@types/node 18.11.5 → 20.2.5

node/crypto.d.ts

@@ -1,9 +1,10 @@
 /**
- * The `crypto` module provides cryptographic functionality that includes a set of
- * wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions.
+ * The `node:crypto` module provides cryptographic functionality that includes a
+ * set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify
+ * functions.
  *
  * ```js
- * const { createHmac } = await import('crypto');
+ * const { createHmac } = await import('node:crypto');
  *
  * const secret = 'abcdefg';
  * const hash = createHmac('sha256', secret)
@@ -13,7 +14,7 @@
  * // Prints:
  * //   c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
  * ```
- * @see [source](https://github.com/nodejs/node/blob/v18.0.0/lib/crypto.js)
+ * @see [source](https://github.com/nodejs/node/blob/v20.2.0/lib/crypto.js)
  */
 declare module 'crypto' {
     import * as stream from 'node:stream';
@@ -25,7 +26,7 @@ declare module 'crypto' {
      * `<keygen>` is deprecated since [HTML 5.2](https://www.w3.org/TR/html52/changes.html#features-removed) and new projects
      * should not use this element anymore.
      *
-     * The `crypto` module provides the `Certificate` class for working with SPKAC
+     * The `node:crypto` module provides the `Certificate` class for working with SPKAC
      * data. The most common usage is handling output generated by the HTML5`<keygen>` element. Node.js uses [OpenSSL's SPKAC
      * implementation](https://www.openssl.org/docs/man1.1.0/apps/openssl-spkac.html) internally.
      * @since v0.11.8
@@ -33,7 +34,7 @@ declare module 'crypto' {
     class Certificate {
         /**
          * ```js
-         * const { Certificate } = await import('crypto');
+         * const { Certificate } = await import('node:crypto');
          * const spkac = getSpkacSomehow();
          * const challenge = Certificate.exportChallenge(spkac);
          * console.log(challenge.toString('utf8'));
@@ -46,7 +47,7 @@ declare module 'crypto' {
         static exportChallenge(spkac: BinaryLike): Buffer;
         /**
          * ```js
-         * const { Certificate } = await import('crypto');
+         * const { Certificate } = await import('node:crypto');
          * const spkac = getSpkacSomehow();
          * const publicKey = Certificate.exportPublicKey(spkac);
          * console.log(publicKey);
@@ -59,8 +60,8 @@ declare module 'crypto' {
         static exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
         /**
          * ```js
-         * import { Buffer } from 'buffer';
-         * const { Certificate } = await import('crypto');
+         * import { Buffer } from 'node:buffer';
+         * const { Certificate } = await import('node:crypto');
          *
          * const spkac = getSpkacSomehow();
          * console.log(Certificate.verifySpkac(Buffer.from(spkac)));
@@ -95,7 +96,7 @@ declare module 'crypto' {
         verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
     }
     namespace constants {
-        // https://nodejs.org/dist/latest-v10.x/docs/api/crypto.html#crypto_crypto_constants
+        // https://nodejs.org/dist/latest-v20.x/docs/api/crypto.html#crypto-constants
         const OPENSSL_VERSION_NUMBER: number;
         /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
         const SSL_OP_ALL: number;
@@ -111,18 +112,8 @@ declare module 'crypto' {
         const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
         /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
         const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
-        /** Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations. */
-        const SSL_OP_EPHEMERAL_RSA: number;
         /** Allows initial connection to servers that do not support RI. */
         const SSL_OP_LEGACY_SERVER_CONNECT: number;
-        const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: number;
-        const SSL_OP_MICROSOFT_SESS_ID_BUG: number;
-        /** Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation. */
-        const SSL_OP_MSIE_SSLV2_RSA_PADDING: number;
-        const SSL_OP_NETSCAPE_CA_DN_BUG: number;
-        const SSL_OP_NETSCAPE_CHALLENGE_BUG: number;
-        const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: number;
-        const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: number;
         /** Instructs OpenSSL to disable support for SSL/TLS compression. */
         const SSL_OP_NO_COMPRESSION: number;
         const SSL_OP_NO_QUERY_MTU: number;
@@ -134,16 +125,6 @@ declare module 'crypto' {
         const SSL_OP_NO_TLSv1: number;
         const SSL_OP_NO_TLSv1_1: number;
         const SSL_OP_NO_TLSv1_2: number;
-        const SSL_OP_PKCS1_CHECK_1: number;
-        const SSL_OP_PKCS1_CHECK_2: number;
-        /** Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters. */
-        const SSL_OP_SINGLE_DH_USE: number;
-        /** Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters. */
-        const SSL_OP_SINGLE_ECDH_USE: number;
-        const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: number;
-        const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: number;
-        const SSL_OP_TLS_BLOCK_PADDING_BUG: number;
-        const SSL_OP_TLS_D5_BUG: number;
         /** Instructs OpenSSL to disable version rollback attack detection. */
         const SSL_OP_TLS_ROLLBACK_BUG: number;
         const ENGINE_METHOD_RSA: number;
@@ -161,7 +142,6 @@ declare module 'crypto' {
         const DH_CHECK_P_NOT_PRIME: number;
         const DH_UNABLE_TO_CHECK_GENERATOR: number;
         const DH_NOT_SUITABLE_GENERATOR: number;
-        const ALPN_ENABLED: number;
         const RSA_PKCS1_PADDING: number;
         const RSA_SSLV23_PADDING: number;
         const RSA_NO_PADDING: number;
@@ -206,12 +186,12 @@ declare module 'crypto' {
      *
      * ```js
      * import {
-     *   createReadStream
-     * } from 'fs';
-     * import { argv } from 'process';
+     *   createReadStream,
+     * } from 'node:fs';
+     * import { argv } from 'node:process';
      * const {
-     *   createHash
-     * } = await import('crypto');
+     *   createHash,
+     * } = await import('node:crypto');
      *
      * const filename = argv[2];
      *
@@ -249,12 +229,12 @@ declare module 'crypto' {
      *
      * ```js
      * import {
-     *   createReadStream
-     * } from 'fs';
-     * import { argv } from 'process';
+     *   createReadStream,
+     * } from 'node:fs';
+     * import { argv } from 'node:process';
      * const {
-     *   createHmac
-     * } = await import('crypto');
+     *   createHmac,
+     * } = await import('node:crypto');
      *
      * const filename = argv[2];
      *
@@ -297,8 +277,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   createHash
-     * } = await import('crypto');
+     *   createHash,
+     * } = await import('node:crypto');
      *
      * const hash = createHash('sha256');
      *
@@ -320,9 +300,9 @@ declare module 'crypto' {
      * Example: Using `Hash` and piped streams:
      *
      * ```js
-     * import { createReadStream } from 'fs';
-     * import { stdout } from 'process';
-     * const { createHash } = await import('crypto');
+     * import { createReadStream } from 'node:fs';
+     * import { stdout } from 'node:process';
+     * const { createHash } = await import('node:crypto');
      *
      * const hash = createHash('sha256');
      *
@@ -334,8 +314,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   createHash
-     * } = await import('crypto');
+     *   createHash,
+     * } = await import('node:crypto');
      *
      * const hash = createHash('sha256');
      *
@@ -362,8 +342,8 @@ declare module 'crypto' {
          * ```js
          * // Calculate a rolling hash.
          * const {
-         *   createHash
-         * } = await import('crypto');
+         *   createHash,
+         * } = await import('node:crypto');
          *
          * const hash = createHash('sha256');
          *
@@ -422,8 +402,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   createHmac
-     * } = await import('crypto');
+     *   createHmac,
+     * } = await import('node:crypto');
      *
      * const hmac = createHmac('sha256', 'a secret');
      *
@@ -445,11 +425,11 @@ declare module 'crypto' {
      * Example: Using `Hmac` and piped streams:
      *
      * ```js
-     * import { createReadStream } from 'fs';
-     * import { stdout } from 'process';
+     * import { createReadStream } from 'node:fs';
+     * import { stdout } from 'node:process';
      * const {
-     *   createHmac
-     * } = await import('crypto');
+     *   createHmac,
+     * } = await import('node:crypto');
      *
      * const hmac = createHmac('sha256', 'a secret');
      *
@@ -461,8 +441,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   createHmac
-     * } = await import('crypto');
+     *   createHmac,
+     * } = await import('node:crypto');
      *
      * const hmac = createHmac('sha256', 'a secret');
      *
@@ -575,13 +555,13 @@ declare module 'crypto' {
          * Example: Converting a `CryptoKey` instance to a `KeyObject`:
          *
          * ```js
-         * const { webcrypto, KeyObject } = await import('crypto');
-         * const { subtle } = webcrypto;
+         * const { KeyObject } = await import('node:crypto');
+         * const { subtle } = globalThis.crypto;
          *
          * const key = await subtle.generateKey({
          *   name: 'HMAC',
          *   hash: 'SHA-256',
-         *   length: 256
+         *   length: 256,
          * }, true, ['sign', 'verify']);
          *
          * const keyObject = KeyObject.from(key);
@@ -698,6 +678,10 @@ declare module 'crypto' {
      * The `password` is used to derive the cipher key and initialization vector (IV).
      * The value must be either a `'latin1'` encoded string, a `Buffer`, a`TypedArray`, or a `DataView`.
      *
+     * **This function is semantically insecure for all**
+     * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
+     * **GCM, or CCM).**
+     *
      * The implementation of `crypto.createCipher()` derives keys using the OpenSSL
      * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
      * iteration, and no salt. The lack of salt allows dictionary attacks as the same
@@ -773,8 +757,8 @@ declare module 'crypto' {
      * const {
      *   scrypt,
      *   randomFill,
-     *   createCipheriv
-     * } = await import('crypto');
+     *   createCipheriv,
+     * } = await import('node:crypto');
      *
      * const algorithm = 'aes-192-cbc';
      * const password = 'Password used to generate key';
@@ -808,17 +792,17 @@ declare module 'crypto' {
      * import {
      *   createReadStream,
      *   createWriteStream,
-     * } from 'fs';
+     * } from 'node:fs';
      *
      * import {
-     *   pipeline
-     * } from 'stream';
+     *   pipeline,
+     * } from 'node:stream';
      *
      * const {
      *   scrypt,
      *   randomFill,
-     *   createCipheriv
-     * } = await import('crypto');
+     *   createCipheriv,
+     * } = await import('node:crypto');
      *
      * const algorithm = 'aes-192-cbc';
      * const password = 'Password used to generate key';
@@ -849,8 +833,8 @@ declare module 'crypto' {
      * const {
      *   scrypt,
      *   randomFill,
-     *   createCipheriv
-     * } = await import('crypto');
+     *   createCipheriv,
+     * } = await import('node:crypto');
      *
      * const algorithm = 'aes-192-cbc';
      * const password = 'Password used to generate key';
@@ -955,6 +939,10 @@ declare module 'crypto' {
      * authentication tag in bytes, see `CCM mode`.
      * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
      *
+     * **This function is semantically insecure for all**
+     * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
+     * **GCM, or CCM).**
+     *
      * The implementation of `crypto.createDecipher()` derives keys using the OpenSSL
      * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man1.1.0/crypto/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
      * iteration, and no salt. The lack of salt allows dictionary attacks as the same
@@ -1023,11 +1011,11 @@ declare module 'crypto' {
      * Example: Using `Decipher` objects as streams:
      *
      * ```js
-     * import { Buffer } from 'buffer';
+     * import { Buffer } from 'node:buffer';
      * const {
      *   scryptSync,
-     *   createDecipheriv
-     * } = await import('crypto');
+     *   createDecipheriv,
+     * } = await import('node:crypto');
      *
      * const algorithm = 'aes-192-cbc';
      * const password = 'Password used to generate key';
@@ -1042,6 +1030,7 @@ declare module 'crypto' {
      *
      * let decrypted = '';
      * decipher.on('readable', () => {
+     *   let chunk;
      *   while (null !== (chunk = decipher.read())) {
      *     decrypted += chunk.toString('utf8');
      *   }
@@ -1064,12 +1053,12 @@ declare module 'crypto' {
      * import {
      *   createReadStream,
      *   createWriteStream,
-     * } from 'fs';
-     * import { Buffer } from 'buffer';
+     * } from 'node:fs';
+     * import { Buffer } from 'node:buffer';
      * const {
      *   scryptSync,
-     *   createDecipheriv
-     * } = await import('crypto');
+     *   createDecipheriv,
+     * } = await import('node:crypto');
      *
      * const algorithm = 'aes-192-cbc';
      * const password = 'Password used to generate key';
@@ -1089,11 +1078,11 @@ declare module 'crypto' {
      * Example: Using the `decipher.update()` and `decipher.final()` methods:
      *
      * ```js
-     * import { Buffer } from 'buffer';
+     * import { Buffer } from 'node:buffer';
      * const {
      *   scryptSync,
-     *   createDecipheriv
-     * } = await import('crypto');
+     *   createDecipheriv,
+     * } = await import('node:crypto');
      *
      * const algorithm = 'aes-192-cbc';
      * const password = 'Password used to generate key';
@@ -1190,19 +1179,21 @@ declare module 'crypto' {
         format?: KeyFormat | undefined;
         type?: 'pkcs1' | 'pkcs8' | 'sec1' | undefined;
         passphrase?: string | Buffer | undefined;
+        encoding?: string | undefined;
     }
     interface PublicKeyInput {
         key: string | Buffer;
         format?: KeyFormat | undefined;
         type?: 'pkcs1' | 'spki' | undefined;
+        encoding?: string | undefined;
     }
     /**
      * Asynchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
      *
      * ```js
      * const {
-     *   generateKey
-     * } = await import('crypto');
+     *   generateKey,
+     * } = await import('node:crypto');
      *
      * generateKey('hmac', { length: 64 }, (err, key) => {
      *   if (err) throw err;
@@ -1224,8 +1215,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   generateKeySync
-     * } = await import('crypto');
+     *   generateKeySync,
+     * } = await import('node:crypto');
      *
      * const key = generateKeySync('hmac', { length: 64 });
      * console.log(key.export().toString('hex'));  // e89..........41e
@@ -1291,7 +1282,7 @@ declare module 'crypto' {
     type DSAEncoding = 'der' | 'ieee-p1363';
     interface SigningOptions {
         /**
-         * @See crypto.constants.RSA_PKCS1_PADDING
+         * @see crypto.constants.RSA_PKCS1_PADDING
          */
         padding?: number | undefined;
         saltLength?: number | undefined;
@@ -1305,6 +1296,7 @@ declare module 'crypto' {
     interface VerifyKeyObjectInput extends SigningOptions {
         key: KeyObject;
     }
+    interface VerifyJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
     type KeyLike = string | Buffer | KeyObject;
     /**
      * The `Sign` class is a utility for generating signatures. It can be used in one
@@ -1324,11 +1316,11 @@ declare module 'crypto' {
      * const {
      *   generateKeyPairSync,
      *   createSign,
-     *   createVerify
-     * } = await import('crypto');
+     *   createVerify,
+     * } = await import('node:crypto');
      *
      * const { privateKey, publicKey } = generateKeyPairSync('ec', {
-     *   namedCurve: 'sect239k1'
+     *   namedCurve: 'sect239k1',
      * });
      *
      * const sign = createSign('SHA256');
@@ -1349,8 +1341,8 @@ declare module 'crypto' {
      * const {
      *   generateKeyPairSync,
      *   createSign,
-     *   createVerify
-     * } = await import('crypto');
+     *   createVerify,
+     * } = await import('node:crypto');
      *
      * const { privateKey, publicKey } = generateKeyPairSync('rsa', {
      *   modulusLength: 2048,
@@ -1459,8 +1451,8 @@ declare module 'crypto' {
          * be passed instead of a public key.
          * @since v0.1.92
          */
-        verify(object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput, signature: NodeJS.ArrayBufferView): boolean;
-        verify(object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput, signature: string, signature_format?: BinaryToTextEncoding): boolean;
+        verify(object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput, signature: NodeJS.ArrayBufferView): boolean;
+        verify(object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput, signature: string, signature_format?: BinaryToTextEncoding): boolean;
     }
     /**
      * Creates a `DiffieHellman` key exchange object using the supplied `prime` and an
@@ -1490,11 +1482,11 @@ declare module 'crypto' {
      * Instances of the `DiffieHellman` class can be created using the {@link createDiffieHellman} function.
      *
      * ```js
-     * import assert from 'assert';
+     * import assert from 'node:assert';
      *
      * const {
-     *   createDiffieHellman
-     * } = await import('crypto');
+     *   createDiffieHellman,
+     * } = await import('node:crypto');
      *
      * // Generate Alice's keys...
      * const alice = createDiffieHellman(2048);
@@ -1600,7 +1592,7 @@ declare module 'crypto' {
          * A bit field containing any warnings and/or errors resulting from a check
          * performed during initialization of the `DiffieHellman` object.
          *
-         * The following values are valid for this property (as defined in `constants`module):
+         * The following values are valid for this property (as defined in `node:constants` module):
          *
          * * `DH_CHECK_P_NOT_SAFE_PRIME`
          * * `DH_CHECK_P_NOT_PRIME`
@@ -1635,16 +1627,16 @@ declare module 'crypto' {
      */
     const DiffieHellmanGroup: DiffieHellmanGroupConstructor;
     interface DiffieHellmanGroupConstructor {
-        new(name: string): DiffieHellmanGroup;
+        new (name: string): DiffieHellmanGroup;
         (name: string): DiffieHellmanGroup;
         readonly prototype: DiffieHellmanGroup;
     }
     type DiffieHellmanGroup = Omit<DiffieHellman, 'setPublicKey' | 'setPrivateKey'>;
     /**
      * Creates a predefined `DiffieHellmanGroup` key exchange object. The
-     * supported groups are: `'modp1'`, `'modp2'`, `'modp5'` (defined in [RFC 2412](https://www.rfc-editor.org/rfc/rfc2412.txt), but see `Caveats`) and `'modp14'`, `'modp15'`,`'modp16'`, `'modp17'`,
-     * `'modp18'` (defined in [RFC 3526](https://www.rfc-editor.org/rfc/rfc3526.txt)). The
-     * returned object mimics the interface of objects created by {@link createDiffieHellman}, but will not allow changing
+     * supported groups are listed in the documentation for `DiffieHellmanGroup`.
+     *
+     * The returned object mimics the interface of objects created by {@link createDiffieHellman}, but will not allow changing
      * the keys (with `diffieHellman.setPublicKey()`, for example). The
      * advantage of using this method is that the parties do not have to
      * generate nor exchange a group modulus beforehand, saving both processor
@@ -1654,8 +1646,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   getDiffieHellman
-     * } = await import('crypto');
+     *   getDiffieHellman,
+     * } = await import('node:crypto');
      * const alice = getDiffieHellman('modp14');
      * const bob = getDiffieHellman('modp14');
      *
@@ -1685,9 +1677,6 @@ declare module 'crypto' {
      * otherwise `err` will be `null`. By default, the successfully generated`derivedKey` will be passed to the callback as a `Buffer`. An error will be
      * thrown if any of the input arguments specify invalid values or types.
      *
-     * If `digest` is `null`, `'sha1'` will be used. This behavior is deprecated,
-     * please specify a `digest` explicitly.
-     *
      * The `iterations` argument must be a number set as high as possible. The
      * higher the number of iterations, the more secure the derived key will be,
      * but will take a longer amount of time to complete.
@@ -1699,8 +1688,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   pbkdf2
-     * } = await import('crypto');
+     *   pbkdf2,
+     * } = await import('node:crypto');
      *
      * pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
      *   if (err) throw err;
@@ -1708,18 +1697,6 @@ declare module 'crypto' {
      * });
      * ```
      *
-     * The `crypto.DEFAULT_ENCODING` property can be used to change the way the`derivedKey` is passed to the callback. This property, however, has been
-     * deprecated and use should be avoided.
-     *
-     * ```js
-     * import crypto from 'crypto';
-     * crypto.DEFAULT_ENCODING = 'hex';
-     * crypto.pbkdf2('secret', 'salt', 100000, 512, 'sha512', (err, derivedKey) => {
-     *   if (err) throw err;
-     *   console.log(derivedKey);  // '3745e48...aa39b34'
-     * });
-     * ```
-     *
      * An array of supported digest functions can be retrieved using {@link getHashes}.
      *
      * This API uses libuv's threadpool, which can have surprising and
@@ -1735,9 +1712,6 @@ declare module 'crypto' {
      * If an error occurs an `Error` will be thrown, otherwise the derived key will be
      * returned as a `Buffer`.
      *
-     * If `digest` is `null`, `'sha1'` will be used. This behavior is deprecated,
-     * please specify a `digest` explicitly.
-     *
      * The `iterations` argument must be a number set as high as possible. The
      * higher the number of iterations, the more secure the derived key will be,
      * but will take a longer amount of time to complete.
@@ -1749,23 +1723,13 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   pbkdf2Sync
-     * } = await import('crypto');
+     *   pbkdf2Sync,
+     * } = await import('node:crypto');
      *
      * const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
      * console.log(key.toString('hex'));  // '3745e48...08d59ae'
      * ```
      *
-     * The `crypto.DEFAULT_ENCODING` property may be used to change the way the`derivedKey` is returned. This property, however, is deprecated and use
-     * should be avoided.
-     *
-     * ```js
-     * import crypto from 'crypto';
-     * crypto.DEFAULT_ENCODING = 'hex';
-     * const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 512, 'sha512');
-     * console.log(key);  // '3745e48...aa39b34'
-     * ```
-     *
      * An array of supported digest functions can be retrieved using {@link getHashes}.
      * @since v0.9.3
      */
@@ -1781,8 +1745,8 @@ declare module 'crypto' {
      * ```js
      * // Asynchronous
      * const {
-     *   randomBytes
-     * } = await import('crypto');
+     *   randomBytes,
+     * } = await import('node:crypto');
      *
      * randomBytes(256, (err, buf) => {
      *   if (err) throw err;
@@ -1797,8 +1761,8 @@ declare module 'crypto' {
      * ```js
      * // Synchronous
      * const {
-     *   randomBytes
-     * } = await import('crypto');
+     *   randomBytes,
+     * } = await import('node:crypto');
      *
      * const buf = randomBytes(256);
      * console.log(
@@ -1830,7 +1794,7 @@ declare module 'crypto' {
      * Return a random integer `n` such that `min <= n < max`.  This
      * implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias).
      *
-     * The range (`max - min`) must be less than 2^48. `min` and `max` must
+     * The range (`max - min`) must be less than 248. `min` and `max` must
      * be [safe integers](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger).
      *
      * If the `callback` function is not provided, the random integer is
@@ -1839,8 +1803,8 @@ declare module 'crypto' {
      * ```js
      * // Asynchronous
      * const {
-     *   randomInt
-     * } = await import('crypto');
+     *   randomInt,
+     * } = await import('node:crypto');
      *
      * randomInt(3, (err, n) => {
      *   if (err) throw err;
@@ -1851,8 +1815,8 @@ declare module 'crypto' {
      * ```js
      * // Synchronous
      * const {
-     *   randomInt
-     * } = await import('crypto');
+     *   randomInt,
+     * } = await import('node:crypto');
      *
      * const n = randomInt(3);
      * console.log(`Random number chosen from (0, 1, 2): ${n}`);
@@ -1861,8 +1825,8 @@ declare module 'crypto' {
      * ```js
      * // With `min` argument
      * const {
-     *   randomInt
-     * } = await import('crypto');
+     *   randomInt,
+     * } = await import('node:crypto');
      *
      * const n = randomInt(1, 7);
      * console.log(`The dice rolled: ${n}`);
@@ -1880,8 +1844,8 @@ declare module 'crypto' {
      * Synchronous version of {@link randomFill}.
      *
      * ```js
-     * import { Buffer } from 'buffer';
-     * const { randomFillSync } = await import('crypto');
+     * import { Buffer } from 'node:buffer';
+     * const { randomFillSync } = await import('node:crypto');
      *
      * const buf = Buffer.alloc(10);
      * console.log(randomFillSync(buf).toString('hex'));
@@ -1897,8 +1861,8 @@ declare module 'crypto' {
      * Any `ArrayBuffer`, `TypedArray` or `DataView` instance may be passed as`buffer`.
      *
      * ```js
-     * import { Buffer } from 'buffer';
-     * const { randomFillSync } = await import('crypto');
+     * import { Buffer } from 'node:buffer';
+     * const { randomFillSync } = await import('node:crypto');
      *
      * const a = new Uint32Array(10);
      * console.log(Buffer.from(randomFillSync(a).buffer,
@@ -1926,8 +1890,8 @@ declare module 'crypto' {
      * If the `callback` function is not provided, an error will be thrown.
      *
      * ```js
-     * import { Buffer } from 'buffer';
-     * const { randomFill } = await import('crypto');
+     * import { Buffer } from 'node:buffer';
+     * const { randomFill } = await import('node:crypto');
      *
      * const buf = Buffer.alloc(10);
      * randomFill(buf, (err, buf) => {
@@ -1956,8 +1920,8 @@ declare module 'crypto' {
      * distribution and have no meaningful lower or upper bounds.
      *
      * ```js
-     * import { Buffer } from 'buffer';
-     * const { randomFill } = await import('crypto');
+     * import { Buffer } from 'node:buffer';
+     * const { randomFill } = await import('node:crypto');
      *
      * const a = new Uint32Array(10);
      * randomFill(a, (err, buf) => {
@@ -2023,8 +1987,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   scrypt
-     * } = await import('crypto');
+     *   scrypt,
+     * } = await import('node:crypto');
      *
      * // Using the factory defaults.
      * scrypt('password', 'salt', 64, (err, derivedKey) => {
@@ -2059,8 +2023,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   scryptSync
-     * } = await import('crypto');
+     *   scryptSync,
+     * } = await import('node:crypto');
      * // Using the factory defaults.
      *
      * const key1 = scryptSync('password', 'salt', 64);
@@ -2131,8 +2095,8 @@ declare module 'crypto' {
     /**
      * ```js
      * const {
-     *   getCiphers
-     * } = await import('crypto');
+     *   getCiphers,
+     * } = await import('node:crypto');
      *
      * console.log(getCiphers()); // ['aes-128-cbc', 'aes-128-ccm', ...]
      * ```
@@ -2143,8 +2107,8 @@ declare module 'crypto' {
     /**
      * ```js
      * const {
-     *   getCurves
-     * } = await import('crypto');
+     *   getCurves,
+     * } = await import('node:crypto');
      *
      * console.log(getCurves()); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]
      * ```
@@ -2158,7 +2122,8 @@ declare module 'crypto' {
      */
     function getFips(): 1 | 0;
     /**
-     * Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. Throws an error if FIPS mode is not available.
+     * Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.
+     * Throws an error if FIPS mode is not available.
      * @since v10.0.0
      * @param bool `true` to enable FIPS mode.
      */
@@ -2166,8 +2131,8 @@ declare module 'crypto' {
     /**
      * ```js
      * const {
-     *   getHashes
-     * } = await import('crypto');
+     *   getHashes,
+     * } = await import('node:crypto');
      *
      * console.log(getHashes()); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
      * ```
@@ -2182,11 +2147,11 @@ declare module 'crypto' {
      * Instances of the `ECDH` class can be created using the {@link createECDH} function.
      *
      * ```js
-     * import assert from 'assert';
+     * import assert from 'node:assert';
      *
      * const {
-     *   createECDH
-     * } = await import('crypto');
+     *   createECDH,
+     * } = await import('node:crypto');
      *
      * // Generate Alice's keys...
      * const alice = createECDH('secp521r1');
@@ -2227,8 +2192,8 @@ declare module 'crypto' {
          * ```js
          * const {
          *   createECDH,
-         *   ECDH
-         * } = await import('crypto');
+         *   ECDH,
+         * } = await import('node:crypto');
          *
          * const ecdh = createECDH('secp256k1');
          * ecdh.generateKeys();
@@ -2306,7 +2271,7 @@ declare module 'crypto' {
          * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
          * returned.
          * @since v0.11.14
-         * @param [encoding] The `encoding` of the return value.
+         * @param encoding The `encoding` of the return value.
          * @param [format='uncompressed']
          * @return The EC Diffie-Hellman public key in the specified `encoding` and `format`.
          */
@@ -2335,8 +2300,10 @@ declare module 'crypto' {
      */
     function createECDH(curveName: string): ECDH;
     /**
-     * This function is based on a constant-time algorithm.
-     * Returns true if `a` is equal to `b`, without leaking timing information that
+     * This function compares the underlying bytes that represent the given`ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time
+     * algorithm.
+     *
+     * This function does not leak timing information that
      * would allow an attacker to guess one of the values. This is suitable for
      * comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/).
      *
@@ -2348,16 +2315,18 @@ declare module 'crypto' {
      * entry, such as `Uint16Array`, the result will be computed using the platform
      * byte order.
      *
+     * **When both of the inputs are `Float32Array`s or`Float64Array`s, this function might return unexpected results due to IEEE 754**
+     * **encoding of floating-point numbers. In particular, neither `x === y` nor`Object.is(x, y)` implies that the byte representations of two floating-point**
+     * **numbers `x` and `y` are equal.**
+     *
      * Use of `crypto.timingSafeEqual` does not guarantee that the _surrounding_ code
      * is timing-safe. Care should be taken to ensure that the surrounding code does
      * not introduce timing vulnerabilities.
      * @since v6.6.0
      */
     function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
-    /** @deprecated since v10.0.0 */
-    const DEFAULT_ENCODING: BufferEncoding;
     type KeyType = 'rsa' | 'rsa-pss' | 'dsa' | 'ec' | 'ed25519' | 'ed448' | 'x25519' | 'x448';
-    type KeyFormat = 'pem' | 'der';
+    type KeyFormat = 'pem' | 'der' | 'jwk';
     interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
         format: T;
         cipher?: string | undefined;
@@ -2553,8 +2522,8 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   generateKeyPairSync
-     * } = await import('crypto');
+     *   generateKeyPairSync,
+     * } = await import('node:crypto');
      *
      * const {
      *   publicKey,
@@ -2563,14 +2532,14 @@ declare module 'crypto' {
      *   modulusLength: 4096,
      *   publicKeyEncoding: {
      *     type: 'spki',
-     *     format: 'pem'
+     *     format: 'pem',
      *   },
      *   privateKeyEncoding: {
      *     type: 'pkcs8',
      *     format: 'pem',
      *     cipher: 'aes-256-cbc',
-     *     passphrase: 'top secret'
-     *   }
+     *     passphrase: 'top secret',
+     *   },
      * });
      * ```
      *
@@ -2632,21 +2601,21 @@ declare module 'crypto' {
      *
      * ```js
      * const {
-     *   generateKeyPair
-     * } = await import('crypto');
+     *   generateKeyPair,
+     * } = await import('node:crypto');
      *
      * generateKeyPair('rsa', {
      *   modulusLength: 4096,
      *   publicKeyEncoding: {
      *     type: 'spki',
-     *     format: 'pem'
+     *     format: 'pem',
      *   },
      *   privateKeyEncoding: {
      *     type: 'pkcs8',
      *     format: 'pem',
      *     cipher: 'aes-256-cbc',
-     *     passphrase: 'top secret'
-     *   }
+     *     passphrase: 'top secret',
+     *   },
      * }, (err, publicKey, privateKey) => {
      *   // Handle errors and use the generated key pair.
      * });
@@ -2968,11 +2937,16 @@ declare module 'crypto' {
      * If the `callback` function is provided this function uses libuv's threadpool.
      * @since v12.0.0
      */
-    function verify(algorithm: string | null | undefined, data: NodeJS.ArrayBufferView, key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput, signature: NodeJS.ArrayBufferView): boolean;
     function verify(
         algorithm: string | null | undefined,
         data: NodeJS.ArrayBufferView,
-        key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
+        key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
+        signature: NodeJS.ArrayBufferView
+    ): boolean;
+    function verify(
+        algorithm: string | null | undefined,
+        data: NodeJS.ArrayBufferView,
+        key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
         signature: NodeJS.ArrayBufferView,
         callback: (error: Error | null, result: boolean) => void
     ): void;
@@ -3042,10 +3016,10 @@ declare module 'crypto' {
      * of the input arguments specify invalid values or types.
      *
      * ```js
-     * import { Buffer } from 'buffer';
+     * import { Buffer } from 'node:buffer';
      * const {
-     *   hkdf
-     * } = await import('crypto');
+     *   hkdf,
+     * } = await import('node:crypto');
      *
      * hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
      *   if (err) throw err;
@@ -3054,7 +3028,7 @@ declare module 'crypto' {
      * ```
      * @since v15.0.0
      * @param digest The digest algorithm to use.
-     * @param ikm The input keying material. It must be at least one byte in length.
+     * @param ikm The input keying material. Must be provided but can be zero-length.
      * @param salt The salt value. Must be provided but can be zero-length.
      * @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
      * @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
@@ -3071,17 +3045,17 @@ declare module 'crypto' {
      * types, or if the derived key cannot be generated.
      *
      * ```js
-     * import { Buffer } from 'buffer';
+     * import { Buffer } from 'node:buffer';
      * const {
-     *   hkdfSync
-     * } = await import('crypto');
+     *   hkdfSync,
+     * } = await import('node:crypto');
      *
      * const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
      * console.log(Buffer.from(derivedKey).toString('hex'));  // '24156e2...5391653'
      * ```
      * @since v15.0.0
      * @param digest The digest algorithm to use.
-     * @param ikm The input keying material. It must be at least one byte in length.
+     * @param ikm The input keying material. Must be provided but can be zero-length.
      * @param salt The salt value. Must be provided but can be zero-length.
      * @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
      * @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
@@ -3121,40 +3095,41 @@ declare module 'crypto' {
          */
         disableEntropyCache?: boolean | undefined;
     }
+    type UUID = `${string}-${string}-${string}-${string}-${string}`;
     /**
      * Generates a random [RFC 4122](https://www.rfc-editor.org/rfc/rfc4122.txt) version 4 UUID. The UUID is generated using a
      * cryptographic pseudorandom number generator.
      * @since v15.6.0, v14.17.0
      */
-    function randomUUID(options?: RandomUUIDOptions): string;
+    function randomUUID(options?: RandomUUIDOptions): UUID;
     interface X509CheckOptions {
         /**
          * @default 'always'
          */
-        subject: 'always' | 'never';
+        subject?: 'always' | 'default' | 'never';
         /**
          * @default true
          */
-        wildcards: boolean;
+        wildcards?: boolean;
         /**
          * @default true
          */
-        partialWildcards: boolean;
+        partialWildcards?: boolean;
         /**
          * @default false
          */
-        multiLabelWildcards: boolean;
+        multiLabelWildcards?: boolean;
         /**
          * @default false
          */
-        singleLabelSubdomains: boolean;
+        singleLabelSubdomains?: boolean;
     }
     /**
      * Encapsulates an X509 certificate and provides read-only access to
      * its information.
      *
      * ```js
-     * const { X509Certificate } = await import('crypto');
+     * const { X509Certificate } = await import('node:crypto');
      *
      * const x509 = new X509Certificate('{... pem encoded cert ...}');
      *
@@ -3184,23 +3159,53 @@ declare module 'crypto' {
         readonly fingerprint256: string;
         /**
          * The SHA-512 fingerprint of this certificate.
-         * @since v16.14.0
+         *
+         * Because computing the SHA-256 fingerprint is usually faster and because it is
+         * only half the size of the SHA-512 fingerprint, `x509.fingerprint256` may be
+         * a better choice. While SHA-512 presumably provides a higher level of security in
+         * general, the security of SHA-256 matches that of most algorithms that are
+         * commonly used to sign certificates.
+         * @since v17.2.0, v16.14.0
          */
-         readonly fingerprint512: string;
+        readonly fingerprint512: string;
         /**
          * The complete subject of this certificate.
          * @since v15.6.0
          */
         readonly subject: string;
         /**
-         * The subject alternative name specified for this certificate or `undefined`
-         * if not available.
+         * The subject alternative name specified for this certificate.
+         *
+         * This is a comma-separated list of subject alternative names. Each entry begins
+         * with a string identifying the kind of the subject alternative name followed by
+         * a colon and the value associated with the entry.
+         *
+         * Earlier versions of Node.js incorrectly assumed that it is safe to split this
+         * property at the two-character sequence `', '` (see [CVE-2021-44532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532)). However,
+         * both malicious and legitimate certificates can contain subject alternative names
+         * that include this sequence when represented as a string.
+         *
+         * After the prefix denoting the type of the entry, the remainder of each entry
+         * might be enclosed in quotes to indicate that the value is a JSON string literal.
+         * For backward compatibility, Node.js only uses JSON string literals within this
+         * property when necessary to avoid ambiguity. Third-party code should be prepared
+         * to handle both possible entry formats.
          * @since v15.6.0
          */
         readonly subjectAltName: string | undefined;
         /**
-         * The information access content of this certificate or `undefined` if not
-         * available.
+         * A textual representation of the certificate's authority information access
+         * extension.
+         *
+         * This is a line feed separated list of access descriptions. Each line begins with
+         * the access method and the kind of the access location, followed by a colon and
+         * the value associated with the access location.
+         *
+         * After the prefix denoting the access method and the kind of the access location,
+         * the remainder of each line might be enclosed in quotes to indicate that the
+         * value is a JSON string literal. For backward compatibility, Node.js only uses
+         * JSON string literals within this property when necessary to avoid ambiguity.
+         * Third-party code should be prepared to handle both possible entry formats.
          * @since v15.6.0
          */
         readonly infoAccess: string | undefined;
@@ -3417,7 +3422,7 @@ declare module 'crypto' {
     interface CheckPrimeOptions {
         /**
          * The number of Miller-Rabin probabilistic primality iterations to perform.
-         * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most 2-64 for random input.
+         * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most `2**-64` for random input.
          * Care must be used when selecting a number of checks.
          * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
          *
@@ -3444,36 +3449,29 @@ declare module 'crypto' {
      *
      * `engine` could be either an id or a path to the engine's shared library.
      *
-     * The optional `flags` argument uses `ENGINE_METHOD_ALL` by default.
-     * The `flags` is a bit field taking one of or a mix of the following flags (defined in `crypto.constants`):
-     *
-     * - `crypto.constants.ENGINE_METHOD_RSA`
-     * - `crypto.constants.ENGINE_METHOD_DSA`
-     * - `crypto.constants.ENGINE_METHOD_DH`
-     * - `crypto.constants.ENGINE_METHOD_RAND`
-     * - `crypto.constants.ENGINE_METHOD_EC`
-     * - `crypto.constants.ENGINE_METHOD_CIPHERS`
-     * - `crypto.constants.ENGINE_METHOD_DIGESTS`
-     * - `crypto.constants.ENGINE_METHOD_PKEY_METHS`
-     * - `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
-     * - `crypto.constants.ENGINE_METHOD_ALL`
-     * - `crypto.constants.ENGINE_METHOD_NONE`
-     *
-     * The flags below are deprecated in OpenSSL-1.1.0.
-     *
-     * - `crypto.constants.ENGINE_METHOD_ECDH`
-     * - `crypto.constants.ENGINE_METHOD_ECDSA`
-     * - `crypto.constants.ENGINE_METHOD_STORE`
+     * The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`is a bit field taking one of or a mix of the following flags (defined in`crypto.constants`):
+     *
+     * * `crypto.constants.ENGINE_METHOD_RSA`
+     * * `crypto.constants.ENGINE_METHOD_DSA`
+     * * `crypto.constants.ENGINE_METHOD_DH`
+     * * `crypto.constants.ENGINE_METHOD_RAND`
+     * * `crypto.constants.ENGINE_METHOD_EC`
+     * * `crypto.constants.ENGINE_METHOD_CIPHERS`
+     * * `crypto.constants.ENGINE_METHOD_DIGESTS`
+     * * `crypto.constants.ENGINE_METHOD_PKEY_METHS`
+     * * `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
+     * * `crypto.constants.ENGINE_METHOD_ALL`
+     * * `crypto.constants.ENGINE_METHOD_NONE`
      * @since v0.11.11
-     * @param [flags=crypto.constants.ENGINE_METHOD_ALL]
+     * @param flags
      */
     function setEngine(engine: string, flags?: number): void;
     /**
-     * A convenient alias for `crypto.webcrypto.getRandomValues()`.
-     * This implementation is not compliant with the Web Crypto spec,
-     * to write web-compatible code use `crypto.webcrypto.getRandomValues()` instead.
+     * A convenient alias for {@link webcrypto.getRandomValues}. This
+     * implementation is not compliant with the Web Crypto spec, to write
+     * web-compatible code use {@link webcrypto.getRandomValues} instead.
      * @since v17.4.0
-     * @returns Returns `typedArray`.
+     * @return Returns `typedArray`.
      */
     function getRandomValues<T extends webcrypto.BufferSource>(typedArray: T): T;
     /**
@@ -3638,7 +3636,7 @@ declare module 'crypto' {
              * The UUID is generated using a cryptographic pseudorandom number generator.
              * @since v16.7.0
              */
-            randomUUID(): string;
+            randomUUID(): UUID;
             CryptoKey: CryptoKeyConstructor;
         }
         // This constructor throws ILLEGAL_CONSTRUCTOR so it should not be newable.