@contrast/agent-bundle 5.46.0 → 5.47.0

package/node_modules/@types/node/crypto.d.ts

@@ -17,6 +17,7 @@
  * @see [source](https://github.com/nodejs/node/blob/v24.x/lib/crypto.js)
  */
 declare module "crypto" {
+    import { NonSharedBuffer } from "node:buffer";
     import * as stream from "node:stream";
     import { PeerCertificate } from "node:tls";
     /**
@@ -44,7 +45,7 @@ declare module "crypto" {
          * @param encoding The `encoding` of the `spkac` string.
          * @return The challenge component of the `spkac` data structure, which includes a public key and a challenge.
          */
-        static exportChallenge(spkac: BinaryLike): Buffer;
+        static exportChallenge(spkac: BinaryLike): NonSharedBuffer;
         /**
          * ```js
          * const { Certificate } = await import('node:crypto');
@@ -57,7 +58,7 @@ declare module "crypto" {
          * @param encoding The `encoding` of the `spkac` string.
          * @return The public key component of the `spkac` data structure, which includes a public key and a challenge.
          */
-        static exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
+        static exportPublicKey(spkac: BinaryLike, encoding?: string): NonSharedBuffer;
         /**
          * ```js
          * import { Buffer } from 'node:buffer';
@@ -78,7 +79,7 @@ declare module "crypto" {
          * @returns The challenge component of the `spkac` data structure,
          * which includes a public key and a challenge.
          */
-        exportChallenge(spkac: BinaryLike): Buffer;
+        exportChallenge(spkac: BinaryLike): NonSharedBuffer;
         /**
          * @deprecated
          * @param spkac
@@ -86,7 +87,7 @@ declare module "crypto" {
          * @returns The public key component of the `spkac` data structure,
          * which includes a public key and a challenge.
          */
-        exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
+        exportPublicKey(spkac: BinaryLike, encoding?: string): NonSharedBuffer;
         /**
          * @deprecated
          * @param spkac
@@ -402,7 +403,7 @@ declare module "crypto" {
          * @since v0.1.92
          * @param encoding The `encoding` of the return value.
          */
-        digest(): Buffer;
+        digest(): NonSharedBuffer;
         digest(encoding: BinaryToTextEncoding): string;
     }
     /**
@@ -496,7 +497,7 @@ declare module "crypto" {
          * @since v0.1.94
          * @param encoding The `encoding` of the return value.
          */
-        digest(): Buffer;
+        digest(): NonSharedBuffer;
         digest(encoding: BinaryToTextEncoding): string;
     }
     type KeyObjectType = "secret" | "public" | "private";
@@ -510,50 +511,50 @@ declare module "crypto" {
         format: "jwk";
     }
     interface JsonWebKey {
-        crv?: string | undefined;
-        d?: string | undefined;
-        dp?: string | undefined;
-        dq?: string | undefined;
-        e?: string | undefined;
-        k?: string | undefined;
-        kty?: string | undefined;
-        n?: string | undefined;
-        p?: string | undefined;
-        q?: string | undefined;
-        qi?: string | undefined;
-        x?: string | undefined;
-        y?: string | undefined;
+        crv?: string;
+        d?: string;
+        dp?: string;
+        dq?: string;
+        e?: string;
+        k?: string;
+        kty?: string;
+        n?: string;
+        p?: string;
+        q?: string;
+        qi?: string;
+        x?: string;
+        y?: string;
         [key: string]: unknown;
     }
     interface AsymmetricKeyDetails {
         /**
          * Key size in bits (RSA, DSA).
          */
-        modulusLength?: number | undefined;
+        modulusLength?: number;
         /**
          * Public exponent (RSA).
          */
-        publicExponent?: bigint | undefined;
+        publicExponent?: bigint;
         /**
          * Name of the message digest (RSA-PSS).
          */
-        hashAlgorithm?: string | undefined;
+        hashAlgorithm?: string;
         /**
          * Name of the message digest used by MGF1 (RSA-PSS).
          */
-        mgf1HashAlgorithm?: string | undefined;
+        mgf1HashAlgorithm?: string;
         /**
          * Minimal salt length in bytes (RSA-PSS).
          */
-        saltLength?: number | undefined;
+        saltLength?: number;
         /**
          * Size of q in bits (DSA).
          */
-        divisorLength?: number | undefined;
+        divisorLength?: number;
         /**
          * Name of the curve (EC).
          */
-        namedCurve?: string | undefined;
+        namedCurve?: string;
     }
     /**
      * Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key,
@@ -591,27 +592,14 @@ declare module "crypto" {
          */
         static from(key: webcrypto.CryptoKey): KeyObject;
         /**
-         * For asymmetric keys, this property represents the type of the key. Supported key
-         * types are:
-         *
-         * * `'rsa'` (OID 1.2.840.113549.1.1.1)
-         * * `'rsa-pss'` (OID 1.2.840.113549.1.1.10)
-         * * `'dsa'` (OID 1.2.840.10040.4.1)
-         * * `'ec'` (OID 1.2.840.10045.2.1)
-         * * `'x25519'` (OID 1.3.101.110)
-         * * `'x448'` (OID 1.3.101.111)
-         * * `'ed25519'` (OID 1.3.101.112)
-         * * `'ed448'` (OID 1.3.101.113)
-         * * `'dh'` (OID 1.2.840.113549.1.3.1)
-         * * `'ml-dsa-44'` (OID 2.16.840.1.101.3.4.3.17)
-         * * `'ml-dsa-65'` (OID 2.16.840.1.101.3.4.3.18)
-         * * `'ml-dsa-87'` (OID 2.16.840.1.101.3.4.3.19)
+         * For asymmetric keys, this property represents the type of the key. See the
+         * supported [asymmetric key types](https://nodejs.org/docs/latest-v24.x/api/crypto.html#asymmetric-key-types).
          *
          * This property is `undefined` for unrecognized `KeyObject` types and symmetric
          * keys.
          * @since v11.6.0
          */
-        asymmetricKeyType?: KeyType | undefined;
+        asymmetricKeyType?: KeyType;
         /**
          * This property exists only on asymmetric keys. Depending on the type of the key,
          * this object contains information about the key. None of the information obtained
@@ -625,7 +613,7 @@ declare module "crypto" {
          * Other key details might be exposed via this API using additional attributes.
          * @since v15.7.0
          */
-        asymmetricKeyDetails?: AsymmetricKeyDetails | undefined;
+        asymmetricKeyDetails?: AsymmetricKeyDetails;
         /**
          * For symmetric keys, the following encoding options can be used:
          *
@@ -649,8 +637,8 @@ declare module "crypto" {
          * PKCS#1 and SEC1 encryption.
          * @since v11.6.0
          */
-        export(options: KeyExportOptions<"pem">): string | Buffer;
-        export(options?: KeyExportOptions<"der">): Buffer;
+        export(options: KeyExportOptions<"pem">): string | NonSharedBuffer;
+        export(options?: KeyExportOptions<"der">): NonSharedBuffer;
         export(options?: JwkKeyExportOptions): JsonWebKey;
         /**
          * Returns `true` or `false` depending on whether the keys have exactly the same
@@ -664,7 +652,7 @@ declare module "crypto" {
          * property is `undefined` for asymmetric keys.
          * @since v11.6.0
          */
-        symmetricKeySize?: number | undefined;
+        symmetricKeySize?: number;
         /**
          * Converts a `KeyObject` instance to a `CryptoKey`.
          * @since 22.10.0
@@ -899,8 +887,8 @@ declare module "crypto" {
          * @param inputEncoding The `encoding` of the data.
          * @param outputEncoding The `encoding` of the return value.
          */
-        update(data: BinaryLike): Buffer;
-        update(data: string, inputEncoding: Encoding): Buffer;
+        update(data: BinaryLike): NonSharedBuffer;
+        update(data: string, inputEncoding: Encoding): NonSharedBuffer;
         update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
         update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
         /**
@@ -911,7 +899,7 @@ declare module "crypto" {
          * @param outputEncoding The `encoding` of the return value.
          * @return Any remaining enciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
          */
-        final(): Buffer;
+        final(): NonSharedBuffer;
         final(outputEncoding: BufferEncoding): string;
         /**
          * When using block encryption algorithms, the `Cipheriv` class will automatically
@@ -937,7 +925,7 @@ declare module "crypto" {
                 plaintextLength: number;
             },
         ): this;
-        getAuthTag(): Buffer;
+        getAuthTag(): NonSharedBuffer;
     }
     interface CipherGCM extends Cipheriv {
         setAAD(
@@ -946,7 +934,7 @@ declare module "crypto" {
                 plaintextLength: number;
             },
         ): this;
-        getAuthTag(): Buffer;
+        getAuthTag(): NonSharedBuffer;
     }
     interface CipherOCB extends Cipheriv {
         setAAD(
@@ -955,7 +943,7 @@ declare module "crypto" {
                 plaintextLength: number;
             },
         ): this;
-        getAuthTag(): Buffer;
+        getAuthTag(): NonSharedBuffer;
     }
     interface CipherChaCha20Poly1305 extends Cipheriv {
         setAAD(
@@ -964,7 +952,7 @@ declare module "crypto" {
                 plaintextLength: number;
             },
         ): this;
-        getAuthTag(): Buffer;
+        getAuthTag(): NonSharedBuffer;
     }
     /**
      * Creates and returns a `Decipheriv` object that uses the given `algorithm`, `key` and initialization vector (`iv`).
@@ -1149,8 +1137,8 @@ declare module "crypto" {
          * @param inputEncoding The `encoding` of the `data` string.
          * @param outputEncoding The `encoding` of the return value.
          */
-        update(data: NodeJS.ArrayBufferView): Buffer;
-        update(data: string, inputEncoding: Encoding): Buffer;
+        update(data: NodeJS.ArrayBufferView): NonSharedBuffer;
+        update(data: string, inputEncoding: Encoding): NonSharedBuffer;
         update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
         update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
         /**
@@ -1161,7 +1149,7 @@ declare module "crypto" {
          * @param outputEncoding The `encoding` of the return value.
          * @return Any remaining deciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
          */
-        final(): Buffer;
+        final(): NonSharedBuffer;
         final(outputEncoding: BufferEncoding): string;
         /**
          * When data has been encrypted without standard block padding, calling `decipher.setAutoPadding(false)` will disable automatic padding to prevent `decipher.final()` from checking for and
@@ -1323,6 +1311,7 @@ declare module "crypto" {
      * @since v0.1.92
      * @param options `stream.Writable` options
      */
+    // TODO: signing algorithm type
     function createSign(algorithm: string, options?: stream.WritableOptions): Sign;
     type DSAEncoding = "der" | "ieee-p1363";
     interface SigningOptions {
@@ -1332,6 +1321,7 @@ declare module "crypto" {
         padding?: number | undefined;
         saltLength?: number | undefined;
         dsaEncoding?: DSAEncoding | undefined;
+        context?: ArrayBuffer | NodeJS.ArrayBufferView | undefined;
     }
     interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
     interface SignKeyObjectInput extends SigningOptions {
@@ -1433,7 +1423,7 @@ declare module "crypto" {
          * called. Multiple calls to `sign.sign()` will result in an error being thrown.
          * @since v0.1.92
          */
-        sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput): Buffer;
+        sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput): NonSharedBuffer;
         sign(
             privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
             outputFormat: BinaryToTextEncoding,
@@ -1592,7 +1582,7 @@ declare module "crypto" {
          * @since v0.5.0
          * @param encoding The `encoding` of the return value.
          */
-        generateKeys(): Buffer;
+        generateKeys(): NonSharedBuffer;
         generateKeys(encoding: BinaryToTextEncoding): string;
         /**
          * Computes the shared secret using `otherPublicKey` as the other
@@ -1607,8 +1597,16 @@ declare module "crypto" {
          * @param inputEncoding The `encoding` of an `otherPublicKey` string.
          * @param outputEncoding The `encoding` of the return value.
          */
-        computeSecret(otherPublicKey: NodeJS.ArrayBufferView, inputEncoding?: null, outputEncoding?: null): Buffer;
-        computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding, outputEncoding?: null): Buffer;
+        computeSecret(
+            otherPublicKey: NodeJS.ArrayBufferView,
+            inputEncoding?: null,
+            outputEncoding?: null,
+        ): NonSharedBuffer;
+        computeSecret(
+            otherPublicKey: string,
+            inputEncoding: BinaryToTextEncoding,
+            outputEncoding?: null,
+        ): NonSharedBuffer;
         computeSecret(
             otherPublicKey: NodeJS.ArrayBufferView,
             inputEncoding: null,
@@ -1626,7 +1624,7 @@ declare module "crypto" {
          * @since v0.5.0
          * @param encoding The `encoding` of the return value.
          */
-        getPrime(): Buffer;
+        getPrime(): NonSharedBuffer;
         getPrime(encoding: BinaryToTextEncoding): string;
         /**
          * Returns the Diffie-Hellman generator in the specified `encoding`.
@@ -1635,7 +1633,7 @@ declare module "crypto" {
          * @since v0.5.0
          * @param encoding The `encoding` of the return value.
          */
-        getGenerator(): Buffer;
+        getGenerator(): NonSharedBuffer;
         getGenerator(encoding: BinaryToTextEncoding): string;
         /**
          * Returns the Diffie-Hellman public key in the specified `encoding`.
@@ -1644,7 +1642,7 @@ declare module "crypto" {
          * @since v0.5.0
          * @param encoding The `encoding` of the return value.
          */
-        getPublicKey(): Buffer;
+        getPublicKey(): NonSharedBuffer;
         getPublicKey(encoding: BinaryToTextEncoding): string;
         /**
          * Returns the Diffie-Hellman private key in the specified `encoding`.
@@ -1653,7 +1651,7 @@ declare module "crypto" {
          * @since v0.5.0
          * @param encoding The `encoding` of the return value.
          */
-        getPrivateKey(): Buffer;
+        getPrivateKey(): NonSharedBuffer;
         getPrivateKey(encoding: BinaryToTextEncoding): string;
         /**
          * Sets the Diffie-Hellman public key. If the `encoding` argument is provided, `publicKey` is expected
@@ -1797,7 +1795,7 @@ declare module "crypto" {
         iterations: number,
         keylen: number,
         digest: string,
-        callback: (err: Error | null, derivedKey: Buffer) => void,
+        callback: (err: Error | null, derivedKey: NonSharedBuffer) => void,
     ): void;
     /**
      * Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
@@ -1834,7 +1832,7 @@ declare module "crypto" {
         iterations: number,
         keylen: number,
         digest: string,
-    ): Buffer;
+    ): NonSharedBuffer;
     /**
      * Generates cryptographically strong pseudorandom data. The `size` argument
      * is a number indicating the number of bytes to generate.
@@ -1887,10 +1885,10 @@ declare module "crypto" {
      * @param size The number of bytes to generate. The `size` must not be larger than `2**31 - 1`.
      * @return if the `callback` function is not provided.
      */
-    function randomBytes(size: number): Buffer;
-    function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
-    function pseudoRandomBytes(size: number): Buffer;
-    function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
+    function randomBytes(size: number): NonSharedBuffer;
+    function randomBytes(size: number, callback: (err: Error | null, buf: NonSharedBuffer) => void): void;
+    function pseudoRandomBytes(size: number): NonSharedBuffer;
+    function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: NonSharedBuffer) => void): void;
     /**
      * Return a random integer `n` such that `min <= n < max`.  This
      * implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias).
@@ -2120,14 +2118,14 @@ declare module "crypto" {
         password: BinaryLike,
         salt: BinaryLike,
         keylen: number,
-        callback: (err: Error | null, derivedKey: Buffer) => void,
+        callback: (err: Error | null, derivedKey: NonSharedBuffer) => void,
     ): void;
     function scrypt(
         password: BinaryLike,
         salt: BinaryLike,
         keylen: number,
         options: ScryptOptions,
-        callback: (err: Error | null, derivedKey: Buffer) => void,
+        callback: (err: Error | null, derivedKey: NonSharedBuffer) => void,
     ): void;
     /**
      * Provides a synchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
@@ -2159,7 +2157,12 @@ declare module "crypto" {
      * ```
      * @since v10.5.0
      */
-    function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
+    function scryptSync(
+        password: BinaryLike,
+        salt: BinaryLike,
+        keylen: number,
+        options?: ScryptOptions,
+    ): NonSharedBuffer;
     interface RsaPublicKey {
         key: KeyLike;
         padding?: number | undefined;
@@ -2188,7 +2191,7 @@ declare module "crypto" {
     function publicEncrypt(
         key: RsaPublicKey | RsaPrivateKey | KeyLike,
         buffer: NodeJS.ArrayBufferView | string,
-    ): Buffer;
+    ): NonSharedBuffer;
     /**
      * Decrypts `buffer` with `key`.`buffer` was previously encrypted using
      * the corresponding private key, for example using {@link privateEncrypt}.
@@ -2203,7 +2206,7 @@ declare module "crypto" {
     function publicDecrypt(
         key: RsaPublicKey | RsaPrivateKey | KeyLike,
         buffer: NodeJS.ArrayBufferView | string,
-    ): Buffer;
+    ): NonSharedBuffer;
     /**
      * Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using
      * the corresponding public key, for example using {@link publicEncrypt}.
@@ -2212,7 +2215,10 @@ declare module "crypto" {
      * object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_OAEP_PADDING`.
      * @since v0.11.14
      */
-    function privateDecrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView | string): Buffer;
+    function privateDecrypt(
+        privateKey: RsaPrivateKey | KeyLike,
+        buffer: NodeJS.ArrayBufferView | string,
+    ): NonSharedBuffer;
     /**
      * Encrypts `buffer` with `privateKey`. The returned data can be decrypted using
      * the corresponding public key, for example using {@link publicDecrypt}.
@@ -2221,7 +2227,10 @@ declare module "crypto" {
      * object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_PADDING`.
      * @since v1.1.0
      */
-    function privateEncrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView | string): Buffer;
+    function privateEncrypt(
+        privateKey: RsaPrivateKey | KeyLike,
+        buffer: NodeJS.ArrayBufferView | string,
+    ): NonSharedBuffer;
     /**
      * ```js
      * const {
@@ -2350,7 +2359,7 @@ declare module "crypto" {
             inputEncoding?: BinaryToTextEncoding,
             outputEncoding?: "latin1" | "hex" | "base64" | "base64url",
             format?: "uncompressed" | "compressed" | "hybrid",
-        ): Buffer | string;
+        ): NonSharedBuffer | string;
         /**
          * Generates private and public EC Diffie-Hellman key values, and returns
          * the public key in the specified `format` and `encoding`. This key should be
@@ -2363,7 +2372,7 @@ declare module "crypto" {
          * @param encoding The `encoding` of the return value.
          * @param [format='uncompressed']
          */
-        generateKeys(): Buffer;
+        generateKeys(): NonSharedBuffer;
         generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
         /**
          * Computes the shared secret using `otherPublicKey` as the other
@@ -2382,8 +2391,8 @@ declare module "crypto" {
          * @param inputEncoding The `encoding` of the `otherPublicKey` string.
          * @param outputEncoding The `encoding` of the return value.
          */
-        computeSecret(otherPublicKey: NodeJS.ArrayBufferView): Buffer;
-        computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding): Buffer;
+        computeSecret(otherPublicKey: NodeJS.ArrayBufferView): NonSharedBuffer;
+        computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding): NonSharedBuffer;
         computeSecret(otherPublicKey: NodeJS.ArrayBufferView, outputEncoding: BinaryToTextEncoding): string;
         computeSecret(
             otherPublicKey: string,
@@ -2397,7 +2406,7 @@ declare module "crypto" {
          * @param encoding The `encoding` of the return value.
          * @return The EC Diffie-Hellman in the specified `encoding`.
          */
-        getPrivateKey(): Buffer;
+        getPrivateKey(): NonSharedBuffer;
         getPrivateKey(encoding: BinaryToTextEncoding): string;
         /**
          * The `format` argument specifies point encoding and can be `'compressed'` or `'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
@@ -2409,7 +2418,7 @@ declare module "crypto" {
          * @param [format='uncompressed']
          * @return The EC Diffie-Hellman public key in the specified `encoding` and `format`.
          */
-        getPublicKey(encoding?: null, format?: ECDHKeyFormat): Buffer;
+        getPublicKey(encoding?: null, format?: ECDHKeyFormat): NonSharedBuffer;
         getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
         /**
          * Sets the EC Diffie-Hellman private key.
@@ -2460,17 +2469,33 @@ declare module "crypto" {
      */
     function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
     type KeyType =
-        | "rsa"
-        | "rsa-pss"
+        | "dh"
         | "dsa"
         | "ec"
         | "ed25519"
         | "ed448"
-        | "x25519"
-        | "x448"
         | "ml-dsa-44"
         | "ml-dsa-65"
-        | "ml-dsa-87";
+        | "ml-dsa-87"
+        | "ml-kem-1024"
+        | "ml-kem-512"
+        | "ml-kem-768"
+        | "rsa-pss"
+        | "rsa"
+        | "slh-dsa-sha2-128f"
+        | "slh-dsa-sha2-128s"
+        | "slh-dsa-sha2-192f"
+        | "slh-dsa-sha2-192s"
+        | "slh-dsa-sha2-256f"
+        | "slh-dsa-sha2-256s"
+        | "slh-dsa-shake-128f"
+        | "slh-dsa-shake-128s"
+        | "slh-dsa-shake-192f"
+        | "slh-dsa-shake-192s"
+        | "slh-dsa-shake-256f"
+        | "slh-dsa-shake-256s"
+        | "x25519"
+        | "x448";
     type KeyFormat = "pem" | "der" | "jwk";
     interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
         format: T;
@@ -2486,6 +2511,8 @@ declare module "crypto" {
     interface X25519KeyPairKeyObjectOptions {}
     interface X448KeyPairKeyObjectOptions {}
     interface MLDSAKeyPairKeyObjectOptions {}
+    interface MLKEMKeyPairKeyObjectOptions {}
+    interface SLHDSAKeyPairKeyObjectOptions {}
     interface ECKeyPairKeyObjectOptions {
         /**
          * Name of the curve to use
@@ -2520,15 +2547,15 @@ declare module "crypto" {
         /**
          * Name of the message digest
          */
-        hashAlgorithm?: string;
+        hashAlgorithm?: string | undefined;
         /**
          * Name of the message digest used by MGF1
          */
-        mgf1HashAlgorithm?: string;
+        mgf1HashAlgorithm?: string | undefined;
         /**
          * Minimal salt length in bytes
          */
-        saltLength?: string;
+        saltLength?: string | undefined;
     }
     interface DSAKeyPairKeyObjectOptions {
         /**
@@ -2571,15 +2598,15 @@ declare module "crypto" {
         /**
          * Name of the message digest
          */
-        hashAlgorithm?: string;
+        hashAlgorithm?: string | undefined;
         /**
          * Name of the message digest used by MGF1
          */
-        mgf1HashAlgorithm?: string;
+        mgf1HashAlgorithm?: string | undefined;
         /**
          * Minimal salt length in bytes
          */
-        saltLength?: string;
+        saltLength?: string | undefined;
         publicKeyEncoding: {
             type: "spki";
             format: PubF;
@@ -2659,6 +2686,24 @@ declare module "crypto" {
             type: "pkcs8";
         };
     }
+    interface MLKEMKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
+    interface SLHDSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
     interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
         publicKey: T1;
         privateKey: T2;
@@ -2702,8 +2747,8 @@ declare module "crypto" {
      * When PEM encoding was selected, the respective key will be a string, otherwise
      * it will be a buffer containing the data encoded as DER.
      * @since v10.12.0
-     * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`,
-     * `'ed448'`, `'x25519'`, `'x448'`, `'dh'`, `'ml-dsa-44'`, `'ml-dsa-65'`, or `'ml-dsa-87'`.
+     * @param type The asymmetric key type to generate. See the
+     * supported [asymmetric key types](https://nodejs.org/docs/latest-v24.x/api/crypto.html#asymmetric-key-types).
      */
     function generateKeyPairSync(
         type: "rsa",
@@ -2712,15 +2757,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "rsa",
         options: RSAKeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "rsa",
         options: RSAKeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "rsa",
         options: RSAKeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "rsa", options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "rsa-pss",
@@ -2729,15 +2774,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "rsa-pss",
         options: RSAPSSKeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "rsa-pss",
         options: RSAPSSKeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "rsa-pss",
         options: RSAPSSKeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "rsa-pss", options: RSAPSSKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "dsa",
@@ -2746,15 +2791,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "dsa",
         options: DSAKeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "dsa",
         options: DSAKeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "dsa",
         options: DSAKeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "dsa", options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "ec",
@@ -2763,15 +2808,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "ec",
         options: ECKeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "ec",
         options: ECKeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "ec",
         options: ECKeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "ec", options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "ed25519",
@@ -2780,15 +2825,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "ed25519",
         options: ED25519KeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "ed25519",
         options: ED25519KeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "ed25519",
         options: ED25519KeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "ed25519", options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "ed448",
@@ -2797,15 +2842,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "ed448",
         options: ED448KeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "ed448",
         options: ED448KeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "ed448",
         options: ED448KeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "ed448", options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "x25519",
@@ -2814,15 +2859,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "x25519",
         options: X25519KeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "x25519",
         options: X25519KeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "x25519",
         options: X25519KeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "x25519", options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "x448",
@@ -2831,15 +2876,15 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "x448",
         options: X448KeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "x448",
         options: X448KeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "x448",
         options: X448KeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(type: "x448", options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     function generateKeyPairSync(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
@@ -2848,19 +2893,119 @@ declare module "crypto" {
     function generateKeyPairSync(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairOptions<"pem", "der">,
-    ): KeyPairSyncResult<string, Buffer>;
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairOptions<"der", "pem">,
-    ): KeyPairSyncResult<Buffer, string>;
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
     function generateKeyPairSync(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairOptions<"der", "der">,
-    ): KeyPairSyncResult<Buffer, Buffer>;
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
     function generateKeyPairSync(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options?: MLDSAKeyPairKeyObjectOptions,
     ): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options?: MLKEMKeyPairKeyObjectOptions,
+    ): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, Buffer>;
+    function generateKeyPairSync(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<Buffer, string>;
+    function generateKeyPairSync(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<Buffer, Buffer>;
+    function generateKeyPairSync(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options?: SLHDSAKeyPairKeyObjectOptions,
+    ): KeyPairKeyObjectResult;
     /**
      * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
      * Ed25519, Ed448, X25519, X448, and DH are currently supported.
@@ -2898,8 +3043,8 @@ declare module "crypto" {
      * If this method is invoked as its `util.promisify()` ed version, it returns
      * a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
      * @since v10.12.0
-     * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`,
-     * `'ed448'`, `'x25519'`, `'x448'`, `'dh'`, `'ml-dsa-44'`, `'ml-dsa-65'`, or `'ml-dsa-87'`.
+     * @param type The asymmetric key type to generate. See the
+     * supported [asymmetric key types](https://nodejs.org/docs/latest-v24.x/api/crypto.html#asymmetric-key-types).
      */
     function generateKeyPair(
         type: "rsa",
@@ -2909,17 +3054,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "rsa",
         options: RSAKeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "rsa",
         options: RSAKeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "rsa",
         options: RSAKeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "rsa",
@@ -2934,17 +3079,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "rsa-pss",
         options: RSAPSSKeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "rsa-pss",
         options: RSAPSSKeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "rsa-pss",
         options: RSAPSSKeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "rsa-pss",
@@ -2959,17 +3104,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "dsa",
         options: DSAKeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "dsa",
         options: DSAKeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "dsa",
         options: DSAKeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "dsa",
@@ -2984,17 +3129,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "ec",
         options: ECKeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ec",
         options: ECKeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "ec",
         options: ECKeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ec",
@@ -3009,17 +3154,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "ed25519",
         options: ED25519KeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ed25519",
         options: ED25519KeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "ed25519",
         options: ED25519KeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ed25519",
@@ -3034,17 +3179,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "ed448",
         options: ED448KeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ed448",
         options: ED448KeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "ed448",
         options: ED448KeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ed448",
@@ -3059,17 +3204,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "x25519",
         options: X25519KeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "x25519",
         options: X25519KeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "x25519",
         options: X25519KeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "x25519",
@@ -3084,17 +3229,17 @@ declare module "crypto" {
     function generateKeyPair(
         type: "x448",
         options: X448KeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "x448",
         options: X448KeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "x448",
         options: X448KeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "x448",
@@ -3109,23 +3254,133 @@ declare module "crypto" {
     function generateKeyPair(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairOptions<"pem", "der">,
-        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairOptions<"der", "pem">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
     function generateKeyPair(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairOptions<"der", "der">,
-        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
     function generateKeyPair(
         type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
         options: MLDSAKeyPairKeyObjectOptions | undefined,
         callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
     ): void;
+    function generateKeyPair(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+        options: MLKEMKeyPairKeyObjectOptions | undefined,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
+    function generateKeyPair(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
+    ): void;
+    function generateKeyPair(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
+    ): void;
+    function generateKeyPair(
+        type:
+            | "slh-dsa-sha2-128f"
+            | "slh-dsa-sha2-128s"
+            | "slh-dsa-sha2-192f"
+            | "slh-dsa-sha2-192s"
+            | "slh-dsa-sha2-256f"
+            | "slh-dsa-sha2-256s"
+            | "slh-dsa-shake-128f"
+            | "slh-dsa-shake-128s"
+            | "slh-dsa-shake-192f"
+            | "slh-dsa-shake-192s"
+            | "slh-dsa-shake-256f"
+            | "slh-dsa-shake-256s",
+        options: SLHDSAKeyPairKeyObjectOptions | undefined,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
     namespace generateKeyPair {
         function __promisify__(
             type: "rsa",
@@ -3139,21 +3394,21 @@ declare module "crypto" {
             options: RSAKeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "rsa",
             options: RSAKeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "rsa",
             options: RSAKeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(type: "rsa", options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
         function __promisify__(
@@ -3168,21 +3423,21 @@ declare module "crypto" {
             options: RSAPSSKeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "rsa-pss",
             options: RSAPSSKeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "rsa-pss",
             options: RSAPSSKeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "rsa-pss",
@@ -3200,21 +3455,21 @@ declare module "crypto" {
             options: DSAKeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "dsa",
             options: DSAKeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "dsa",
             options: DSAKeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(type: "dsa", options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
         function __promisify__(
@@ -3229,21 +3484,21 @@ declare module "crypto" {
             options: ECKeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "ec",
             options: ECKeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "ec",
             options: ECKeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(type: "ec", options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
         function __promisify__(
@@ -3258,21 +3513,21 @@ declare module "crypto" {
             options: ED25519KeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "ed25519",
             options: ED25519KeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "ed25519",
             options: ED25519KeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "ed25519",
@@ -3290,21 +3545,21 @@ declare module "crypto" {
             options: ED448KeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "ed448",
             options: ED448KeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "ed448",
             options: ED448KeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(type: "ed448", options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
         function __promisify__(
@@ -3319,21 +3574,21 @@ declare module "crypto" {
             options: X25519KeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "x25519",
             options: X25519KeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "x25519",
             options: X25519KeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "x25519",
@@ -3351,21 +3606,21 @@ declare module "crypto" {
             options: X448KeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "x448",
             options: X448KeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "x448",
             options: X448KeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(type: "x448", options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
         function __promisify__(
@@ -3380,26 +3635,150 @@ declare module "crypto" {
             options: MLDSAKeyPairOptions<"pem", "der">,
         ): Promise<{
             publicKey: string;
-            privateKey: Buffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
             options: MLDSAKeyPairOptions<"der", "pem">,
         ): Promise<{
-            publicKey: Buffer;
+            publicKey: NonSharedBuffer;
             privateKey: string;
         }>;
         function __promisify__(
             type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
             options: MLDSAKeyPairOptions<"der", "der">,
         ): Promise<{
-            publicKey: Buffer;
-            privateKey: Buffer;
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
         }>;
         function __promisify__(
             type: "ml-dsa-44" | "ml-dsa-65" | "ml-dsa-87",
             options?: MLDSAKeyPairKeyObjectOptions,
         ): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
+            type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+            options: MLKEMKeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+            options: MLKEMKeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+            options: MLKEMKeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+            options: MLKEMKeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "ml-kem-1024" | "ml-kem-512" | "ml-kem-768",
+            options?: MLKEMKeyPairKeyObjectOptions,
+        ): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
+            type:
+                | "slh-dsa-sha2-128f"
+                | "slh-dsa-sha2-128s"
+                | "slh-dsa-sha2-192f"
+                | "slh-dsa-sha2-192s"
+                | "slh-dsa-sha2-256f"
+                | "slh-dsa-sha2-256s"
+                | "slh-dsa-shake-128f"
+                | "slh-dsa-shake-128s"
+                | "slh-dsa-shake-192f"
+                | "slh-dsa-shake-192s"
+                | "slh-dsa-shake-256f"
+                | "slh-dsa-shake-256s",
+            options: SLHDSAKeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type:
+                | "slh-dsa-sha2-128f"
+                | "slh-dsa-sha2-128s"
+                | "slh-dsa-sha2-192f"
+                | "slh-dsa-sha2-192s"
+                | "slh-dsa-sha2-256f"
+                | "slh-dsa-sha2-256s"
+                | "slh-dsa-shake-128f"
+                | "slh-dsa-shake-128s"
+                | "slh-dsa-shake-192f"
+                | "slh-dsa-shake-192s"
+                | "slh-dsa-shake-256f"
+                | "slh-dsa-shake-256s",
+            options: SLHDSAKeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: Buffer;
+        }>;
+        function __promisify__(
+            type:
+                | "slh-dsa-sha2-128f"
+                | "slh-dsa-sha2-128s"
+                | "slh-dsa-sha2-192f"
+                | "slh-dsa-sha2-192s"
+                | "slh-dsa-sha2-256f"
+                | "slh-dsa-sha2-256s"
+                | "slh-dsa-shake-128f"
+                | "slh-dsa-shake-128s"
+                | "slh-dsa-shake-192f"
+                | "slh-dsa-shake-192s"
+                | "slh-dsa-shake-256f"
+                | "slh-dsa-shake-256s",
+            options: SLHDSAKeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: Buffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type:
+                | "slh-dsa-sha2-128f"
+                | "slh-dsa-sha2-128s"
+                | "slh-dsa-sha2-192f"
+                | "slh-dsa-sha2-192s"
+                | "slh-dsa-sha2-256f"
+                | "slh-dsa-sha2-256s"
+                | "slh-dsa-shake-128f"
+                | "slh-dsa-shake-128s"
+                | "slh-dsa-shake-192f"
+                | "slh-dsa-shake-192s"
+                | "slh-dsa-shake-256f"
+                | "slh-dsa-shake-256s",
+            options: SLHDSAKeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: Buffer;
+            privateKey: Buffer;
+        }>;
+        function __promisify__(
+            type:
+                | "slh-dsa-sha2-128f"
+                | "slh-dsa-sha2-128s"
+                | "slh-dsa-sha2-192f"
+                | "slh-dsa-sha2-192s"
+                | "slh-dsa-sha2-256f"
+                | "slh-dsa-sha2-256s"
+                | "slh-dsa-shake-128f"
+                | "slh-dsa-shake-128s"
+                | "slh-dsa-shake-192f"
+                | "slh-dsa-shake-192s"
+                | "slh-dsa-shake-256f"
+                | "slh-dsa-shake-256s",
+            options?: SLHDSAKeyPairKeyObjectOptions,
+        ): Promise<KeyPairKeyObjectResult>;
     }
     /**
      * Calculates and returns the signature for `data` using the given private key and
@@ -3420,12 +3799,12 @@ declare module "crypto" {
         algorithm: string | null | undefined,
         data: NodeJS.ArrayBufferView,
         key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
-    ): Buffer;
+    ): NonSharedBuffer;
     function sign(
         algorithm: string | null | undefined,
         data: NodeJS.ArrayBufferView,
         key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
-        callback: (error: Error | null, data: Buffer) => void,
+        callback: (error: Error | null, data: NonSharedBuffer) => void,
     ): void;
     /**
      * Verifies the given signature for `data` using the given key and algorithm. If
@@ -3461,17 +3840,71 @@ declare module "crypto" {
         callback: (error: Error | null, result: boolean) => void,
     ): void;
     /**
-     * Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
-     * Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'`
-     * (for Diffie-Hellman), `'ec'`, `'x448'`, or `'x25519'` (for ECDH).
+     * Key decapsulation using a KEM algorithm with a private key.
+     *
+     * Supported key types and their KEM algorithms are:
+     *
+     * * `'rsa'` RSA Secret Value Encapsulation
+     * * `'ec'` DHKEM(P-256, HKDF-SHA256), DHKEM(P-384, HKDF-SHA256), DHKEM(P-521, HKDF-SHA256)
+     * * `'x25519'` DHKEM(X25519, HKDF-SHA256)
+     * * `'x448'` DHKEM(X448, HKDF-SHA512)
+     * * `'ml-kem-512'` ML-KEM
+     * * `'ml-kem-768'` ML-KEM
+     * * `'ml-kem-1024'` ML-KEM
+     *
+     * If `key` is not a {@link KeyObject}, this function behaves as if `key` had been
+     * passed to `crypto.createPrivateKey()`.
+     *
+     * If the `callback` function is provided this function uses libuv's threadpool.
+     * @since v24.7.0
+     */
+    function decapsulate(
+        key: KeyLike | PrivateKeyInput | JsonWebKeyInput,
+        ciphertext: ArrayBuffer | NodeJS.ArrayBufferView,
+    ): NonSharedBuffer;
+    function decapsulate(
+        key: KeyLike | PrivateKeyInput | JsonWebKeyInput,
+        ciphertext: ArrayBuffer | NodeJS.ArrayBufferView,
+        callback: (err: Error, sharedKey: NonSharedBuffer) => void,
+    ): void;
+    /**
+     * Computes the Diffie-Hellman shared secret based on a `privateKey` and a `publicKey`.
+     * Both keys must have the same `asymmetricKeyType` and must support either the DH or
+     * ECDH operation.
      *
      * If the `callback` function is provided this function uses libuv's threadpool.
      * @since v13.9.0, v12.17.0
      */
-    function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
+    function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): NonSharedBuffer;
     function diffieHellman(
         options: { privateKey: KeyObject; publicKey: KeyObject },
-        callback: (err: Error | null, secret: Buffer) => void,
+        callback: (err: Error | null, secret: NonSharedBuffer) => void,
+    ): void;
+    /**
+     * Key encapsulation using a KEM algorithm with a public key.
+     *
+     * Supported key types and their KEM algorithms are:
+     *
+     * * `'rsa'` RSA Secret Value Encapsulation
+     * * `'ec'` DHKEM(P-256, HKDF-SHA256), DHKEM(P-384, HKDF-SHA256), DHKEM(P-521, HKDF-SHA256)
+     * * `'x25519'` DHKEM(X25519, HKDF-SHA256)
+     * * `'x448'` DHKEM(X448, HKDF-SHA512)
+     * * `'ml-kem-512'` ML-KEM
+     * * `'ml-kem-768'` ML-KEM
+     * * `'ml-kem-1024'` ML-KEM
+     *
+     * If `key` is not a {@link KeyObject}, this function behaves as if `key` had been
+     * passed to `crypto.createPublicKey()`.
+     *
+     * If the `callback` function is provided this function uses libuv's threadpool.
+     * @since v24.7.0
+     */
+    function encapsulate(
+        key: KeyLike | PublicKeyInput | JsonWebKeyInput,
+    ): { sharedKey: NonSharedBuffer; ciphertext: NonSharedBuffer };
+    function encapsulate(
+        key: KeyLike | PublicKeyInput | JsonWebKeyInput,
+        callback: (err: Error, result: { sharedKey: NonSharedBuffer; ciphertext: NonSharedBuffer }) => void,
     ): void;
     interface OneShotDigestOptions {
         /**
@@ -3536,12 +3969,12 @@ declare module "crypto" {
         algorithm: string,
         data: BinaryLike,
         options: OneShotDigestOptionsWithBufferEncoding | "buffer",
-    ): Buffer;
+    ): NonSharedBuffer;
     function hash(
         algorithm: string,
         data: BinaryLike,
         options: OneShotDigestOptions | BinaryToTextEncoding | "buffer",
-    ): string | Buffer;
+    ): string | NonSharedBuffer;
     type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
     interface CipherInfoOptions {
         /**
@@ -3705,23 +4138,23 @@ declare module "crypto" {
         /**
          * @default 'always'
          */
-        subject?: "always" | "default" | "never";
+        subject?: "always" | "default" | "never" | undefined;
         /**
          * @default true
          */
-        wildcards?: boolean;
+        wildcards?: boolean | undefined;
         /**
          * @default true
          */
-        partialWildcards?: boolean;
+        partialWildcards?: boolean | undefined;
         /**
          * @default false
          */
-        multiLabelWildcards?: boolean;
+        multiLabelWildcards?: boolean | undefined;
         /**
          * @default false
          */
-        singleLabelSubdomains?: boolean;
+        singleLabelSubdomains?: boolean | undefined;
     }
     /**
      * Encapsulates an X509 certificate and provides read-only access to
@@ -3823,7 +4256,7 @@ declare module "crypto" {
          * available.
          * @since v15.9.0
          */
-        readonly issuerCertificate?: X509Certificate | undefined;
+        readonly issuerCertificate: X509Certificate | undefined;
         /**
          * The public key `KeyObject` for this certificate.
          * @since v15.6.0
@@ -3833,7 +4266,7 @@ declare module "crypto" {
          * A `Buffer` containing the DER encoding of this certificate.
          * @since v15.6.0
          */
-        readonly raw: Buffer;
+        readonly raw: NonSharedBuffer;
         /**
          * The serial number of this certificate.
          *
@@ -3843,6 +4276,16 @@ declare module "crypto" {
          * @since v15.6.0
          */
         readonly serialNumber: string;
+        /**
+         * The algorithm used to sign the certificate or `undefined` if the signature algorithm is unknown by OpenSSL.
+         * @since v24.9.0
+         */
+        readonly signatureAlgorithm: string | undefined;
+        /**
+         * The OID of the algorithm used to sign the certificate.
+         * @since v24.9.0
+         */
+        readonly signatureAlgorithmOid: string;
         /**
          * The date/time from which this certificate is considered valid.
          * @since v15.6.0
@@ -4115,6 +4558,130 @@ declare module "crypto" {
      * @return Returns `typedArray`.
      */
     function getRandomValues<T extends webcrypto.BufferSource>(typedArray: T): T;
+    type Argon2Algorithm = "argon2d" | "argon2i" | "argon2id";
+    interface Argon2Parameters {
+        /**
+         * REQUIRED, this is the password for password hashing applications of Argon2.
+         */
+        message: string | ArrayBuffer | NodeJS.ArrayBufferView;
+        /**
+         * REQUIRED, must be at least 8 bytes long. This is the salt for password hashing applications of Argon2.
+         */
+        nonce: string | ArrayBuffer | NodeJS.ArrayBufferView;
+        /**
+         * REQUIRED, degree of parallelism determines how many computational chains (lanes)
+         * can be run. Must be greater than 1 and less than `2**24-1`.
+         */
+        parallelism: number;
+        /**
+         * REQUIRED, the length of the key to generate. Must be greater than 4 and
+         * less than `2**32-1`.
+         */
+        tagLength: number;
+        /**
+         * REQUIRED, memory cost in 1KiB blocks. Must be greater than
+         * `8 * parallelism` and less than `2**32-1`. The actual number of blocks is rounded
+         * down to the nearest multiple of `4 * parallelism`.
+         */
+        memory: number;
+        /**
+         * REQUIRED, number of passes (iterations). Must be greater than 1 and less
+         * than `2**32-1`.
+         */
+        passes: number;
+        /**
+         * OPTIONAL, Random additional input,
+         * similar to the salt, that should **NOT** be stored with the derived key. This is known as pepper in
+         * password hashing applications. If used, must have a length not greater than `2**32-1` bytes.
+         */
+        secret?: string | ArrayBuffer | NodeJS.ArrayBufferView | undefined;
+        /**
+         * OPTIONAL, Additional data to
+         * be added to the hash, functionally equivalent to salt or secret, but meant for
+         * non-random data. If used, must have a length not greater than `2**32-1` bytes.
+         */
+        associatedData?: string | ArrayBuffer | NodeJS.ArrayBufferView | undefined;
+    }
+    /**
+     * Provides an asynchronous [Argon2](https://www.rfc-editor.org/rfc/rfc9106.html) implementation. Argon2 is a password-based
+     * key derivation function that is designed to be expensive computationally and
+     * memory-wise in order to make brute-force attacks unrewarding.
+     *
+     * The `nonce` should be as unique as possible. It is recommended that a nonce is
+     * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
+     *
+     * When passing strings for `message`, `nonce`, `secret` or `associatedData`, please
+     * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v24.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
+     *
+     * The `callback` function is called with two arguments: `err` and `derivedKey`.
+     * `err` is an exception object when key derivation fails, otherwise `err` is
+     * `null`. `derivedKey` is passed to the callback as a `Buffer`.
+     *
+     * An exception is thrown when any of the input arguments specify invalid values
+     * or types.
+     *
+     * ```js
+     * const { argon2, randomBytes } = await import('node:crypto');
+     *
+     * const parameters = {
+     *   message: 'password',
+     *   nonce: randomBytes(16),
+     *   parallelism: 4,
+     *   tagLength: 64,
+     *   memory: 65536,
+     *   passes: 3,
+     * };
+     *
+     * argon2('argon2id', parameters, (err, derivedKey) => {
+     *   if (err) throw err;
+     *   console.log(derivedKey.toString('hex'));  // 'af91dad...9520f15'
+     * });
+     * ```
+     * @since v24.7.0
+     * @param algorithm Variant of Argon2, one of `"argon2d"`, `"argon2i"` or `"argon2id"`.
+     * @experimental
+     */
+    function argon2(
+        algorithm: Argon2Algorithm,
+        parameters: Argon2Parameters,
+        callback: (err: Error | null, derivedKey: NonSharedBuffer) => void,
+    ): void;
+    /**
+     * Provides a synchronous [Argon2][] implementation. Argon2 is a password-based
+     * key derivation function that is designed to be expensive computationally and
+     * memory-wise in order to make brute-force attacks unrewarding.
+     *
+     * The `nonce` should be as unique as possible. It is recommended that a nonce is
+     * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
+     *
+     * When passing strings for `message`, `nonce`, `secret` or `associatedData`, please
+     * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v24.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
+     *
+     * An exception is thrown when key derivation fails, otherwise the derived key is
+     * returned as a `Buffer`.
+     *
+     * An exception is thrown when any of the input arguments specify invalid values
+     * or types.
+     *
+     * ```js
+     * const { argon2Sync, randomBytes } = await import('node:crypto');
+     *
+     * const parameters = {
+     *   message: 'password',
+     *   nonce: randomBytes(16),
+     *   parallelism: 4,
+     *   tagLength: 64,
+     *   memory: 65536,
+     *   passes: 3,
+     * };
+     *
+     * const derivedKey = argon2Sync('argon2id', parameters);
+     * console.log(derivedKey.toString('hex'));  // 'af91dad...9520f15'
+     * ```
+     * @since v24.7.0
+     * @experimental
+     */
+    function argon2Sync(algorithm: Argon2Algorithm, parameters: Argon2Parameters): NonSharedBuffer;
     /**
      * A convenient alias for `crypto.webcrypto.subtle`.
      * @since v17.4.0
@@ -4129,21 +4696,30 @@ declare module "crypto" {
     const webcrypto: webcrypto.Crypto;
     namespace webcrypto {
         type BufferSource = ArrayBufferView | ArrayBuffer;
-        type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
+        type KeyFormat = "jwk" | "pkcs8" | "raw" | "raw-public" | "raw-secret" | "raw-seed" | "spki";
         type KeyType = "private" | "public" | "secret";
         type KeyUsage =
-            | "decrypt"
-            | "deriveBits"
-            | "deriveKey"
             | "encrypt"
+            | "decrypt"
             | "sign"
-            | "unwrapKey"
             | "verify"
-            | "wrapKey";
+            | "deriveKey"
+            | "deriveBits"
+            | "encapsulateBits"
+            | "decapsulateBits"
+            | "encapsulateKey"
+            | "decapsulateKey"
+            | "wrapKey"
+            | "unwrapKey";
         type AlgorithmIdentifier = Algorithm | string;
         type HashAlgorithmIdentifier = AlgorithmIdentifier;
         type NamedCurve = string;
         type BigInteger = Uint8Array;
+        interface AeadParams extends Algorithm {
+            additionalData?: BufferSource;
+            iv: BufferSource;
+            tagLength: number;
+        }
         interface AesCbcParams extends Algorithm {
             iv: BufferSource;
         }
@@ -4154,6 +4730,8 @@ declare module "crypto" {
         interface AesDerivedKeyParams extends Algorithm {
             length: number;
         }
+        // TODO: remove in next major
+        /** @deprecated Replaced by `AeadParams`. */
         interface AesGcmParams extends Algorithm {
             additionalData?: BufferSource;
             iv: BufferSource;
@@ -4168,6 +4746,23 @@ declare module "crypto" {
         interface Algorithm {
             name: string;
         }
+        interface Argon2Params extends Algorithm {
+            associatedData?: BufferSource;
+            memory: number;
+            nonce: BufferSource;
+            parallelism: number;
+            passes: number;
+            secretValue?: BufferSource;
+            version?: number;
+        }
+        interface CShakeParams extends Algorithm {
+            customization?: BufferSource;
+            functionName?: BufferSource;
+            length: number;
+        }
+        interface ContextParams extends Algorithm {
+            context?: BufferSource;
+        }
         interface EcKeyAlgorithm extends KeyAlgorithm {
             namedCurve: NamedCurve;
         }
@@ -4183,9 +4778,6 @@ declare module "crypto" {
         interface EcdsaParams extends Algorithm {
             hash: HashAlgorithmIdentifier;
         }
-        interface Ed448Params extends Algorithm {
-            context?: BufferSource;
-        }
         interface HkdfParams extends Algorithm {
             hash: HashAlgorithmIdentifier;
             info: BufferSource;
@@ -4226,6 +4818,19 @@ declare module "crypto" {
         interface KeyAlgorithm {
             name: string;
         }
+        interface KmacImportParams extends Algorithm {
+            length?: number;
+        }
+        interface KmacKeyAlgorithm extends KeyAlgorithm {
+            length: number;
+        }
+        interface KmacKeyGenParams extends Algorithm {
+            length?: number;
+        }
+        interface KmacParams extends Algorithm {
+            customization?: BufferSource;
+            length: number;
+        }
         interface Pbkdf2Params extends Algorithm {
             hash: HashAlgorithmIdentifier;
             iterations: number;
@@ -4279,22 +4884,15 @@ declare module "crypto" {
              * An error will be thrown if the given `typedArray` is larger than 65,536 bytes.
              * @since v15.0.0
              */
-            getRandomValues<T extends Exclude<NodeJS.TypedArray, Float32Array | Float64Array>>(typedArray: T): T;
+            getRandomValues<T extends Exclude<NodeJS.TypedArray, Float16Array | Float32Array | Float64Array>>(
+                typedArray: T,
+            ): T;
             /**
              * Generates a random {@link https://www.rfc-editor.org/rfc/rfc4122.txt RFC 4122} version 4 UUID.
              * The UUID is generated using a cryptographic pseudorandom number generator.
              * @since v16.7.0
              */
             randomUUID(): UUID;
-            CryptoKey: CryptoKeyConstructor;
-        }
-        // This constructor throws ILLEGAL_CONSTRUCTOR so it should not be newable.
-        interface CryptoKeyConstructor {
-            /** Illegal constructor */
-            (_: { readonly _: unique symbol }): never; // Allows instanceof to work but not be callable by the user.
-            readonly length: 0;
-            readonly name: "CryptoKey";
-            readonly prototype: CryptoKey;
         }
         /**
          * @since v15.0.0
@@ -4349,31 +4947,81 @@ declare module "crypto" {
              */
             publicKey: CryptoKey;
         }
+        interface EncapsulatedBits {
+            sharedKey: ArrayBuffer;
+            ciphertext: ArrayBuffer;
+        }
+        interface EncapsulatedKey {
+            sharedKey: CryptoKey;
+            ciphertext: ArrayBuffer;
+        }
         /**
          * @since v15.0.0
          */
         interface SubtleCrypto {
+            /**
+             * A message recipient uses their asymmetric private key to decrypt an
+             * "encapsulated key" (ciphertext), thereby recovering a temporary symmetric
+             * key (represented as `ArrayBuffer`) which is then used to decrypt a message.
+             *
+             * The algorithms currently supported include:
+             *
+             * * `'ML-KEM-512'`
+             * * `'ML-KEM-768'`
+             * * `'ML-KEM-1024'`
+             * @since v24.7.0
+             * @returns Fulfills with `ArrayBuffer` upon success.
+             */
+            decapsulateBits(
+                decapsulationAlgorithm: AlgorithmIdentifier,
+                decapsulationKey: CryptoKey,
+                ciphertext: BufferSource,
+            ): Promise<ArrayBuffer>;
+            /**
+             * A message recipient uses their asymmetric private key to decrypt an
+             * "encapsulated key" (ciphertext), thereby recovering a temporary symmetric
+             * key (represented as `CryptoKey`) which is then used to decrypt a message.
+             *
+             * The algorithms currently supported include:
+             *
+             * * `'ML-KEM-512'`
+             * * `'ML-KEM-768'`
+             * * `'ML-KEM-1024'`
+             * @since v24.7.0
+             * @param usages See [Key usages](https://nodejs.org/docs/latest-v24.x/api/webcrypto.html#cryptokeyusages).
+             * @returns Fulfills with `CryptoKey` upon success.
+             */
+            decapsulateKey(
+                decapsulationAlgorithm: AlgorithmIdentifier,
+                decapsulationKey: CryptoKey,
+                ciphertext: BufferSource,
+                sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,
+                extractable: boolean,
+                usages: KeyUsage[],
+            ): Promise<CryptoKey>;
             /**
              * Using the method and parameters specified in `algorithm` and the keying material provided by `key`,
-             * `subtle.decrypt()` attempts to decipher the provided `data`. If successful,
+             * this method attempts to decipher the provided `data`. If successful,
              * the returned promise will be resolved with an `<ArrayBuffer>` containing the plaintext result.
              *
              * The algorithms currently supported include:
              *
-             * - `'RSA-OAEP'`
-             * - `'AES-CTR'`
-             * - `'AES-CBC'`
-             * - `'AES-GCM'`
+             * * `'AES-CBC'`
+             * * `'AES-CTR'`
+             * * `'AES-GCM'`
+             * * `'AES-OCB'`
+             * * `'ChaCha20-Poly1305'`
+             * * `'RSA-OAEP'`
              * @since v15.0.0
              */
             decrypt(
-                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
+                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
                 key: CryptoKey,
                 data: BufferSource,
             ): Promise<ArrayBuffer>;
             /**
              * Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`,
-             * `subtle.deriveBits()` attempts to generate `length` bits.
+             * this method attempts to generate `length` bits.
              * The Node.js implementation requires that when `length` is a number it must be multiple of `8`.
              * When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed
              * for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms.
@@ -4381,11 +5029,14 @@ declare module "crypto" {
              *
              * The algorithms currently supported include:
              *
-             * - `'ECDH'`
-             * - `'X25519'`
-             * - `'X448'`
-             * - `'HKDF'`
-             * - `'PBKDF2'`
+             * * `'Argon2d'`
+             * * `'Argon2i'`
+             * * `'Argon2id'`
+             * * `'ECDH'`
+             * * `'HKDF'`
+             * * `'PBKDF2'`
+             * * `'X25519'`
+             * * `'X448'`
              * @since v15.0.0
              */
             deriveBits(
@@ -4394,31 +5045,34 @@ declare module "crypto" {
                 length?: number | null,
             ): Promise<ArrayBuffer>;
             deriveBits(
-                algorithm: EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
+                algorithm: EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params | Argon2Params,
                 baseKey: CryptoKey,
                 length: number,
             ): Promise<ArrayBuffer>;
             /**
              * Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`,
-             * `subtle.deriveKey()` attempts to generate a new <CryptoKey>` based on the method and parameters in `derivedKeyAlgorithm`.
+             * this method attempts to generate a new <CryptoKey>` based on the method and parameters in `derivedKeyAlgorithm`.
              *
              * Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material,
              * then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input.
              *
              * The algorithms currently supported include:
              *
-             * - `'ECDH'`
-             * - `'X25519'`
-             * - `'X448'`
-             * - `'HKDF'`
-             * - `'PBKDF2'`
+             * * `'Argon2d'`
+             * * `'Argon2i'`
+             * * `'Argon2id'`
+             * * `'ECDH'`
+             * * `'HKDF'`
+             * * `'PBKDF2'`
+             * * `'X25519'`
+             * * `'X448'`
              * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
              * @since v15.0.0
              */
             deriveKey(
-                algorithm: EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
+                algorithm: EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params | Argon2Params,
                 baseKey: CryptoKey,
-                derivedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams,
+                derivedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,
                 extractable: boolean,
                 keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKey>;
@@ -4428,30 +5082,73 @@ declare module "crypto" {
              *
              * If `algorithm` is provided as a `<string>`, it must be one of:
              *
-             * - `'SHA-1'`
-             * - `'SHA-256'`
-             * - `'SHA-384'`
-             * - `'SHA-512'`
+             * * `'cSHAKE128'`
+             * * `'cSHAKE256'`
+             * * `'SHA-1'`
+             * * `'SHA-256'`
+             * * `'SHA-384'`
+             * * `'SHA-512'`
+             * * `'SHA3-256'`
+             * * `'SHA3-384'`
+             * * `'SHA3-512'`
              *
              * If `algorithm` is provided as an `<Object>`, it must have a `name` property whose value is one of the above.
              * @since v15.0.0
              */
-            digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
+            digest(algorithm: AlgorithmIdentifier | CShakeParams, data: BufferSource): Promise<ArrayBuffer>;
+            /**
+             * Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key.
+             * This encrypted key is the "encapsulated key" represented as `EncapsulatedBits`.
+             *
+             * The algorithms currently supported include:
+             *
+             * * `'ML-KEM-512'`
+             * * `'ML-KEM-768'`
+             * * `'ML-KEM-1024'`
+             * @since v24.7.0
+             * @returns Fulfills with `EncapsulatedBits` upon success.
+             */
+            encapsulateBits(
+                encapsulationAlgorithm: AlgorithmIdentifier,
+                encapsulationKey: CryptoKey,
+            ): Promise<EncapsulatedBits>;
+            /**
+             * Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key.
+             * This encrypted key is the "encapsulated key" represented as `EncapsulatedKey`.
+             *
+             * The algorithms currently supported include:
+             *
+             * * `'ML-KEM-512'`
+             * * `'ML-KEM-768'`
+             * * `'ML-KEM-1024'`
+             * @since v24.7.0
+             * @param usages See [Key usages](https://nodejs.org/docs/latest-v24.x/api/webcrypto.html#cryptokeyusages).
+             * @returns Fulfills with `EncapsulatedKey` upon success.
+             */
+            encapsulateKey(
+                encapsulationAlgorithm: AlgorithmIdentifier,
+                encapsulationKey: CryptoKey,
+                sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,
+                extractable: boolean,
+                usages: KeyUsage[],
+            ): Promise<EncapsulatedKey>;
             /**
              * Using the method and parameters specified by `algorithm` and the keying material provided by `key`,
-             * `subtle.encrypt()` attempts to encipher `data`. If successful,
+             * this method attempts to encipher `data`. If successful,
              * the returned promise is resolved with an `<ArrayBuffer>` containing the encrypted result.
              *
              * The algorithms currently supported include:
              *
-             * - `'RSA-OAEP'`
-             * - `'AES-CTR'`
-             * - `'AES-CBC'`
-             * - `'AES-GCM'`
+             * * `'AES-CBC'`
+             * * `'AES-CTR'`
+             * * `'AES-GCM'`
+             * * `'AES-OCB'`
+             * * `'ChaCha20-Poly1305'`
+             * * `'RSA-OAEP'`
              * @since v15.0.0
              */
             encrypt(
-                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
+                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
                 key: CryptoKey,
                 data: BufferSource,
             ): Promise<ArrayBuffer>;
@@ -4465,35 +5162,47 @@ declare module "crypto" {
              *
              * When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a
              * JavaScript object conforming to the {@link https://tools.ietf.org/html/rfc7517 JSON Web Key} specification.
-             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, `'jwk'`, `'raw-secret'`,
+             * `'raw-public'`, or `'raw-seed'`.
              * @returns `<Promise>` containing `<ArrayBuffer>`.
              * @since v15.0.0
              */
             exportKey(format: "jwk", key: CryptoKey): Promise<JsonWebKey>;
             exportKey(format: Exclude<KeyFormat, "jwk">, key: CryptoKey): Promise<ArrayBuffer>;
             /**
-             * Using the method and parameters provided in `algorithm`,
-             * `subtle.generateKey()` attempts to generate new keying material.
-             * Depending the method used, the method may generate either a single `<CryptoKey>` or a `<CryptoKeyPair>`.
+             * Using the parameters provided in `algorithm`, this method
+             * attempts to generate new keying material. Depending on the algorithm used
+             * either a single `CryptoKey` or a `CryptoKeyPair` is generated.
              *
-             * The `<CryptoKeyPair>` (public and private key) generating algorithms supported include:
+             * The `CryptoKeyPair` (public and private key) generating algorithms supported
+             * include:
              *
-             * - `'RSASSA-PKCS1-v1_5'`
-             * - `'RSA-PSS'`
-             * - `'RSA-OAEP'`
-             * - `'ECDSA'`
-             * - `'Ed25519'`
-             * - `'Ed448'`
-             * - `'ECDH'`
-             * - `'X25519'`
-             * - `'X448'`
-             * The `<CryptoKey>` (secret key) generating algorithms supported include:
+             * * `'ECDH'`
+             * * `'ECDSA'`
+             * * `'Ed25519'`
+             * * `'Ed448'`
+             * * `'ML-DSA-44'`
+             * * `'ML-DSA-65'`
+             * * `'ML-DSA-87'`
+             * * `'ML-KEM-512'`
+             * * `'ML-KEM-768'`
+             * * `'ML-KEM-1024'`
+             * * `'RSA-OAEP'`
+             * * `'RSA-PSS'`
+             * * `'RSASSA-PKCS1-v1_5'`
+             * * `'X25519'`
+             * * `'X448'`
              *
-             * - `'HMAC'`
-             * - `'AES-CTR'`
-             * - `'AES-CBC'`
-             * - `'AES-GCM'`
-             * - `'AES-KW'`
+             * The `CryptoKey` (secret key) generating algorithms supported include:
+             * * `'AES-CBC'`
+             * * `'AES-CTR'`
+             * * `'AES-GCM'`
+             * * `'AES-KW'`
+             * * `'AES-OCB'`
+             * * `'ChaCha20-Poly1305'`
+             * * `'HMAC'`
+             * * `'KMAC128'`
+             * * `'KMAC256'`
              * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
              * @since v15.0.0
              */
@@ -4503,7 +5212,7 @@ declare module "crypto" {
                 keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKeyPair>;
             generateKey(
-                algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params,
+                algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params | KmacKeyGenParams,
                 extractable: boolean,
                 keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKey>;
@@ -4513,12 +5222,23 @@ declare module "crypto" {
                 keyUsages: KeyUsage[],
             ): Promise<CryptoKeyPair | CryptoKey>;
             /**
-             * The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format`
-             * to create a `<CryptoKey>` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments.
-             * If the import is successful, the returned promise will be resolved with the created `<CryptoKey>`.
+             * Derives the public key from a given private key.
+             * @since v24.7.0
+             * @param key A private key from which to derive the corresponding public key.
+             * @param keyUsages See [Key usages](https://nodejs.org/docs/latest-v24.x/api/webcrypto.html#cryptokeyusages).
+             * @returns Fulfills with a `CryptoKey` upon success.
+             */
+            getPublicKey(key: CryptoKey, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+            /**
+             * This method attempts to interpret the provided `keyData`
+             * as the given `format` to create a `CryptoKey` instance using the provided
+             * `algorithm`, `extractable`, and `keyUsages` arguments. If the import is
+             * successful, the returned promise will be resolved with a {CryptoKey}
+             * representation of the key material.
              *
-             * If importing a `'PBKDF2'` key, `extractable` must be `false`.
-             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * If importing KDF algorithm keys, `extractable` must be `false`.
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, `'jwk'`, `'raw-secret'`,
+             * `'raw-public'`, or `'raw-seed'`.
              * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
              * @since v15.0.0
              */
@@ -4530,7 +5250,8 @@ declare module "crypto" {
                     | RsaHashedImportParams
                     | EcKeyImportParams
                     | HmacImportParams
-                    | AesKeyAlgorithm,
+                    | AesKeyAlgorithm
+                    | KmacImportParams,
                 extractable: boolean,
                 keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKey>;
@@ -4542,62 +5263,81 @@ declare module "crypto" {
                     | RsaHashedImportParams
                     | EcKeyImportParams
                     | HmacImportParams
-                    | AesKeyAlgorithm,
+                    | AesKeyAlgorithm
+                    | KmacImportParams,
                 extractable: boolean,
                 keyUsages: KeyUsage[],
             ): Promise<CryptoKey>;
             /**
              * Using the method and parameters given by `algorithm` and the keying material provided by `key`,
-             * `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful,
+             * this method attempts to generate a cryptographic signature of `data`. If successful,
              * the returned promise is resolved with an `<ArrayBuffer>` containing the generated signature.
              *
              * The algorithms currently supported include:
              *
-             * - `'RSASSA-PKCS1-v1_5'`
-             * - `'RSA-PSS'`
-             * - `'ECDSA'`
-             * - `'Ed25519'`
-             * - `'Ed448'`
-             * - `'HMAC'`
+             * * `'ECDSA'`
+             * * `'Ed25519'`
+             * * `'Ed448'`
+             * * `'HMAC'`
+             * * `'KMAC128'`
+             * * `'KMAC256'`
+             * * `'ML-DSA-44'`
+             * * `'ML-DSA-65'`
+             * * `'ML-DSA-87'`
+             * * `'RSA-PSS'`
+             * * `'RSASSA-PKCS1-v1_5'`
              * @since v15.0.0
              */
             sign(
-                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
+                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | ContextParams | KmacParams,
                 key: CryptoKey,
                 data: BufferSource,
             ): Promise<ArrayBuffer>;
             /**
              * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
-             * The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `<CryptoKey>` instance.
+             * This method attempts to decrypt a wrapped key and create a `<CryptoKey>` instance.
              * It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input)
              * then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs.
              * If successful, the returned promise is resolved with a `<CryptoKey>` object.
              *
              * The wrapping algorithms currently supported include:
              *
-             * - `'RSA-OAEP'`
-             * - `'AES-CTR'`
-             * - `'AES-CBC'`
-             * - `'AES-GCM'`
-             * - `'AES-KW'`
+             * * `'AES-CBC'`
+             * * `'AES-CTR'`
+             * * `'AES-GCM'`
+             * * `'AES-KW'`
+             * * `'AES-OCB'`
+             * * `'ChaCha20-Poly1305'`
+             * * `'RSA-OAEP'`
              *
              * The unwrapped key algorithms supported include:
              *
-             * - `'RSASSA-PKCS1-v1_5'`
-             * - `'RSA-PSS'`
-             * - `'RSA-OAEP'`
-             * - `'ECDSA'`
-             * - `'Ed25519'`
-             * - `'Ed448'`
-             * - `'ECDH'`
-             * - `'X25519'`
-             * - `'X448'`
-             * - `'HMAC'`
-             * - `'AES-CTR'`
-             * - `'AES-CBC'`
-             * - `'AES-GCM'`
-             * - `'AES-KW'`
-             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * * `'AES-CBC'`
+             * * `'AES-CTR'`
+             * * `'AES-GCM'`
+             * * `'AES-KW'`
+             * * `'AES-OCB'`
+             * * `'ChaCha20-Poly1305'`
+             * * `'ECDH'`
+             * * `'ECDSA'`
+             * * `'Ed25519'`
+             * * `'Ed448'`
+             * * `'HMAC'`
+             * * `'KMAC128'`
+             * * `'KMAC256'`
+             * * `'ML-DSA-44'`
+             * * `'ML-DSA-65'`
+             * * `'ML-DSA-87'`
+             * * `'ML-KEM-512'`
+             * * `'ML-KEM-768'`
+             * * `'ML-KEM-1024'`
+             * * `'RSA-OAEP'`
+             * * `'RSA-PSS'`
+             * * `'RSASSA-PKCS1-v1_5'`
+             * * `'X25519'`
+             * * `'X448'`
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, `'jwk'`, `'raw-secret'`,
+             * `'raw-public'`, or `'raw-seed'`.
              * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
              * @since v15.0.0
              */
@@ -4605,40 +5345,46 @@ declare module "crypto" {
                 format: KeyFormat,
                 wrappedKey: BufferSource,
                 unwrappingKey: CryptoKey,
-                unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
+                unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
                 unwrappedKeyAlgorithm:
                     | AlgorithmIdentifier
                     | RsaHashedImportParams
                     | EcKeyImportParams
                     | HmacImportParams
-                    | AesKeyAlgorithm,
+                    | AesKeyAlgorithm
+                    | KmacImportParams,
                 extractable: boolean,
                 keyUsages: KeyUsage[],
             ): Promise<CryptoKey>;
             /**
              * Using the method and parameters given in `algorithm` and the keying material provided by `key`,
-             * `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`.
+             * This method attempts to verify that `signature` is a valid cryptographic signature of `data`.
              * The returned promise is resolved with either `true` or `false`.
              *
              * The algorithms currently supported include:
              *
-             * - `'RSASSA-PKCS1-v1_5'`
-             * - `'RSA-PSS'`
-             * - `'ECDSA'`
-             * - `'Ed25519'`
-             * - `'Ed448'`
-             * - `'HMAC'`
+             * * `'ECDSA'`
+             * * `'Ed25519'`
+             * * `'Ed448'`
+             * * `'HMAC'`
+             * * `'KMAC128'`
+             * * `'KMAC256'`
+             * * `'ML-DSA-44'`
+             * * `'ML-DSA-65'`
+             * * `'ML-DSA-87'`
+             * * `'RSA-PSS'`
+             * * `'RSASSA-PKCS1-v1_5'`
              * @since v15.0.0
              */
             verify(
-                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
+                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | ContextParams | KmacParams,
                 key: CryptoKey,
                 signature: BufferSource,
                 data: BufferSource,
             ): Promise<boolean>;
             /**
              * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
-             * The `subtle.wrapKey()` method exports the keying material into the format identified by `format`,
+             * This method exports the keying material into the format identified by `format`,
              * then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`.
              * It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments,
              * then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs.
@@ -4646,30 +5392,25 @@ declare module "crypto" {
              *
              * The wrapping algorithms currently supported include:
              *
-             * - `'RSA-OAEP'`
-             * - `'AES-CTR'`
-             * - `'AES-CBC'`
-             * - `'AES-GCM'`
-             * - `'AES-KW'`
-             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * * `'AES-CBC'`
+             * * `'AES-CTR'`
+             * * `'AES-GCM'`
+             * * `'AES-KW'`
+             * * `'AES-OCB'`
+             * * `'ChaCha20-Poly1305'`
+             * * `'RSA-OAEP'`
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, `'jwk'`, `'raw-secret'`,
+             * `'raw-public'`, or `'raw-seed'`.
              * @since v15.0.0
              */
             wrapKey(
                 format: KeyFormat,
                 key: CryptoKey,
                 wrappingKey: CryptoKey,
-                wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
+                wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
             ): Promise<ArrayBuffer>;
         }
     }
-
-    global {
-        var crypto: typeof globalThis extends {
-            crypto: infer T;
-            onmessage: any;
-        } ? T
-            : webcrypto.Crypto;
-    }
 }
 declare module "node:crypto" {
     export * from "crypto";