creates and returns a <code>Hash</code> object that can be used to generate hash digests 2041using the given <code>algorithm</code>. Optional <code>options</code> argument controls stream 2042behavior. For XOF hash functions such as <code>'shake256'</code>, the <code>outputLength</code> option 2043can be used to specify the desired output length in bytes.</p> 2044<p>The <code>algorithm</code> is dependent on the available algorithms supported by the 2045version of OpenSSL on the platform. Examples are <code>'sha256'</code>, <code>'sha512'</code>, etc. 2046On recent releases of OpenSSL, <code>openssl list -digest-algorithms</code> 2047(<code>openssl list-message-digest-algorithms</code> for older versions of OpenSSL) will 2048display the available digest algorithms.</p> 2049<p>Example: generating the sha256 sum of a file</p> 2050<pre><code class="language-js"><span class="hljs-keyword">const</span> filename = process.<span class="hljs-property">argv</span>[<span class="hljs-number">2</span>]; 2051<span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2052<span class="hljs-keyword">const</span> fs = <span class="hljs-built_in">require</span>(<span class="hljs-string">'fs'</span>); 2053 2054<span class="hljs-keyword">const</span> hash = crypto.<span class="hljs-title function_">createHash</span>(<span class="hljs-string">'sha256'</span>); 2055 2056<span class="hljs-keyword">const</span> input = fs.<span class="hljs-title function_">createReadStream</span>(filename); 2057input.<span class="hljs-title function_">on</span>(<span class="hljs-string">'readable'</span>, <span class="hljs-function">() =></span> { 2058 <span class="hljs-comment">// Only one element is going to be produced by the</span> 2059 <span class="hljs-comment">// hash stream.</span> 2060 <span class="hljs-keyword">const</span> data = input.<span class="hljs-title function_">read</span>(); 2061 <span class="hljs-keyword">if</span> (data) 2062 hash.<span class="hljs-title function_">update</span>(data); 2063 <span class="hljs-keyword">else</span> { 2064 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">`<span class="hljs-subst">${hash.digest(<span class="hljs-string">'hex'</span>)}</span> <span class="hljs-subst">${filename}</span>`</span>); 2065 } 2066});</code></pre> 2067<h4><code>crypto.createHmac(algorithm, key[, options])</code><span><a class="mark" href="#crypto_crypto_createhmac_algorithm_key_options" id="crypto_crypto_createhmac_algorithm_key_options">#</a></span></h4> 2068<div class="api_metadata"> 2069<details class="changelog"><summary>History</summary> 2070<table> 2071<tbody><tr><th>Version</th><th>Changes</th></tr> 2072<tr><td>v11.6.0</td> 2073<td><p>The <code>key</code> argument can now be a <code>KeyObject</code>.</p></td></tr> 2074<tr><td>v0.1.94</td> 2075<td><p><span>Added in: v0.1.94</span></p></td></tr> 2076</tbody></table> 2077</details> 2078</div> 2079<ul> 2080<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2081<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2082<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_transform_options"><code>stream.transform</code> options</a></li> 2083<li>Returns: <a href="crypto.html#crypto_class_hmac" class="type"><Hmac></a></li> 2084</ul> 2085<p>Creates and returns an <code>Hmac</code> object that uses the given <code>algorithm</code> and <code>key</code>. 2086Optional <code>options</code> argument controls stream behavior.</p> 2087<p>The <code>algorithm</code> is dependent on the available algorithms supported by the 2088version of OpenSSL on the platform. Examples are <code>'sha256'</code>, <code>'sha512'</code>, etc. 2089On recent releases of OpenSSL, <code>openssl list -digest-algorithms</code> 2090(<code>openssl list-message-digest-algorithms</code> for older versions of OpenSSL) will 2091display the available digest algorithms.</p> 2092<p>The <code>key</code> is the HMAC key used to generate the cryptographic HMAC hash. If it is 2093a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, its type must be <code>secret</code>.</p> 2094<p>Example: generating the sha256 HMAC of a file</p> 2095<pre><code class="language-js"><span class="hljs-keyword">const</span> filename = process.<span class="hljs-property">argv</span>[<span class="hljs-number">2</span>]; 2096<span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2097<span class="hljs-keyword">const</span> fs = <span class="hljs-built_in">require</span>(<span class="hljs-string">'fs'</span>); 2098 2099<span class="hljs-keyword">const</span> hmac = crypto.<span class="hljs-title function_">createHmac</span>(<span class="hljs-string">'sha256'</span>, <span class="hljs-string">'a secret'</span>); 2100 2101<span class="hljs-keyword">const</span> input = fs.<span class="hljs-title function_">createReadStream</span>(filename); 2102input.<span class="hljs-title function_">on</span>(<span class="hljs-string">'readable'</span>, <span class="hljs-function">() =></span> { 2103 <span class="hljs-comment">// Only one element is going to be produced by the</span> 2104 <span class="hljs-comment">// hash stream.</span> 2105 <span class="hljs-keyword">const</span> data = input.<span class="hljs-title function_">read</span>(); 2106 <span class="hljs-keyword">if</span> (data) 2107 hmac.<span class="hljs-title function_">update</span>(data); 2108 <span class="hljs-keyword">else</span> { 2109 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">`<span class="hljs-subst">${hmac.digest(<span class="hljs-string">'hex'</span>)}</span> <span class="hljs-subst">${filename}</span>`</span>); 2110 } 2111});</code></pre> 2112<h4><code>crypto.createPrivateKey(key)</code><span><a class="mark" href="#crypto_crypto_createprivatekey_key" id="crypto_crypto_createprivatekey_key">#</a></span></h4> 2113<div class="api_metadata"> 2114<span>Added in: v11.6.0</span> 2115</div> 2116<ul> 2117<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> 2118<ul> 2119<li><code>key</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The key material, either in PEM or DER format.</li> 2120<li><code>format</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'pem'</code> or <code>'der'</code>. <strong>Default:</strong> <code>'pem'</code>.</li> 2121<li><code>type</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'pkcs1'</code>, <code>'pkcs8'</code> or <code>'sec1'</code>. This option is 2122required only if the <code>format</code> is <code>'der'</code> and ignored if it is <code>'pem'</code>.</li> 2123<li><code>passphrase</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The passphrase to use for decryption.</li> 2124</ul> 2125</li> 2126<li>Returns: <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2127</ul> 2128<p>Creates and returns a new key object containing a private key. If <code>key</code> is a 2129string or <code>Buffer</code>, <code>format</code> is assumed to be <code>'pem'</code>; otherwise, <code>key</code> 2130must be an object with the properties described above.</p> 2131<p>If the private key is encrypted, a <code>passphrase</code> must be specified. The length 2132of the passphrase is limited to 1024 bytes.</p> 2133<h4><code>crypto.createPublicKey(key)</code><span><a class="mark" href="#crypto_crypto_createpublickey_key" id="crypto_crypto_createpublickey_key">#</a></span></h4> 2134<div class="api_metadata"> 2135<details class="changelog"><summary>History</summary> 2136<table> 2137<tbody><tr><th>Version</th><th>Changes</th></tr> 2138<tr><td>v11.13.0</td> 2139<td><p>The <code>key</code> argument can now be a <code>KeyObject</code> with type <code>private</code>.</p></td></tr> 2140<tr><td>v11.7.0</td> 2141<td><p>The <code>key</code> argument can now be a private key.</p></td></tr> 2142<tr><td>v11.6.0</td> 2143<td><p><span>Added in: v11.6.0</span></p></td></tr> 2144</tbody></table> 2145</details> 2146</div> 2147<ul> 2148<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 2149<ul> 2150<li><code>key</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2151<li><code>format</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'pem'</code> or <code>'der'</code>. <strong>Default:</strong> <code>'pem'</code>.</li> 2152<li><code>type</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'pkcs1'</code> or <code>'spki'</code>. This option is required 2153only if the <code>format</code> is <code>'der'</code>.</li> 2154</ul> 2155</li> 2156<li>Returns: <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2157</ul> 2158<p>Creates and returns a new key object containing a public key. If <code>key</code> is a 2159string or <code>Buffer</code>, <code>format</code> is assumed to be <code>'pem'</code>; if <code>key</code> is a <code>KeyObject</code> 2160with type <code>'private'</code>, the public key is derived from the given private key; 2161otherwise, <code>key</code> must be an object with the properties described above.</p> 2162<p>If the format is <code>'pem'</code>, the <code>'key'</code> may also be an X.509 certificate.</p> 2163<p>Because public keys can be derived from private keys, a private key may be 2164passed instead of a public key. In that case, this function behaves as if 2165<a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey()</code></a> had been called, except that the type of the 2166returned <code>KeyObject</code> will be <code>'public'</code> and that the private key cannot be 2167extracted from the returned <code>KeyObject</code>. Similarly, if a <code>KeyObject</code> with type 2168<code>'private'</code> is given, a new <code>KeyObject</code> with type <code>'public'</code> will be returned 2169and it will be impossible to extract the private key from the returned object.</p> 2170<h4><code>crypto.createSecretKey(key)</code><span><a class="mark" href="#crypto_crypto_createsecretkey_key" id="crypto_crypto_createsecretkey_key">#</a></span></h4> 2171<div class="api_metadata"> 2172<span>Added in: v11.6.0</span> 2173</div> 2174<ul> 2175<li><code>key</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2176<li>Returns: <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2177</ul> 2178<p>Creates and returns a new key object containing a secret key for symmetric 2179encryption or <code>Hmac</code>.</p> 2180<h4><code>crypto.createSign(algorithm[, options])</code><span><a class="mark" href="#crypto_crypto_createsign_algorithm_options" id="crypto_crypto_createsign_algorithm_options">#</a></span></h4> 2181<div class="api_metadata"> 2182<span>Added in: v0.1.92</span> 2183</div> 2184<ul> 2185<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2186<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_writable_options"><code>stream.Writable</code> options</a></li> 2187<li>Returns: <a href="crypto.html#crypto_class_sign" class="type"><Sign></a></li> 2188</ul> 2189<p>Creates and returns a <code>Sign</code> object that uses the given <code>algorithm</code>. Use 2190<a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a> to obtain the names of the available digest algorithms. 2191Optional <code>options</code> argument controls the <code>stream.Writable</code> behavior.</p> 2192<p>In some cases, a <code>Sign</code> instance can be created using the name of a signature 2193algorithm, such as <code>'RSA-SHA256'</code>, instead of a digest algorithm. This will use 2194the corresponding digest algorithm. This does not work for all signature 2195algorithms, such as <code>'ecdsa-with-SHA256'</code>, so it is best to always use digest 2196algorithm names.</p> 2197<h4><code>crypto.createVerify(algorithm[, options])</code><span><a class="mark" href="#crypto_crypto_createverify_algorithm_options" id="crypto_crypto_createverify_algorithm_options">#</a></span></h4> 2198<div class="api_metadata"> 2199<span>Added in: v0.1.92</span> 2200</div> 2201<ul> 2202<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2203<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> <a href="stream.html#stream_new_stream_writable_options"><code>stream.Writable</code> options</a></li> 2204<li>Returns: <a href="crypto.html#crypto_class_verify" class="type"><Verify></a></li> 2205</ul> 2206<p>Creates and returns a <code>Verify</code> object that uses the given algorithm. 2207Use <a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a> to obtain an array of names of the available 2208signing algorithms. Optional <code>options</code> argument controls the 2209<code>stream.Writable</code> behavior.</p> 2210<p>In some cases, a <code>Verify</code> instance can be created using the name of a signature 2211algorithm, such as <code>'RSA-SHA256'</code>, instead of a digest algorithm. This will use 2212the corresponding digest algorithm. This does not work for all signature 2213algorithms, such as <code>'ecdsa-with-SHA256'</code>, so it is best to always use digest 2214algorithm names.</p> 2215<h4><code>crypto.diffieHellman(options)</code><span><a class="mark" href="#crypto_crypto_diffiehellman_options" id="crypto_crypto_diffiehellman_options">#</a></span></h4> 2216<div class="api_metadata"> 2217<span>Added in: v13.9.0</span> 2218</div> 2219<ul> 2220<li><code>options</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2221<ul> 2222<li><code>privateKey</code>: <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2223<li><code>publicKey</code>: <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2224</ul> 2225</li> 2226<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2227</ul> 2228<p>Computes the Diffie-Hellman secret based on a <code>privateKey</code> and a <code>publicKey</code>. 2229Both keys must have the same <code>asymmetricKeyType</code>, which must be one of <code>'dh'</code> 2230(for Diffie-Hellman), <code>'ec'</code> (for ECDH), <code>'x448'</code>, or <code>'x25519'</code> (for ECDH-ES).</p> 2231<h4><code>crypto.generateKeyPair(type, options, callback)</code><span><a class="mark" href="#crypto_crypto_generatekeypair_type_options_callback" id="crypto_crypto_generatekeypair_type_options_callback">#</a></span></h4> 2232<div class="api_metadata"> 2233<details class="changelog"><summary>History</summary> 2234<table> 2235<tbody><tr><th>Version</th><th>Changes</th></tr> 2236<tr><td>v13.9.0</td> 2237<td><p>Add support for Diffie-Hellman.</p></td></tr> 2238<tr><td>v12.0.0</td> 2239<td><p>Add ability to generate X25519 and X448 key pairs.</p></td></tr> 2240<tr><td>v12.0.0</td> 2241<td><p>Add ability to generate Ed25519 and Ed448 key pairs.</p></td></tr> 2242<tr><td>v11.6.0</td> 2243<td><p>The <code>generateKeyPair</code> and <code>generateKeyPairSync</code> functions now produce key objects if no encoding was specified.</p></td></tr> 2244<tr><td>v10.12.0</td> 2245<td><p><span>Added in: v10.12.0</span></p></td></tr> 2246</tbody></table> 2247</details> 2248</div> 2249<ul> 2250<li><code>type</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'rsa'</code>, <code>'dsa'</code>, <code>'ec'</code>, <code>'ed25519'</code>, <code>'ed448'</code>, 2251<code>'x25519'</code>, <code>'x448'</code>, or <code>'dh'</code>.</li> 2252<li><code>options</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2253<ul> 2254<li><code>modulusLength</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Key size in bits (RSA, DSA).</li> 2255<li><code>publicExponent</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Public exponent (RSA). <strong>Default:</strong> <code>0x10001</code>.</li> 2256<li><code>divisorLength</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Size of <code>q</code> in bits (DSA).</li> 2257<li><code>namedCurve</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Name of the curve to use (EC).</li> 2258<li><code>prime</code>: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The prime parameter (DH).</li> 2259<li><code>primeLength</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Prime length in bits (DH).</li> 2260<li><code>generator</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Custom generator (DH). <strong>Default:</strong> <code>2</code>.</li> 2261<li><code>groupName</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Diffie-Hellman group name (DH). See 2262<a href="#crypto_crypto_getdiffiehellman_groupname"><code>crypto.getDiffieHellman()</code></a>.</li> 2263<li><code>publicKeyEncoding</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> See <a href="#crypto_keyobject_export_options"><code>keyObject.export()</code></a>.</li> 2264<li><code>privateKeyEncoding</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> See <a href="#crypto_keyobject_export_options"><code>keyObject.export()</code></a>.</li> 2265</ul> 2266</li> 2267<li><code>callback</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> 2268<ul> 2269<li><code>err</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error" class="type"><Error></a></li> 2270<li><code>publicKey</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2271<li><code>privateKey</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2272</ul> 2273</li> 2274</ul> 2275<p>Generates a new asymmetric key pair of the given <code>type</code>. RSA, DSA, EC, Ed25519, 2276Ed448, X25519, X448, and DH are currently supported.</p> 2277<p>If a <code>publicKeyEncoding</code> or <code>privateKeyEncoding</code> was specified, this function 2278behaves as if <a href="#crypto_keyobject_export_options"><code>keyObject.export()</code></a> had been called on its result. Otherwise, 2279the respective part of the key is returned as a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>.</p> 2280<p>It is recommended to encode public keys as <code>'spki'</code> and private keys as 2281<code>'pkcs8'</code> with encryption for long-term storage:</p> 2282<pre><code class="language-js"><span class="hljs-keyword">const</span> { generateKeyPair } = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2283<span class="hljs-title function_">generateKeyPair</span>(<span class="hljs-string">'rsa'</span>, { 2284 <span class="hljs-attr">modulusLength</span>: <span class="hljs-number">4096</span>, 2285 <span class="hljs-attr">publicKeyEncoding</span>: { 2286 <span class="hljs-attr">type</span>: <span class="hljs-string">'spki'</span>, 2287 <span class="hljs-attr">format</span>: <span class="hljs-string">'pem'</span> 2288 }, 2289 <span class="hljs-attr">privateKeyEncoding</span>: { 2290 <span class="hljs-attr">type</span>: <span class="hljs-string">'pkcs8'</span>, 2291 <span class="hljs-attr">format</span>: <span class="hljs-string">'pem'</span>, 2292 <span class="hljs-attr">cipher</span>: <span class="hljs-string">'aes-256-cbc'</span>, 2293 <span class="hljs-attr">passphrase</span>: <span class="hljs-string">'top secret'</span> 2294 } 2295}, <span class="hljs-function">(<span class="hljs-params">err, publicKey, privateKey</span>) =></span> { 2296 <span class="hljs-comment">// Handle errors and use the generated key pair.</span> 2297});</code></pre> 2298<p>On completion, <code>callback</code> will be called with <code>err</code> set to <code>undefined</code> and 2299<code>publicKey</code> / <code>privateKey</code> representing the generated key pair.</p> 2300<p>If this method is invoked as its <a href="util.html#util_util_promisify_original"><code>util.promisify()</code></a>ed version, it returns 2301a <code>Promise</code> for an <code>Object</code> with <code>publicKey</code> and <code>privateKey</code> properties.</p> 2302<h4><code>crypto.generateKeyPairSync(type, options)</code><span><a class="mark" href="#crypto_crypto_generatekeypairsync_type_options" id="crypto_crypto_generatekeypairsync_type_options">#</a></span></h4> 2303<div class="api_metadata"> 2304<details class="changelog"><summary>History</summary> 2305<table> 2306<tbody><tr><th>Version</th><th>Changes</th></tr> 2307<tr><td>v13.9.0</td> 2308<td><p>Add support for Diffie-Hellman.</p></td></tr> 2309<tr><td>v12.0.0</td> 2310<td><p>Add ability to generate Ed25519 and Ed448 key pairs.</p></td></tr> 2311<tr><td>v11.6.0</td> 2312<td><p>The <code>generateKeyPair</code> and <code>generateKeyPairSync</code> functions now produce key objects if no encoding was specified.</p></td></tr> 2313<tr><td>v10.12.0</td> 2314<td><p><span>Added in: v10.12.0</span></p></td></tr> 2315</tbody></table> 2316</details> 2317</div> 2318<ul> 2319<li><code>type</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Must be <code>'rsa'</code>, <code>'dsa'</code>, <code>'ec'</code>, <code>'ed25519'</code>, <code>'ed448'</code>, 2320<code>'x25519'</code>, <code>'x448'</code>, or <code>'dh'</code>.</li> 2321<li><code>options</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2322<ul> 2323<li><code>modulusLength</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Key size in bits (RSA, DSA).</li> 2324<li><code>publicExponent</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Public exponent (RSA). <strong>Default:</strong> <code>0x10001</code>.</li> 2325<li><code>divisorLength</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Size of <code>q</code> in bits (DSA).</li> 2326<li><code>namedCurve</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Name of the curve to use (EC).</li> 2327<li><code>prime</code>: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> The prime parameter (DH).</li> 2328<li><code>primeLength</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Prime length in bits (DH).</li> 2329<li><code>generator</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Custom generator (DH). <strong>Default:</strong> <code>2</code>.</li> 2330<li><code>groupName</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> Diffie-Hellman group name (DH). See 2331<a href="#crypto_crypto_getdiffiehellman_groupname"><code>crypto.getDiffieHellman()</code></a>.</li> 2332<li><code>publicKeyEncoding</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> See <a href="#crypto_keyobject_export_options"><code>keyObject.export()</code></a>.</li> 2333<li><code>privateKeyEncoding</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> See <a href="#crypto_keyobject_export_options"><code>keyObject.export()</code></a>.</li> 2334</ul> 2335</li> 2336<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2337<ul> 2338<li><code>publicKey</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2339<li><code>privateKey</code>: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 2340</ul> 2341</li> 2342</ul> 2343<p>Generates a new asymmetric key pair of the given <code>type</code>. RSA, DSA, EC, Ed25519, 2344Ed448, X25519, X448, and DH are currently supported.</p> 2345<p>If a <code>publicKeyEncoding</code> or <code>privateKeyEncoding</code> was specified, this function 2346behaves as if <a href="#crypto_keyobject_export_options"><code>keyObject.export()</code></a> had been called on its result. Otherwise, 2347the respective part of the key is returned as a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>.</p> 2348<p>When encoding public keys, it is recommended to use <code>'spki'</code>. When encoding 2349private keys, it is recommended to use <code>'pkcs8'</code> with a strong passphrase, 2350and to keep the passphrase confidential.</p> 2351<pre><code class="language-js"><span class="hljs-keyword">const</span> { generateKeyPairSync } = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2352<span class="hljs-keyword">const</span> { publicKey, privateKey } = <span class="hljs-title function_">generateKeyPairSync</span>(<span class="hljs-string">'rsa'</span>, { 2353 <span class="hljs-attr">modulusLength</span>: <span class="hljs-number">4096</span>, 2354 <span class="hljs-attr">publicKeyEncoding</span>: { 2355 <span class="hljs-attr">type</span>: <span class="hljs-string">'spki'</span>, 2356 <span class="hljs-attr">format</span>: <span class="hljs-string">'pem'</span> 2357 }, 2358 <span class="hljs-attr">privateKeyEncoding</span>: { 2359 <span class="hljs-attr">type</span>: <span class="hljs-string">'pkcs8'</span>, 2360 <span class="hljs-attr">format</span>: <span class="hljs-string">'pem'</span>, 2361 <span class="hljs-attr">cipher</span>: <span class="hljs-string">'aes-256-cbc'</span>, 2362 <span class="hljs-attr">passphrase</span>: <span class="hljs-string">'top secret'</span> 2363 } 2364});</code></pre> 2365<p>The return value <code>{ publicKey, privateKey }</code> represents the generated key pair. 2366When PEM encoding was selected, the respective key will be a string, otherwise 2367it will be a buffer containing the data encoded as DER.</p> 2368<h4><code>crypto.getCiphers()</code><span><a class="mark" href="#crypto_crypto_getciphers" id="crypto_crypto_getciphers">#</a></span></h4> 2369<div class="api_metadata"> 2370<span>Added in: v0.9.3</span> 2371</div> 2372<ul> 2373<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string[]></a> An array with the names of the supported cipher 2374algorithms.</li> 2375</ul> 2376<pre><code class="language-js"><span class="hljs-keyword">const</span> ciphers = crypto.<span class="hljs-title function_">getCiphers</span>(); 2377<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(ciphers); <span class="hljs-comment">// ['aes-128-cbc', 'aes-128-ccm', ...]</span></code></pre> 2378<h4><code>crypto.getCurves()</code><span><a class="mark" href="#crypto_crypto_getcurves" id="crypto_crypto_getcurves">#</a></span></h4> 2379<div class="api_metadata"> 2380<span>Added in: v2.3.0</span> 2381</div> 2382<ul> 2383<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string[]></a> An array with the names of the supported elliptic curves.</li> 2384</ul> 2385<pre><code class="language-js"><span class="hljs-keyword">const</span> curves = crypto.<span class="hljs-title function_">getCurves</span>(); 2386<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(curves); <span class="hljs-comment">// ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]</span></code></pre> 2387<h4><code>crypto.getDiffieHellman(groupName)</code><span><a class="mark" href="#crypto_crypto_getdiffiehellman_groupname" id="crypto_crypto_getdiffiehellman_groupname">#</a></span></h4> 2388<div class="api_metadata"> 2389<span>Added in: v0.7.5</span> 2390</div> 2391<ul> 2392<li><code>groupName</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2393<li>Returns: <a href="crypto.html#crypto_class_diffiehellmangroup" class="type"><DiffieHellmanGroup></a></li> 2394</ul> 2395<p>Creates a predefined <code>DiffieHellmanGroup</code> key exchange object. The 2396supported groups are: <code>'modp1'</code>, <code>'modp2'</code>, <code>'modp5'</code> (defined in 2397<a href="https://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>, but see <a href="#crypto_support_for_weak_or_compromised_algorithms">Caveats</a>) and <code>'modp14'</code>, <code>'modp15'</code>, 2398<code>'modp16'</code>, <code>'modp17'</code>, <code>'modp18'</code> (defined in <a href="https://www.rfc-editor.org/rfc/rfc3526.txt">RFC 3526</a>). The 2399returned object mimics the interface of objects created by 2400<a href="#crypto_crypto_creatediffiehellman_prime_primeencoding_generator_generatorencoding"><code>crypto.createDiffieHellman()</code></a>, but will not allow changing 2401the keys (with <a href="#crypto_diffiehellman_setpublickey_publickey_encoding"><code>diffieHellman.setPublicKey()</code></a>, for example). The 2402advantage of using this method is that the parties do not have to 2403generate nor exchange a group modulus beforehand, saving both processor 2404and communication time.</p> 2405<p>Example (obtaining a shared secret):</p> 2406<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2407<span class="hljs-keyword">const</span> alice = crypto.<span class="hljs-title function_">getDiffieHellman</span>(<span class="hljs-string">'modp14'</span>); 2408<span class="hljs-keyword">const</span> bob = crypto.<span class="hljs-title function_">getDiffieHellman</span>(<span class="hljs-string">'modp14'</span>); 2409 2410alice.<span class="hljs-title function_">generateKeys</span>(); 2411bob.<span class="hljs-title function_">generateKeys</span>(); 2412 2413<span class="hljs-keyword">const</span> aliceSecret = alice.<span class="hljs-title function_">computeSecret</span>(bob.<span class="hljs-title function_">getPublicKey</span>(), <span class="hljs-literal">null</span>, <span class="hljs-string">'hex'</span>); 2414<span class="hljs-keyword">const</span> bobSecret = bob.<span class="hljs-title function_">computeSecret</span>(alice.<span class="hljs-title function_">getPublicKey</span>(), <span class="hljs-literal">null</span>, <span class="hljs-string">'hex'</span>); 2415 2416<span class="hljs-comment">/* aliceSecret and bobSecret should be the same */</span> 2417<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(aliceSecret === bobSecret);</code></pre> 2418<h4><code>crypto.getFips()</code><span><a class="mark" href="#crypto_crypto_getfips" id="crypto_crypto_getfips">#</a></span></h4> 2419<div class="api_metadata"> 2420<span>Added in: v10.0.0</span> 2421</div> 2422<ul> 2423<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <code>1</code> if and only if a FIPS compliant crypto provider is 2424currently in use, <code>0</code> otherwise. A future semver-major release may change 2425the return type of this API to a <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a>.</li> 2426</ul> 2427<h4><code>crypto.getHashes()</code><span><a class="mark" href="#crypto_crypto_gethashes" id="crypto_crypto_gethashes">#</a></span></h4> 2428<div class="api_metadata"> 2429<span>Added in: v0.9.3</span> 2430</div> 2431<ul> 2432<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string[]></a> An array of the names of the supported hash algorithms, 2433such as <code>'RSA-SHA256'</code>. Hash algorithms are also called "digest" algorithms.</li> 2434</ul> 2435<pre><code class="language-js"><span class="hljs-keyword">const</span> hashes = crypto.<span class="hljs-title function_">getHashes</span>(); 2436<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(hashes); <span class="hljs-comment">// ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]</span></code></pre> 2437<h4><code>crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)</code><span><a class="mark" href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback" id="crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback">#</a></span></h4> 2438<div class="api_metadata"> 2439<details class="changelog"><summary>History</summary> 2440<table> 2441<tbody><tr><th>Version</th><th>Changes</th></tr> 2442<tr><td>v14.0.0</td> 2443<td><p>The <code>iterations</code> parameter is now restricted to positive values. Earlier releases treated other values as one.</p></td></tr> 2444<tr><td>v8.0.0</td> 2445<td><p>The <code>digest</code> parameter is always required now.</p></td></tr> 2446<tr><td>v6.0.0</td> 2447<td><p>Calling this function without passing the <code>digest</code> parameter is deprecated now and will emit a warning.</p></td></tr> 2448<tr><td>v6.0.0</td> 2449<td><p>The default encoding for <code>password</code> if it is a string changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 2450<tr><td>v0.5.5</td> 2451<td><p><span>Added in: v0.5.5</span></p></td></tr> 2452</tbody></table> 2453</details> 2454</div> 2455<ul> 2456<li><code>password</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2457<li><code>salt</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2458<li><code>iterations</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2459<li><code>keylen</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2460<li><code>digest</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2461<li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> 2462<ul> 2463<li><code>err</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error" class="type"><Error></a></li> 2464<li><code>derivedKey</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2465</ul> 2466</li> 2467</ul> 2468<p>Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) 2469implementation. A selected HMAC digest algorithm specified by <code>digest</code> is 2470applied to derive a key of the requested byte length (<code>keylen</code>) from the 2471<code>password</code>, <code>salt</code> and <code>iterations</code>.</p> 2472<p>The supplied <code>callback</code> function is called with two arguments: <code>err</code> and 2473<code>derivedKey</code>. If an error occurs while deriving the key, <code>err</code> will be set; 2474otherwise <code>err</code> will be <code>null</code>. By default, the successfully generated 2475<code>derivedKey</code> will be passed to the callback as a <a href="buffer.html"><code>Buffer</code></a>. An error will be 2476thrown if any of the input arguments specify invalid values or types.</p> 2477<p>If <code>digest</code> is <code>null</code>, <code>'sha1'</code> will be used. This behavior is deprecated, 2478please specify a <code>digest</code> explicitly.</p> 2479<p>The <code>iterations</code> argument must be a number set as high as possible. The 2480higher the number of iterations, the more secure the derived key will be, 2481but will take a longer amount of time to complete.</p> 2482<p>The <code>salt</code> should be as unique as possible. It is recommended that a salt is 2483random and at least 16 bytes long. See <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf">NIST SP 800-132</a> for details.</p> 2484<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2485crypto.<span class="hljs-title function_">pbkdf2</span>(<span class="hljs-string">'secret'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">100000</span>, <span class="hljs-number">64</span>, <span class="hljs-string">'sha512'</span>, <span class="hljs-function">(<span class="hljs-params">err, derivedKey</span>) =></span> { 2486 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2487 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(derivedKey.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); <span class="hljs-comment">// '3745e48...08d59ae'</span> 2488});</code></pre> 2489<p>The <code>crypto.DEFAULT_ENCODING</code> property can be used to change the way the 2490<code>derivedKey</code> is passed to the callback. This property, however, has been 2491deprecated and use should be avoided.</p> 2492<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2493crypto.<span class="hljs-property">DEFAULT_ENCODING</span> = <span class="hljs-string">'hex'</span>; 2494crypto.<span class="hljs-title function_">pbkdf2</span>(<span class="hljs-string">'secret'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">100000</span>, <span class="hljs-number">512</span>, <span class="hljs-string">'sha512'</span>, <span class="hljs-function">(<span class="hljs-params">err, derivedKey</span>) =></span> { 2495 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2496 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(derivedKey); <span class="hljs-comment">// '3745e48...aa39b34'</span> 2497});</code></pre> 2498<p>An array of supported digest functions can be retrieved using 2499<a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a>.</p> 2500<p>This API uses libuv's threadpool, which can have surprising and 2501negative performance implications for some applications; see the 2502<a href="cli.html#cli_uv_threadpool_size_size"><code>UV_THREADPOOL_SIZE</code></a> documentation for more information.</p> 2503<h4><code>crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)</code><span><a class="mark" href="#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest" id="crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest">#</a></span></h4> 2504<div class="api_metadata"> 2505<details class="changelog"><summary>History</summary> 2506<table> 2507<tbody><tr><th>Version</th><th>Changes</th></tr> 2508<tr><td>v14.0.0</td> 2509<td><p>The <code>iterations</code> parameter is now restricted to positive values. Earlier releases treated other values as one.</p></td></tr> 2510<tr><td>v6.0.0</td> 2511<td><p>Calling this function without passing the <code>digest</code> parameter is deprecated now and will emit a warning.</p></td></tr> 2512<tr><td>v6.0.0</td> 2513<td><p>The default encoding for <code>password</code> if it is a string changed from <code>binary</code> to <code>utf8</code>.</p></td></tr> 2514<tr><td>v0.9.3</td> 2515<td><p><span>Added in: v0.9.3</span></p></td></tr> 2516</tbody></table> 2517</details> 2518</div> 2519<ul> 2520<li><code>password</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2521<li><code>salt</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2522<li><code>iterations</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2523<li><code>keylen</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2524<li><code>digest</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2525<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2526</ul> 2527<p>Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) 2528implementation. A selected HMAC digest algorithm specified by <code>digest</code> is 2529applied to derive a key of the requested byte length (<code>keylen</code>) from the 2530<code>password</code>, <code>salt</code> and <code>iterations</code>.</p> 2531<p>If an error occurs an <code>Error</code> will be thrown, otherwise the derived key will be 2532returned as a <a href="buffer.html"><code>Buffer</code></a>.</p> 2533<p>If <code>digest</code> is <code>null</code>, <code>'sha1'</code> will be used. This behavior is deprecated, 2534please specify a <code>digest</code> explicitly.</p> 2535<p>The <code>iterations</code> argument must be a number set as high as possible. The 2536higher the number of iterations, the more secure the derived key will be, 2537but will take a longer amount of time to complete.</p> 2538<p>The <code>salt</code> should be as unique as possible. It is recommended that a salt is 2539random and at least 16 bytes long. See <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf">NIST SP 800-132</a> for details.</p> 2540<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2541<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">pbkdf2Sync</span>(<span class="hljs-string">'secret'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">100000</span>, <span class="hljs-number">64</span>, <span class="hljs-string">'sha512'</span>); 2542<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(key.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); <span class="hljs-comment">// '3745e48...08d59ae'</span></code></pre> 2543<p>The <code>crypto.DEFAULT_ENCODING</code> property may be used to change the way the 2544<code>derivedKey</code> is returned. This property, however, is deprecated and use 2545should be avoided.</p> 2546<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2547crypto.<span class="hljs-property">DEFAULT_ENCODING</span> = <span class="hljs-string">'hex'</span>; 2548<span class="hljs-keyword">const</span> key = crypto.<span class="hljs-title function_">pbkdf2Sync</span>(<span class="hljs-string">'secret'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">100000</span>, <span class="hljs-number">512</span>, <span class="hljs-string">'sha512'</span>); 2549<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(key); <span class="hljs-comment">// '3745e48...aa39b34'</span></code></pre> 2550<p>An array of supported digest functions can be retrieved using 2551<a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a>.</p> 2552<h4><code>crypto.privateDecrypt(privateKey, buffer)</code><span><a class="mark" href="#crypto_crypto_privatedecrypt_privatekey_buffer" id="crypto_crypto_privatedecrypt_privatekey_buffer">#</a></span></h4> 2553<div class="api_metadata"> 2554<details class="changelog"><summary>History</summary> 2555<table> 2556<tbody><tr><th>Version</th><th>Changes</th></tr> 2557<tr><td>v12.11.0</td> 2558<td><p>The <code>oaepLabel</code> option was added.</p></td></tr> 2559<tr><td>v12.9.0</td> 2560<td><p>The <code>oaepHash</code> option was added.</p></td></tr> 2561<tr><td>v11.6.0</td> 2562<td><p>This function now supports key objects.</p></td></tr> 2563<tr><td>v0.11.14</td> 2564<td><p><span>Added in: v0.11.14</span></p></td></tr> 2565</tbody></table> 2566</details> 2567</div> 2568<ul> 2569<li><code>privateKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 2570<ul> 2571<li><code>oaepHash</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The hash function to use for OAEP padding and MGF1. 2572<strong>Default:</strong> <code>'sha1'</code></li> 2573<li><code>oaepLabel</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> The label to use for OAEP 2574padding. If not specified, no label is used.</li> 2575<li><code>padding</code> <a href="crypto.html#crypto_crypto_constants_1" class="type"><crypto.constants></a> An optional padding value defined in 2576<code>crypto.constants</code>, which may be: <code>crypto.constants.RSA_NO_PADDING</code>, 2577<code>crypto.constants.RSA_PKCS1_PADDING</code>, or 2578<code>crypto.constants.RSA_PKCS1_OAEP_PADDING</code>.</li> 2579</ul> 2580</li> 2581<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2582<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> A new <code>Buffer</code> with the decrypted content.</li> 2583</ul> 2584<p>Decrypts <code>buffer</code> with <code>privateKey</code>. <code>buffer</code> was previously encrypted using 2585the corresponding public key, for example using <a href="#crypto_crypto_publicencrypt_key_buffer"><code>crypto.publicEncrypt()</code></a>.</p> 2586<p>If <code>privateKey</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if 2587<code>privateKey</code> had been passed to <a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey()</code></a>. If it is an 2588object, the <code>padding</code> property can be passed. Otherwise, this function uses 2589<code>RSA_PKCS1_OAEP_PADDING</code>.</p> 2590<h4><code>crypto.privateEncrypt(privateKey, buffer)</code><span><a class="mark" href="#crypto_crypto_privateencrypt_privatekey_buffer" id="crypto_crypto_privateencrypt_privatekey_buffer">#</a></span></h4> 2591<div class="api_metadata"> 2592<details class="changelog"><summary>History</summary> 2593<table> 2594<tbody><tr><th>Version</th><th>Changes</th></tr> 2595<tr><td>v11.6.0</td> 2596<td><p>This function now supports key objects.</p></td></tr> 2597<tr><td>v1.1.0</td> 2598<td><p><span>Added in: v1.1.0</span></p></td></tr> 2599</tbody></table> 2600</details> 2601</div> 2602<ul> 2603<li><code>privateKey</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 2604<ul> 2605<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> A PEM encoded private key.</li> 2606<li><code>passphrase</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> An optional passphrase for the private key.</li> 2607<li><code>padding</code> <a href="crypto.html#crypto_crypto_constants_1" class="type"><crypto.constants></a> An optional padding value defined in 2608<code>crypto.constants</code>, which may be: <code>crypto.constants.RSA_NO_PADDING</code> or 2609<code>crypto.constants.RSA_PKCS1_PADDING</code>.</li> 2610</ul> 2611</li> 2612<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2613<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> A new <code>Buffer</code> with the encrypted content.</li> 2614</ul> 2615<p>Encrypts <code>buffer</code> with <code>privateKey</code>. The returned data can be decrypted using 2616the corresponding public key, for example using <a href="#crypto_crypto_publicdecrypt_key_buffer"><code>crypto.publicDecrypt()</code></a>.</p> 2617<p>If <code>privateKey</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if 2618<code>privateKey</code> had been passed to <a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey()</code></a>. If it is an 2619object, the <code>padding</code> property can be passed. Otherwise, this function uses 2620<code>RSA_PKCS1_PADDING</code>.</p> 2621<h4><code>crypto.publicDecrypt(key, buffer)</code><span><a class="mark" href="#crypto_crypto_publicdecrypt_key_buffer" id="crypto_crypto_publicdecrypt_key_buffer">#</a></span></h4> 2622<div class="api_metadata"> 2623<details class="changelog"><summary>History</summary> 2624<table> 2625<tbody><tr><th>Version</th><th>Changes</th></tr> 2626<tr><td>v11.6.0</td> 2627<td><p>This function now supports key objects.</p></td></tr> 2628<tr><td>v1.1.0</td> 2629<td><p><span>Added in: v1.1.0</span></p></td></tr> 2630</tbody></table> 2631</details> 2632</div> 2633<ul> 2634<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 2635<ul> 2636<li><code>passphrase</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> An optional passphrase for the private key.</li> 2637<li><code>padding</code> <a href="crypto.html#crypto_crypto_constants_1" class="type"><crypto.constants></a> An optional padding value defined in 2638<code>crypto.constants</code>, which may be: <code>crypto.constants.RSA_NO_PADDING</code> or 2639<code>crypto.constants.RSA_PKCS1_PADDING</code>.</li> 2640</ul> 2641</li> 2642<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2643<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> A new <code>Buffer</code> with the decrypted content.</li> 2644</ul> 2645<p>Decrypts <code>buffer</code> with <code>key</code>.<code>buffer</code> was previously encrypted using 2646the corresponding private key, for example using <a href="#crypto_crypto_privateencrypt_privatekey_buffer"><code>crypto.privateEncrypt()</code></a>.</p> 2647<p>If <code>key</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if 2648<code>key</code> had been passed to <a href="#crypto_crypto_createpublickey_key"><code>crypto.createPublicKey()</code></a>. If it is an 2649object, the <code>padding</code> property can be passed. Otherwise, this function uses 2650<code>RSA_PKCS1_PADDING</code>.</p> 2651<p>Because RSA public keys can be derived from private keys, a private key may 2652be passed instead of a public key.</p> 2653<h4><code>crypto.publicEncrypt(key, buffer)</code><span><a class="mark" href="#crypto_crypto_publicencrypt_key_buffer" id="crypto_crypto_publicencrypt_key_buffer">#</a></span></h4> 2654<div class="api_metadata"> 2655<details class="changelog"><summary>History</summary> 2656<table> 2657<tbody><tr><th>Version</th><th>Changes</th></tr> 2658<tr><td>v12.11.0</td> 2659<td><p>The <code>oaepLabel</code> option was added.</p></td></tr> 2660<tr><td>v12.9.0</td> 2661<td><p>The <code>oaepHash</code> option was added.</p></td></tr> 2662<tr><td>v11.6.0</td> 2663<td><p>This function now supports key objects.</p></td></tr> 2664<tr><td>v0.11.14</td> 2665<td><p><span>Added in: v0.11.14</span></p></td></tr> 2666</tbody></table> 2667</details> 2668</div> 2669<ul> 2670<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> 2671<ul> 2672<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a> A PEM encoded public or private key.</li> 2673<li><code>oaepHash</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> The hash function to use for OAEP padding and MGF1. 2674<strong>Default:</strong> <code>'sha1'</code></li> 2675<li><code>oaepLabel</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> The label to use for OAEP 2676padding. If not specified, no label is used.</li> 2677<li><code>passphrase</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> An optional passphrase for the private key.</li> 2678<li><code>padding</code> <a href="crypto.html#crypto_crypto_constants_1" class="type"><crypto.constants></a> An optional padding value defined in 2679<code>crypto.constants</code>, which may be: <code>crypto.constants.RSA_NO_PADDING</code>, 2680<code>crypto.constants.RSA_PKCS1_PADDING</code>, or 2681<code>crypto.constants.RSA_PKCS1_OAEP_PADDING</code>.</li> 2682</ul> 2683</li> 2684<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2685<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> A new <code>Buffer</code> with the encrypted content.</li> 2686</ul> 2687<p>Encrypts the content of <code>buffer</code> with <code>key</code> and returns a new 2688<a href="buffer.html"><code>Buffer</code></a> with encrypted content. The returned data can be decrypted using 2689the corresponding private key, for example using <a href="#crypto_crypto_privatedecrypt_privatekey_buffer"><code>crypto.privateDecrypt()</code></a>.</p> 2690<p>If <code>key</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if 2691<code>key</code> had been passed to <a href="#crypto_crypto_createpublickey_key"><code>crypto.createPublicKey()</code></a>. If it is an 2692object, the <code>padding</code> property can be passed. Otherwise, this function uses 2693<code>RSA_PKCS1_OAEP_PADDING</code>.</p> 2694<p>Because RSA public keys can be derived from private keys, a private key may 2695be passed instead of a public key.</p> 2696<h4><code>crypto.randomBytes(size[, callback])</code><span><a class="mark" href="#crypto_crypto_randombytes_size_callback" id="crypto_crypto_randombytes_size_callback">#</a></span></h4> 2697<div class="api_metadata"> 2698<details class="changelog"><summary>History</summary> 2699<table> 2700<tbody><tr><th>Version</th><th>Changes</th></tr> 2701<tr><td>v9.0.0</td> 2702<td><p>Passing <code>null</code> as the <code>callback</code> argument now throws <code>ERR_INVALID_CALLBACK</code>.</p></td></tr> 2703<tr><td>v0.5.8</td> 2704<td><p><span>Added in: v0.5.8</span></p></td></tr> 2705</tbody></table> 2706</details> 2707</div> 2708<ul> 2709<li><code>size</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2710<li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> 2711<ul> 2712<li><code>err</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error" class="type"><Error></a></li> 2713<li><code>buf</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2714</ul> 2715</li> 2716<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> if the <code>callback</code> function is not provided.</li> 2717</ul> 2718<p>Generates cryptographically strong pseudo-random data. The <code>size</code> argument 2719is a number indicating the number of bytes to generate.</p> 2720<p>If a <code>callback</code> function is provided, the bytes are generated asynchronously 2721and the <code>callback</code> function is invoked with two arguments: <code>err</code> and <code>buf</code>. 2722If an error occurs, <code>err</code> will be an <code>Error</code> object; otherwise it is <code>null</code>. The 2723<code>buf</code> argument is a <a href="buffer.html"><code>Buffer</code></a> containing the generated bytes.</p> 2724<pre><code class="language-js"><span class="hljs-comment">// Asynchronous</span> 2725<span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2726crypto.<span class="hljs-title function_">randomBytes</span>(<span class="hljs-number">256</span>, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2727 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2728 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">`<span class="hljs-subst">${buf.length}</span> bytes of random data: <span class="hljs-subst">${buf.toString(<span class="hljs-string">'hex'</span>)}</span>`</span>); 2729});</code></pre> 2730<p>If the <code>callback</code> function is not provided, the random bytes are generated 2731synchronously and returned as a <a href="buffer.html"><code>Buffer</code></a>. An error will be thrown if 2732there is a problem generating the bytes.</p> 2733<pre><code class="language-js"><span class="hljs-comment">// Synchronous</span> 2734<span class="hljs-keyword">const</span> buf = crypto.<span class="hljs-title function_">randomBytes</span>(<span class="hljs-number">256</span>); 2735<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>( 2736 <span class="hljs-string">`<span class="hljs-subst">${buf.length}</span> bytes of random data: <span class="hljs-subst">${buf.toString(<span class="hljs-string">'hex'</span>)}</span>`</span>);</code></pre> 2737<p>The <code>crypto.randomBytes()</code> method will not complete until there is 2738sufficient entropy available. 2739This should normally never take longer than a few milliseconds. The only time 2740when generating the random bytes may conceivably block for a longer period of 2741time is right after boot, when the whole system is still low on entropy.</p> 2742<p>This API uses libuv's threadpool, which can have surprising and 2743negative performance implications for some applications; see the 2744<a href="cli.html#cli_uv_threadpool_size_size"><code>UV_THREADPOOL_SIZE</code></a> documentation for more information.</p> 2745<p>The asynchronous version of <code>crypto.randomBytes()</code> is carried out in a single 2746threadpool request. To minimize threadpool task length variation, partition 2747large <code>randomBytes</code> requests when doing so as part of fulfilling a client 2748request.</p> 2749<h4><code>crypto.randomFillSync(buffer[, offset][, size])</code><span><a class="mark" href="#crypto_crypto_randomfillsync_buffer_offset_size" id="crypto_crypto_randomfillsync_buffer_offset_size">#</a></span></h4> 2750<div class="api_metadata"> 2751<details class="changelog"><summary>History</summary> 2752<table> 2753<tbody><tr><th>Version</th><th>Changes</th></tr> 2754<tr><td>v9.0.0</td> 2755<td><p>The <code>buffer</code> argument may be any <code>TypedArray</code> or <code>DataView</code>.</p></td></tr> 2756<tr><td>v7.10.0, v6.13.0</td> 2757<td><p><span>Added in: v7.10.0, v6.13.0</span></p></td></tr> 2758</tbody></table> 2759</details> 2760</div> 2761<ul> 2762<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> Must be supplied.</li> 2763<li><code>offset</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>0</code></li> 2764<li><code>size</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>buffer.length - offset</code></li> 2765<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> The object passed as <code>buffer</code> argument.</li> 2766</ul> 2767<p>Synchronous version of <a href="#crypto_crypto_randomfill_buffer_offset_size_callback"><code>crypto.randomFill()</code></a>.</p> 2768<pre><code class="language-js"><span class="hljs-keyword">const</span> buf = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">10</span>); 2769<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(crypto.<span class="hljs-title function_">randomFillSync</span>(buf).<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2770 2771crypto.<span class="hljs-title function_">randomFillSync</span>(buf, <span class="hljs-number">5</span>); 2772<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(buf.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2773 2774<span class="hljs-comment">// The above is equivalent to the following:</span> 2775crypto.<span class="hljs-title function_">randomFillSync</span>(buf, <span class="hljs-number">5</span>, <span class="hljs-number">5</span>); 2776<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(buf.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>));</code></pre> 2777<p>Any <code>TypedArray</code> or <code>DataView</code> instance may be passed as <code>buffer</code>.</p> 2778<pre><code class="language-js"><span class="hljs-keyword">const</span> a = <span class="hljs-keyword">new</span> <span class="hljs-title class_">Uint</span>32<span class="hljs-built_in">Array</span>(<span class="hljs-number">10</span>); 2779<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(crypto.<span class="hljs-title function_">randomFillSync</span>(a).<span class="hljs-property">buffer</span>, 2780 a.<span class="hljs-property">byteOffset</span>, a.<span class="hljs-property">byteLength</span>).<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2781 2782<span class="hljs-keyword">const</span> b = <span class="hljs-keyword">new</span> <span class="hljs-title class_">Float</span>64<span class="hljs-built_in">Array</span>(<span class="hljs-number">10</span>); 2783<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(crypto.<span class="hljs-title function_">randomFillSync</span>(b).<span class="hljs-property">buffer</span>, 2784 b.<span class="hljs-property">byteOffset</span>, b.<span class="hljs-property">byteLength</span>).<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2785 2786<span class="hljs-keyword">const</span> c = <span class="hljs-keyword">new</span> <span class="hljs-title class_">DataView</span>(<span class="hljs-keyword">new</span> <span class="hljs-title class_">ArrayBuffer</span>(<span class="hljs-number">10</span>)); 2787<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(crypto.<span class="hljs-title function_">randomFillSync</span>(c).<span class="hljs-property">buffer</span>, 2788 c.<span class="hljs-property">byteOffset</span>, c.<span class="hljs-property">byteLength</span>).<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>));</code></pre> 2789<h4><code>crypto.randomFill(buffer[, offset][, size], callback)</code><span><a class="mark" href="#crypto_crypto_randomfill_buffer_offset_size_callback" id="crypto_crypto_randomfill_buffer_offset_size_callback">#</a></span></h4> 2790<div class="api_metadata"> 2791<details class="changelog"><summary>History</summary> 2792<table> 2793<tbody><tr><th>Version</th><th>Changes</th></tr> 2794<tr><td>v9.0.0</td> 2795<td><p>The <code>buffer</code> argument may be any <code>TypedArray</code> or <code>DataView</code>.</p></td></tr> 2796<tr><td>v7.10.0, v6.13.0</td> 2797<td><p><span>Added in: v7.10.0, v6.13.0</span></p></td></tr> 2798</tbody></table> 2799</details> 2800</div> 2801<ul> 2802<li><code>buffer</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a> Must be supplied.</li> 2803<li><code>offset</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>0</code></li> 2804<li><code>size</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>buffer.length - offset</code></li> 2805<li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> <code>function(err, buf) {}</code>.</li> 2806</ul> 2807<p>This function is similar to <a href="#crypto_crypto_randombytes_size_callback"><code>crypto.randomBytes()</code></a> but requires the first 2808argument to be a <a href="buffer.html"><code>Buffer</code></a> that will be filled. It also 2809requires that a callback is passed in.</p> 2810<p>If the <code>callback</code> function is not provided, an error will be thrown.</p> 2811<pre><code class="language-js"><span class="hljs-keyword">const</span> buf = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">alloc</span>(<span class="hljs-number">10</span>); 2812crypto.<span class="hljs-title function_">randomFill</span>(buf, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2813 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2814 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(buf.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2815}); 2816 2817crypto.<span class="hljs-title function_">randomFill</span>(buf, <span class="hljs-number">5</span>, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2818 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2819 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(buf.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2820}); 2821 2822<span class="hljs-comment">// The above is equivalent to the following:</span> 2823crypto.<span class="hljs-title function_">randomFill</span>(buf, <span class="hljs-number">5</span>, <span class="hljs-number">5</span>, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2824 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2825 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(buf.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2826});</code></pre> 2827<p>Any <code>TypedArray</code> or <code>DataView</code> instance may be passed as <code>buffer</code>.</p> 2828<pre><code class="language-js"><span class="hljs-keyword">const</span> a = <span class="hljs-keyword">new</span> <span class="hljs-title class_">Uint</span>32<span class="hljs-built_in">Array</span>(<span class="hljs-number">10</span>); 2829crypto.<span class="hljs-title function_">randomFill</span>(a, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2830 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2831 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(buf.<span class="hljs-property">buffer</span>, buf.<span class="hljs-property">byteOffset</span>, buf.<span class="hljs-property">byteLength</span>) 2832 .<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2833}); 2834 2835<span class="hljs-keyword">const</span> b = <span class="hljs-keyword">new</span> <span class="hljs-title class_">Float</span>64<span class="hljs-built_in">Array</span>(<span class="hljs-number">10</span>); 2836crypto.<span class="hljs-title function_">randomFill</span>(b, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2837 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2838 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(buf.<span class="hljs-property">buffer</span>, buf.<span class="hljs-property">byteOffset</span>, buf.<span class="hljs-property">byteLength</span>) 2839 .<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2840}); 2841 2842<span class="hljs-keyword">const</span> c = <span class="hljs-keyword">new</span> <span class="hljs-title class_">DataView</span>(<span class="hljs-keyword">new</span> <span class="hljs-title class_">ArrayBuffer</span>(<span class="hljs-number">10</span>)); 2843crypto.<span class="hljs-title function_">randomFill</span>(c, <span class="hljs-function">(<span class="hljs-params">err, buf</span>) =></span> { 2844 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2845 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(buf.<span class="hljs-property">buffer</span>, buf.<span class="hljs-property">byteOffset</span>, buf.<span class="hljs-property">byteLength</span>) 2846 .<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); 2847});</code></pre> 2848<p>This API uses libuv's threadpool, which can have surprising and 2849negative performance implications for some applications; see the 2850<a href="cli.html#cli_uv_threadpool_size_size"><code>UV_THREADPOOL_SIZE</code></a> documentation for more information.</p> 2851<p>The asynchronous version of <code>crypto.randomFill()</code> is carried out in a single 2852threadpool request. To minimize threadpool task length variation, partition 2853large <code>randomFill</code> requests when doing so as part of fulfilling a client 2854request.</p> 2855<h4><code>crypto.randomInt([min, ]max[, callback])</code><span><a class="mark" href="#crypto_crypto_randomint_min_max_callback" id="crypto_crypto_randomint_min_max_callback">#</a></span></h4> 2856<div class="api_metadata"> 2857<span>Added in: v14.10.0</span> 2858</div> 2859<ul> 2860<li><code>min</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Start of random range (inclusive). <strong>Default</strong>: <code>0</code>.</li> 2861<li><code>max</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> End of random range (exclusive).</li> 2862<li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> <code>function(err, n) {}</code>.</li> 2863</ul> 2864<p>Return a random integer <code>n</code> such that <code>min <= n < max</code>. This 2865implementation avoids <a href="https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias">modulo bias</a>.</p> 2866<p>The range (<code>max - min</code>) must be less than 2<sup>48</sup>. <code>min</code> and <code>max</code> must 2867be <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger">safe integers</a>.</p> 2868<p>If the <code>callback</code> function is not provided, the random integer is 2869generated synchronously.</p> 2870<pre><code class="language-js"><span class="hljs-comment">// Asynchronous</span> 2871crypto.<span class="hljs-title function_">randomInt</span>(<span class="hljs-number">3</span>, <span class="hljs-function">(<span class="hljs-params">err, n</span>) =></span> { 2872 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2873 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">`Random number chosen from (0, 1, 2): <span class="hljs-subst">${n}</span>`</span>); 2874});</code></pre> 2875<pre><code class="language-js"><span class="hljs-comment">// Synchronous</span> 2876<span class="hljs-keyword">const</span> n = crypto.<span class="hljs-title function_">randomInt</span>(<span class="hljs-number">3</span>); 2877<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">`Random number chosen from (0, 1, 2): <span class="hljs-subst">${n}</span>`</span>);</code></pre> 2878<pre><code class="language-js"><span class="hljs-comment">// With `min` argument</span> 2879<span class="hljs-keyword">const</span> n = crypto.<span class="hljs-title function_">randomInt</span>(<span class="hljs-number">1</span>, <span class="hljs-number">7</span>); 2880<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(<span class="hljs-string">`The dice rolled: <span class="hljs-subst">${n}</span>`</span>);</code></pre> 2881<h4><code>crypto.randomUUID([options])</code><span><a class="mark" href="#crypto_crypto_randomuuid_options" id="crypto_crypto_randomuuid_options">#</a></span></h4> 2882<div class="api_metadata"> 2883<span>Added in: v14.17.0</span> 2884</div> 2885<ul> 2886<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2887<ul> 2888<li><code>disableEntropyCache</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> By default, to improve performance, 2889Node.js generates and caches enough random data to generate up to 2890128 random UUIDs. To generate a UUID without using the cache, set 2891<code>disableEntropyCache</code> to <code>true</code>. <strong>Defaults</strong>: <code>false</code>.</li> 2892</ul> 2893</li> 2894<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 2895</ul> 2896<p>Generates a random <a href="https://www.rfc-editor.org/rfc/rfc4122.txt">RFC 4122</a> version 4 UUID. The UUID is generated using a 2897cryptographic pseudorandom number generator.</p> 2898<h4><code>crypto.scrypt(password, salt, keylen[, options], callback)</code><span><a class="mark" href="#crypto_crypto_scrypt_password_salt_keylen_options_callback" id="crypto_crypto_scrypt_password_salt_keylen_options_callback">#</a></span></h4> 2899<div class="api_metadata"> 2900<details class="changelog"><summary>History</summary> 2901<table> 2902<tbody><tr><th>Version</th><th>Changes</th></tr> 2903<tr><td>v12.8.0, v10.17.0</td> 2904<td><p>The <code>maxmem</code> value can now be any safe integer.</p></td></tr> 2905<tr><td>v10.9.0</td> 2906<td><p>The <code>cost</code>, <code>blockSize</code> and <code>parallelization</code> option names have been added.</p></td></tr> 2907<tr><td>v10.5.0</td> 2908<td><p><span>Added in: v10.5.0</span></p></td></tr> 2909</tbody></table> 2910</details> 2911</div> 2912<ul> 2913<li><code>password</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2914<li><code>salt</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2915<li><code>keylen</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2916<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2917<ul> 2918<li><code>cost</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> CPU/memory cost parameter. Must be a power of two greater 2919than one. <strong>Default:</strong> <code>16384</code>.</li> 2920<li><code>blockSize</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Block size parameter. <strong>Default:</strong> <code>8</code>.</li> 2921<li><code>parallelization</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Parallelization parameter. <strong>Default:</strong> <code>1</code>.</li> 2922<li><code>N</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Alias for <code>cost</code>. Only one of both may be specified.</li> 2923<li><code>r</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Alias for <code>blockSize</code>. Only one of both may be specified.</li> 2924<li><code>p</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Alias for <code>parallelization</code>. Only one of both may be specified.</li> 2925<li><code>maxmem</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Memory upper bound. It is an error when (approximately) 2926<code>128 * N * r > maxmem</code>. <strong>Default:</strong> <code>32 * 1024 * 1024</code>.</li> 2927</ul> 2928</li> 2929<li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> 2930<ul> 2931<li><code>err</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error" class="type"><Error></a></li> 2932<li><code>derivedKey</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2933</ul> 2934</li> 2935</ul> 2936<p>Provides an asynchronous <a href="https://en.wikipedia.org/wiki/Scrypt">scrypt</a> implementation. Scrypt is a password-based 2937key derivation function that is designed to be expensive computationally and 2938memory-wise in order to make brute-force attacks unrewarding.</p> 2939<p>The <code>salt</code> should be as unique as possible. It is recommended that a salt is 2940random and at least 16 bytes long. See <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf">NIST SP 800-132</a> for details.</p> 2941<p>The <code>callback</code> function is called with two arguments: <code>err</code> and <code>derivedKey</code>. 2942<code>err</code> is an exception object when key derivation fails, otherwise <code>err</code> is 2943<code>null</code>. <code>derivedKey</code> is passed to the callback as a <a href="buffer.html"><code>Buffer</code></a>.</p> 2944<p>An exception is thrown when any of the input arguments specify invalid values 2945or types.</p> 2946<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 2947<span class="hljs-comment">// Using the factory defaults.</span> 2948crypto.<span class="hljs-title function_">scrypt</span>(<span class="hljs-string">'password'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">64</span>, <span class="hljs-function">(<span class="hljs-params">err, derivedKey</span>) =></span> { 2949 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2950 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(derivedKey.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); <span class="hljs-comment">// '3745e48...08d59ae'</span> 2951}); 2952<span class="hljs-comment">// Using a custom N parameter. Must be a power of two.</span> 2953crypto.<span class="hljs-title function_">scrypt</span>(<span class="hljs-string">'password'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">64</span>, { <span class="hljs-attr">N</span>: <span class="hljs-number">1024</span> }, <span class="hljs-function">(<span class="hljs-params">err, derivedKey</span>) =></span> { 2954 <span class="hljs-keyword">if</span> (err) <span class="hljs-keyword">throw</span> err; 2955 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(derivedKey.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); <span class="hljs-comment">// '3745e48...aa39b34'</span> 2956});</code></pre> 2957<h4><code>crypto.scryptSync(password, salt, keylen[, options])</code><span><a class="mark" href="#crypto_crypto_scryptsync_password_salt_keylen_options" id="crypto_crypto_scryptsync_password_salt_keylen_options">#</a></span></h4> 2958<div class="api_metadata"> 2959<details class="changelog"><summary>History</summary> 2960<table> 2961<tbody><tr><th>Version</th><th>Changes</th></tr> 2962<tr><td>v12.8.0, v10.17.0</td> 2963<td><p>The <code>maxmem</code> value can now be any safe integer.</p></td></tr> 2964<tr><td>v10.9.0</td> 2965<td><p>The <code>cost</code>, <code>blockSize</code> and <code>parallelization</code> option names have been added.</p></td></tr> 2966<tr><td>v10.5.0</td> 2967<td><p><span>Added in: v10.5.0</span></p></td></tr> 2968</tbody></table> 2969</details> 2970</div> 2971<ul> 2972<li><code>password</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2973<li><code>salt</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 2974<li><code>keylen</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a></li> 2975<li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> 2976<ul> 2977<li><code>cost</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> CPU/memory cost parameter. Must be a power of two greater 2978than one. <strong>Default:</strong> <code>16384</code>.</li> 2979<li><code>blockSize</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Block size parameter. <strong>Default:</strong> <code>8</code>.</li> 2980<li><code>parallelization</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Parallelization parameter. <strong>Default:</strong> <code>1</code>.</li> 2981<li><code>N</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Alias for <code>cost</code>. Only one of both may be specified.</li> 2982<li><code>r</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Alias for <code>blockSize</code>. Only one of both may be specified.</li> 2983<li><code>p</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Alias for <code>parallelization</code>. Only one of both may be specified.</li> 2984<li><code>maxmem</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> Memory upper bound. It is an error when (approximately) 2985<code>128 * N * r > maxmem</code>. <strong>Default:</strong> <code>32 * 1024 * 1024</code>.</li> 2986</ul> 2987</li> 2988<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 2989</ul> 2990<p>Provides a synchronous <a href="https://en.wikipedia.org/wiki/Scrypt">scrypt</a> implementation. Scrypt is a password-based 2991key derivation function that is designed to be expensive computationally and 2992memory-wise in order to make brute-force attacks unrewarding.</p> 2993<p>The <code>salt</code> should be as unique as possible. It is recommended that a salt is 2994random and at least 16 bytes long. See <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf">NIST SP 800-132</a> for details.</p> 2995<p>An exception is thrown when key derivation fails, otherwise the derived key is 2996returned as a <a href="buffer.html"><code>Buffer</code></a>.</p> 2997<p>An exception is thrown when any of the input arguments specify invalid values 2998or types.</p> 2999<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 3000<span class="hljs-comment">// Using the factory defaults.</span> 3001<span class="hljs-keyword">const</span> key1 = crypto.<span class="hljs-title function_">scryptSync</span>(<span class="hljs-string">'password'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">64</span>); 3002<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(key1.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); <span class="hljs-comment">// '3745e48...08d59ae'</span> 3003<span class="hljs-comment">// Using a custom N parameter. Must be a power of two.</span> 3004<span class="hljs-keyword">const</span> key2 = crypto.<span class="hljs-title function_">scryptSync</span>(<span class="hljs-string">'password'</span>, <span class="hljs-string">'salt'</span>, <span class="hljs-number">64</span>, { <span class="hljs-attr">N</span>: <span class="hljs-number">1024</span> }); 3005<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(key2.<span class="hljs-title function_">toString</span>(<span class="hljs-string">'hex'</span>)); <span class="hljs-comment">// '3745e48...aa39b34'</span></code></pre> 3006<h4><code>crypto.setEngine(engine[, flags])</code><span><a class="mark" href="#crypto_crypto_setengine_engine_flags" id="crypto_crypto_setengine_engine_flags">#</a></span></h4> 3007<div class="api_metadata"> 3008<span>Added in: v0.11.11</span> 3009</div> 3010<ul> 3011<li><code>engine</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a></li> 3012<li><code>flags</code> <a href="crypto.html#crypto_crypto_constants_1" class="type"><crypto.constants></a> <strong>Default:</strong> <code>crypto.constants.ENGINE_METHOD_ALL</code></li> 3013</ul> 3014<p>Load and set the <code>engine</code> for some or all OpenSSL functions (selected by flags).</p> 3015<p><code>engine</code> could be either an id or a path to the engine's shared library.</p> 3016<p>The optional <code>flags</code> argument uses <code>ENGINE_METHOD_ALL</code> by default. The <code>flags</code> 3017is a bit field taking one of or a mix of the following flags (defined in 3018<code>crypto.constants</code>):</p> 3019<ul> 3020<li><code>crypto.constants.ENGINE_METHOD_RSA</code></li> 3021<li><code>crypto.constants.ENGINE_METHOD_DSA</code></li> 3022<li><code>crypto.constants.ENGINE_METHOD_DH</code></li> 3023<li><code>crypto.constants.ENGINE_METHOD_RAND</code></li> 3024<li><code>crypto.constants.ENGINE_METHOD_EC</code></li> 3025<li><code>crypto.constants.ENGINE_METHOD_CIPHERS</code></li> 3026<li><code>crypto.constants.ENGINE_METHOD_DIGESTS</code></li> 3027<li><code>crypto.constants.ENGINE_METHOD_PKEY_METHS</code></li> 3028<li><code>crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS</code></li> 3029<li><code>crypto.constants.ENGINE_METHOD_ALL</code></li> 3030<li><code>crypto.constants.ENGINE_METHOD_NONE</code></li> 3031</ul> 3032<p>The flags below are deprecated in OpenSSL-1.1.0.</p> 3033<ul> 3034<li><code>crypto.constants.ENGINE_METHOD_ECDH</code></li> 3035<li><code>crypto.constants.ENGINE_METHOD_ECDSA</code></li> 3036<li><code>crypto.constants.ENGINE_METHOD_STORE</code></li> 3037</ul> 3038<h4><code>crypto.setFips(bool)</code><span><a class="mark" href="#crypto_crypto_setfips_bool" id="crypto_crypto_setfips_bool">#</a></span></h4> 3039<div class="api_metadata"> 3040<span>Added in: v10.0.0</span> 3041</div> 3042<ul> 3043<li><code>bool</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a> <code>true</code> to enable FIPS mode.</li> 3044</ul> 3045<p>Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. 3046Throws an error if FIPS mode is not available.</p> 3047<h4><code>crypto.sign(algorithm, data, key)</code><span><a class="mark" href="#crypto_crypto_sign_algorithm_data_key" id="crypto_crypto_sign_algorithm_data_key">#</a></span></h4> 3048<div class="api_metadata"> 3049<details class="changelog"><summary>History</summary> 3050<table> 3051<tbody><tr><th>Version</th><th>Changes</th></tr> 3052<tr><td>v13.2.0, v12.16.0</td> 3053<td><p>This function now supports IEEE-P1363 DSA and ECDSA signatures.</p></td></tr> 3054<tr><td>v12.0.0</td> 3055<td><p><span>Added in: v12.0.0</span></p></td></tr> 3056</tbody></table> 3057</details> 3058</div> 3059<ul> 3060<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Null_type" class="type"><null></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Undefined_type" class="type"><undefined></a></li> 3061<li><code>data</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 3062<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 3063<li>Returns: <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a></li> 3064</ul> 3065<p>Calculates and returns the signature for <code>data</code> using the given private key and 3066algorithm. If <code>algorithm</code> is <code>null</code> or <code>undefined</code>, then the algorithm is 3067dependent upon the key type (especially Ed25519 and Ed448).</p> 3068<p>If <code>key</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if <code>key</code> had been 3069passed to <a href="#crypto_crypto_createprivatekey_key"><code>crypto.createPrivateKey()</code></a>. If it is an object, the following 3070additional properties can be passed:</p> 3071<ul> 3072<li> 3073<p><code>dsaEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> For DSA and ECDSA, this option specifies the 3074format of the generated signature. It can be one of the following:</p> 3075<ul> 3076<li><code>'der'</code> (default): DER-encoded ASN.1 signature structure encoding <code>(r, s)</code>.</li> 3077<li><code>'ieee-p1363'</code>: Signature format <code>r || s</code> as proposed in IEEE-P1363.</li> 3078</ul> 3079</li> 3080<li> 3081<p><code>padding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Optional padding value for RSA, one of the following:</p> 3082<ul> 3083<li><code>crypto.constants.RSA_PKCS1_PADDING</code> (default)</li> 3084<li><code>crypto.constants.RSA_PKCS1_PSS_PADDING</code></li> 3085</ul> 3086<p><code>RSA_PKCS1_PSS_PADDING</code> will use MGF1 with the same hash function 3087used to sign the message as specified in section 3.1 of <a href="https://www.rfc-editor.org/rfc/rfc4055.txt">RFC 4055</a>.</p> 3088</li> 3089<li> 3090<p><code>saltLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Salt length for when padding is 3091<code>RSA_PKCS1_PSS_PADDING</code>. The special value 3092<code>crypto.constants.RSA_PSS_SALTLEN_DIGEST</code> sets the salt length to the digest 3093size, <code>crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN</code> (default) sets it to the 3094maximum permissible value.</p> 3095</li> 3096</ul> 3097<h4><code>crypto.timingSafeEqual(a, b)</code><span><a class="mark" href="#crypto_crypto_timingsafeequal_a_b" id="crypto_crypto_timingsafeequal_a_b">#</a></span></h4> 3098<div class="api_metadata"> 3099<span>Added in: v6.6.0</span> 3100</div> 3101<ul> 3102<li><code>a</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 3103<li><code>b</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 3104<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a></li> 3105</ul> 3106<p>This function is based on a constant-time algorithm. 3107Returns true if <code>a</code> is equal to <code>b</code>, without leaking timing information that 3108would allow an attacker to guess one of the values. This is suitable for 3109comparing HMAC digests or secret values like authentication cookies or 3110<a href="https://www.w3.org/TR/capability-urls/">capability urls</a>.</p> 3111<p><code>a</code> and <code>b</code> must both be <code>Buffer</code>s, <code>TypedArray</code>s, or <code>DataView</code>s, and they 3112must have the same byte length.</p> 3113<p>If at least one of <code>a</code> and <code>b</code> is a <code>TypedArray</code> with more than one byte per 3114entry, such as <code>Uint16Array</code>, the result will be computed using the platform 3115byte order.</p> 3116<p>Use of <code>crypto.timingSafeEqual</code> does not guarantee that the <em>surrounding</em> code 3117is timing-safe. Care should be taken to ensure that the surrounding code does 3118not introduce timing vulnerabilities.</p> 3119<h4><code>crypto.verify(algorithm, data, key, signature)</code><span><a class="mark" href="#crypto_crypto_verify_algorithm_data_key_signature" id="crypto_crypto_verify_algorithm_data_key_signature">#</a></span></h4> 3120<div class="api_metadata"> 3121<details class="changelog"><summary>History</summary> 3122<table> 3123<tbody><tr><th>Version</th><th>Changes</th></tr> 3124<tr><td>v13.2.0, v12.16.0</td> 3125<td><p>This function now supports IEEE-P1363 DSA and ECDSA signatures.</p></td></tr> 3126<tr><td>v12.0.0</td> 3127<td><p><span>Added in: v12.0.0</span></p></td></tr> 3128</tbody></table> 3129</details> 3130</div> 3131<ul> 3132<li><code>algorithm</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Null_type" class="type"><null></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Undefined_type" class="type"><undefined></a></li> 3133<li><code>data</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 3134<li><code>key</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="crypto.html#crypto_class_keyobject" class="type"><KeyObject></a></li> 3135<li><code>signature</code> <a href="buffer.html#buffer_class_buffer" class="type"><Buffer></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray" class="type"><TypedArray></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView" class="type"><DataView></a></li> 3136<li>Returns: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type" class="type"><boolean></a></li> 3137</ul> 3138<p>Verifies the given signature for <code>data</code> using the given key and algorithm. If 3139<code>algorithm</code> is <code>null</code> or <code>undefined</code>, then the algorithm is dependent upon the 3140key type (especially Ed25519 and Ed448).</p> 3141<p>If <code>key</code> is not a <a href="#crypto_class_keyobject"><code>KeyObject</code></a>, this function behaves as if <code>key</code> had been 3142passed to <a href="#crypto_crypto_createpublickey_key"><code>crypto.createPublicKey()</code></a>. If it is an object, the following 3143additional properties can be passed:</p> 3144<ul> 3145<li> 3146<p><code>dsaEncoding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> For DSA and ECDSA, this option specifies the 3147format of the signature. It can be one of the following:</p> 3148<ul> 3149<li><code>'der'</code> (default): DER-encoded ASN.1 signature structure encoding <code>(r, s)</code>.</li> 3150<li><code>'ieee-p1363'</code>: Signature format <code>r || s</code> as proposed in IEEE-P1363.</li> 3151</ul> 3152</li> 3153<li> 3154<p><code>padding</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Optional padding value for RSA, one of the following:</p> 3155<ul> 3156<li><code>crypto.constants.RSA_PKCS1_PADDING</code> (default)</li> 3157<li><code>crypto.constants.RSA_PKCS1_PSS_PADDING</code></li> 3158</ul> 3159<p><code>RSA_PKCS1_PSS_PADDING</code> will use MGF1 with the same hash function 3160used to sign the message as specified in section 3.1 of <a href="https://www.rfc-editor.org/rfc/rfc4055.txt">RFC 4055</a>.</p> 3161</li> 3162<li> 3163<p><code>saltLength</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><integer></a> Salt length for when padding is 3164<code>RSA_PKCS1_PSS_PADDING</code>. The special value 3165<code>crypto.constants.RSA_PSS_SALTLEN_DIGEST</code> sets the salt length to the digest 3166size, <code>crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN</code> (default) sets it to the 3167maximum permissible value.</p> 3168</li> 3169</ul> 3170<p>The <code>signature</code> argument is the previously calculated signature for the <code>data</code>.</p> 3171<p>Because public keys can be derived from private keys, a private key or a public 3172key may be passed for <code>key</code>.</p> 3173</section><section><h3>Notes<span><a class="mark" href="#crypto_notes" id="crypto_notes">#</a></span></h3> 3174<h4>Legacy streams API (prior to Node.js 0.10)<span><a class="mark" href="#crypto_legacy_streams_api_prior_to_node_js_0_10" id="crypto_legacy_streams_api_prior_to_node_js_0_10">#</a></span></h4> 3175<p>The Crypto module was added to Node.js before there was the concept of a 3176unified Stream API, and before there were <a href="buffer.html"><code>Buffer</code></a> objects for handling 3177binary data. As such, the many of the <code>crypto</code> defined classes have methods not 3178typically found on other Node.js classes that implement the <a href="stream.html">streams</a> 3179API (e.g. <code>update()</code>, <code>final()</code>, or <code>digest()</code>). Also, many methods accepted 3180and returned <code>'latin1'</code> encoded strings by default rather than <code>Buffer</code>s. This 3181default was changed after Node.js v0.8 to use <a href="buffer.html"><code>Buffer</code></a> objects by default 3182instead.</p> 3183<h4>Recent ECDH changes<span><a class="mark" href="#crypto_recent_ecdh_changes" id="crypto_recent_ecdh_changes">#</a></span></h4> 3184<p>Usage of <code>ECDH</code> with non-dynamically generated key pairs has been simplified. 3185Now, <a href="#crypto_ecdh_setprivatekey_privatekey_encoding"><code>ecdh.setPrivateKey()</code></a> can be called with a preselected private key 3186and the associated public point (key) will be computed and stored in the object. 3187This allows code to only store and provide the private part of the EC key pair. 3188<a href="#crypto_ecdh_setprivatekey_privatekey_encoding"><code>ecdh.setPrivateKey()</code></a> now also validates that the private key is valid for 3189the selected curve.</p> 3190<p>The <a href="#crypto_ecdh_setpublickey_publickey_encoding"><code>ecdh.setPublicKey()</code></a> method is now deprecated as its inclusion in the 3191API is not useful. Either a previously stored private key should be set, which 3192automatically generates the associated public key, or <a href="#crypto_ecdh_generatekeys_encoding_format"><code>ecdh.generateKeys()</code></a> 3193should be called. The main drawback of using <a href="#crypto_ecdh_setpublickey_publickey_encoding"><code>ecdh.setPublicKey()</code></a> is that 3194it can be used to put the ECDH key pair into an inconsistent state.</p> 3195<h4>Support for weak or compromised algorithms<span><a class="mark" href="#crypto_support_for_weak_or_compromised_algorithms" id="crypto_support_for_weak_or_compromised_algorithms">#</a></span></h4> 3196<p>The <code>crypto</code> module still supports some algorithms which are already 3197compromised and are not currently recommended for use. The API also allows 3198the use of ciphers and hashes with a small key size that are too weak for safe 3199use.</p> 3200<p>Users should take full responsibility for selecting the crypto 3201algorithm and key size according to their security requirements.</p> 3202<p>Based on the recommendations of <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf">NIST SP 800-131A</a>:</p> 3203<ul> 3204<li>MD5 and SHA-1 are no longer acceptable where collision resistance is 3205required such as digital signatures.</li> 3206<li>The key used with RSA, DSA, and DH algorithms is recommended to have 3207at least 2048 bits and that of the curve of ECDSA and ECDH at least 3208224 bits, to be safe to use for several years.</li> 3209<li>The DH groups of <code>modp1</code>, <code>modp2</code> and <code>modp5</code> have a key size 3210smaller than 2048 bits and are not recommended.</li> 3211</ul> 3212<p>See the reference for other recommendations and details.</p> 3213<h4>CCM mode<span><a class="mark" href="#crypto_ccm_mode" id="crypto_ccm_mode">#</a></span></h4> 3214<p>CCM is one of the supported <a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AEAD algorithms</a>. Applications which use this 3215mode must adhere to certain restrictions when using the cipher API:</p> 3216<ul> 3217<li>The authentication tag length must be specified during cipher creation by 3218setting the <code>authTagLength</code> option and must be one of 4, 6, 8, 10, 12, 14 or 321916 bytes.</li> 3220<li>The length of the initialization vector (nonce) <code>N</code> must be between 7 and 13 3221bytes (<code>7 ≤ N ≤ 13</code>).</li> 3222<li>The length of the plaintext is limited to <code>2 ** (8 * (15 - N))</code> bytes.</li> 3223<li>When decrypting, the authentication tag must be set via <code>setAuthTag()</code> before 3224calling <code>update()</code>. 3225Otherwise, decryption will fail and <code>final()</code> will throw an error in 3226compliance with section 2.6 of <a href="https://www.rfc-editor.org/rfc/rfc3610.txt">RFC 3610</a>.</li> 3227<li>Using stream methods such as <code>write(data)</code>, <code>end(data)</code> or <code>pipe()</code> in CCM 3228mode might fail as CCM cannot handle more than one chunk of data per instance.</li> 3229<li>When passing additional authenticated data (AAD), the length of the actual 3230message in bytes must be passed to <code>setAAD()</code> via the <code>plaintextLength</code> 3231option. 3232Many crypto libraries include the authentication tag in the ciphertext, 3233which means that they produce ciphertexts of the length 3234<code>plaintextLength + authTagLength</code>. Node.js does not include the authentication 3235tag, so the ciphertext length is always <code>plaintextLength</code>. 3236This is not necessary if no AAD is used.</li> 3237<li>As CCM processes the whole message at once, <code>update()</code> can only be called 3238once.</li> 3239<li>Even though calling <code>update()</code> is sufficient to encrypt/decrypt the message, 3240applications <em>must</em> call <code>final()</code> to compute or verify the 3241authentication tag.</li> 3242</ul> 3243<pre><code class="language-js"><span class="hljs-keyword">const</span> crypto = <span class="hljs-built_in">require</span>(<span class="hljs-string">'crypto'</span>); 3244 3245<span class="hljs-keyword">const</span> key = <span class="hljs-string">'keykeykeykeykeykeykeykey'</span>; 3246<span class="hljs-keyword">const</span> nonce = crypto.<span class="hljs-title function_">randomBytes</span>(<span class="hljs-number">12</span>); 3247 3248<span class="hljs-keyword">const</span> aad = <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">from</span>(<span class="hljs-string">'0123456789'</span>, <span class="hljs-string">'hex'</span>); 3249 3250<span class="hljs-keyword">const</span> cipher = crypto.<span class="hljs-title function_">createCipheriv</span>(<span class="hljs-string">'aes-192-ccm'</span>, key, nonce, { 3251 <span class="hljs-attr">authTagLength</span>: <span class="hljs-number">16</span> 3252}); 3253<span class="hljs-keyword">const</span> plaintext = <span class="hljs-string">'Hello world'</span>; 3254cipher.<span class="hljs-title function_">setAAD</span>(aad, { 3255 <span class="hljs-attr">plaintextLength</span>: <span class="hljs-title class_">Buffer</span>.<span class="hljs-title function_">byteLength</span>(plaintext) 3256}); 3257<span class="hljs-keyword">const</span> ciphertext = cipher.<span class="hljs-title function_">update</span>(plaintext, <span class="hljs-string">'utf8'</span>); 3258cipher.<span class="hljs-title function_">final</span>(); 3259<span class="hljs-keyword">const</span> tag = cipher.<span class="hljs-title function_">getAuthTag</span>(); 3260 3261<span class="hljs-comment">// Now transmit { ciphertext, nonce, tag }.</span> 3262 3263<span class="hljs-keyword">const</span> decipher = crypto.<span class="hljs-title function_">createDecipheriv</span>(<span class="hljs-string">'aes-192-ccm'</span>, key, nonce, { 3264 <span class="hljs-attr">authTagLength</span>: <span class="hljs-number">16</span> 3265}); 3266decipher.<span class="hljs-title function_">setAuthTag</span>(tag); 3267decipher.<span class="hljs-title function_">setAAD</span>(aad, { 3268 <span class="hljs-attr">plaintextLength</span>: ciphertext.<span class="hljs-property">length</span> 3269}); 3270<span class="hljs-keyword">const</span> receivedPlaintext = decipher.<span class="hljs-title function_">update</span>(ciphertext, <span class="hljs-literal">null</span>, <span class="hljs-string">'utf8'</span>); 3271 3272<span class="hljs-keyword">try</span> { 3273 decipher.<span class="hljs-title function_">final</span>(); 3274} <span class="hljs-keyword">catch</span> (err) { 3275 <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">error</span>(<span class="hljs-string">'Authentication failed!'</span>); 3276 <span class="hljs-keyword">return</span>; 3277} 3278 3279<span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(receivedPlaintext);</code></pre> 3280</section><section><h3>Crypto constants<span><a class="mark" href="#crypto_crypto_constants_1" id="crypto_crypto_constants_1">#</a></span></h3> 3281<p>The following constants exported by <code>crypto.constants</code> apply to various uses of 3282the <code>crypto</code>, <code>tls</code>, and <code>https</code> modules and are generally specific to OpenSSL.</p> 3283<h4>OpenSSL options<span><a class="mark" href="#crypto_openssl_options" id="crypto_openssl_options">#</a></span></h4> 3284<table> 3285 <tbody><tr> 3286 <th>Constant</th> 3287 <th>Description</th> 3288 </tr> 3289 <tr> 3290 <td><code>SSL_OP_ALL</code></td> 3291 <td>Applies multiple bug workarounds within OpenSSL. See 3292 <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html</a> 3293 for detail.</td> 3294 </tr> 3295 <tr> 3296 <td><code>SSL_OP_ALLOW_NO_DHE_KEX</code></td> 3297 <td>Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode 3298 for TLS v1.3</td> 3299 </tr> 3300 <tr> 3301 <td><code>SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION</code></td> 3302 <td>Allows legacy insecure renegotiation between OpenSSL and unpatched 3303 clients or servers. See 3304 <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html</a>.</td> 3305 </tr> 3306 <tr> 3307 <td><code>SSL_OP_CIPHER_SERVER_PREFERENCE</code></td> 3308 <td>Attempts to use the server's preferences instead of the client's when 3309 selecting a cipher. Behavior depends on protocol version. See 3310 <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html">https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html</a>.</td> 3311 </tr> 3312 <tr> 3313 <td><code>SSL_OP_CISCO_ANYCONNECT</code></td> 3314 <td>Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER.</td> 3315 </tr> 3316 <tr> 3317 <td><code>SSL_OP_COOKIE_EXCHANGE</code></td> 3318 <td>Instructs OpenSSL to turn on cookie exchange.</td> 3319 </tr> 3320 <tr> 3321 <td><code>SSL_OP_CRYPTOPRO_TLSEXT_BUG</code></td> 3322 <td>Instructs OpenSSL to add server-hello extension from an early version 3323 of the cryptopro draft.</td> 3324 </tr> 3325 <tr> 3326 <td><code>SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS</code></td> 3327 <td>Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability 3328 workaround added in OpenSSL 0.9.6d.</td> 3329 </tr> 3330 <tr> 3331 <td><code>SSL_OP_EPHEMERAL_RSA</code></td> 3332 <td>Instructs OpenSSL to always use the tmp_rsa key when performing RSA 3333 operations.</td> 3334 </tr> 3335 <tr> 3336 <td><code>SSL_OP_LEGACY_SERVER_CONNECT</code></td> 3337 <td>Allows initial connection to servers that do not support RI.</td> 3338 </tr> 3339 <tr> 3340 <td><code>SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER</code></td> 3341 <td></td> 3342 </tr> 3343 <tr> 3344 <td><code>SSL_OP_MICROSOFT_SESS_ID_BUG</code></td> 3345 <td></td> 3346 </tr> 3347 <tr> 3348 <td><code>SSL_OP_MSIE_SSLV2_RSA_PADDING</code></td> 3349 <td>Instructs OpenSSL to disable the workaround for a man-in-the-middle 3350 protocol-version vulnerability in the SSL 2.0 server implementation.</td> 3351 </tr> 3352 <tr> 3353 <td><code>SSL_OP_NETSCAPE_CA_DN_BUG</code></td> 3354 <td></td> 3355 </tr> 3356 <tr> 3357 <td><code>SSL_OP_NETSCAPE_CHALLENGE_BUG</code></td> 3358 <td></td> 3359 </tr> 3360 <tr> 3361 <td><code>SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG</code></td> 3362 <td></td> 3363 </tr> 3364 <tr> 3365 <td><code>SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG</code></td> 3366 <td></td> 3367 </tr> 3368 <tr> 3369 <td><code>SSL_OP_NO_COMPRESSION</code></td> 3370 <td>Instructs OpenSSL to disable support for SSL/TLS compression.</td> 3371 </tr> 3372 <tr> 3373 <td><code>SSL_OP_NO_ENCRYPT_THEN_MAC</code></td> 3374 <td>Instructs OpenSSL to disable encrypt-then-MAC.</td> 3375 </tr> 3376 <tr> 3377 <td><code>SSL_OP_NO_QUERY_MTU</code></td> 3378 <td></td> 3379 </tr> 3380 <tr> 3381 <td><code>SSL_OP_NO_RENEGOTIATION</code></td> 3382 <td>Instructs OpenSSL to disable renegotiation.</td> 3383 </tr> 3384 <tr> 3385 <td><code>SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION</code></td> 3386 <td>Instructs OpenSSL to always start a new session when performing 3387 renegotiation.</td> 3388 </tr> 3389 <tr> 3390 <td><code>SSL_OP_NO_SSLv2</code></td> 3391 <td>Instructs OpenSSL to turn off SSL v2</td> 3392 </tr> 3393 <tr> 3394 <td><code>SSL_OP_NO_SSLv3</code></td> 3395 <td>Instructs OpenSSL to turn off SSL v3</td> 3396 </tr> 3397 <tr> 3398 <td><code>SSL_OP_NO_TICKET</code></td> 3399 <td>Instructs OpenSSL to disable use of RFC4507bis tickets.</td> 3400 </tr> 3401 <tr> 3402 <td><code>SSL_OP_NO_TLSv1</code></td> 3403 <td>Instructs OpenSSL to turn off TLS v1</td> 3404 </tr> 3405 <tr> 3406 <td><code>SSL_OP_NO_TLSv1_1</code></td> 3407 <td>Instructs OpenSSL to turn off TLS v1.1</td> 3408 </tr> 3409 <tr> 3410 <td><code>SSL_OP_NO_TLSv1_2</code></td> 3411 <td>Instructs OpenSSL to turn off TLS v1.2</td> 3412 </tr> 3413 <tr> 3414 <td><code>SSL_OP_NO_TLSv1_3</code></td> 3415 <td>Instructs OpenSSL to turn off TLS v1.3</td> 3416 </tr> 3417 <tr><td><code>SSL_OP_PKCS1_CHECK_1</code></td> 3418 <td></td> 3419 </tr> 3420 <tr> 3421 <td><code>SSL_OP_PKCS1_CHECK_2</code></td> 3422 <td></td> 3423 </tr> 3424 <tr> 3425 <td><code>SSL_OP_PRIORITIZE_CHACHA</code></td> 3426 <td>Instructs OpenSSL server to prioritize ChaCha20Poly1305 3427 when client does. 3428 This option has no effect if 3429 <code>SSL_OP_CIPHER_SERVER_PREFERENCE</code> 3430 is not enabled.</td> 3431 </tr> 3432 <tr> 3433 <td><code>SSL_OP_SINGLE_DH_USE</code></td> 3434 <td>Instructs OpenSSL to always create a new key when using 3435 temporary/ephemeral DH parameters.</td> 3436 </tr> 3437 <tr> 3438 <td><code>SSL_OP_SINGLE_ECDH_USE</code></td> 3439 <td>Instructs OpenSSL to always create a new key when using 3440 temporary/ephemeral ECDH parameters.</td> 3441 </tr> 3442 <tr><td><code>SSL_OP_SSLEAY_080_CLIENT_DH_BUG</code></td> 3443 <td></td> 3444 </tr> 3445 <tr> 3446 <td><code>SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG</code></td> 3447 <td></td> 3448 </tr> 3449 <tr> 3450 <td><code>SSL_OP_TLS_BLOCK_PADDING_BUG</code></td> 3451 <td></td> 3452 </tr> 3453 <tr> 3454 <td><code>SSL_OP_TLS_D5_BUG</code></td> 3455 <td></td> 3456 </tr> 3457 <tr> 3458 <td><code>SSL_OP_TLS_ROLLBACK_BUG</code></td> 3459 <td>Instructs OpenSSL to disable version rollback attack detection.</td> 3460 </tr> 3461</tbody></table> 3462<h4>OpenSSL engine constants<span><a class="mark" href="#crypto_openssl_engine_constants" id="crypto_openssl_engine_constants">#</a></span></h4> 3463<table> 3464 <tbody><tr> 3465 <th>Constant</th> 3466 <th>Description</th> 3467 </tr> 3468 <tr> 3469 <td><code>ENGINE_METHOD_RSA</code></td> 3470 <td>Limit engine usage to RSA</td> 3471 </tr> 3472 <tr> 3473 <td><code>ENGINE_METHOD_DSA</code></td> 3474 <td>Limit engine usage to DSA</td> 3475 </tr> 3476 <tr> 3477 <td><code>ENGINE_METHOD_DH</code></td> 3478 <td>Limit engine usage to DH</td> 3479 </tr> 3480 <tr> 3481 <td><code>ENGINE_METHOD_RAND</code></td> 3482 <td>Limit engine usage to RAND</td> 3483 </tr> 3484 <tr> 3485 <td><code>ENGINE_METHOD_EC</code></td> 3486 <td>Limit engine usage to EC</td> 3487 </tr> 3488 <tr> 3489 <td><code>ENGINE_METHOD_CIPHERS</code></td> 3490 <td>Limit engine usage to CIPHERS</td> 3491 </tr> 3492 <tr> 3493 <td><code>ENGINE_METHOD_DIGESTS</code></td> 3494 <td>Limit engine usage to DIGESTS</td> 3495 </tr> 3496 <tr> 3497 <td><code>ENGINE_METHOD_PKEY_METHS</code></td> 3498 <td>Limit engine usage to PKEY_METHDS</td> 3499 </tr> 3500 <tr> 3501 <td><code>ENGINE_METHOD_PKEY_ASN1_METHS</code></td> 3502 <td>Limit engine usage to PKEY_ASN1_METHS</td> 3503 </tr> 3504 <tr> 3505 <td><code>ENGINE_METHOD_ALL</code></td> 3506 <td></td> 3507 </tr> 3508 <tr> 3509 <td><code>ENGINE_METHOD_NONE</code></td> 3510 <td></td> 3511 </tr> 3512</tbody></table> 3513<h4>Other OpenSSL constants<span><a class="mark" href="#crypto_other_openssl_constants" id="crypto_other_openssl_constants">#</a></span></h4> 3514<p>See the <a href="https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#Table_of_Options">list of SSL OP Flags</a> for details.</p> 3515<table> 3516 <tbody><tr> 3517 <th>Constant</th> 3518 <th>Description</th> 3519 </tr> 3520 <tr> 3521 <td><code>DH_CHECK_P_NOT_SAFE_PRIME</code></td> 3522 <td></td> 3523 </tr> 3524 <tr> 3525 <td><code>DH_CHECK_P_NOT_PRIME</code></td> 3526 <td></td> 3527 </tr> 3528 <tr> 3529 <td><code>DH_UNABLE_TO_CHECK_GENERATOR</code></td> 3530 <td></td> 3531 </tr> 3532 <tr> 3533 <td><code>DH_NOT_SUITABLE_GENERATOR</code></td> 3534 <td></td> 3535 </tr> 3536 <tr> 3537 <td><code>ALPN_ENABLED</code></td> 3538 <td></td> 3539 </tr> 3540 <tr> 3541 <td><code>RSA_PKCS1_PADDING</code></td> 3542 <td></td> 3543 </tr> 3544 <tr> 3545 <td><code>RSA_SSLV23_PADDING</code></td> 3546 <td></td> 3547 </tr> 3548 <tr> 3549 <td><code>RSA_NO_PADDING</code></td> 3550 <td></td> 3551 </tr> 3552 <tr> 3553 <td><code>RSA_PKCS1_OAEP_PADDING</code></td> 3554 <td></td> 3555 </tr> 3556 <tr> 3557 <td><code>RSA_X931_PADDING</code></td> 3558 <td></td> 3559 </tr> 3560 <tr> 3561 <td><code>RSA_PKCS1_PSS_PADDING</code></td> 3562 <td></td> 3563 </tr> 3564 <tr> 3565 <td><code>RSA_PSS_SALTLEN_DIGEST</code></td> 3566 <td>Sets the salt length for <code>RSA_PKCS1_PSS_PADDING</code> to the 3567 digest size when signing or verifying.</td> 3568 </tr> 3569 <tr> 3570 <td><code>RSA_PSS_SALTLEN_MAX_SIGN</code></td> 3571 <td>Sets the salt length for <code>RSA_PKCS1_PSS_PADDING</code> to the 3572 maximum permissible value when signing data.</td> 3573 </tr> 3574 <tr> 3575 <td><code>RSA_PSS_SALTLEN_AUTO</code></td> 3576 <td>Causes the salt length for <code>RSA_PKCS1_PSS_PADDING</code> to be 3577 determined automatically when verifying a signature.</td> 3578 </tr> 3579 <tr> 3580 <td><code>POINT_CONVERSION_COMPRESSED</code></td> 3581 <td></td> 3582 </tr> 3583 <tr> 3584 <td><code>POINT_CONVERSION_UNCOMPRESSED</code></td> 3585 <td></td> 3586 </tr> 3587 <tr> 3588 <td><code>POINT_CONVERSION_HYBRID</code></td> 3589 <td></td> 3590 </tr> 3591</tbody></table> 3592<h4>Node.js crypto constants<span><a class="mark" href="#crypto_node_js_crypto_constants" id="crypto_node_js_crypto_constants">#</a></span></h4> 3593<table> 3594 <tbody><tr> 3595 <th>Constant</th> 3596 <th>Description</th> 3597 </tr> 3598 <tr> 3599 <td><code>defaultCoreCipherList</code></td> 3600 <td>Specifies the built-in default cipher list used by Node.js.</td> 3601 </tr> 3602 <tr> 3603 <td><code>defaultCipherList</code></td> 3604 <td>Specifies the active default cipher list used by the current Node.js 3605 process.</td> 3606 </tr> 3607</tbody></table></section> 3608 <!-- API END --> 3609 </div> 3610 </div> 3611 </div> 3612 <script> 3613 'use strict'; 3614 { 3615 const kCustomPreference = 'customDarkTheme'; 3616 const userSettings = sessionStorage.getItem(kCustomPreference); 3617 const themeToggleButton = document.getElementById('theme-toggle-btn'); 3618 if (userSettings === null && window.matchMedia) { 3619 const mq = window.matchMedia('(prefers-color-scheme: dark)'); 3620 if ('onchange' in mq) { 3621 function mqChangeListener(e) { 3622 document.body.classList.toggle('dark-mode', e.matches); 3623 } 3624 mq.addEventListener('change', mqChangeListener); 3625 if (themeToggleButton) { 3626 themeToggleButton.addEventListener('click', function() { 3627 mq.removeEventListener('change', mqChangeListener); 3628 }, { once: true }); 3629 } 3630 } 3631 if (mq.matches) { 3632 document.body.classList.add('dark-mode'); 3633 } 3634 } else if (userSettings === 'true') { 3635 document.body.classList.add('dark-mode'); 3636 } 3637 if (themeToggleButton) { 3638 themeToggleButton.hidden = false; 3639 themeToggleButton.addEventListener('click', function() { 3640 sessionStorage.setItem( 3641 kCustomPreference, 3642 document.body.classList.toggle('dark-mode') 3643 ); 3644 }); 3645 } 3646 } 3647 </script> 3648</body> 3649</html> 3650