@zuplo/cli 6.71.6 → 6.71.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/node_modules/@types/node/README.md +1 -1
  2. package/node_modules/@types/node/assert/strict.d.ts +10 -1
  3. package/node_modules/@types/node/assert.d.ts +144 -17
  4. package/node_modules/@types/node/async_hooks.d.ts +9 -9
  5. package/node_modules/@types/node/buffer.d.ts +0 -5
  6. package/node_modules/@types/node/child_process.d.ts +17 -21
  7. package/node_modules/@types/node/cluster.d.ts +13 -13
  8. package/node_modules/@types/node/console.d.ts +1 -1
  9. package/node_modules/@types/node/crypto.d.ts +454 -571
  10. package/node_modules/@types/node/diagnostics_channel.d.ts +20 -9
  11. package/node_modules/@types/node/dns.d.ts +14 -14
  12. package/node_modules/@types/node/events.d.ts +3 -3
  13. package/node_modules/@types/node/fs/promises.d.ts +4 -4
  14. package/node_modules/@types/node/fs.d.ts +3 -12
  15. package/node_modules/@types/node/globals.d.ts +4 -4
  16. package/node_modules/@types/node/http.d.ts +5 -5
  17. package/node_modules/@types/node/http2.d.ts +1 -1
  18. package/node_modules/@types/node/index.d.ts +0 -3
  19. package/node_modules/@types/node/inspector.d.ts +1 -1
  20. package/node_modules/@types/node/module.d.ts +16 -45
  21. package/node_modules/@types/node/net.d.ts +1 -1
  22. package/node_modules/@types/node/os.d.ts +2 -2
  23. package/node_modules/@types/node/package.json +4 -4
  24. package/node_modules/@types/node/perf_hooks.d.ts +1 -9
  25. package/node_modules/@types/node/process.d.ts +11 -11
  26. package/node_modules/@types/node/readline.d.ts +12 -11
  27. package/node_modules/@types/node/repl.d.ts +10 -10
  28. package/node_modules/@types/node/sqlite.d.ts +1 -1
  29. package/node_modules/@types/node/stream/promises.d.ts +2 -2
  30. package/node_modules/@types/node/stream/web.d.ts +1 -1
  31. package/node_modules/@types/node/stream.d.ts +5 -5
  32. package/node_modules/@types/node/test/reporters.d.ts +1 -1
  33. package/node_modules/@types/node/test.d.ts +8 -8
  34. package/node_modules/@types/node/tls.d.ts +1 -1
  35. package/node_modules/@types/node/ts5.6/index.d.ts +1 -4
  36. package/node_modules/@types/node/ts5.7/index.d.ts +0 -3
  37. package/node_modules/@types/node/url.d.ts +3 -3
  38. package/node_modules/@types/node/util/types.d.ts +1 -1
  39. package/node_modules/@types/node/util.d.ts +3 -20
  40. package/node_modules/@types/node/v8.d.ts +1 -1
  41. package/node_modules/@types/node/vm.d.ts +9 -9
  42. package/node_modules/@types/node/web-globals/domexception.d.ts +15 -0
  43. package/node_modules/@types/node/worker_threads.d.ts +2 -5
  44. package/node_modules/@types/node/zlib.d.ts +3 -3
  45. package/node_modules/@zuplo/core/package.json +1 -1
  46. package/node_modules/@zuplo/graphql/package.json +1 -1
  47. package/node_modules/@zuplo/openapi-tools/package.json +1 -1
  48. package/node_modules/@zuplo/otel/package.json +1 -1
  49. package/node_modules/@zuplo/runtime/package.json +1 -1
  50. package/node_modules/pg-protocol/dist/b.js.map +1 -1
  51. package/node_modules/pg-protocol/dist/buffer-reader.d.ts +0 -1
  52. package/node_modules/pg-protocol/dist/buffer-reader.js +1 -1
  53. package/node_modules/pg-protocol/dist/buffer-reader.js.map +1 -1
  54. package/node_modules/pg-protocol/dist/buffer-writer.d.ts +2 -1
  55. package/node_modules/pg-protocol/dist/buffer-writer.js +23 -0
  56. package/node_modules/pg-protocol/dist/buffer-writer.js.map +1 -1
  57. package/node_modules/pg-protocol/dist/inbound-parser.test.js +1 -1
  58. package/node_modules/pg-protocol/dist/inbound-parser.test.js.map +1 -1
  59. package/node_modules/pg-protocol/dist/index.d.ts +0 -1
  60. package/node_modules/pg-protocol/dist/index.js +2 -2
  61. package/node_modules/pg-protocol/dist/index.js.map +1 -1
  62. package/node_modules/pg-protocol/dist/messages.d.ts +2 -3
  63. package/node_modules/pg-protocol/dist/outbound-serializer.test.js +73 -0
  64. package/node_modules/pg-protocol/dist/outbound-serializer.test.js.map +1 -1
  65. package/node_modules/pg-protocol/dist/parser.d.ts +3 -5
  66. package/node_modules/pg-protocol/dist/parser.js +1 -1
  67. package/node_modules/pg-protocol/dist/parser.js.map +1 -1
  68. package/node_modules/pg-protocol/dist/serializer.d.ts +9 -10
  69. package/node_modules/pg-protocol/dist/serializer.js +11 -4
  70. package/node_modules/pg-protocol/dist/serializer.js.map +1 -1
  71. package/node_modules/pg-protocol/package.json +2 -2
  72. package/node_modules/pg-protocol/src/buffer-reader.ts +1 -1
  73. package/node_modules/pg-protocol/src/buffer-writer.ts +25 -0
  74. package/node_modules/pg-protocol/src/outbound-serializer.test.ts +80 -0
  75. package/node_modules/pg-protocol/src/parser.ts +1 -1
  76. package/node_modules/pg-protocol/src/serializer.ts +10 -4
  77. package/node_modules/undici-types/agent.d.ts +0 -2
  78. package/node_modules/undici-types/client.d.ts +25 -19
  79. package/node_modules/undici-types/dispatcher.d.ts +7 -33
  80. package/node_modules/undici-types/dispatcher1-wrapper.d.ts +7 -0
  81. package/node_modules/undici-types/fetch.d.ts +24 -4
  82. package/node_modules/undici-types/h2c-client.d.ts +6 -6
  83. package/node_modules/undici-types/handlers.d.ts +1 -2
  84. package/node_modules/undici-types/header.d.ts +5 -0
  85. package/node_modules/undici-types/index.d.ts +3 -1
  86. package/node_modules/undici-types/interceptors.d.ts +1 -1
  87. package/node_modules/undici-types/package.json +1 -1
  88. package/node_modules/undici-types/pool.d.ts +0 -2
  89. package/node_modules/undici-types/proxy-agent.d.ts +2 -2
  90. package/node_modules/undici-types/round-robin-pool.d.ts +0 -2
  91. package/node_modules/undici-types/snapshot-agent.d.ts +4 -0
  92. package/node_modules/undici-types/socks5-proxy-agent.d.ts +2 -2
  93. package/node_modules/undici-types/webidl.d.ts +0 -1
  94. package/package.json +6 -6
  95. package/node_modules/@types/node/compatibility/iterators.d.ts +0 -21
@@ -1,6 +1,6 @@
1
1
  declare module "node:crypto" {
2
2
  import { NonSharedBuffer } from "node:buffer";
3
- import * as stream from "node:stream";
3
+ import { Transform, TransformOptions, Writable, WritableOptions } from "node:stream";
4
4
  import { PeerCertificate } from "node:tls";
5
5
  /**
6
6
  * SPKAC is a Certificate Signing Request mechanism originally implemented by
@@ -27,7 +27,7 @@ declare module "node:crypto" {
27
27
  * @param encoding The `encoding` of the `spkac` string.
28
28
  * @return The challenge component of the `spkac` data structure, which includes a public key and a challenge.
29
29
  */
30
- static exportChallenge(spkac: BinaryLike): NonSharedBuffer;
30
+ static exportChallenge(spkac: BinaryLike, encoding?: BufferEncoding): NonSharedBuffer;
31
31
  /**
32
32
  * ```js
33
33
  * const { Certificate } = await import('node:crypto');
@@ -40,7 +40,7 @@ declare module "node:crypto" {
40
40
  * @param encoding The `encoding` of the `spkac` string.
41
41
  * @return The public key component of the `spkac` data structure, which includes a public key and a challenge.
42
42
  */
43
- static exportPublicKey(spkac: BinaryLike, encoding?: string): NonSharedBuffer;
43
+ static exportPublicKey(spkac: BinaryLike, encoding?: BufferEncoding): NonSharedBuffer;
44
44
  /**
45
45
  * ```js
46
46
  * import { Buffer } from 'node:buffer';
@@ -54,122 +54,34 @@ declare module "node:crypto" {
54
54
  * @param encoding The `encoding` of the `spkac` string.
55
55
  * @return `true` if the given `spkac` data structure is valid, `false` otherwise.
56
56
  */
57
- static verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
57
+ static verifySpkac(spkac: BinaryLike, encoding?: BufferEncoding): boolean;
58
58
  /**
59
59
  * @deprecated
60
- * @param spkac
60
+ * @param encoding The `encoding` of the `spkac` string.
61
61
  * @returns The challenge component of the `spkac` data structure,
62
62
  * which includes a public key and a challenge.
63
63
  */
64
- exportChallenge(spkac: BinaryLike): NonSharedBuffer;
64
+ exportChallenge(spkac: BinaryLike, encoding?: BufferEncoding): NonSharedBuffer;
65
65
  /**
66
66
  * @deprecated
67
- * @param spkac
68
67
  * @param encoding The encoding of the spkac string.
69
68
  * @returns The public key component of the `spkac` data structure,
70
69
  * which includes a public key and a challenge.
71
70
  */
72
- exportPublicKey(spkac: BinaryLike, encoding?: string): NonSharedBuffer;
71
+ exportPublicKey(spkac: BinaryLike, encoding?: BufferEncoding): NonSharedBuffer;
73
72
  /**
74
73
  * @deprecated
75
- * @param spkac
74
+ * @param encoding The `encoding` of the `spkac` string.
76
75
  * @returns `true` if the given `spkac` data structure is valid,
77
76
  * `false` otherwise.
78
77
  */
79
- verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
78
+ verifySpkac(spkac: BinaryLike, encoding?: BufferEncoding): boolean;
80
79
  }
81
- namespace constants {
82
- // https://nodejs.org/dist/latest-v25.x/docs/api/crypto.html#crypto-constants
83
- const OPENSSL_VERSION_NUMBER: number;
84
- /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
85
- const SSL_OP_ALL: number;
86
- /** Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3 */
87
- const SSL_OP_ALLOW_NO_DHE_KEX: number;
88
- /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
89
- const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
90
- /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
91
- const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
92
- /** Instructs OpenSSL to use Cisco's version identifier of DTLS_BAD_VER. */
93
- const SSL_OP_CISCO_ANYCONNECT: number;
94
- /** Instructs OpenSSL to turn on cookie exchange. */
95
- const SSL_OP_COOKIE_EXCHANGE: number;
96
- /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
97
- const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
98
- /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
99
- const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
100
- /** Allows initial connection to servers that do not support RI. */
101
- const SSL_OP_LEGACY_SERVER_CONNECT: number;
102
- /** Instructs OpenSSL to disable support for SSL/TLS compression. */
103
- const SSL_OP_NO_COMPRESSION: number;
104
- /** Instructs OpenSSL to disable encrypt-then-MAC. */
105
- const SSL_OP_NO_ENCRYPT_THEN_MAC: number;
106
- const SSL_OP_NO_QUERY_MTU: number;
107
- /** Instructs OpenSSL to disable renegotiation. */
108
- const SSL_OP_NO_RENEGOTIATION: number;
109
- /** Instructs OpenSSL to always start a new session when performing renegotiation. */
110
- const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
111
- /** Instructs OpenSSL to turn off SSL v2 */
112
- const SSL_OP_NO_SSLv2: number;
113
- /** Instructs OpenSSL to turn off SSL v3 */
114
- const SSL_OP_NO_SSLv3: number;
115
- /** Instructs OpenSSL to disable use of RFC4507bis tickets. */
116
- const SSL_OP_NO_TICKET: number;
117
- /** Instructs OpenSSL to turn off TLS v1 */
118
- const SSL_OP_NO_TLSv1: number;
119
- /** Instructs OpenSSL to turn off TLS v1.1 */
120
- const SSL_OP_NO_TLSv1_1: number;
121
- /** Instructs OpenSSL to turn off TLS v1.2 */
122
- const SSL_OP_NO_TLSv1_2: number;
123
- /** Instructs OpenSSL to turn off TLS v1.3 */
124
- const SSL_OP_NO_TLSv1_3: number;
125
- /** Instructs OpenSSL server to prioritize ChaCha20-Poly1305 when the client does. This option has no effect if `SSL_OP_CIPHER_SERVER_PREFERENCE` is not enabled. */
126
- const SSL_OP_PRIORITIZE_CHACHA: number;
127
- /** Instructs OpenSSL to disable version rollback attack detection. */
128
- const SSL_OP_TLS_ROLLBACK_BUG: number;
129
- const ENGINE_METHOD_RSA: number;
130
- const ENGINE_METHOD_DSA: number;
131
- const ENGINE_METHOD_DH: number;
132
- const ENGINE_METHOD_RAND: number;
133
- const ENGINE_METHOD_EC: number;
134
- const ENGINE_METHOD_CIPHERS: number;
135
- const ENGINE_METHOD_DIGESTS: number;
136
- const ENGINE_METHOD_PKEY_METHS: number;
137
- const ENGINE_METHOD_PKEY_ASN1_METHS: number;
138
- const ENGINE_METHOD_ALL: number;
139
- const ENGINE_METHOD_NONE: number;
140
- const DH_CHECK_P_NOT_SAFE_PRIME: number;
141
- const DH_CHECK_P_NOT_PRIME: number;
142
- const DH_UNABLE_TO_CHECK_GENERATOR: number;
143
- const DH_NOT_SUITABLE_GENERATOR: number;
144
- const RSA_PKCS1_PADDING: number;
145
- const RSA_SSLV23_PADDING: number;
146
- const RSA_NO_PADDING: number;
147
- const RSA_PKCS1_OAEP_PADDING: number;
148
- const RSA_X931_PADDING: number;
149
- const RSA_PKCS1_PSS_PADDING: number;
150
- /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
151
- const RSA_PSS_SALTLEN_DIGEST: number;
152
- /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
153
- const RSA_PSS_SALTLEN_MAX_SIGN: number;
154
- /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
155
- const RSA_PSS_SALTLEN_AUTO: number;
156
- const POINT_CONVERSION_COMPRESSED: number;
157
- const POINT_CONVERSION_UNCOMPRESSED: number;
158
- const POINT_CONVERSION_HYBRID: number;
159
- /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
160
- const defaultCoreCipherList: string;
161
- /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
162
- const defaultCipherList: string;
163
- }
164
- interface HashOptions extends stream.TransformOptions {
165
- /**
166
- * For XOF hash functions such as `shake256`, the
167
- * outputLength option can be used to specify the desired output length in bytes.
168
- */
80
+ /** @deprecated This property is deprecated. Please use `crypto.setFips()` and `crypto.getFips()` instead. */
81
+ var fips: boolean;
82
+ interface HashOptions extends TransformOptions {
169
83
  outputLength?: number | undefined;
170
84
  }
171
- /** @deprecated since v10.0.0 */
172
- const fips: boolean;
173
85
  /**
174
86
  * Creates and returns a `Hash` object that can be used to generate hash digests
175
87
  * using the given `algorithm`. Optional `options` argument controls stream
@@ -212,6 +124,9 @@ declare module "node:crypto" {
212
124
  * @param options `stream.transform` options
213
125
  */
214
126
  function createHash(algorithm: string, options?: HashOptions): Hash;
127
+ interface HmacOptions extends TransformOptions {
128
+ encoding?: BufferEncoding | undefined;
129
+ }
215
130
  /**
216
131
  * Creates and returns an `Hmac` object that uses the given `algorithm` and `key`.
217
132
  * Optional `options` argument controls stream behavior.
@@ -256,13 +171,7 @@ declare module "node:crypto" {
256
171
  * @since v0.1.94
257
172
  * @param options `stream.transform` options
258
173
  */
259
- function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
260
- // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
261
- type BinaryToTextEncoding = "base64" | "base64url" | "hex" | "binary";
262
- type CharacterEncoding = "utf8" | "utf-8" | "utf16le" | "utf-16le" | "latin1";
263
- type LegacyCharacterEncoding = "ascii" | "binary" | "ucs2" | "ucs-2";
264
- type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
265
- type ECDHKeyFormat = "compressed" | "uncompressed" | "hybrid";
174
+ function createHmac(algorithm: string, key: KeyLike, options?: HmacOptions): Hmac;
266
175
  /**
267
176
  * The `Hash` class is a utility for creating hash digests of data. It can be
268
177
  * used in one of two ways:
@@ -327,7 +236,7 @@ declare module "node:crypto" {
327
236
  * ```
328
237
  * @since v0.1.92
329
238
  */
330
- class Hash extends stream.Transform {
239
+ class Hash extends Transform {
331
240
  private constructor();
332
241
  /**
333
242
  * Creates a new `Hash` object that contains a deep copy of the internal state
@@ -373,8 +282,7 @@ declare module "node:crypto" {
373
282
  * @since v0.1.92
374
283
  * @param inputEncoding The `encoding` of the `data` string.
375
284
  */
376
- update(data: BinaryLike): Hash;
377
- update(data: string, inputEncoding: Encoding): Hash;
285
+ update(data: string | NodeJS.ArrayBufferView, inputEncoding?: BufferEncoding): Hash;
378
286
  /**
379
287
  * Calculates the digest of all of the data passed to be hashed (using the `hash.update()` method).
380
288
  * If `encoding` is provided a string will be returned; otherwise
@@ -386,7 +294,7 @@ declare module "node:crypto" {
386
294
  * @param encoding The `encoding` of the return value.
387
295
  */
388
296
  digest(): NonSharedBuffer;
389
- digest(encoding: BinaryToTextEncoding): string;
297
+ digest(encoding: BufferEncoding): string;
390
298
  }
391
299
  /**
392
300
  * The `Hmac` class is a utility for creating cryptographic HMAC digests. It can
@@ -454,7 +362,7 @@ declare module "node:crypto" {
454
362
  * ```
455
363
  * @since v0.1.94
456
364
  */
457
- class Hmac extends stream.Transform {
365
+ class Hmac extends Transform {
458
366
  private constructor();
459
367
  /**
460
368
  * Updates the `Hmac` content with the given `data`, the encoding of which
@@ -466,8 +374,7 @@ declare module "node:crypto" {
466
374
  * @since v0.1.94
467
375
  * @param inputEncoding The `encoding` of the `data` string.
468
376
  */
469
- update(data: BinaryLike): Hmac;
470
- update(data: string, inputEncoding: Encoding): Hmac;
377
+ update(data: string | NodeJS.ArrayBufferView, inputEncoding?: BufferEncoding): Hmac;
471
378
  /**
472
379
  * Calculates the HMAC digest of all of the data passed using `hmac.update()`.
473
380
  * If `encoding` is
@@ -479,9 +386,9 @@ declare module "node:crypto" {
479
386
  * @param encoding The `encoding` of the return value.
480
387
  */
481
388
  digest(): NonSharedBuffer;
482
- digest(encoding: BinaryToTextEncoding): string;
389
+ digest(encoding: BufferEncoding): string;
483
390
  }
484
- type KeyFormat = "pem" | "der" | "jwk";
391
+ type KeyFormat = "pem" | "der" | "jwk" | "raw-public" | "raw-private" | "raw-seed";
485
392
  type KeyObjectType = "secret" | "public" | "private";
486
393
  type PublicKeyExportType = "pkcs1" | "spki";
487
394
  type PrivateKeyExportType = "pkcs1" | "pkcs8" | "sec1";
@@ -489,38 +396,60 @@ declare module "node:crypto" {
489
396
  | SymmetricKeyExportOptions
490
397
  | PublicKeyExportOptions
491
398
  | PrivateKeyExportOptions
492
- | JwkKeyExportOptions;
399
+ | JwkKeyExportOptions
400
+ | RawPublicKeyExportOptions
401
+ | RawPrivateKeyExportOptions;
493
402
  interface SymmetricKeyExportOptions {
494
403
  format?: "buffer" | undefined;
495
404
  }
496
405
  interface PublicKeyExportOptions<T extends PublicKeyExportType = PublicKeyExportType> {
497
406
  type: T;
498
- format: Exclude<KeyFormat, "jwk">;
407
+ format: "pem" | "der";
499
408
  }
500
409
  interface PrivateKeyExportOptions<T extends PrivateKeyExportType = PrivateKeyExportType> {
501
410
  type: T;
502
- format: Exclude<KeyFormat, "jwk">;
411
+ format: "pem" | "der";
503
412
  cipher?: string | undefined;
504
- passphrase?: string | Buffer | undefined;
413
+ passphrase?: BinaryLike | undefined;
505
414
  }
506
415
  interface JwkKeyExportOptions {
507
416
  format: "jwk";
508
417
  }
418
+ interface RawPublicKeyExportOptions {
419
+ format: "raw-public";
420
+ }
421
+ interface RawPrivateKeyExportOptions {
422
+ format: "raw-private" | "raw-seed";
423
+ }
509
424
  interface KeyPairExportOptions<
510
425
  TPublic extends PublicKeyExportType = PublicKeyExportType,
511
426
  TPrivate extends PrivateKeyExportType = PrivateKeyExportType,
512
427
  > {
513
- publicKeyEncoding?: PublicKeyExportOptions<TPublic> | JwkKeyExportOptions | undefined;
514
- privateKeyEncoding?: PrivateKeyExportOptions<TPrivate> | JwkKeyExportOptions | undefined;
428
+ publicKeyEncoding?:
429
+ | PublicKeyExportOptions<TPublic>
430
+ | RawPublicKeyExportOptions
431
+ | JwkKeyExportOptions
432
+ | undefined;
433
+ privateKeyEncoding?:
434
+ | PrivateKeyExportOptions<TPrivate>
435
+ | RawPrivateKeyExportOptions
436
+ | JwkKeyExportOptions
437
+ | undefined;
515
438
  }
516
- type KeyExportResult<T, Default> = T extends { format: infer F extends KeyFormat }
517
- ? { der: NonSharedBuffer; jwk: webcrypto.JsonWebKey; pem: string }[F]
439
+ type KeyExportResult<T, Default> = T extends { format: infer F extends KeyFormat } ? {
440
+ "der": NonSharedBuffer;
441
+ "jwk": webcrypto.JsonWebKey;
442
+ "pem": string;
443
+ "raw-public": NonSharedBuffer;
444
+ "raw-private": NonSharedBuffer;
445
+ "raw-seed": NonSharedBuffer;
446
+ }[F]
518
447
  : Default;
519
448
  interface KeyPairExportResult<T extends KeyPairExportOptions> {
520
449
  publicKey: KeyExportResult<T["publicKeyEncoding"], KeyObject>;
521
450
  privateKey: KeyExportResult<T["privateKeyEncoding"], KeyObject>;
522
451
  }
523
- type KeyPairExportCallback<T extends KeyPairExportOptions> = (
452
+ type KeyPairExportCallback<T extends KeyPairExportOptions = {}> = (
524
453
  err: Error | null,
525
454
  publicKey: KeyExportResult<T["publicKeyEncoding"], KeyObject>,
526
455
  privateKey: KeyExportResult<T["privateKeyEncoding"], KeyObject>,
@@ -542,33 +471,12 @@ declare module "node:crypto" {
542
471
  | "x25519"
543
472
  | "x448";
544
473
  interface AsymmetricKeyDetails {
545
- /**
546
- * Key size in bits (RSA, DSA).
547
- */
548
474
  modulusLength?: number;
549
- /**
550
- * Public exponent (RSA).
551
- */
552
475
  publicExponent?: bigint;
553
- /**
554
- * Name of the message digest (RSA-PSS).
555
- */
556
476
  hashAlgorithm?: string;
557
- /**
558
- * Name of the message digest used by MGF1 (RSA-PSS).
559
- */
560
477
  mgf1HashAlgorithm?: string;
561
- /**
562
- * Minimal salt length in bytes (RSA-PSS).
563
- */
564
478
  saltLength?: number;
565
- /**
566
- * Size of q in bits (DSA).
567
- */
568
479
  divisorLength?: number;
569
- /**
570
- * Name of the curve (EC).
571
- */
572
480
  namedCurve?: string;
573
481
  }
574
482
  /**
@@ -587,7 +495,11 @@ declare module "node:crypto" {
587
495
  class KeyObject {
588
496
  private constructor();
589
497
  /**
590
- * Example: Converting a `CryptoKey` instance to a `KeyObject`:
498
+ * Returns the underlying `KeyObject` of a `CryptoKey`. The returned `KeyObject`
499
+ * does not retain any of the restrictions imposed by the Web Crypto API on the
500
+ * original `CryptoKey`, such as the allowed key usages, the algorithm or hash
501
+ * algorithm bindings, and the extractability flag. In particular, the underlying
502
+ * key material of the returned `KeyObject` can always be exported.
591
503
  *
592
504
  * ```js
593
505
  * const { KeyObject } = await import('node:crypto');
@@ -608,7 +520,7 @@ declare module "node:crypto" {
608
520
  static from(key: webcrypto.CryptoKey): KeyObject;
609
521
  /**
610
522
  * For asymmetric keys, this property represents the type of the key. See the
611
- * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
523
+ * supported [asymmetric key types](https://nodejs.org/docs/latest-v26.x/api/crypto.html#asymmetric-key-types).
612
524
  *
613
525
  * This property is `undefined` for unrecognized `KeyObject` types and symmetric
614
526
  * keys.
@@ -630,26 +542,18 @@ declare module "node:crypto" {
630
542
  */
631
543
  asymmetricKeyDetails?: AsymmetricKeyDetails;
632
544
  /**
633
- * For symmetric keys, the following encoding options can be used:
634
- *
635
- * For public keys, the following encoding options can be used:
636
- *
637
- * For private keys, the following encoding options can be used:
638
- *
639
545
  * The result type depends on the selected encoding format, when PEM the
640
546
  * result is a string, when DER it will be a buffer containing the data
641
- * encoded as DER, when [JWK](https://tools.ietf.org/html/rfc7517) it will be an object.
642
- *
643
- * When [JWK](https://tools.ietf.org/html/rfc7517) encoding format was selected, all other encoding options are
644
- * ignored.
645
- *
646
- * PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of
647
- * the `cipher` and `format` options. The PKCS#8 `type` can be used with any`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a`cipher`. PKCS#1 and SEC1 can only be
648
- * encrypted by specifying a `cipher`when the PEM `format` is used. For maximum compatibility, use PKCS#8 for
649
- * encrypted private keys. Since PKCS#8 defines its own
650
- * encryption mechanism, PEM-level encryption is not supported when encrypting
651
- * a PKCS#8 key. See [RFC 5208](https://www.rfc-editor.org/rfc/rfc5208.txt) for PKCS#8 encryption and [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421.txt) for
652
- * PKCS#1 and SEC1 encryption.
547
+ * encoded as DER, when [JWK](https://tools.ietf.org/html/rfc7517) it will be an object. Raw formats return a
548
+ * `Buffer` containing the raw key material.
549
+ *
550
+ * Private keys can be encrypted by specifying a `cipher` and `passphrase`.
551
+ * The PKCS#8 `type` supports encryption with both PEM and DER `format` for any
552
+ * key algorithm. PKCS#1 and SEC1 can only be encrypted when the PEM `format` is
553
+ * used. For maximum compatibility, use PKCS#8 for encrypted private keys. Since
554
+ * PKCS#8 defines its own encryption mechanism, PEM-level encryption is not
555
+ * supported when encrypting a PKCS#8 key. See [RFC 5208](https://www.rfc-editor.org/rfc/rfc5208.txt) for PKCS#8 encryption
556
+ * and [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421.txt) for PKCS#1 and SEC1 encryption.
653
557
  * @since v11.6.0
654
558
  */
655
559
  export<T extends KeyExportOptions = {}>(options?: T): KeyExportResult<T, NonSharedBuffer>;
@@ -690,19 +594,18 @@ declare module "node:crypto" {
690
594
  type CipherGCMTypes = "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm";
691
595
  type CipherOCBTypes = "aes-128-ocb" | "aes-192-ocb" | "aes-256-ocb";
692
596
  type CipherChaCha20Poly1305Types = "chacha20-poly1305";
693
- type BinaryLike = string | NodeJS.ArrayBufferView;
694
- type CipherKey = BinaryLike | KeyObject;
695
- interface CipherCCMOptions extends stream.TransformOptions {
597
+ type BinaryLike = string | ArrayBufferLike | NodeJS.ArrayBufferView;
598
+ type KeyLike = BinaryLike | KeyObject;
599
+ interface CipherCCMOptions extends TransformOptions {
696
600
  authTagLength: number;
697
601
  }
698
- interface CipherGCMOptions extends stream.TransformOptions {
602
+ interface CipherGCMOptions extends TransformOptions {
699
603
  authTagLength?: number | undefined;
700
604
  }
701
- interface CipherOCBOptions extends stream.TransformOptions {
605
+ interface CipherOCBOptions extends TransformOptions {
702
606
  authTagLength: number;
703
607
  }
704
- interface CipherChaCha20Poly1305Options extends stream.TransformOptions {
705
- /** @default 16 */
608
+ interface CipherChaCha20Poly1305Options extends TransformOptions {
706
609
  authTagLength?: number | undefined;
707
610
  }
708
611
  /**
@@ -737,33 +640,33 @@ declare module "node:crypto" {
737
640
  */
738
641
  function createCipheriv(
739
642
  algorithm: CipherCCMTypes,
740
- key: CipherKey,
643
+ key: KeyLike,
741
644
  iv: BinaryLike,
742
645
  options: CipherCCMOptions,
743
646
  ): CipherCCM;
744
647
  function createCipheriv(
745
648
  algorithm: CipherOCBTypes,
746
- key: CipherKey,
649
+ key: KeyLike,
747
650
  iv: BinaryLike,
748
651
  options: CipherOCBOptions,
749
652
  ): CipherOCB;
750
653
  function createCipheriv(
751
654
  algorithm: CipherGCMTypes,
752
- key: CipherKey,
655
+ key: KeyLike,
753
656
  iv: BinaryLike,
754
657
  options?: CipherGCMOptions,
755
658
  ): CipherGCM;
756
659
  function createCipheriv(
757
660
  algorithm: CipherChaCha20Poly1305Types,
758
- key: CipherKey,
661
+ key: KeyLike,
759
662
  iv: BinaryLike,
760
663
  options?: CipherChaCha20Poly1305Options,
761
664
  ): CipherChaCha20Poly1305;
762
665
  function createCipheriv(
763
666
  algorithm: string,
764
- key: CipherKey,
667
+ key: KeyLike,
765
668
  iv: BinaryLike | null,
766
- options?: stream.TransformOptions,
669
+ options?: TransformOptions,
767
670
  ): Cipheriv;
768
671
  /**
769
672
  * Instances of the `Cipheriv` class are used to encrypt data. The class can be
@@ -884,7 +787,7 @@ declare module "node:crypto" {
884
787
  * ```
885
788
  * @since v0.1.94
886
789
  */
887
- class Cipheriv extends stream.Transform {
790
+ class Cipheriv extends Transform {
888
791
  private constructor();
889
792
  /**
890
793
  * Updates the cipher with `data`. If the `inputEncoding` argument is given,
@@ -900,10 +803,12 @@ declare module "node:crypto" {
900
803
  * @param inputEncoding The `encoding` of the data.
901
804
  * @param outputEncoding The `encoding` of the return value.
902
805
  */
903
- update(data: BinaryLike): NonSharedBuffer;
904
- update(data: string, inputEncoding: Encoding): NonSharedBuffer;
905
- update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
906
- update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
806
+ update(data: string | NodeJS.ArrayBufferView, inputEncoding?: BufferEncoding): NonSharedBuffer;
807
+ update(
808
+ data: string | NodeJS.ArrayBufferView,
809
+ inputEncoding: BufferEncoding | null | undefined,
810
+ outputEncoding: BufferEncoding,
811
+ ): string;
907
812
  /**
908
813
  * Once the `cipher.final()` method has been called, the `Cipheriv` object can no
909
814
  * longer be used to encrypt data. Attempts to call `cipher.final()` more than
@@ -931,50 +836,31 @@ declare module "node:crypto" {
931
836
  */
932
837
  setAutoPadding(autoPadding?: boolean): this;
933
838
  }
934
- interface CipherCCM extends Cipheriv {
935
- setAAD(
936
- buffer: NodeJS.ArrayBufferView,
937
- options: {
938
- plaintextLength: number;
939
- },
940
- ): this;
941
- getAuthTag(): NonSharedBuffer;
942
- }
943
- interface CipherGCM extends Cipheriv {
944
- setAAD(
945
- buffer: NodeJS.ArrayBufferView,
946
- options?: {
947
- plaintextLength: number;
948
- },
949
- ): this;
839
+ interface CipherAEADMethods {
950
840
  getAuthTag(): NonSharedBuffer;
841
+ setAAD(buffer: BinaryLike, options?: {
842
+ plaintextLength?: number | undefined;
843
+ encoding?: BufferEncoding | undefined;
844
+ }): this;
951
845
  }
952
- interface CipherOCB extends Cipheriv {
953
- setAAD(
954
- buffer: NodeJS.ArrayBufferView,
955
- options?: {
956
- plaintextLength: number;
957
- },
958
- ): this;
959
- getAuthTag(): NonSharedBuffer;
960
- }
961
- interface CipherChaCha20Poly1305 extends Cipheriv {
962
- setAAD(
963
- buffer: NodeJS.ArrayBufferView,
964
- options: {
965
- plaintextLength: number;
966
- },
967
- ): this;
968
- getAuthTag(): NonSharedBuffer;
846
+ interface CipherCCM extends Cipheriv, CipherAEADMethods {
847
+ setAAD(buffer: BinaryLike, options: {
848
+ plaintextLength: number;
849
+ encoding?: BufferEncoding | undefined;
850
+ }): this;
969
851
  }
852
+ interface CipherGCM extends Cipheriv, CipherAEADMethods {}
853
+ interface CipherOCB extends Cipheriv, CipherAEADMethods {}
854
+ interface CipherChaCha20Poly1305 extends Cipheriv, CipherAEADMethods {}
970
855
  /**
971
856
  * Creates and returns a `Decipheriv` object that uses the given `algorithm`, `key` and initialization vector (`iv`).
972
857
  *
973
858
  * The `options` argument controls stream behavior and is optional except when a
974
- * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the
975
- * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength` option is not required but can be used to restrict accepted authentication tags
976
- * to those with the specified length.
977
- * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
859
+ * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the
860
+ * `authTagLength` option is required and specifies the length of the
861
+ * authentication tag in bytes, see [CCM mode](https://nodejs.org/docs/latest-v26.x/api/crypto.html#ccm-mode).
862
+ * For AES-GCM and `chacha20-poly1305`, the `authTagLength` option defaults to 16
863
+ * bytes and must be set to a different value if a different length is used.
978
864
  *
979
865
  * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
980
866
  * recent OpenSSL releases, `openssl list -cipher-algorithms` will
@@ -998,33 +884,33 @@ declare module "node:crypto" {
998
884
  */
999
885
  function createDecipheriv(
1000
886
  algorithm: CipherCCMTypes,
1001
- key: CipherKey,
887
+ key: KeyLike,
1002
888
  iv: BinaryLike,
1003
889
  options: CipherCCMOptions,
1004
890
  ): DecipherCCM;
1005
891
  function createDecipheriv(
1006
892
  algorithm: CipherOCBTypes,
1007
- key: CipherKey,
893
+ key: KeyLike,
1008
894
  iv: BinaryLike,
1009
895
  options: CipherOCBOptions,
1010
896
  ): DecipherOCB;
1011
897
  function createDecipheriv(
1012
898
  algorithm: CipherGCMTypes,
1013
- key: CipherKey,
899
+ key: KeyLike,
1014
900
  iv: BinaryLike,
1015
901
  options?: CipherGCMOptions,
1016
902
  ): DecipherGCM;
1017
903
  function createDecipheriv(
1018
904
  algorithm: CipherChaCha20Poly1305Types,
1019
- key: CipherKey,
905
+ key: KeyLike,
1020
906
  iv: BinaryLike,
1021
907
  options?: CipherChaCha20Poly1305Options,
1022
908
  ): DecipherChaCha20Poly1305;
1023
909
  function createDecipheriv(
1024
910
  algorithm: string,
1025
- key: CipherKey,
911
+ key: KeyLike,
1026
912
  iv: BinaryLike | null,
1027
- options?: stream.TransformOptions,
913
+ options?: TransformOptions,
1028
914
  ): Decipheriv;
1029
915
  /**
1030
916
  * Instances of the `Decipheriv` class are used to decrypt data. The class can be
@@ -1134,7 +1020,7 @@ declare module "node:crypto" {
1134
1020
  * ```
1135
1021
  * @since v0.1.94
1136
1022
  */
1137
- class Decipheriv extends stream.Transform {
1023
+ class Decipheriv extends Transform {
1138
1024
  private constructor();
1139
1025
  /**
1140
1026
  * Updates the decipher with `data`. If the `inputEncoding` argument is given,
@@ -1150,10 +1036,12 @@ declare module "node:crypto" {
1150
1036
  * @param inputEncoding The `encoding` of the `data` string.
1151
1037
  * @param outputEncoding The `encoding` of the return value.
1152
1038
  */
1153
- update(data: NodeJS.ArrayBufferView): NonSharedBuffer;
1154
- update(data: string, inputEncoding: Encoding): NonSharedBuffer;
1155
- update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
1156
- update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
1039
+ update(data: string | NodeJS.ArrayBufferView, inputEncoding?: BufferEncoding): NonSharedBuffer;
1040
+ update(
1041
+ data: string | NodeJS.ArrayBufferView,
1042
+ inputEncoding: BufferEncoding | null | undefined,
1043
+ outputEncoding: BufferEncoding,
1044
+ ): string;
1157
1045
  /**
1158
1046
  * Once the `decipher.final()` method has been called, the `Decipheriv` object can
1159
1047
  * no longer be used to decrypt data. Attempts to call `decipher.final()` more
@@ -1178,54 +1066,59 @@ declare module "node:crypto" {
1178
1066
  */
1179
1067
  setAutoPadding(auto_padding?: boolean): this;
1180
1068
  }
1181
- interface DecipherCCM extends Decipheriv {
1182
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1183
- setAAD(
1184
- buffer: NodeJS.ArrayBufferView,
1185
- options: {
1186
- plaintextLength: number;
1187
- },
1188
- ): this;
1189
- }
1190
- interface DecipherGCM extends Decipheriv {
1191
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1192
- setAAD(
1193
- buffer: NodeJS.ArrayBufferView,
1194
- options?: {
1195
- plaintextLength: number;
1196
- },
1197
- ): this;
1198
- }
1199
- interface DecipherOCB extends Decipheriv {
1200
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1069
+ interface DecipherAEADMethods {
1201
1070
  setAAD(
1202
- buffer: NodeJS.ArrayBufferView,
1071
+ buffer: BinaryLike,
1203
1072
  options?: {
1204
- plaintextLength: number;
1073
+ plaintextLength?: number | undefined;
1074
+ encoding?: BufferEncoding | undefined;
1205
1075
  },
1206
1076
  ): this;
1077
+ setAuthTag(buffer: BinaryLike, encoding?: BufferEncoding): this;
1207
1078
  }
1208
- interface DecipherChaCha20Poly1305 extends Decipheriv {
1209
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1079
+ interface DecipherCCM extends Decipheriv, DecipherAEADMethods {
1210
1080
  setAAD(
1211
- buffer: NodeJS.ArrayBufferView,
1081
+ buffer: BinaryLike,
1212
1082
  options: {
1213
1083
  plaintextLength: number;
1084
+ encoding?: BufferEncoding | undefined;
1214
1085
  },
1215
1086
  ): this;
1216
1087
  }
1088
+ interface DecipherGCM extends Decipheriv, DecipherAEADMethods {}
1089
+ interface DecipherOCB extends Decipheriv, DecipherAEADMethods {}
1090
+ interface DecipherChaCha20Poly1305 extends Decipheriv, DecipherAEADMethods {}
1217
1091
  interface PrivateKeyInput {
1218
- key: string | Buffer;
1219
- format?: KeyFormat | undefined;
1092
+ key: BinaryLike;
1093
+ format?: "pem" | "der" | undefined;
1220
1094
  type?: PrivateKeyExportType | undefined;
1221
- passphrase?: string | Buffer | undefined;
1222
- encoding?: string | undefined;
1095
+ passphrase?: BinaryLike | undefined;
1096
+ encoding?: BufferEncoding | undefined;
1223
1097
  }
1224
1098
  interface PublicKeyInput {
1225
- key: string | Buffer;
1226
- format?: KeyFormat | undefined;
1099
+ key: BinaryLike;
1100
+ format?: "pem" | "der" | undefined;
1227
1101
  type?: PublicKeyExportType | undefined;
1228
- encoding?: string | undefined;
1102
+ encoding?: BufferEncoding | undefined;
1103
+ }
1104
+ interface RawPrivateKeyInput {
1105
+ key: ArrayBufferLike | NodeJS.ArrayBufferView;
1106
+ format: "raw-private" | "raw-seed";
1107
+ asymmetricKeyType: AsymmetricKeyType;
1108
+ namedCurve?: string | undefined;
1109
+ }
1110
+ interface RawPublicKeyInput {
1111
+ key: ArrayBufferLike | NodeJS.ArrayBufferView;
1112
+ format: "raw-public";
1113
+ asymmetricKeyType: AsymmetricKeyType;
1114
+ namedCurve?: string | undefined;
1115
+ }
1116
+ interface JsonWebKeyInput {
1117
+ key: webcrypto.JsonWebKey;
1118
+ format: "jwk";
1119
+ }
1120
+ interface SecretKeyOptions {
1121
+ length: number;
1229
1122
  }
1230
1123
  /**
1231
1124
  * Asynchronously generates a new random secret key of the given `length`. The `type` will determine which validations will be performed on the `length`.
@@ -1248,9 +1141,7 @@ declare module "node:crypto" {
1248
1141
  */
1249
1142
  function generateKey(
1250
1143
  type: "hmac" | "aes",
1251
- options: {
1252
- length: number;
1253
- },
1144
+ options: SecretKeyOptions,
1254
1145
  callback: (err: Error | null, key: KeyObject) => void,
1255
1146
  ): void;
1256
1147
  /**
@@ -1270,16 +1161,7 @@ declare module "node:crypto" {
1270
1161
  * @since v15.0.0
1271
1162
  * @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
1272
1163
  */
1273
- function generateKeySync(
1274
- type: "hmac" | "aes",
1275
- options: {
1276
- length: number;
1277
- },
1278
- ): KeyObject;
1279
- interface JsonWebKeyInput {
1280
- key: webcrypto.JsonWebKey;
1281
- format: "jwk";
1282
- }
1164
+ function generateKeySync(type: "hmac" | "aes", options: SecretKeyOptions): KeyObject;
1283
1165
  /**
1284
1166
  * Creates and returns a new key object containing a private key. If `key` is a
1285
1167
  * string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key` must be an object with the properties described above.
@@ -1288,7 +1170,7 @@ declare module "node:crypto" {
1288
1170
  * of the passphrase is limited to 1024 bytes.
1289
1171
  * @since v11.6.0
1290
1172
  */
1291
- function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
1173
+ function createPrivateKey(key: PrivateKeyInput | RawPrivateKeyInput | JsonWebKeyInput | BinaryLike): KeyObject;
1292
1174
  /**
1293
1175
  * Creates and returns a new key object containing a public key. If `key` is a
1294
1176
  * string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject` with type `'private'`, the public key is derived from the given private key;
@@ -1303,15 +1185,14 @@ declare module "node:crypto" {
1303
1185
  * and it will be impossible to extract the private key from the returned object.
1304
1186
  * @since v11.6.0
1305
1187
  */
1306
- function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject | JsonWebKeyInput): KeyObject;
1188
+ function createPublicKey(key: PublicKeyInput | RawPublicKeyInput | JsonWebKeyInput | BinaryLike): KeyObject;
1307
1189
  /**
1308
1190
  * Creates and returns a new key object containing a secret key for symmetric
1309
1191
  * encryption or `Hmac`.
1310
1192
  * @since v11.6.0
1311
1193
  * @param encoding The string encoding when `key` is a string.
1312
1194
  */
1313
- function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
1314
- function createSecretKey(key: string, encoding: BufferEncoding): KeyObject;
1195
+ function createSecretKey(key: BinaryLike, encoding?: BufferEncoding): KeyObject;
1315
1196
  /**
1316
1197
  * Creates and returns a `Sign` object that uses the given `algorithm`. Use {@link getHashes} to obtain the names of the available digest algorithms.
1317
1198
  * Optional `options` argument controls the `stream.Writable` behavior.
@@ -1324,29 +1205,26 @@ declare module "node:crypto" {
1324
1205
  * @since v0.1.92
1325
1206
  * @param options `stream.Writable` options
1326
1207
  */
1327
- // TODO: signing algorithm type
1328
- function createSign(algorithm: string, options?: stream.WritableOptions): Sign;
1208
+ function createSign(algorithm: string, options?: WritableOptions): Sign;
1329
1209
  type DSAEncoding = "der" | "ieee-p1363";
1330
1210
  interface SigningOptions {
1331
- /**
1332
- * @see crypto.constants.RSA_PKCS1_PADDING
1333
- */
1334
1211
  padding?: number | undefined;
1335
1212
  saltLength?: number | undefined;
1336
1213
  dsaEncoding?: DSAEncoding | undefined;
1337
- context?: ArrayBuffer | NodeJS.ArrayBufferView | undefined;
1214
+ context?: NodeJS.ArrayBufferView | undefined;
1338
1215
  }
1339
1216
  interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
1217
+ interface SignRawPrivateKeyInput extends RawPrivateKeyInput, SigningOptions {}
1218
+ interface SignJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
1340
1219
  interface SignKeyObjectInput extends SigningOptions {
1341
1220
  key: KeyObject;
1342
1221
  }
1343
- interface SignJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
1344
1222
  interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions {}
1223
+ interface VerifyRawPublicKeyInput extends RawPublicKeyInput, SigningOptions {}
1224
+ interface VerifyJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
1345
1225
  interface VerifyKeyObjectInput extends SigningOptions {
1346
1226
  key: KeyObject;
1347
1227
  }
1348
- interface VerifyJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
1349
- type KeyLike = string | Buffer | KeyObject;
1350
1228
  /**
1351
1229
  * The `Sign` class is a utility for generating signatures. It can be used in one
1352
1230
  * of two ways:
@@ -1410,7 +1288,7 @@ declare module "node:crypto" {
1410
1288
  * ```
1411
1289
  * @since v0.1.92
1412
1290
  */
1413
- class Sign extends stream.Writable {
1291
+ class Sign extends Writable {
1414
1292
  private constructor();
1415
1293
  /**
1416
1294
  * Updates the `Sign` content with the given `data`, the encoding of which
@@ -1422,8 +1300,7 @@ declare module "node:crypto" {
1422
1300
  * @since v0.1.92
1423
1301
  * @param inputEncoding The `encoding` of the `data` string.
1424
1302
  */
1425
- update(data: BinaryLike): this;
1426
- update(data: string, inputEncoding: Encoding): this;
1303
+ update(data: string | NodeJS.ArrayBufferView, inputEncoding?: BufferEncoding): this;
1427
1304
  /**
1428
1305
  * Calculates the signature on all the data passed through using either `sign.update()` or `sign.write()`.
1429
1306
  *
@@ -1436,10 +1313,22 @@ declare module "node:crypto" {
1436
1313
  * called. Multiple calls to `sign.sign()` will result in an error being thrown.
1437
1314
  * @since v0.1.92
1438
1315
  */
1439
- sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput): NonSharedBuffer;
1440
1316
  sign(
1441
- privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
1442
- outputFormat: BinaryToTextEncoding,
1317
+ privateKey:
1318
+ | KeyLike
1319
+ | SignKeyObjectInput
1320
+ | SignPrivateKeyInput
1321
+ | SignRawPrivateKeyInput
1322
+ | SignJsonWebKeyInput,
1323
+ ): NonSharedBuffer;
1324
+ sign(
1325
+ privateKey:
1326
+ | KeyLike
1327
+ | SignKeyObjectInput
1328
+ | SignPrivateKeyInput
1329
+ | SignRawPrivateKeyInput
1330
+ | SignJsonWebKeyInput,
1331
+ outputFormat: BufferEncoding,
1443
1332
  ): string;
1444
1333
  }
1445
1334
  /**
@@ -1455,7 +1344,7 @@ declare module "node:crypto" {
1455
1344
  * @since v0.1.92
1456
1345
  * @param options `stream.Writable` options
1457
1346
  */
1458
- function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
1347
+ function createVerify(algorithm: string, options?: WritableOptions): Verify;
1459
1348
  /**
1460
1349
  * The `Verify` class is a utility for verifying signatures. It can be used in one
1461
1350
  * of two ways:
@@ -1470,7 +1359,7 @@ declare module "node:crypto" {
1470
1359
  * See `Sign` for examples.
1471
1360
  * @since v0.1.92
1472
1361
  */
1473
- class Verify extends stream.Writable {
1362
+ class Verify extends Writable {
1474
1363
  private constructor();
1475
1364
  /**
1476
1365
  * Updates the `Verify` content with the given `data`, the encoding of which
@@ -1482,8 +1371,7 @@ declare module "node:crypto" {
1482
1371
  * @since v0.1.92
1483
1372
  * @param inputEncoding The `encoding` of the `data` string.
1484
1373
  */
1485
- update(data: BinaryLike): Verify;
1486
- update(data: string, inputEncoding: Encoding): Verify;
1374
+ update(data: string | NodeJS.ArrayBufferView, inputEncoding?: BufferEncoding): Verify;
1487
1375
  /**
1488
1376
  * Verifies the provided data using the given `object` and `signature`.
1489
1377
  *
@@ -1504,13 +1392,14 @@ declare module "node:crypto" {
1504
1392
  * @since v0.1.92
1505
1393
  */
1506
1394
  verify(
1507
- object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
1508
- signature: NodeJS.ArrayBufferView,
1509
- ): boolean;
1510
- verify(
1511
- object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
1512
- signature: string,
1513
- signature_format?: BinaryToTextEncoding,
1395
+ object:
1396
+ | KeyLike
1397
+ | VerifyKeyObjectInput
1398
+ | VerifyPublicKeyInput
1399
+ | VerifyRawPublicKeyInput
1400
+ | VerifyJsonWebKeyInput,
1401
+ signature: BinaryLike,
1402
+ signatureEncoding?: BufferEncoding,
1514
1403
  ): boolean;
1515
1404
  }
1516
1405
  /**
@@ -1531,24 +1420,15 @@ declare module "node:crypto" {
1531
1420
  */
1532
1421
  function createDiffieHellman(primeLength: number, generator?: number): DiffieHellman;
1533
1422
  function createDiffieHellman(
1534
- prime: ArrayBuffer | NodeJS.ArrayBufferView,
1535
- generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
1536
- ): DiffieHellman;
1537
- function createDiffieHellman(
1538
- prime: ArrayBuffer | NodeJS.ArrayBufferView,
1539
- generator: string,
1540
- generatorEncoding: BinaryToTextEncoding,
1423
+ prime: BinaryLike,
1424
+ primeEncoding?: BufferEncoding,
1425
+ generator?: number | BinaryLike,
1426
+ generatorEncoding?: BufferEncoding,
1541
1427
  ): DiffieHellman;
1542
1428
  function createDiffieHellman(
1543
- prime: string,
1544
- primeEncoding: BinaryToTextEncoding,
1545
- generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
1546
- ): DiffieHellman;
1547
- function createDiffieHellman(
1548
- prime: string,
1549
- primeEncoding: BinaryToTextEncoding,
1550
- generator: string,
1551
- generatorEncoding: BinaryToTextEncoding,
1429
+ prime: BinaryLike,
1430
+ generator: number | BinaryLike,
1431
+ generatorEncoding?: BufferEncoding,
1552
1432
  ): DiffieHellman;
1553
1433
  /**
1554
1434
  * The `DiffieHellman` class is a utility for creating Diffie-Hellman key
@@ -1596,7 +1476,7 @@ declare module "node:crypto" {
1596
1476
  * @param encoding The `encoding` of the return value.
1597
1477
  */
1598
1478
  generateKeys(): NonSharedBuffer;
1599
- generateKeys(encoding: BinaryToTextEncoding): string;
1479
+ generateKeys(encoding: BufferEncoding): string;
1600
1480
  /**
1601
1481
  * Computes the shared secret using `otherPublicKey` as the other
1602
1482
  * party's public key and returns the computed shared secret. The supplied
@@ -1611,24 +1491,13 @@ declare module "node:crypto" {
1611
1491
  * @param outputEncoding The `encoding` of the return value.
1612
1492
  */
1613
1493
  computeSecret(
1614
- otherPublicKey: NodeJS.ArrayBufferView,
1615
- inputEncoding?: null,
1616
- outputEncoding?: null,
1494
+ otherPublicKey: BinaryLike,
1495
+ inputEncoding?: BufferEncoding,
1617
1496
  ): NonSharedBuffer;
1618
1497
  computeSecret(
1619
- otherPublicKey: string,
1620
- inputEncoding: BinaryToTextEncoding,
1621
- outputEncoding?: null,
1622
- ): NonSharedBuffer;
1623
- computeSecret(
1624
- otherPublicKey: NodeJS.ArrayBufferView,
1625
- inputEncoding: null,
1626
- outputEncoding: BinaryToTextEncoding,
1627
- ): string;
1628
- computeSecret(
1629
- otherPublicKey: string,
1630
- inputEncoding: BinaryToTextEncoding,
1631
- outputEncoding: BinaryToTextEncoding,
1498
+ otherPublicKey: BinaryLike,
1499
+ inputEncoding: BufferEncoding | null | undefined,
1500
+ outputEncoding: BufferEncoding,
1632
1501
  ): string;
1633
1502
  /**
1634
1503
  * Returns the Diffie-Hellman prime in the specified `encoding`.
@@ -1638,7 +1507,7 @@ declare module "node:crypto" {
1638
1507
  * @param encoding The `encoding` of the return value.
1639
1508
  */
1640
1509
  getPrime(): NonSharedBuffer;
1641
- getPrime(encoding: BinaryToTextEncoding): string;
1510
+ getPrime(encoding: BufferEncoding): string;
1642
1511
  /**
1643
1512
  * Returns the Diffie-Hellman generator in the specified `encoding`.
1644
1513
  * If `encoding` is provided a string is
@@ -1647,7 +1516,7 @@ declare module "node:crypto" {
1647
1516
  * @param encoding The `encoding` of the return value.
1648
1517
  */
1649
1518
  getGenerator(): NonSharedBuffer;
1650
- getGenerator(encoding: BinaryToTextEncoding): string;
1519
+ getGenerator(encoding: BufferEncoding): string;
1651
1520
  /**
1652
1521
  * Returns the Diffie-Hellman public key in the specified `encoding`.
1653
1522
  * If `encoding` is provided a
@@ -1656,7 +1525,7 @@ declare module "node:crypto" {
1656
1525
  * @param encoding The `encoding` of the return value.
1657
1526
  */
1658
1527
  getPublicKey(): NonSharedBuffer;
1659
- getPublicKey(encoding: BinaryToTextEncoding): string;
1528
+ getPublicKey(encoding: BufferEncoding): string;
1660
1529
  /**
1661
1530
  * Returns the Diffie-Hellman private key in the specified `encoding`.
1662
1531
  * If `encoding` is provided a
@@ -1665,7 +1534,7 @@ declare module "node:crypto" {
1665
1534
  * @param encoding The `encoding` of the return value.
1666
1535
  */
1667
1536
  getPrivateKey(): NonSharedBuffer;
1668
- getPrivateKey(encoding: BinaryToTextEncoding): string;
1537
+ getPrivateKey(encoding: BufferEncoding): string;
1669
1538
  /**
1670
1539
  * Sets the Diffie-Hellman public key. If the `encoding` argument is provided, `publicKey` is expected
1671
1540
  * to be a string. If no `encoding` is provided, `publicKey` is expected
@@ -1673,8 +1542,7 @@ declare module "node:crypto" {
1673
1542
  * @since v0.5.0
1674
1543
  * @param encoding The `encoding` of the `publicKey` string.
1675
1544
  */
1676
- setPublicKey(publicKey: NodeJS.ArrayBufferView): void;
1677
- setPublicKey(publicKey: string, encoding: BufferEncoding): void;
1545
+ setPublicKey(publicKey: BinaryLike, encoding?: BufferEncoding): void;
1678
1546
  /**
1679
1547
  * Sets the Diffie-Hellman private key. If the `encoding` argument is provided,`privateKey` is expected
1680
1548
  * to be a string. If no `encoding` is provided, `privateKey` is expected
@@ -1685,8 +1553,7 @@ declare module "node:crypto" {
1685
1553
  * @since v0.5.0
1686
1554
  * @param encoding The `encoding` of the `privateKey` string.
1687
1555
  */
1688
- setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
1689
- setPrivateKey(privateKey: string, encoding: BufferEncoding): void;
1556
+ setPrivateKey(privateKey: BinaryLike, encoding?: BufferEncoding): void;
1690
1557
  /**
1691
1558
  * A bit field containing any warnings and/or errors resulting from a check
1692
1559
  * performed during initialization of the `DiffieHellman` object.
@@ -1724,13 +1591,10 @@ declare module "node:crypto" {
1724
1591
  * ```
1725
1592
  * @since v0.7.5
1726
1593
  */
1727
- const DiffieHellmanGroup: DiffieHellmanGroupConstructor;
1728
- interface DiffieHellmanGroupConstructor {
1729
- new(name: string): DiffieHellmanGroup;
1730
- (name: string): DiffieHellmanGroup;
1731
- readonly prototype: DiffieHellmanGroup;
1594
+ class DiffieHellmanGroup {
1595
+ private constructor();
1732
1596
  }
1733
- type DiffieHellmanGroup = Omit<DiffieHellman, "setPublicKey" | "setPrivateKey">;
1597
+ interface DiffieHellmanGroup extends Omit<DiffieHellman, "setPublicKey" | "setPrivateKey"> {}
1734
1598
  /**
1735
1599
  * Creates a predefined `DiffieHellmanGroup` key exchange object. The
1736
1600
  * supported groups are listed in the documentation for `DiffieHellmanGroup`.
@@ -1944,9 +1808,8 @@ declare module "node:crypto" {
1944
1808
  * console.log(`The dice rolled: ${n}`);
1945
1809
  * ```
1946
1810
  * @since v14.10.0, v12.19.0
1947
- * @param [min=0] Start of random range (inclusive).
1811
+ * @param min Start of random range (inclusive).
1948
1812
  * @param max End of random range (exclusive).
1949
- * @param callback `function(err, n) {}`.
1950
1813
  */
1951
1814
  function randomInt(max: number): number;
1952
1815
  function randomInt(min: number, max: number): number;
@@ -1993,7 +1856,11 @@ declare module "node:crypto" {
1993
1856
  * @param [size=buffer.length - offset]
1994
1857
  * @return The object passed as `buffer` argument.
1995
1858
  */
1996
- function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
1859
+ function randomFillSync<T extends ArrayBufferLike | NodeJS.ArrayBufferView>(
1860
+ buffer: T,
1861
+ offset?: number,
1862
+ size?: number,
1863
+ ): T;
1997
1864
  /**
1998
1865
  * This function is similar to {@link randomBytes} but requires the first
1999
1866
  * argument to be a `Buffer` that will be filled. It also
@@ -2069,16 +1936,16 @@ declare module "node:crypto" {
2069
1936
  * @param [size=buffer.length - offset]
2070
1937
  * @param callback `function(err, buf) {}`.
2071
1938
  */
2072
- function randomFill<T extends NodeJS.ArrayBufferView>(
1939
+ function randomFill<T extends ArrayBufferLike | NodeJS.ArrayBufferView>(
2073
1940
  buffer: T,
2074
1941
  callback: (err: Error | null, buf: T) => void,
2075
1942
  ): void;
2076
- function randomFill<T extends NodeJS.ArrayBufferView>(
1943
+ function randomFill<T extends ArrayBufferLike | NodeJS.ArrayBufferView>(
2077
1944
  buffer: T,
2078
1945
  offset: number,
2079
1946
  callback: (err: Error | null, buf: T) => void,
2080
1947
  ): void;
2081
- function randomFill<T extends NodeJS.ArrayBufferView>(
1948
+ function randomFill<T extends ArrayBufferLike | NodeJS.ArrayBufferView>(
2082
1949
  buffer: T,
2083
1950
  offset: number,
2084
1951
  size: number,
@@ -2176,19 +2043,25 @@ declare module "node:crypto" {
2176
2043
  keylen: number,
2177
2044
  options?: ScryptOptions,
2178
2045
  ): NonSharedBuffer;
2179
- interface RsaPublicKey {
2180
- key: KeyLike;
2046
+ interface PublicDecryptOptions {
2181
2047
  padding?: number | undefined;
2048
+ encoding?: BufferEncoding | undefined;
2182
2049
  }
2183
- interface RsaPrivateKey {
2184
- key: KeyLike;
2185
- passphrase?: string | undefined;
2186
- /**
2187
- * @default 'sha1'
2188
- */
2050
+ interface PublicDecryptPrivateKeyInput extends PrivateKeyInput, PublicDecryptOptions {}
2051
+ interface PublicDecryptPublicKeyInput extends PublicKeyInput, PublicDecryptOptions {}
2052
+ interface PublicDecryptJsonWebKeyInput extends JsonWebKeyInput, PublicDecryptOptions {}
2053
+ interface PublicDecryptKeyObjectInput extends PublicDecryptOptions {
2054
+ key: KeyObject;
2055
+ }
2056
+ interface PublicEncryptOptions extends PublicDecryptOptions {
2189
2057
  oaepHash?: string | undefined;
2190
- oaepLabel?: NodeJS.TypedArray | undefined;
2191
- padding?: number | undefined;
2058
+ oaepLabel?: BinaryLike | undefined;
2059
+ }
2060
+ interface PublicEncryptPrivateKeyInput extends PrivateKeyInput, PublicEncryptOptions {}
2061
+ interface PublicEncryptPublicKeyInput extends PublicKeyInput, PublicEncryptOptions {}
2062
+ interface PublicEncryptJsonWebKeyInput extends JsonWebKeyInput, PublicEncryptOptions {}
2063
+ interface PublicEncryptKeyObjectInput extends PublicEncryptOptions {
2064
+ key: KeyObject;
2192
2065
  }
2193
2066
  /**
2194
2067
  * Encrypts the content of `buffer` with `key` and returns a new `Buffer` with encrypted content. The returned data can be decrypted using
@@ -2202,8 +2075,13 @@ declare module "node:crypto" {
2202
2075
  * @since v0.11.14
2203
2076
  */
2204
2077
  function publicEncrypt(
2205
- key: RsaPublicKey | RsaPrivateKey | KeyLike,
2206
- buffer: NodeJS.ArrayBufferView | string,
2078
+ key:
2079
+ | KeyLike
2080
+ | PublicEncryptKeyObjectInput
2081
+ | PublicEncryptPrivateKeyInput
2082
+ | PublicEncryptPublicKeyInput
2083
+ | PublicEncryptJsonWebKeyInput,
2084
+ buffer: BinaryLike,
2207
2085
  ): NonSharedBuffer;
2208
2086
  /**
2209
2087
  * Decrypts `buffer` with `key`.`buffer` was previously encrypted using
@@ -2217,8 +2095,13 @@ declare module "node:crypto" {
2217
2095
  * @since v1.1.0
2218
2096
  */
2219
2097
  function publicDecrypt(
2220
- key: RsaPublicKey | RsaPrivateKey | KeyLike,
2221
- buffer: NodeJS.ArrayBufferView | string,
2098
+ key:
2099
+ | KeyLike
2100
+ | PublicDecryptKeyObjectInput
2101
+ | PublicDecryptPrivateKeyInput
2102
+ | PublicDecryptPublicKeyInput
2103
+ | PublicDecryptJsonWebKeyInput,
2104
+ buffer: BinaryLike,
2222
2105
  ): NonSharedBuffer;
2223
2106
  /**
2224
2107
  * Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using
@@ -2229,8 +2112,12 @@ declare module "node:crypto" {
2229
2112
  * @since v0.11.14
2230
2113
  */
2231
2114
  function privateDecrypt(
2232
- privateKey: RsaPrivateKey | KeyLike,
2233
- buffer: NodeJS.ArrayBufferView | string,
2115
+ privateKey:
2116
+ | KeyLike
2117
+ | PublicEncryptKeyObjectInput
2118
+ | PublicEncryptPrivateKeyInput
2119
+ | PublicEncryptJsonWebKeyInput,
2120
+ buffer: BinaryLike,
2234
2121
  ): NonSharedBuffer;
2235
2122
  /**
2236
2123
  * Encrypts `buffer` with `privateKey`. The returned data can be decrypted using
@@ -2241,8 +2128,12 @@ declare module "node:crypto" {
2241
2128
  * @since v1.1.0
2242
2129
  */
2243
2130
  function privateEncrypt(
2244
- privateKey: RsaPrivateKey | KeyLike,
2245
- buffer: NodeJS.ArrayBufferView | string,
2131
+ privateKey:
2132
+ | KeyLike
2133
+ | PublicDecryptKeyObjectInput
2134
+ | PublicDecryptPrivateKeyInput
2135
+ | PublicDecryptJsonWebKeyInput,
2136
+ buffer: BinaryLike,
2246
2137
  ): NonSharedBuffer;
2247
2138
  /**
2248
2139
  * ```js
@@ -2292,6 +2183,7 @@ declare module "node:crypto" {
2292
2183
  * @return An array of the names of the supported hash algorithms, such as `'RSA-SHA256'`. Hash algorithms are also called "digest" algorithms.
2293
2184
  */
2294
2185
  function getHashes(): string[];
2186
+ type ECDHKeyFormat = "compressed" | "uncompressed" | "hybrid";
2295
2187
  /**
2296
2188
  * The `ECDH` class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)
2297
2189
  * key exchanges.
@@ -2364,15 +2256,21 @@ declare module "node:crypto" {
2364
2256
  * @since v10.0.0
2365
2257
  * @param inputEncoding The `encoding` of the `key` string.
2366
2258
  * @param outputEncoding The `encoding` of the return value.
2367
- * @param [format='uncompressed']
2368
2259
  */
2369
2260
  static convertKey(
2370
2261
  key: BinaryLike,
2371
2262
  curve: string,
2372
- inputEncoding?: BinaryToTextEncoding,
2373
- outputEncoding?: "latin1" | "hex" | "base64" | "base64url",
2263
+ inputEncoding?: BufferEncoding,
2264
+ outputEncoding?: null,
2374
2265
  format?: "uncompressed" | "compressed" | "hybrid",
2375
- ): NonSharedBuffer | string;
2266
+ ): NonSharedBuffer;
2267
+ static convertKey(
2268
+ key: BinaryLike,
2269
+ curve: string,
2270
+ inputEncoding: BufferEncoding | null | undefined,
2271
+ outputEncoding: BufferEncoding,
2272
+ format?: "uncompressed" | "compressed" | "hybrid",
2273
+ ): string;
2376
2274
  /**
2377
2275
  * Generates private and public EC Diffie-Hellman key values, and returns
2378
2276
  * the public key in the specified `format` and `encoding`. This key should be
@@ -2385,8 +2283,8 @@ declare module "node:crypto" {
2385
2283
  * @param encoding The `encoding` of the return value.
2386
2284
  * @param [format='uncompressed']
2387
2285
  */
2388
- generateKeys(): NonSharedBuffer;
2389
- generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
2286
+ generateKeys(encoding?: null, format?: ECDHKeyFormat): NonSharedBuffer;
2287
+ generateKeys(encoding: BufferEncoding, format?: ECDHKeyFormat): string;
2390
2288
  /**
2391
2289
  * Computes the shared secret using `otherPublicKey` as the other
2392
2290
  * party's public key and returns the computed shared secret. The supplied
@@ -2404,13 +2302,11 @@ declare module "node:crypto" {
2404
2302
  * @param inputEncoding The `encoding` of the `otherPublicKey` string.
2405
2303
  * @param outputEncoding The `encoding` of the return value.
2406
2304
  */
2407
- computeSecret(otherPublicKey: NodeJS.ArrayBufferView): NonSharedBuffer;
2408
- computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding): NonSharedBuffer;
2409
- computeSecret(otherPublicKey: NodeJS.ArrayBufferView, outputEncoding: BinaryToTextEncoding): string;
2305
+ computeSecret(otherPublicKey: BinaryLike, inputEncoding?: BufferEncoding): NonSharedBuffer;
2410
2306
  computeSecret(
2411
- otherPublicKey: string,
2412
- inputEncoding: BinaryToTextEncoding,
2413
- outputEncoding: BinaryToTextEncoding,
2307
+ otherPublicKey: BinaryLike,
2308
+ inputEncoding: BufferEncoding | null | undefined,
2309
+ outputEncoding: BufferEncoding,
2414
2310
  ): string;
2415
2311
  /**
2416
2312
  * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
@@ -2420,7 +2316,7 @@ declare module "node:crypto" {
2420
2316
  * @return The EC Diffie-Hellman in the specified `encoding`.
2421
2317
  */
2422
2318
  getPrivateKey(): NonSharedBuffer;
2423
- getPrivateKey(encoding: BinaryToTextEncoding): string;
2319
+ getPrivateKey(encoding: BufferEncoding): string;
2424
2320
  /**
2425
2321
  * The `format` argument specifies point encoding and can be `'compressed'` or `'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
2426
2322
  *
@@ -2432,7 +2328,7 @@ declare module "node:crypto" {
2432
2328
  * @return The EC Diffie-Hellman public key in the specified `encoding` and `format`.
2433
2329
  */
2434
2330
  getPublicKey(encoding?: null, format?: ECDHKeyFormat): NonSharedBuffer;
2435
- getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
2331
+ getPublicKey(encoding: BufferEncoding, format?: ECDHKeyFormat): string;
2436
2332
  /**
2437
2333
  * Sets the EC Diffie-Hellman private key.
2438
2334
  * If `encoding` is provided, `privateKey` is expected
@@ -2444,8 +2340,7 @@ declare module "node:crypto" {
2444
2340
  * @since v0.11.14
2445
2341
  * @param encoding The `encoding` of the `privateKey` string.
2446
2342
  */
2447
- setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
2448
- setPrivateKey(privateKey: string, encoding: BinaryToTextEncoding): void;
2343
+ setPrivateKey(privateKey: BinaryLike, encoding?: BufferEncoding): void;
2449
2344
  }
2450
2345
  /**
2451
2346
  * Creates an Elliptic Curve Diffie-Hellman (`ECDH`) key exchange object using a
@@ -2480,46 +2375,22 @@ declare module "node:crypto" {
2480
2375
  * not introduce timing vulnerabilities.
2481
2376
  * @since v6.6.0
2482
2377
  */
2483
- function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
2378
+ function timingSafeEqual(
2379
+ a: ArrayBufferLike | NodeJS.ArrayBufferView,
2380
+ b: ArrayBufferLike | NodeJS.ArrayBufferView,
2381
+ ): boolean;
2484
2382
  interface DHKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {
2485
- /**
2486
- * The prime parameter
2487
- */
2488
- prime?: Buffer | undefined;
2489
- /**
2490
- * Prime length in bits
2491
- */
2383
+ prime?: NodeJS.ArrayBufferView | undefined;
2492
2384
  primeLength?: number | undefined;
2493
- /**
2494
- * Custom generator
2495
- * @default 2
2496
- */
2497
2385
  generator?: number | undefined;
2498
- /**
2499
- * Diffie-Hellman group name
2500
- * @see {@link getDiffieHellman}
2501
- */
2502
2386
  groupName?: string | undefined;
2503
2387
  }
2504
2388
  interface DSAKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {
2505
- /**
2506
- * Key size in bits
2507
- */
2508
2389
  modulusLength: number;
2509
- /**
2510
- * Size of q in bits
2511
- */
2512
- divisorLength: number;
2390
+ divisorLength?: number | undefined;
2513
2391
  }
2514
2392
  interface ECKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8" | "sec1"> {
2515
- /**
2516
- * Name of the curve to use
2517
- */
2518
2393
  namedCurve: string;
2519
- /**
2520
- * Must be `'named'` or `'explicit'`
2521
- * @default 'named'
2522
- */
2523
2394
  paramEncoding?: "explicit" | "named" | undefined;
2524
2395
  }
2525
2396
  interface ED25519KeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
@@ -2527,37 +2398,14 @@ declare module "node:crypto" {
2527
2398
  interface MLDSAKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
2528
2399
  interface MLKEMKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
2529
2400
  interface RSAPSSKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {
2530
- /**
2531
- * Key size in bits
2532
- */
2533
2401
  modulusLength: number;
2534
- /**
2535
- * Public exponent
2536
- * @default 0x10001
2537
- */
2538
2402
  publicExponent?: number | undefined;
2539
- /**
2540
- * Name of the message digest
2541
- */
2542
2403
  hashAlgorithm?: string | undefined;
2543
- /**
2544
- * Name of the message digest used by MGF1
2545
- */
2546
2404
  mgf1HashAlgorithm?: string | undefined;
2547
- /**
2548
- * Minimal salt length in bytes
2549
- */
2550
2405
  saltLength?: string | undefined;
2551
2406
  }
2552
2407
  interface RSAKeyPairOptions extends KeyPairExportOptions<"pkcs1" | "spki", "pkcs1" | "pkcs8"> {
2553
- /**
2554
- * Key size in bits
2555
- */
2556
2408
  modulusLength: number;
2557
- /**
2558
- * Public exponent
2559
- * @default 0x10001
2560
- */
2561
2409
  publicExponent?: number | undefined;
2562
2410
  }
2563
2411
  interface SLHDSAKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
@@ -2565,7 +2413,7 @@ declare module "node:crypto" {
2565
2413
  interface X448KeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
2566
2414
  /**
2567
2415
  * Generates a new asymmetric key pair of the given `type`. See the
2568
- * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
2416
+ * supported [asymmetric key types](https://nodejs.org/docs/latest-v26.x/api/crypto.html#asymmetric-key-types).
2569
2417
  *
2570
2418
  * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
2571
2419
  * behaves as if `keyObject.export()` had been called on its result. Otherwise,
@@ -2603,7 +2451,7 @@ declare module "node:crypto" {
2603
2451
  * it will be a buffer containing the data encoded as DER.
2604
2452
  * @since v10.12.0
2605
2453
  * @param type The asymmetric key type to generate. See the
2606
- * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
2454
+ * supported [asymmetric key types](https://nodejs.org/docs/latest-v26.x/api/crypto.html#asymmetric-key-types).
2607
2455
  */
2608
2456
  function generateKeyPairSync<T extends DHKeyPairOptions>(
2609
2457
  type: "dh",
@@ -2655,7 +2503,7 @@ declare module "node:crypto" {
2655
2503
  ): KeyPairExportResult<T>;
2656
2504
  /**
2657
2505
  * Generates a new asymmetric key pair of the given `type`. See the
2658
- * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
2506
+ * supported [asymmetric key types](https://nodejs.org/docs/latest-v26.x/api/crypto.html#asymmetric-key-types).
2659
2507
  *
2660
2508
  * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
2661
2509
  * behaves as if `keyObject.export()` had been called on its result. Otherwise,
@@ -2691,7 +2539,7 @@ declare module "node:crypto" {
2691
2539
  * a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
2692
2540
  * @since v10.12.0
2693
2541
  * @param type The asymmetric key type to generate. See the
2694
- * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
2542
+ * supported [asymmetric key types](https://nodejs.org/docs/latest-v26.x/api/crypto.html#asymmetric-key-types).
2695
2543
  */
2696
2544
  function generateKeyPair<T extends DHKeyPairOptions>(
2697
2545
  type: "dh",
@@ -2708,21 +2556,37 @@ declare module "node:crypto" {
2708
2556
  options: T,
2709
2557
  callback: KeyPairExportCallback<T>,
2710
2558
  ): void;
2559
+ function generateKeyPair(
2560
+ type: "ed25519",
2561
+ callback: KeyPairExportCallback,
2562
+ ): void;
2711
2563
  function generateKeyPair<T extends ED25519KeyPairOptions = {}>(
2712
2564
  type: "ed25519",
2713
2565
  options: T | undefined,
2714
2566
  callback: KeyPairExportCallback<T>,
2715
2567
  ): void;
2568
+ function generateKeyPair(
2569
+ type: "ed448",
2570
+ callback: KeyPairExportCallback,
2571
+ ): void;
2716
2572
  function generateKeyPair<T extends ED448KeyPairOptions = {}>(
2717
2573
  type: "ed448",
2718
2574
  options: T | undefined,
2719
2575
  callback: KeyPairExportCallback<T>,
2720
2576
  ): void;
2577
+ function generateKeyPair(
2578
+ type: MLDSAKeyType,
2579
+ callback: KeyPairExportCallback,
2580
+ ): void;
2721
2581
  function generateKeyPair<T extends MLDSAKeyPairOptions = {}>(
2722
2582
  type: MLDSAKeyType,
2723
2583
  options: T | undefined,
2724
2584
  callback: KeyPairExportCallback<T>,
2725
2585
  ): void;
2586
+ function generateKeyPair(
2587
+ type: MLKEMKeyType,
2588
+ callback: KeyPairExportCallback,
2589
+ ): void;
2726
2590
  function generateKeyPair<T extends MLKEMKeyPairOptions = {}>(
2727
2591
  type: MLKEMKeyType,
2728
2592
  options: T | undefined,
@@ -2738,16 +2602,28 @@ declare module "node:crypto" {
2738
2602
  options: T,
2739
2603
  callback: KeyPairExportCallback<T>,
2740
2604
  ): void;
2605
+ function generateKeyPair(
2606
+ type: SLHDSAKeyType,
2607
+ callback: KeyPairExportCallback,
2608
+ ): void;
2741
2609
  function generateKeyPair<T extends SLHDSAKeyPairOptions = {}>(
2742
2610
  type: SLHDSAKeyType,
2743
2611
  options: T | undefined,
2744
2612
  callback: KeyPairExportCallback<T>,
2745
2613
  ): void;
2614
+ function generateKeyPair(
2615
+ type: "x25519",
2616
+ callback: KeyPairExportCallback,
2617
+ ): void;
2746
2618
  function generateKeyPair<T extends X25519KeyPairOptions = {}>(
2747
2619
  type: "x25519",
2748
2620
  options: T | undefined,
2749
2621
  callback: KeyPairExportCallback<T>,
2750
2622
  ): void;
2623
+ function generateKeyPair(
2624
+ type: "x448",
2625
+ callback: KeyPairExportCallback,
2626
+ ): void;
2751
2627
  function generateKeyPair<T extends X448KeyPairOptions = {}>(
2752
2628
  type: "x448",
2753
2629
  options: T | undefined,
@@ -2820,12 +2696,12 @@ declare module "node:crypto" {
2820
2696
  */
2821
2697
  function sign(
2822
2698
  algorithm: string | null | undefined,
2823
- data: NodeJS.ArrayBufferView,
2699
+ data: ArrayBufferLike | NodeJS.ArrayBufferView,
2824
2700
  key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
2825
2701
  ): NonSharedBuffer;
2826
2702
  function sign(
2827
2703
  algorithm: string | null | undefined,
2828
- data: NodeJS.ArrayBufferView,
2704
+ data: ArrayBufferLike | NodeJS.ArrayBufferView,
2829
2705
  key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
2830
2706
  callback: (error: Error | null, data: NonSharedBuffer) => void,
2831
2707
  ): void;
@@ -2851,15 +2727,15 @@ declare module "node:crypto" {
2851
2727
  */
2852
2728
  function verify(
2853
2729
  algorithm: string | null | undefined,
2854
- data: NodeJS.ArrayBufferView,
2730
+ data: ArrayBufferLike | NodeJS.ArrayBufferView,
2855
2731
  key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
2856
- signature: NodeJS.ArrayBufferView,
2732
+ signature: ArrayBufferLike | NodeJS.ArrayBufferView,
2857
2733
  ): boolean;
2858
2734
  function verify(
2859
2735
  algorithm: string | null | undefined,
2860
- data: NodeJS.ArrayBufferView,
2736
+ data: ArrayBufferLike | NodeJS.ArrayBufferView,
2861
2737
  key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
2862
- signature: NodeJS.ArrayBufferView,
2738
+ signature: ArrayBufferLike | NodeJS.ArrayBufferView,
2863
2739
  callback: (error: Error | null, result: boolean) => void,
2864
2740
  ): void;
2865
2741
  /**
@@ -2882,14 +2758,18 @@ declare module "node:crypto" {
2882
2758
  * @since v24.7.0
2883
2759
  */
2884
2760
  function decapsulate(
2885
- key: KeyLike | PrivateKeyInput | JsonWebKeyInput,
2886
- ciphertext: ArrayBuffer | NodeJS.ArrayBufferView,
2761
+ key: KeyLike | PrivateKeyInput | RawPrivateKeyInput | JsonWebKeyInput,
2762
+ ciphertext: ArrayBufferLike | NodeJS.ArrayBufferView,
2887
2763
  ): NonSharedBuffer;
2888
2764
  function decapsulate(
2889
- key: KeyLike | PrivateKeyInput | JsonWebKeyInput,
2890
- ciphertext: ArrayBuffer | NodeJS.ArrayBufferView,
2765
+ key: KeyLike | PrivateKeyInput | RawPrivateKeyInput | JsonWebKeyInput,
2766
+ ciphertext: ArrayBufferLike | NodeJS.ArrayBufferView,
2891
2767
  callback: (err: Error, sharedKey: NonSharedBuffer) => void,
2892
2768
  ): void;
2769
+ interface DiffieHellmanOptions {
2770
+ privateKey: KeyLike | PrivateKeyInput;
2771
+ publicKey: KeyLike | PublicKeyInput;
2772
+ }
2893
2773
  /**
2894
2774
  * Computes the Diffie-Hellman shared secret based on a `privateKey` and a `publicKey`.
2895
2775
  * Both keys must have the same `asymmetricKeyType` and must support either the DH or
@@ -2898,9 +2778,9 @@ declare module "node:crypto" {
2898
2778
  * If the `callback` function is provided this function uses libuv's threadpool.
2899
2779
  * @since v13.9.0, v12.17.0
2900
2780
  */
2901
- function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): NonSharedBuffer;
2781
+ function diffieHellman(options: DiffieHellmanOptions): NonSharedBuffer;
2902
2782
  function diffieHellman(
2903
- options: { privateKey: KeyObject; publicKey: KeyObject },
2783
+ options: DiffieHellmanOptions,
2904
2784
  callback: (err: Error | null, secret: NonSharedBuffer) => void,
2905
2785
  ): void;
2906
2786
  /**
@@ -2923,10 +2803,10 @@ declare module "node:crypto" {
2923
2803
  * @since v24.7.0
2924
2804
  */
2925
2805
  function encapsulate(
2926
- key: KeyLike | PublicKeyInput | JsonWebKeyInput,
2806
+ key: KeyLike | PublicKeyInput | RawPublicKeyInput | JsonWebKeyInput,
2927
2807
  ): { sharedKey: NonSharedBuffer; ciphertext: NonSharedBuffer };
2928
2808
  function encapsulate(
2929
- key: KeyLike | PublicKeyInput | JsonWebKeyInput,
2809
+ key: KeyLike | PublicKeyInput | RawPublicKeyInput | JsonWebKeyInput,
2930
2810
  callback: (err: Error, result: { sharedKey: NonSharedBuffer; ciphertext: NonSharedBuffer }) => void,
2931
2811
  ): void;
2932
2812
  interface OneShotDigestOptions {
@@ -2934,7 +2814,7 @@ declare module "node:crypto" {
2934
2814
  * Encoding used to encode the returned digest.
2935
2815
  * @default 'hex'
2936
2816
  */
2937
- outputEncoding?: BinaryToTextEncoding | "buffer" | undefined;
2817
+ outputEncoding?: BufferEncoding | "buffer" | undefined;
2938
2818
  /**
2939
2819
  * For XOF hash functions such as 'shake256', the outputLength option
2940
2820
  * can be used to specify the desired output length in bytes.
@@ -2942,7 +2822,7 @@ declare module "node:crypto" {
2942
2822
  outputLength?: number | undefined;
2943
2823
  }
2944
2824
  interface OneShotDigestOptionsWithStringEncoding extends OneShotDigestOptions {
2945
- outputEncoding?: BinaryToTextEncoding | undefined;
2825
+ outputEncoding?: BufferEncoding | undefined;
2946
2826
  }
2947
2827
  interface OneShotDigestOptionsWithBufferEncoding extends OneShotDigestOptions {
2948
2828
  outputEncoding: "buffer";
@@ -2986,7 +2866,7 @@ declare module "node:crypto" {
2986
2866
  function hash(
2987
2867
  algorithm: string,
2988
2868
  data: BinaryLike,
2989
- options?: OneShotDigestOptionsWithStringEncoding | BinaryToTextEncoding,
2869
+ options?: OneShotDigestOptionsWithStringEncoding | BufferEncoding,
2990
2870
  ): string;
2991
2871
  function hash(
2992
2872
  algorithm: string,
@@ -2996,7 +2876,7 @@ declare module "node:crypto" {
2996
2876
  function hash(
2997
2877
  algorithm: string,
2998
2878
  data: BinaryLike,
2999
- options: OneShotDigestOptions | BinaryToTextEncoding | "buffer",
2879
+ options: OneShotDigestOptions | BufferEncoding | "buffer",
3000
2880
  ): string | NonSharedBuffer;
3001
2881
  type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
3002
2882
  interface CipherInfoOptions {
@@ -3010,31 +2890,11 @@ declare module "node:crypto" {
3010
2890
  ivLength?: number | undefined;
3011
2891
  }
3012
2892
  interface CipherInfo {
3013
- /**
3014
- * The name of the cipher.
3015
- */
3016
2893
  name: string;
3017
- /**
3018
- * The nid of the cipher.
3019
- */
3020
2894
  nid: number;
3021
- /**
3022
- * The block size of the cipher in bytes.
3023
- * This property is omitted when mode is 'stream'.
3024
- */
3025
- blockSize?: number | undefined;
3026
- /**
3027
- * The expected or default initialization vector length in bytes.
3028
- * This property is omitted if the cipher does not use an initialization vector.
3029
- */
3030
- ivLength?: number | undefined;
3031
- /**
3032
- * The expected or default key length in bytes.
3033
- */
2895
+ blockSize?: number;
2896
+ ivLength?: number;
3034
2897
  keyLength: number;
3035
- /**
3036
- * The cipher mode.
3037
- */
3038
2898
  mode: CipherMode;
3039
2899
  }
3040
2900
  /**
@@ -3078,7 +2938,7 @@ declare module "node:crypto" {
3078
2938
  */
3079
2939
  function hkdf(
3080
2940
  digest: string,
3081
- irm: BinaryLike | KeyObject,
2941
+ ikm: KeyLike,
3082
2942
  salt: BinaryLike,
3083
2943
  info: BinaryLike,
3084
2944
  keylen: number,
@@ -3112,27 +2972,15 @@ declare module "node:crypto" {
3112
2972
  */
3113
2973
  function hkdfSync(
3114
2974
  digest: string,
3115
- ikm: BinaryLike | KeyObject,
2975
+ ikm: KeyLike,
3116
2976
  salt: BinaryLike,
3117
2977
  info: BinaryLike,
3118
2978
  keylen: number,
3119
2979
  ): ArrayBuffer;
3120
2980
  interface SecureHeapUsage {
3121
- /**
3122
- * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
3123
- */
3124
2981
  total: number;
3125
- /**
3126
- * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
3127
- */
3128
2982
  min: number;
3129
- /**
3130
- * The total number of bytes currently allocated from the secure heap.
3131
- */
3132
2983
  used: number;
3133
- /**
3134
- * The calculated ratio of `used` to `total` allocated bytes.
3135
- */
3136
2984
  utilization: number;
3137
2985
  }
3138
2986
  /**
@@ -3145,7 +2993,6 @@ declare module "node:crypto" {
3145
2993
  * Node.js will pre-emptively generate and persistently cache enough
3146
2994
  * random data to generate up to 128 random UUIDs. To generate a UUID
3147
2995
  * without using the cache, set `disableEntropyCache` to `true`.
3148
- *
3149
2996
  * @default `false`
3150
2997
  */
3151
2998
  disableEntropyCache?: boolean | undefined;
@@ -3158,25 +3005,10 @@ declare module "node:crypto" {
3158
3005
  */
3159
3006
  function randomUUID(options?: RandomUUIDOptions): UUID;
3160
3007
  interface X509CheckOptions {
3161
- /**
3162
- * @default 'always'
3163
- */
3164
3008
  subject?: "always" | "default" | "never" | undefined;
3165
- /**
3166
- * @default true
3167
- */
3168
3009
  wildcards?: boolean | undefined;
3169
- /**
3170
- * @default true
3171
- */
3172
3010
  partialWildcards?: boolean | undefined;
3173
- /**
3174
- * @default false
3175
- */
3176
3011
  multiLabelWildcards?: boolean | undefined;
3177
- /**
3178
- * @default false
3179
- */
3180
3012
  singleLabelSubdomains?: boolean | undefined;
3181
3013
  }
3182
3014
  /**
@@ -3329,7 +3161,7 @@ declare module "node:crypto" {
3329
3161
  * @since v22.10.0
3330
3162
  */
3331
3163
  readonly validToDate: Date;
3332
- constructor(buffer: BinaryLike);
3164
+ constructor(buffer: string | NodeJS.ArrayBufferView);
3333
3165
  /**
3334
3166
  * Checks whether the certificate matches the given email address.
3335
3167
  *
@@ -3432,13 +3264,10 @@ declare module "node:crypto" {
3432
3264
  */
3433
3265
  verify(publicKey: KeyObject): boolean;
3434
3266
  }
3435
- type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
3267
+ type LargeNumberLike = ArrayBufferLike | NodeJS.ArrayBufferView | bigint;
3436
3268
  interface GeneratePrimeOptions {
3437
3269
  add?: LargeNumberLike | undefined;
3438
3270
  rem?: LargeNumberLike | undefined;
3439
- /**
3440
- * @default false
3441
- */
3442
3271
  safe?: boolean | undefined;
3443
3272
  bigint?: boolean | undefined;
3444
3273
  }
@@ -3478,13 +3307,13 @@ declare module "node:crypto" {
3478
3307
  function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
3479
3308
  function generatePrime(
3480
3309
  size: number,
3481
- options: GeneratePrimeOptionsBigInt,
3482
- callback: (err: Error | null, prime: bigint) => void,
3310
+ options: GeneratePrimeOptionsArrayBuffer,
3311
+ callback: (err: Error | null, prime: ArrayBuffer) => void,
3483
3312
  ): void;
3484
3313
  function generatePrime(
3485
3314
  size: number,
3486
- options: GeneratePrimeOptionsArrayBuffer,
3487
- callback: (err: Error | null, prime: ArrayBuffer) => void,
3315
+ options: GeneratePrimeOptionsBigInt,
3316
+ callback: (err: Error | null, prime: bigint) => void,
3488
3317
  ): void;
3489
3318
  function generatePrime(
3490
3319
  size: number,
@@ -3519,8 +3348,8 @@ declare module "node:crypto" {
3519
3348
  * @param size The size (in bits) of the prime to generate.
3520
3349
  */
3521
3350
  function generatePrimeSync(size: number): ArrayBuffer;
3522
- function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
3523
3351
  function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
3352
+ function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
3524
3353
  function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
3525
3354
  interface CheckPrimeOptions {
3526
3355
  /**
@@ -3528,7 +3357,6 @@ declare module "node:crypto" {
3528
3357
  * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most `2**-64` for random input.
3529
3358
  * Care must be used when selecting a number of checks.
3530
3359
  * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
3531
- *
3532
3360
  * @default 0
3533
3361
  */
3534
3362
  checks?: number | undefined;
@@ -3588,47 +3416,14 @@ declare module "node:crypto" {
3588
3416
  >(typedArray: T): T;
3589
3417
  type Argon2Algorithm = "argon2d" | "argon2i" | "argon2id";
3590
3418
  interface Argon2Parameters {
3591
- /**
3592
- * REQUIRED, this is the password for password hashing applications of Argon2.
3593
- */
3594
- message: string | ArrayBuffer | NodeJS.ArrayBufferView;
3595
- /**
3596
- * REQUIRED, must be at least 8 bytes long. This is the salt for password hashing applications of Argon2.
3597
- */
3598
- nonce: string | ArrayBuffer | NodeJS.ArrayBufferView;
3599
- /**
3600
- * REQUIRED, degree of parallelism determines how many computational chains (lanes)
3601
- * can be run. Must be greater than 1 and less than `2**24-1`.
3602
- */
3419
+ message: BinaryLike;
3420
+ nonce: BinaryLike;
3603
3421
  parallelism: number;
3604
- /**
3605
- * REQUIRED, the length of the key to generate. Must be greater than 4 and
3606
- * less than `2**32-1`.
3607
- */
3608
3422
  tagLength: number;
3609
- /**
3610
- * REQUIRED, memory cost in 1KiB blocks. Must be greater than
3611
- * `8 * parallelism` and less than `2**32-1`. The actual number of blocks is rounded
3612
- * down to the nearest multiple of `4 * parallelism`.
3613
- */
3614
3423
  memory: number;
3615
- /**
3616
- * REQUIRED, number of passes (iterations). Must be greater than 1 and less
3617
- * than `2**32-1`.
3618
- */
3619
3424
  passes: number;
3620
- /**
3621
- * OPTIONAL, Random additional input,
3622
- * similar to the salt, that should **NOT** be stored with the derived key. This is known as pepper in
3623
- * password hashing applications. If used, must have a length not greater than `2**32-1` bytes.
3624
- */
3625
- secret?: string | ArrayBuffer | NodeJS.ArrayBufferView | undefined;
3626
- /**
3627
- * OPTIONAL, Additional data to
3628
- * be added to the hash, functionally equivalent to salt or secret, but meant for
3629
- * non-random data. If used, must have a length not greater than `2**32-1` bytes.
3630
- */
3631
- associatedData?: string | ArrayBuffer | NodeJS.ArrayBufferView | undefined;
3425
+ secret?: BinaryLike | undefined;
3426
+ associatedData?: BinaryLike | undefined;
3632
3427
  }
3633
3428
  /**
3634
3429
  * Provides an asynchronous [Argon2](https://www.rfc-editor.org/rfc/rfc9106.html) implementation. Argon2 is a password-based
@@ -3639,7 +3434,7 @@ declare module "node:crypto" {
3639
3434
  * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
3640
3435
  *
3641
3436
  * When passing strings for `message`, `nonce`, `secret` or `associatedData`, please
3642
- * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v25.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
3437
+ * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v26.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
3643
3438
  *
3644
3439
  * The `callback` function is called with two arguments: `err` and `derivedKey`.
3645
3440
  * `err` is an exception object when key derivation fails, otherwise `err` is
@@ -3683,7 +3478,7 @@ declare module "node:crypto" {
3683
3478
  * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
3684
3479
  *
3685
3480
  * When passing strings for `message`, `nonce`, `secret` or `associatedData`, please
3686
- * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v25.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
3481
+ * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v26.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
3687
3482
  *
3688
3483
  * An exception is thrown when key derivation fails, otherwise the derived key is
3689
3484
  * returned as a `Buffer`.
@@ -4052,6 +3847,94 @@ declare module "node:crypto" {
4052
3847
  ): Promise<ArrayBuffer>;
4053
3848
  }
4054
3849
  }
3850
+ /**
3851
+ * An object containing commonly used constants for crypto and security related
3852
+ * operations. The specific constants currently defined are described in
3853
+ * [Crypto constants](https://nodejs.org/docs/latest-v26.x/api/crypto.html#crypto-constants).
3854
+ * @since v6.3.0
3855
+ */
3856
+ namespace constants {
3857
+ const OPENSSL_VERSION_NUMBER: number;
3858
+ const SSL_OP_ALL: number;
3859
+ const SSL_OP_ALLOW_NO_DHE_KEX: number;
3860
+ const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
3861
+ const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
3862
+ const SSL_OP_CISCO_ANYCONNECT: number;
3863
+ const SSL_OP_COOKIE_EXCHANGE: number;
3864
+ const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
3865
+ const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
3866
+ const SSL_OP_LEGACY_SERVER_CONNECT: number;
3867
+ const SSL_OP_NO_COMPRESSION: number;
3868
+ const SSL_OP_NO_ENCRYPT_THEN_MAC: number;
3869
+ const SSL_OP_NO_QUERY_MTU: number;
3870
+ const SSL_OP_NO_RENEGOTIATION: number;
3871
+ const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
3872
+ const SSL_OP_NO_SSLv2: number;
3873
+ const SSL_OP_NO_SSLv3: number;
3874
+ const SSL_OP_NO_TICKET: number;
3875
+ const SSL_OP_NO_TLSv1: number;
3876
+ const SSL_OP_NO_TLSv1_1: number;
3877
+ const SSL_OP_NO_TLSv1_2: number;
3878
+ const SSL_OP_NO_TLSv1_3: number;
3879
+ const SSL_OP_PRIORITIZE_CHACHA: number;
3880
+ const SSL_OP_TLS_ROLLBACK_BUG: number;
3881
+ const ENGINE_METHOD_RSA: number;
3882
+ const ENGINE_METHOD_DSA: number;
3883
+ const ENGINE_METHOD_DH: number;
3884
+ const ENGINE_METHOD_RAND: number;
3885
+ const ENGINE_METHOD_EC: number;
3886
+ const ENGINE_METHOD_CIPHERS: number;
3887
+ const ENGINE_METHOD_DIGESTS: number;
3888
+ const ENGINE_METHOD_PKEY_METHS: number;
3889
+ const ENGINE_METHOD_PKEY_ASN1_METHS: number;
3890
+ const ENGINE_METHOD_ALL: number;
3891
+ const ENGINE_METHOD_NONE: number;
3892
+ const DH_CHECK_P_NOT_SAFE_PRIME: number;
3893
+ const DH_CHECK_P_NOT_PRIME: number;
3894
+ const DH_UNABLE_TO_CHECK_GENERATOR: number;
3895
+ const DH_NOT_SUITABLE_GENERATOR: number;
3896
+ const RSA_PKCS1_PADDING: number;
3897
+ const RSA_NO_PADDING: number;
3898
+ const RSA_PKCS1_OAEP_PADDING: number;
3899
+ const RSA_X931_PADDING: number;
3900
+ const RSA_PKCS1_PSS_PADDING: number;
3901
+ const RSA_PSS_SALTLEN_DIGEST: number;
3902
+ const RSA_PSS_SALTLEN_MAX_SIGN: number;
3903
+ const RSA_PSS_SALTLEN_AUTO: number;
3904
+ const TLS1_VERSION: number;
3905
+ const TLS1_1_VERSION: number;
3906
+ const TLS1_2_VERSION: number;
3907
+ const TLS1_3_VERSION: number;
3908
+ const POINT_CONVERSION_COMPRESSED: number;
3909
+ const POINT_CONVERSION_UNCOMPRESSED: number;
3910
+ const POINT_CONVERSION_HYBRID: number;
3911
+ const defaultCipherList: string;
3912
+ const defaultCoreCipherList: string;
3913
+ }
3914
+ // TODO: remove in future major version
3915
+ /** @deprecated This type will be removed in a future version. Use `BufferEncoding` instead. */
3916
+ type BinaryToTextEncoding = "base64" | "base64url" | "hex" | "binary";
3917
+ /** @deprecated This type will be removed in a future version. Use `BufferEncoding` instead. */
3918
+ type CharacterEncoding = "utf8" | "utf-8" | "utf16le" | "utf-16le" | "latin1";
3919
+ /** @deprecated This type will be removed in a future version. Use `BufferEncoding` instead. */
3920
+ type LegacyCharacterEncoding = "ascii" | "binary" | "ucs2" | "ucs-2";
3921
+ /** @deprecated This type will be removed in a future version. Use `BufferEncoding` instead. */
3922
+ type Encoding = BufferEncoding;
3923
+ /** @deprecated This type will be removed in a future version. Use `KeyLike` instead. */
3924
+ type CipherKey = KeyLike;
3925
+ /** @deprecated This type will be removed in a future version. */
3926
+ interface RsaPrivateKey {
3927
+ key: KeyLike;
3928
+ passphrase?: string | undefined;
3929
+ oaepHash?: string | undefined;
3930
+ oaepLabel?: NodeJS.TypedArray | undefined;
3931
+ padding?: number | undefined;
3932
+ }
3933
+ /** @deprecated This type will be removed in a future version. */
3934
+ interface RsaPublicKey {
3935
+ key: KeyLike;
3936
+ padding?: number | undefined;
3937
+ }
4055
3938
  }
4056
3939
  declare module "crypto" {
4057
3940
  export * from "node:crypto";