aizryu.js 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/.cache/replit/__replit_disk_meta.json +1 -0
- package/.cache/replit/modules.stamp +0 -0
- package/.cache/replit/nix/env.json +1 -0
- package/.cache/typescript/5.0/node_modules/.package-lock.json +156 -0
- package/.cache/typescript/5.0/node_modules/@types/body-parser/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/body-parser/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/body-parser/index.d.ts +95 -0
- package/.cache/typescript/5.0/node_modules/@types/body-parser/package.json +58 -0
- package/.cache/typescript/5.0/node_modules/@types/connect/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/connect/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/connect/index.d.ts +91 -0
- package/.cache/typescript/5.0/node_modules/@types/connect/package.json +32 -0
- package/.cache/typescript/5.0/node_modules/@types/express/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/express/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/express/index.d.ts +128 -0
- package/.cache/typescript/5.0/node_modules/@types/express/package.json +45 -0
- package/.cache/typescript/5.0/node_modules/@types/express-serve-static-core/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/express-serve-static-core/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/express-serve-static-core/index.d.ts +1261 -0
- package/.cache/typescript/5.0/node_modules/@types/express-serve-static-core/package.json +55 -0
- package/.cache/typescript/5.0/node_modules/@types/http-errors/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/http-errors/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/http-errors/index.d.ts +77 -0
- package/.cache/typescript/5.0/node_modules/@types/http-errors/package.json +30 -0
- package/.cache/typescript/5.0/node_modules/@types/jsdom/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/jsdom/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/jsdom/base.d.ts +456 -0
- package/.cache/typescript/5.0/node_modules/@types/jsdom/index.d.ts +18 -0
- package/.cache/typescript/5.0/node_modules/@types/jsdom/package.json +45 -0
- package/.cache/typescript/5.0/node_modules/@types/mime/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/mime/Mime.d.ts +10 -0
- package/.cache/typescript/5.0/node_modules/@types/mime/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/mime/index.d.ts +31 -0
- package/.cache/typescript/5.0/node_modules/@types/mime/lite.d.ts +7 -0
- package/.cache/typescript/5.0/node_modules/@types/mime/package.json +30 -0
- package/.cache/typescript/5.0/node_modules/@types/node/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/node/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/node/assert/strict.d.ts +8 -0
- package/.cache/typescript/5.0/node_modules/@types/node/assert.d.ts +996 -0
- package/.cache/typescript/5.0/node_modules/@types/node/async_hooks.d.ts +539 -0
- package/.cache/typescript/5.0/node_modules/@types/node/buffer.d.ts +2362 -0
- package/.cache/typescript/5.0/node_modules/@types/node/child_process.d.ts +1540 -0
- package/.cache/typescript/5.0/node_modules/@types/node/cluster.d.ts +432 -0
- package/.cache/typescript/5.0/node_modules/@types/node/console.d.ts +415 -0
- package/.cache/typescript/5.0/node_modules/@types/node/constants.d.ts +19 -0
- package/.cache/typescript/5.0/node_modules/@types/node/crypto.d.ts +4456 -0
- package/.cache/typescript/5.0/node_modules/@types/node/dgram.d.ts +586 -0
- package/.cache/typescript/5.0/node_modules/@types/node/diagnostics_channel.d.ts +191 -0
- package/.cache/typescript/5.0/node_modules/@types/node/dns/promises.d.ts +425 -0
- package/.cache/typescript/5.0/node_modules/@types/node/dns.d.ts +809 -0
- package/.cache/typescript/5.0/node_modules/@types/node/dom-events.d.ts +122 -0
- package/.cache/typescript/5.0/node_modules/@types/node/domain.d.ts +170 -0
- package/.cache/typescript/5.0/node_modules/@types/node/events.d.ts +879 -0
- package/.cache/typescript/5.0/node_modules/@types/node/fs/promises.d.ts +1239 -0
- package/.cache/typescript/5.0/node_modules/@types/node/fs.d.ts +4291 -0
- package/.cache/typescript/5.0/node_modules/@types/node/globals.d.ts +381 -0
- package/.cache/typescript/5.0/node_modules/@types/node/globals.global.d.ts +1 -0
- package/.cache/typescript/5.0/node_modules/@types/node/http.d.ts +1888 -0
- package/.cache/typescript/5.0/node_modules/@types/node/http2.d.ts +2382 -0
- package/.cache/typescript/5.0/node_modules/@types/node/https.d.ts +550 -0
- package/.cache/typescript/5.0/node_modules/@types/node/index.d.ts +88 -0
- package/.cache/typescript/5.0/node_modules/@types/node/inspector.d.ts +2747 -0
- package/.cache/typescript/5.0/node_modules/@types/node/module.d.ts +301 -0
- package/.cache/typescript/5.0/node_modules/@types/node/net.d.ts +949 -0
- package/.cache/typescript/5.0/node_modules/@types/node/os.d.ts +478 -0
- package/.cache/typescript/5.0/node_modules/@types/node/package.json +230 -0
- package/.cache/typescript/5.0/node_modules/@types/node/path.d.ts +191 -0
- package/.cache/typescript/5.0/node_modules/@types/node/perf_hooks.d.ts +639 -0
- package/.cache/typescript/5.0/node_modules/@types/node/process.d.ts +1532 -0
- package/.cache/typescript/5.0/node_modules/@types/node/punycode.d.ts +117 -0
- package/.cache/typescript/5.0/node_modules/@types/node/querystring.d.ts +141 -0
- package/.cache/typescript/5.0/node_modules/@types/node/readline/promises.d.ts +150 -0
- package/.cache/typescript/5.0/node_modules/@types/node/readline.d.ts +539 -0
- package/.cache/typescript/5.0/node_modules/@types/node/repl.d.ts +430 -0
- package/.cache/typescript/5.0/node_modules/@types/node/stream/consumers.d.ts +12 -0
- package/.cache/typescript/5.0/node_modules/@types/node/stream/promises.d.ts +83 -0
- package/.cache/typescript/5.0/node_modules/@types/node/stream/web.d.ts +350 -0
- package/.cache/typescript/5.0/node_modules/@types/node/stream.d.ts +1701 -0
- package/.cache/typescript/5.0/node_modules/@types/node/string_decoder.d.ts +67 -0
- package/.cache/typescript/5.0/node_modules/@types/node/test.d.ts +1382 -0
- package/.cache/typescript/5.0/node_modules/@types/node/timers/promises.d.ts +93 -0
- package/.cache/typescript/5.0/node_modules/@types/node/timers.d.ts +240 -0
- package/.cache/typescript/5.0/node_modules/@types/node/tls.d.ts +1210 -0
- package/.cache/typescript/5.0/node_modules/@types/node/trace_events.d.ts +182 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/assert/strict.d.ts +8 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/assert.d.ts +996 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/async_hooks.d.ts +539 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/buffer.d.ts +2362 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/child_process.d.ts +1540 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/cluster.d.ts +432 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/console.d.ts +415 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/constants.d.ts +19 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/crypto.d.ts +4455 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/dgram.d.ts +586 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/diagnostics_channel.d.ts +191 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/dns/promises.d.ts +425 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/dns.d.ts +809 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/dom-events.d.ts +122 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/domain.d.ts +170 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/events.d.ts +879 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/fs/promises.d.ts +1239 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/fs.d.ts +4291 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/globals.d.ts +381 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/globals.global.d.ts +1 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/http.d.ts +1888 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/http2.d.ts +2382 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/https.d.ts +550 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/index.d.ts +88 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/inspector.d.ts +2747 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/module.d.ts +301 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/net.d.ts +949 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/os.d.ts +478 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/path.d.ts +191 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/perf_hooks.d.ts +639 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/process.d.ts +1532 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/punycode.d.ts +117 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/querystring.d.ts +141 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/readline/promises.d.ts +150 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/readline.d.ts +539 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/repl.d.ts +430 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/stream/consumers.d.ts +12 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/stream/promises.d.ts +83 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/stream/web.d.ts +350 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/stream.d.ts +1701 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/string_decoder.d.ts +67 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/test.d.ts +1382 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/timers/promises.d.ts +93 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/timers.d.ts +240 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/tls.d.ts +1210 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/trace_events.d.ts +182 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/tty.d.ts +208 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/url.d.ts +927 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/util.d.ts +2186 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/v8.d.ts +635 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/vm.d.ts +903 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/wasi.d.ts +158 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/worker_threads.d.ts +691 -0
- package/.cache/typescript/5.0/node_modules/@types/node/ts4.8/zlib.d.ts +517 -0
- package/.cache/typescript/5.0/node_modules/@types/node/tty.d.ts +208 -0
- package/.cache/typescript/5.0/node_modules/@types/node/url.d.ts +927 -0
- package/.cache/typescript/5.0/node_modules/@types/node/util.d.ts +2186 -0
- package/.cache/typescript/5.0/node_modules/@types/node/v8.d.ts +635 -0
- package/.cache/typescript/5.0/node_modules/@types/node/vm.d.ts +903 -0
- package/.cache/typescript/5.0/node_modules/@types/node/wasi.d.ts +158 -0
- package/.cache/typescript/5.0/node_modules/@types/node/worker_threads.d.ts +691 -0
- package/.cache/typescript/5.0/node_modules/@types/node/zlib.d.ts +517 -0
- package/.cache/typescript/5.0/node_modules/@types/qs/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/qs/README.md +75 -0
- package/.cache/typescript/5.0/node_modules/@types/qs/index.d.ts +56 -0
- package/.cache/typescript/5.0/node_modules/@types/qs/package.json +65 -0
- package/.cache/typescript/5.0/node_modules/@types/range-parser/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/range-parser/README.md +53 -0
- package/.cache/typescript/5.0/node_modules/@types/range-parser/index.d.ts +34 -0
- package/.cache/typescript/5.0/node_modules/@types/range-parser/package.json +25 -0
- package/.cache/typescript/5.0/node_modules/@types/send/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/send/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/send/index.d.ts +225 -0
- package/.cache/typescript/5.0/node_modules/@types/send/package.json +33 -0
- package/.cache/typescript/5.0/node_modules/@types/serve-static/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/serve-static/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/serve-static/index.d.ts +107 -0
- package/.cache/typescript/5.0/node_modules/@types/serve-static/package.json +39 -0
- package/.cache/typescript/5.0/node_modules/@types/tough-cookie/LICENSE +21 -0
- package/.cache/typescript/5.0/node_modules/@types/tough-cookie/README.md +15 -0
- package/.cache/typescript/5.0/node_modules/@types/tough-cookie/index.d.ts +321 -0
- package/.cache/typescript/5.0/node_modules/@types/tough-cookie/package.json +35 -0
- package/.cache/typescript/5.0/node_modules/entities/LICENSE +11 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode.d.ts +211 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode.js +536 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode_codepoint.d.ts +19 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode_codepoint.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode_codepoint.js +76 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/decode_codepoint.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/encode.d.ts +22 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/encode.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/encode.js +77 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/encode.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/escape.d.ts +43 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/escape.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/escape.js +122 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/escape.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode.d.ts +211 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode.js +496 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode_codepoint.d.ts +19 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode_codepoint.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode_codepoint.js +71 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/decode_codepoint.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/encode.d.ts +22 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/encode.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/encode.js +69 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/encode.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/escape.d.ts +43 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/escape.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/escape.js +116 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/escape.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-html.d.ts +3 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-html.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-html.js +7 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-html.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-xml.d.ts +3 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-xml.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-xml.js +7 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/decode-data-xml.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/encode-html.d.ts +8 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/encode-html.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/encode-html.js +10 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/generated/encode-html.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/index.d.ts +96 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/index.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/index.js +99 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/index.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/esm/package.json +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-html.d.ts +3 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-html.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-html.js +9 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-html.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-xml.d.ts +3 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-xml.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-xml.js +9 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/decode-data-xml.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/encode-html.d.ts +8 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/encode-html.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/encode-html.js +12 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/generated/encode-html.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/index.d.ts +96 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/index.d.ts.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/index.js +126 -0
- package/.cache/typescript/5.0/node_modules/entities/lib/index.js.map +1 -0
- package/.cache/typescript/5.0/node_modules/entities/package.json +90 -0
- package/.cache/typescript/5.0/node_modules/entities/readme.md +122 -0
- package/.cache/typescript/5.0/node_modules/parse5/LICENSE +19 -0
- package/.cache/typescript/5.0/node_modules/parse5/README.md +38 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/doctype.d.ts +5 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/doctype.js +120 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/error-codes.d.ts +68 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/error-codes.js +67 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/foreign-content.d.ts +10 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/foreign-content.js +239 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/html.d.ts +288 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/html.js +529 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/token.d.ts +85 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/token.js +25 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/unicode.d.ts +49 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/common/unicode.js +77 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/index.d.ts +60 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/index.js +57 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/package.json +1 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/parser/formatting-element-list.d.ts +37 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/parser/formatting-element-list.js +115 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/parser/index.d.ts +157 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/parser/index.js +3163 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/parser/open-element-stack.d.ts +53 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/parser/open-element-stack.js +316 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/serializer/index.d.ts +61 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/serializer/index.js +173 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tokenizer/index.d.ts +248 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tokenizer/index.js +2908 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tokenizer/preprocessor.d.ts +37 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tokenizer/preprocessor.js +199 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tree-adapters/default.d.ts +85 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tree-adapters/default.js +177 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tree-adapters/interface.d.ts +250 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/cjs/tree-adapters/interface.js +3 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/doctype.d.ts +5 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/doctype.js +115 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/error-codes.d.ts +68 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/error-codes.js +64 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/foreign-content.d.ts +10 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/foreign-content.js +230 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/html.d.ts +288 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/html.js +523 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/token.d.ts +85 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/token.js +21 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/unicode.d.ts +49 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/common/unicode.js +69 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/index.d.ts +60 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/index.js +45 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/parser/formatting-element-list.d.ts +37 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/parser/formatting-element-list.js +111 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/parser/index.d.ts +157 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/parser/index.js +3168 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/parser/open-element-stack.d.ts +53 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/parser/open-element-stack.js +312 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/serializer/index.d.ts +61 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/serializer/index.js +168 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tokenizer/index.d.ts +248 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tokenizer/index.js +2904 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tokenizer/preprocessor.d.ts +37 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tokenizer/preprocessor.js +195 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tree-adapters/default.d.ts +85 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tree-adapters/default.js +174 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tree-adapters/interface.d.ts +250 -0
- package/.cache/typescript/5.0/node_modules/parse5/dist/tree-adapters/interface.js +2 -0
- package/.cache/typescript/5.0/node_modules/parse5/package.json +50 -0
- package/.cache/typescript/5.0/node_modules/types-registry/README.md +2 -0
- package/.cache/typescript/5.0/node_modules/types-registry/index.json +1 -0
- package/.cache/typescript/5.0/node_modules/types-registry/package.json +20 -0
- package/.cache/typescript/5.0/node_modules/undici-types/README.md +6 -0
- package/.cache/typescript/5.0/node_modules/undici-types/agent.d.ts +31 -0
- package/.cache/typescript/5.0/node_modules/undici-types/api.d.ts +43 -0
- package/.cache/typescript/5.0/node_modules/undici-types/balanced-pool.d.ts +18 -0
- package/.cache/typescript/5.0/node_modules/undici-types/cache.d.ts +36 -0
- package/.cache/typescript/5.0/node_modules/undici-types/client.d.ts +97 -0
- package/.cache/typescript/5.0/node_modules/undici-types/connector.d.ts +34 -0
- package/.cache/typescript/5.0/node_modules/undici-types/content-type.d.ts +21 -0
- package/.cache/typescript/5.0/node_modules/undici-types/cookies.d.ts +28 -0
- package/.cache/typescript/5.0/node_modules/undici-types/diagnostics-channel.d.ts +67 -0
- package/.cache/typescript/5.0/node_modules/undici-types/dispatcher.d.ts +241 -0
- package/.cache/typescript/5.0/node_modules/undici-types/errors.d.ts +128 -0
- package/.cache/typescript/5.0/node_modules/undici-types/fetch.d.ts +209 -0
- package/.cache/typescript/5.0/node_modules/undici-types/file.d.ts +39 -0
- package/.cache/typescript/5.0/node_modules/undici-types/filereader.d.ts +54 -0
- package/.cache/typescript/5.0/node_modules/undici-types/formdata.d.ts +108 -0
- package/.cache/typescript/5.0/node_modules/undici-types/global-dispatcher.d.ts +9 -0
- package/.cache/typescript/5.0/node_modules/undici-types/global-origin.d.ts +7 -0
- package/.cache/typescript/5.0/node_modules/undici-types/handlers.d.ts +9 -0
- package/.cache/typescript/5.0/node_modules/undici-types/header.d.ts +4 -0
- package/.cache/typescript/5.0/node_modules/undici-types/index.d.ts +63 -0
- package/.cache/typescript/5.0/node_modules/undici-types/interceptors.d.ts +5 -0
- package/.cache/typescript/5.0/node_modules/undici-types/mock-agent.d.ts +50 -0
- package/.cache/typescript/5.0/node_modules/undici-types/mock-client.d.ts +25 -0
- package/.cache/typescript/5.0/node_modules/undici-types/mock-errors.d.ts +12 -0
- package/.cache/typescript/5.0/node_modules/undici-types/mock-interceptor.d.ts +93 -0
- package/.cache/typescript/5.0/node_modules/undici-types/mock-pool.d.ts +25 -0
- package/.cache/typescript/5.0/node_modules/undici-types/package.json +55 -0
- package/.cache/typescript/5.0/node_modules/undici-types/patch.d.ts +71 -0
- package/.cache/typescript/5.0/node_modules/undici-types/pool-stats.d.ts +19 -0
- package/.cache/typescript/5.0/node_modules/undici-types/pool.d.ts +28 -0
- package/.cache/typescript/5.0/node_modules/undici-types/proxy-agent.d.ts +30 -0
- package/.cache/typescript/5.0/node_modules/undici-types/readable.d.ts +61 -0
- package/.cache/typescript/5.0/node_modules/undici-types/webidl.d.ts +220 -0
- package/.cache/typescript/5.0/node_modules/undici-types/websocket.d.ts +131 -0
- package/.cache/typescript/5.0/package-lock.json +166 -0
- package/.cache/typescript/5.0/package.json +1 -0
- package/.replit +14 -0
- package/.upm/store.json +1 -0
- package/README.md +24 -0
- package/index.js +1 -0
- package/package.json +21 -0
@@ -0,0 +1,4455 @@
|
|
1
|
+
/**
|
2
|
+
* The `node:crypto` module provides cryptographic functionality that includes a
|
3
|
+
* set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify
|
4
|
+
* functions.
|
5
|
+
*
|
6
|
+
* ```js
|
7
|
+
* const { createHmac } = await import('node:crypto');
|
8
|
+
*
|
9
|
+
* const secret = 'abcdefg';
|
10
|
+
* const hash = createHmac('sha256', secret)
|
11
|
+
* .update('I love cupcakes')
|
12
|
+
* .digest('hex');
|
13
|
+
* console.log(hash);
|
14
|
+
* // Prints:
|
15
|
+
* // c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
|
16
|
+
* ```
|
17
|
+
* @see [source](https://github.com/nodejs/node/blob/v20.2.0/lib/crypto.js)
|
18
|
+
*/
|
19
|
+
declare module "crypto" {
|
20
|
+
import * as stream from "node:stream";
|
21
|
+
import { PeerCertificate } from "node:tls";
|
22
|
+
/**
|
23
|
+
* SPKAC is a Certificate Signing Request mechanism originally implemented by
|
24
|
+
* Netscape and was specified formally as part of HTML5's `keygen` element.
|
25
|
+
*
|
26
|
+
* `<keygen>` is deprecated since [HTML 5.2](https://www.w3.org/TR/html52/changes.html#features-removed) and new projects
|
27
|
+
* should not use this element anymore.
|
28
|
+
*
|
29
|
+
* The `node:crypto` module provides the `Certificate` class for working with SPKAC
|
30
|
+
* data. The most common usage is handling output generated by the HTML5`<keygen>` element. Node.js uses [OpenSSL's SPKAC
|
31
|
+
* implementation](https://www.openssl.org/docs/man3.0/man1/openssl-spkac.html) internally.
|
32
|
+
* @since v0.11.8
|
33
|
+
*/
|
34
|
+
class Certificate {
|
35
|
+
/**
|
36
|
+
* ```js
|
37
|
+
* const { Certificate } = await import('node:crypto');
|
38
|
+
* const spkac = getSpkacSomehow();
|
39
|
+
* const challenge = Certificate.exportChallenge(spkac);
|
40
|
+
* console.log(challenge.toString('utf8'));
|
41
|
+
* // Prints: the challenge as a UTF8 string
|
42
|
+
* ```
|
43
|
+
* @since v9.0.0
|
44
|
+
* @param encoding The `encoding` of the `spkac` string.
|
45
|
+
* @return The challenge component of the `spkac` data structure, which includes a public key and a challenge.
|
46
|
+
*/
|
47
|
+
static exportChallenge(spkac: BinaryLike): Buffer;
|
48
|
+
/**
|
49
|
+
* ```js
|
50
|
+
* const { Certificate } = await import('node:crypto');
|
51
|
+
* const spkac = getSpkacSomehow();
|
52
|
+
* const publicKey = Certificate.exportPublicKey(spkac);
|
53
|
+
* console.log(publicKey);
|
54
|
+
* // Prints: the public key as <Buffer ...>
|
55
|
+
* ```
|
56
|
+
* @since v9.0.0
|
57
|
+
* @param encoding The `encoding` of the `spkac` string.
|
58
|
+
* @return The public key component of the `spkac` data structure, which includes a public key and a challenge.
|
59
|
+
*/
|
60
|
+
static exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
|
61
|
+
/**
|
62
|
+
* ```js
|
63
|
+
* import { Buffer } from 'node:buffer';
|
64
|
+
* const { Certificate } = await import('node:crypto');
|
65
|
+
*
|
66
|
+
* const spkac = getSpkacSomehow();
|
67
|
+
* console.log(Certificate.verifySpkac(Buffer.from(spkac)));
|
68
|
+
* // Prints: true or false
|
69
|
+
* ```
|
70
|
+
* @since v9.0.0
|
71
|
+
* @param encoding The `encoding` of the `spkac` string.
|
72
|
+
* @return `true` if the given `spkac` data structure is valid, `false` otherwise.
|
73
|
+
*/
|
74
|
+
static verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
|
75
|
+
/**
|
76
|
+
* @deprecated
|
77
|
+
* @param spkac
|
78
|
+
* @returns The challenge component of the `spkac` data structure,
|
79
|
+
* which includes a public key and a challenge.
|
80
|
+
*/
|
81
|
+
exportChallenge(spkac: BinaryLike): Buffer;
|
82
|
+
/**
|
83
|
+
* @deprecated
|
84
|
+
* @param spkac
|
85
|
+
* @param encoding The encoding of the spkac string.
|
86
|
+
* @returns The public key component of the `spkac` data structure,
|
87
|
+
* which includes a public key and a challenge.
|
88
|
+
*/
|
89
|
+
exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
|
90
|
+
/**
|
91
|
+
* @deprecated
|
92
|
+
* @param spkac
|
93
|
+
* @returns `true` if the given `spkac` data structure is valid,
|
94
|
+
* `false` otherwise.
|
95
|
+
*/
|
96
|
+
verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
|
97
|
+
}
|
98
|
+
namespace constants {
|
99
|
+
// https://nodejs.org/dist/latest-v20.x/docs/api/crypto.html#crypto-constants
|
100
|
+
const OPENSSL_VERSION_NUMBER: number;
|
101
|
+
/** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
|
102
|
+
const SSL_OP_ALL: number;
|
103
|
+
/** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
|
104
|
+
const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
|
105
|
+
/** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
|
106
|
+
const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
|
107
|
+
/** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
|
108
|
+
const SSL_OP_CISCO_ANYCONNECT: number;
|
109
|
+
/** Instructs OpenSSL to turn on cookie exchange. */
|
110
|
+
const SSL_OP_COOKIE_EXCHANGE: number;
|
111
|
+
/** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
|
112
|
+
const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
|
113
|
+
/** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
|
114
|
+
const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
|
115
|
+
/** Allows initial connection to servers that do not support RI. */
|
116
|
+
const SSL_OP_LEGACY_SERVER_CONNECT: number;
|
117
|
+
/** Instructs OpenSSL to disable support for SSL/TLS compression. */
|
118
|
+
const SSL_OP_NO_COMPRESSION: number;
|
119
|
+
const SSL_OP_NO_QUERY_MTU: number;
|
120
|
+
/** Instructs OpenSSL to always start a new session when performing renegotiation. */
|
121
|
+
const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
|
122
|
+
const SSL_OP_NO_SSLv2: number;
|
123
|
+
const SSL_OP_NO_SSLv3: number;
|
124
|
+
const SSL_OP_NO_TICKET: number;
|
125
|
+
const SSL_OP_NO_TLSv1: number;
|
126
|
+
const SSL_OP_NO_TLSv1_1: number;
|
127
|
+
const SSL_OP_NO_TLSv1_2: number;
|
128
|
+
/** Instructs OpenSSL to disable version rollback attack detection. */
|
129
|
+
const SSL_OP_TLS_ROLLBACK_BUG: number;
|
130
|
+
const ENGINE_METHOD_RSA: number;
|
131
|
+
const ENGINE_METHOD_DSA: number;
|
132
|
+
const ENGINE_METHOD_DH: number;
|
133
|
+
const ENGINE_METHOD_RAND: number;
|
134
|
+
const ENGINE_METHOD_EC: number;
|
135
|
+
const ENGINE_METHOD_CIPHERS: number;
|
136
|
+
const ENGINE_METHOD_DIGESTS: number;
|
137
|
+
const ENGINE_METHOD_PKEY_METHS: number;
|
138
|
+
const ENGINE_METHOD_PKEY_ASN1_METHS: number;
|
139
|
+
const ENGINE_METHOD_ALL: number;
|
140
|
+
const ENGINE_METHOD_NONE: number;
|
141
|
+
const DH_CHECK_P_NOT_SAFE_PRIME: number;
|
142
|
+
const DH_CHECK_P_NOT_PRIME: number;
|
143
|
+
const DH_UNABLE_TO_CHECK_GENERATOR: number;
|
144
|
+
const DH_NOT_SUITABLE_GENERATOR: number;
|
145
|
+
const RSA_PKCS1_PADDING: number;
|
146
|
+
const RSA_SSLV23_PADDING: number;
|
147
|
+
const RSA_NO_PADDING: number;
|
148
|
+
const RSA_PKCS1_OAEP_PADDING: number;
|
149
|
+
const RSA_X931_PADDING: number;
|
150
|
+
const RSA_PKCS1_PSS_PADDING: number;
|
151
|
+
/** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
|
152
|
+
const RSA_PSS_SALTLEN_DIGEST: number;
|
153
|
+
/** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
|
154
|
+
const RSA_PSS_SALTLEN_MAX_SIGN: number;
|
155
|
+
/** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
|
156
|
+
const RSA_PSS_SALTLEN_AUTO: number;
|
157
|
+
const POINT_CONVERSION_COMPRESSED: number;
|
158
|
+
const POINT_CONVERSION_UNCOMPRESSED: number;
|
159
|
+
const POINT_CONVERSION_HYBRID: number;
|
160
|
+
/** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
|
161
|
+
const defaultCoreCipherList: string;
|
162
|
+
/** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
|
163
|
+
const defaultCipherList: string;
|
164
|
+
}
|
165
|
+
interface HashOptions extends stream.TransformOptions {
|
166
|
+
/**
|
167
|
+
* For XOF hash functions such as `shake256`, the
|
168
|
+
* outputLength option can be used to specify the desired output length in bytes.
|
169
|
+
*/
|
170
|
+
outputLength?: number | undefined;
|
171
|
+
}
|
172
|
+
/** @deprecated since v10.0.0 */
|
173
|
+
const fips: boolean;
|
174
|
+
/**
|
175
|
+
* Creates and returns a `Hash` object that can be used to generate hash digests
|
176
|
+
* using the given `algorithm`. Optional `options` argument controls stream
|
177
|
+
* behavior. For XOF hash functions such as `'shake256'`, the `outputLength` option
|
178
|
+
* can be used to specify the desired output length in bytes.
|
179
|
+
*
|
180
|
+
* The `algorithm` is dependent on the available algorithms supported by the
|
181
|
+
* version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
|
182
|
+
* On recent releases of OpenSSL, `openssl list -digest-algorithms` will
|
183
|
+
* display the available digest algorithms.
|
184
|
+
*
|
185
|
+
* Example: generating the sha256 sum of a file
|
186
|
+
*
|
187
|
+
* ```js
|
188
|
+
* import {
|
189
|
+
* createReadStream,
|
190
|
+
* } from 'node:fs';
|
191
|
+
* import { argv } from 'node:process';
|
192
|
+
* const {
|
193
|
+
* createHash,
|
194
|
+
* } = await import('node:crypto');
|
195
|
+
*
|
196
|
+
* const filename = argv[2];
|
197
|
+
*
|
198
|
+
* const hash = createHash('sha256');
|
199
|
+
*
|
200
|
+
* const input = createReadStream(filename);
|
201
|
+
* input.on('readable', () => {
|
202
|
+
* // Only one element is going to be produced by the
|
203
|
+
* // hash stream.
|
204
|
+
* const data = input.read();
|
205
|
+
* if (data)
|
206
|
+
* hash.update(data);
|
207
|
+
* else {
|
208
|
+
* console.log(`${hash.digest('hex')} ${filename}`);
|
209
|
+
* }
|
210
|
+
* });
|
211
|
+
* ```
|
212
|
+
* @since v0.1.92
|
213
|
+
* @param options `stream.transform` options
|
214
|
+
*/
|
215
|
+
function createHash(algorithm: string, options?: HashOptions): Hash;
|
216
|
+
/**
|
217
|
+
* Creates and returns an `Hmac` object that uses the given `algorithm` and `key`.
|
218
|
+
* Optional `options` argument controls stream behavior.
|
219
|
+
*
|
220
|
+
* The `algorithm` is dependent on the available algorithms supported by the
|
221
|
+
* version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
|
222
|
+
* On recent releases of OpenSSL, `openssl list -digest-algorithms` will
|
223
|
+
* display the available digest algorithms.
|
224
|
+
*
|
225
|
+
* The `key` is the HMAC key used to generate the cryptographic HMAC hash. If it is
|
226
|
+
* a `KeyObject`, its type must be `secret`. If it is a string, please consider `caveats when using strings as inputs to cryptographic APIs`. If it was
|
227
|
+
* obtained from a cryptographically secure source of entropy, such as {@link randomBytes} or {@link generateKey}, its length should not
|
228
|
+
* exceed the block size of `algorithm` (e.g., 512 bits for SHA-256).
|
229
|
+
*
|
230
|
+
* Example: generating the sha256 HMAC of a file
|
231
|
+
*
|
232
|
+
* ```js
|
233
|
+
* import {
|
234
|
+
* createReadStream,
|
235
|
+
* } from 'node:fs';
|
236
|
+
* import { argv } from 'node:process';
|
237
|
+
* const {
|
238
|
+
* createHmac,
|
239
|
+
* } = await import('node:crypto');
|
240
|
+
*
|
241
|
+
* const filename = argv[2];
|
242
|
+
*
|
243
|
+
* const hmac = createHmac('sha256', 'a secret');
|
244
|
+
*
|
245
|
+
* const input = createReadStream(filename);
|
246
|
+
* input.on('readable', () => {
|
247
|
+
* // Only one element is going to be produced by the
|
248
|
+
* // hash stream.
|
249
|
+
* const data = input.read();
|
250
|
+
* if (data)
|
251
|
+
* hmac.update(data);
|
252
|
+
* else {
|
253
|
+
* console.log(`${hmac.digest('hex')} ${filename}`);
|
254
|
+
* }
|
255
|
+
* });
|
256
|
+
* ```
|
257
|
+
* @since v0.1.94
|
258
|
+
* @param options `stream.transform` options
|
259
|
+
*/
|
260
|
+
function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
|
261
|
+
// https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
|
262
|
+
type BinaryToTextEncoding = "base64" | "base64url" | "hex" | "binary";
|
263
|
+
type CharacterEncoding = "utf8" | "utf-8" | "utf16le" | "utf-16le" | "latin1";
|
264
|
+
type LegacyCharacterEncoding = "ascii" | "binary" | "ucs2" | "ucs-2";
|
265
|
+
type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
|
266
|
+
type ECDHKeyFormat = "compressed" | "uncompressed" | "hybrid";
|
267
|
+
/**
|
268
|
+
* The `Hash` class is a utility for creating hash digests of data. It can be
|
269
|
+
* used in one of two ways:
|
270
|
+
*
|
271
|
+
* * As a `stream` that is both readable and writable, where data is written
|
272
|
+
* to produce a computed hash digest on the readable side, or
|
273
|
+
* * Using the `hash.update()` and `hash.digest()` methods to produce the
|
274
|
+
* computed hash.
|
275
|
+
*
|
276
|
+
* The {@link createHash} method is used to create `Hash` instances. `Hash`objects are not to be created directly using the `new` keyword.
|
277
|
+
*
|
278
|
+
* Example: Using `Hash` objects as streams:
|
279
|
+
*
|
280
|
+
* ```js
|
281
|
+
* const {
|
282
|
+
* createHash,
|
283
|
+
* } = await import('node:crypto');
|
284
|
+
*
|
285
|
+
* const hash = createHash('sha256');
|
286
|
+
*
|
287
|
+
* hash.on('readable', () => {
|
288
|
+
* // Only one element is going to be produced by the
|
289
|
+
* // hash stream.
|
290
|
+
* const data = hash.read();
|
291
|
+
* if (data) {
|
292
|
+
* console.log(data.toString('hex'));
|
293
|
+
* // Prints:
|
294
|
+
* // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
|
295
|
+
* }
|
296
|
+
* });
|
297
|
+
*
|
298
|
+
* hash.write('some data to hash');
|
299
|
+
* hash.end();
|
300
|
+
* ```
|
301
|
+
*
|
302
|
+
* Example: Using `Hash` and piped streams:
|
303
|
+
*
|
304
|
+
* ```js
|
305
|
+
* import { createReadStream } from 'node:fs';
|
306
|
+
* import { stdout } from 'node:process';
|
307
|
+
* const { createHash } = await import('node:crypto');
|
308
|
+
*
|
309
|
+
* const hash = createHash('sha256');
|
310
|
+
*
|
311
|
+
* const input = createReadStream('test.js');
|
312
|
+
* input.pipe(hash).setEncoding('hex').pipe(stdout);
|
313
|
+
* ```
|
314
|
+
*
|
315
|
+
* Example: Using the `hash.update()` and `hash.digest()` methods:
|
316
|
+
*
|
317
|
+
* ```js
|
318
|
+
* const {
|
319
|
+
* createHash,
|
320
|
+
* } = await import('node:crypto');
|
321
|
+
*
|
322
|
+
* const hash = createHash('sha256');
|
323
|
+
*
|
324
|
+
* hash.update('some data to hash');
|
325
|
+
* console.log(hash.digest('hex'));
|
326
|
+
* // Prints:
|
327
|
+
* // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
|
328
|
+
* ```
|
329
|
+
* @since v0.1.92
|
330
|
+
*/
|
331
|
+
class Hash extends stream.Transform {
|
332
|
+
private constructor();
|
333
|
+
/**
|
334
|
+
* Creates a new `Hash` object that contains a deep copy of the internal state
|
335
|
+
* of the current `Hash` object.
|
336
|
+
*
|
337
|
+
* The optional `options` argument controls stream behavior. For XOF hash
|
338
|
+
* functions such as `'shake256'`, the `outputLength` option can be used to
|
339
|
+
* specify the desired output length in bytes.
|
340
|
+
*
|
341
|
+
* An error is thrown when an attempt is made to copy the `Hash` object after
|
342
|
+
* its `hash.digest()` method has been called.
|
343
|
+
*
|
344
|
+
* ```js
|
345
|
+
* // Calculate a rolling hash.
|
346
|
+
* const {
|
347
|
+
* createHash,
|
348
|
+
* } = await import('node:crypto');
|
349
|
+
*
|
350
|
+
* const hash = createHash('sha256');
|
351
|
+
*
|
352
|
+
* hash.update('one');
|
353
|
+
* console.log(hash.copy().digest('hex'));
|
354
|
+
*
|
355
|
+
* hash.update('two');
|
356
|
+
* console.log(hash.copy().digest('hex'));
|
357
|
+
*
|
358
|
+
* hash.update('three');
|
359
|
+
* console.log(hash.copy().digest('hex'));
|
360
|
+
*
|
361
|
+
* // Etc.
|
362
|
+
* ```
|
363
|
+
* @since v13.1.0
|
364
|
+
* @param options `stream.transform` options
|
365
|
+
*/
|
366
|
+
copy(options?: stream.TransformOptions): Hash;
|
367
|
+
/**
|
368
|
+
* Updates the hash content with the given `data`, the encoding of which
|
369
|
+
* is given in `inputEncoding`.
|
370
|
+
* If `encoding` is not provided, and the `data` is a string, an
|
371
|
+
* encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
|
372
|
+
*
|
373
|
+
* This can be called many times with new data as it is streamed.
|
374
|
+
* @since v0.1.92
|
375
|
+
* @param inputEncoding The `encoding` of the `data` string.
|
376
|
+
*/
|
377
|
+
update(data: BinaryLike): Hash;
|
378
|
+
update(data: string, inputEncoding: Encoding): Hash;
|
379
|
+
/**
|
380
|
+
* Calculates the digest of all of the data passed to be hashed (using the `hash.update()` method).
|
381
|
+
* If `encoding` is provided a string will be returned; otherwise
|
382
|
+
* a `Buffer` is returned.
|
383
|
+
*
|
384
|
+
* The `Hash` object can not be used again after `hash.digest()` method has been
|
385
|
+
* called. Multiple calls will cause an error to be thrown.
|
386
|
+
* @since v0.1.92
|
387
|
+
* @param encoding The `encoding` of the return value.
|
388
|
+
*/
|
389
|
+
digest(): Buffer;
|
390
|
+
digest(encoding: BinaryToTextEncoding): string;
|
391
|
+
}
|
392
|
+
/**
|
393
|
+
* The `Hmac` class is a utility for creating cryptographic HMAC digests. It can
|
394
|
+
* be used in one of two ways:
|
395
|
+
*
|
396
|
+
* * As a `stream` that is both readable and writable, where data is written
|
397
|
+
* to produce a computed HMAC digest on the readable side, or
|
398
|
+
* * Using the `hmac.update()` and `hmac.digest()` methods to produce the
|
399
|
+
* computed HMAC digest.
|
400
|
+
*
|
401
|
+
* The {@link createHmac} method is used to create `Hmac` instances. `Hmac`objects are not to be created directly using the `new` keyword.
|
402
|
+
*
|
403
|
+
* Example: Using `Hmac` objects as streams:
|
404
|
+
*
|
405
|
+
* ```js
|
406
|
+
* const {
|
407
|
+
* createHmac,
|
408
|
+
* } = await import('node:crypto');
|
409
|
+
*
|
410
|
+
* const hmac = createHmac('sha256', 'a secret');
|
411
|
+
*
|
412
|
+
* hmac.on('readable', () => {
|
413
|
+
* // Only one element is going to be produced by the
|
414
|
+
* // hash stream.
|
415
|
+
* const data = hmac.read();
|
416
|
+
* if (data) {
|
417
|
+
* console.log(data.toString('hex'));
|
418
|
+
* // Prints:
|
419
|
+
* // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
|
420
|
+
* }
|
421
|
+
* });
|
422
|
+
*
|
423
|
+
* hmac.write('some data to hash');
|
424
|
+
* hmac.end();
|
425
|
+
* ```
|
426
|
+
*
|
427
|
+
* Example: Using `Hmac` and piped streams:
|
428
|
+
*
|
429
|
+
* ```js
|
430
|
+
* import { createReadStream } from 'node:fs';
|
431
|
+
* import { stdout } from 'node:process';
|
432
|
+
* const {
|
433
|
+
* createHmac,
|
434
|
+
* } = await import('node:crypto');
|
435
|
+
*
|
436
|
+
* const hmac = createHmac('sha256', 'a secret');
|
437
|
+
*
|
438
|
+
* const input = createReadStream('test.js');
|
439
|
+
* input.pipe(hmac).pipe(stdout);
|
440
|
+
* ```
|
441
|
+
*
|
442
|
+
* Example: Using the `hmac.update()` and `hmac.digest()` methods:
|
443
|
+
*
|
444
|
+
* ```js
|
445
|
+
* const {
|
446
|
+
* createHmac,
|
447
|
+
* } = await import('node:crypto');
|
448
|
+
*
|
449
|
+
* const hmac = createHmac('sha256', 'a secret');
|
450
|
+
*
|
451
|
+
* hmac.update('some data to hash');
|
452
|
+
* console.log(hmac.digest('hex'));
|
453
|
+
* // Prints:
|
454
|
+
* // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
|
455
|
+
* ```
|
456
|
+
* @since v0.1.94
|
457
|
+
*/
|
458
|
+
class Hmac extends stream.Transform {
|
459
|
+
private constructor();
|
460
|
+
/**
|
461
|
+
* Updates the `Hmac` content with the given `data`, the encoding of which
|
462
|
+
* is given in `inputEncoding`.
|
463
|
+
* If `encoding` is not provided, and the `data` is a string, an
|
464
|
+
* encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
|
465
|
+
*
|
466
|
+
* This can be called many times with new data as it is streamed.
|
467
|
+
* @since v0.1.94
|
468
|
+
* @param inputEncoding The `encoding` of the `data` string.
|
469
|
+
*/
|
470
|
+
update(data: BinaryLike): Hmac;
|
471
|
+
update(data: string, inputEncoding: Encoding): Hmac;
|
472
|
+
/**
|
473
|
+
* Calculates the HMAC digest of all of the data passed using `hmac.update()`.
|
474
|
+
* If `encoding` is
|
475
|
+
* provided a string is returned; otherwise a `Buffer` is returned;
|
476
|
+
*
|
477
|
+
* The `Hmac` object can not be used again after `hmac.digest()` has been
|
478
|
+
* called. Multiple calls to `hmac.digest()` will result in an error being thrown.
|
479
|
+
* @since v0.1.94
|
480
|
+
* @param encoding The `encoding` of the return value.
|
481
|
+
*/
|
482
|
+
digest(): Buffer;
|
483
|
+
digest(encoding: BinaryToTextEncoding): string;
|
484
|
+
}
|
485
|
+
type KeyObjectType = "secret" | "public" | "private";
|
486
|
+
interface KeyExportOptions<T extends KeyFormat> {
|
487
|
+
type: "pkcs1" | "spki" | "pkcs8" | "sec1";
|
488
|
+
format: T;
|
489
|
+
cipher?: string | undefined;
|
490
|
+
passphrase?: string | Buffer | undefined;
|
491
|
+
}
|
492
|
+
interface JwkKeyExportOptions {
|
493
|
+
format: "jwk";
|
494
|
+
}
|
495
|
+
interface JsonWebKey {
|
496
|
+
crv?: string | undefined;
|
497
|
+
d?: string | undefined;
|
498
|
+
dp?: string | undefined;
|
499
|
+
dq?: string | undefined;
|
500
|
+
e?: string | undefined;
|
501
|
+
k?: string | undefined;
|
502
|
+
kty?: string | undefined;
|
503
|
+
n?: string | undefined;
|
504
|
+
p?: string | undefined;
|
505
|
+
q?: string | undefined;
|
506
|
+
qi?: string | undefined;
|
507
|
+
x?: string | undefined;
|
508
|
+
y?: string | undefined;
|
509
|
+
[key: string]: unknown;
|
510
|
+
}
|
511
|
+
interface AsymmetricKeyDetails {
|
512
|
+
/**
|
513
|
+
* Key size in bits (RSA, DSA).
|
514
|
+
*/
|
515
|
+
modulusLength?: number | undefined;
|
516
|
+
/**
|
517
|
+
* Public exponent (RSA).
|
518
|
+
*/
|
519
|
+
publicExponent?: bigint | undefined;
|
520
|
+
/**
|
521
|
+
* Name of the message digest (RSA-PSS).
|
522
|
+
*/
|
523
|
+
hashAlgorithm?: string | undefined;
|
524
|
+
/**
|
525
|
+
* Name of the message digest used by MGF1 (RSA-PSS).
|
526
|
+
*/
|
527
|
+
mgf1HashAlgorithm?: string | undefined;
|
528
|
+
/**
|
529
|
+
* Minimal salt length in bytes (RSA-PSS).
|
530
|
+
*/
|
531
|
+
saltLength?: number | undefined;
|
532
|
+
/**
|
533
|
+
* Size of q in bits (DSA).
|
534
|
+
*/
|
535
|
+
divisorLength?: number | undefined;
|
536
|
+
/**
|
537
|
+
* Name of the curve (EC).
|
538
|
+
*/
|
539
|
+
namedCurve?: string | undefined;
|
540
|
+
}
|
541
|
+
/**
|
542
|
+
* Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key,
|
543
|
+
* and each kind of key exposes different functions. The {@link createSecretKey}, {@link createPublicKey} and {@link createPrivateKey} methods are used to create `KeyObject`instances. `KeyObject`
|
544
|
+
* objects are not to be created directly using the `new`keyword.
|
545
|
+
*
|
546
|
+
* Most applications should consider using the new `KeyObject` API instead of
|
547
|
+
* passing keys as strings or `Buffer`s due to improved security features.
|
548
|
+
*
|
549
|
+
* `KeyObject` instances can be passed to other threads via `postMessage()`.
|
550
|
+
* The receiver obtains a cloned `KeyObject`, and the `KeyObject` does not need to
|
551
|
+
* be listed in the `transferList` argument.
|
552
|
+
* @since v11.6.0
|
553
|
+
*/
|
554
|
+
class KeyObject {
|
555
|
+
private constructor();
|
556
|
+
/**
|
557
|
+
* Example: Converting a `CryptoKey` instance to a `KeyObject`:
|
558
|
+
*
|
559
|
+
* ```js
|
560
|
+
* const { KeyObject } = await import('node:crypto');
|
561
|
+
* const { subtle } = globalThis.crypto;
|
562
|
+
*
|
563
|
+
* const key = await subtle.generateKey({
|
564
|
+
* name: 'HMAC',
|
565
|
+
* hash: 'SHA-256',
|
566
|
+
* length: 256,
|
567
|
+
* }, true, ['sign', 'verify']);
|
568
|
+
*
|
569
|
+
* const keyObject = KeyObject.from(key);
|
570
|
+
* console.log(keyObject.symmetricKeySize);
|
571
|
+
* // Prints: 32 (symmetric key size in bytes)
|
572
|
+
* ```
|
573
|
+
* @since v15.0.0
|
574
|
+
*/
|
575
|
+
static from(key: webcrypto.CryptoKey): KeyObject;
|
576
|
+
/**
|
577
|
+
* For asymmetric keys, this property represents the type of the key. Supported key
|
578
|
+
* types are:
|
579
|
+
*
|
580
|
+
* * `'rsa'` (OID 1.2.840.113549.1.1.1)
|
581
|
+
* * `'rsa-pss'` (OID 1.2.840.113549.1.1.10)
|
582
|
+
* * `'dsa'` (OID 1.2.840.10040.4.1)
|
583
|
+
* * `'ec'` (OID 1.2.840.10045.2.1)
|
584
|
+
* * `'x25519'` (OID 1.3.101.110)
|
585
|
+
* * `'x448'` (OID 1.3.101.111)
|
586
|
+
* * `'ed25519'` (OID 1.3.101.112)
|
587
|
+
* * `'ed448'` (OID 1.3.101.113)
|
588
|
+
* * `'dh'` (OID 1.2.840.113549.1.3.1)
|
589
|
+
*
|
590
|
+
* This property is `undefined` for unrecognized `KeyObject` types and symmetric
|
591
|
+
* keys.
|
592
|
+
* @since v11.6.0
|
593
|
+
*/
|
594
|
+
asymmetricKeyType?: KeyType | undefined;
|
595
|
+
/**
|
596
|
+
* For asymmetric keys, this property represents the size of the embedded key in
|
597
|
+
* bytes. This property is `undefined` for symmetric keys.
|
598
|
+
*/
|
599
|
+
asymmetricKeySize?: number | undefined;
|
600
|
+
/**
|
601
|
+
* This property exists only on asymmetric keys. Depending on the type of the key,
|
602
|
+
* this object contains information about the key. None of the information obtained
|
603
|
+
* through this property can be used to uniquely identify a key or to compromise
|
604
|
+
* the security of the key.
|
605
|
+
*
|
606
|
+
* For RSA-PSS keys, if the key material contains a `RSASSA-PSS-params` sequence,
|
607
|
+
* the `hashAlgorithm`, `mgf1HashAlgorithm`, and `saltLength` properties will be
|
608
|
+
* set.
|
609
|
+
*
|
610
|
+
* Other key details might be exposed via this API using additional attributes.
|
611
|
+
* @since v15.7.0
|
612
|
+
*/
|
613
|
+
asymmetricKeyDetails?: AsymmetricKeyDetails | undefined;
|
614
|
+
/**
|
615
|
+
* For symmetric keys, the following encoding options can be used:
|
616
|
+
*
|
617
|
+
* For public keys, the following encoding options can be used:
|
618
|
+
*
|
619
|
+
* For private keys, the following encoding options can be used:
|
620
|
+
*
|
621
|
+
* The result type depends on the selected encoding format, when PEM the
|
622
|
+
* result is a string, when DER it will be a buffer containing the data
|
623
|
+
* encoded as DER, when [JWK](https://tools.ietf.org/html/rfc7517) it will be an object.
|
624
|
+
*
|
625
|
+
* When [JWK](https://tools.ietf.org/html/rfc7517) encoding format was selected, all other encoding options are
|
626
|
+
* ignored.
|
627
|
+
*
|
628
|
+
* PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of
|
629
|
+
* the `cipher` and `format` options. The PKCS#8 `type` can be used with any`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a`cipher`. PKCS#1 and SEC1 can only be
|
630
|
+
* encrypted by specifying a `cipher`when the PEM `format` is used. For maximum compatibility, use PKCS#8 for
|
631
|
+
* encrypted private keys. Since PKCS#8 defines its own
|
632
|
+
* encryption mechanism, PEM-level encryption is not supported when encrypting
|
633
|
+
* a PKCS#8 key. See [RFC 5208](https://www.rfc-editor.org/rfc/rfc5208.txt) for PKCS#8 encryption and [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421.txt) for
|
634
|
+
* PKCS#1 and SEC1 encryption.
|
635
|
+
* @since v11.6.0
|
636
|
+
*/
|
637
|
+
export(options: KeyExportOptions<"pem">): string | Buffer;
|
638
|
+
export(options?: KeyExportOptions<"der">): Buffer;
|
639
|
+
export(options?: JwkKeyExportOptions): JsonWebKey;
|
640
|
+
/**
|
641
|
+
* For secret keys, this property represents the size of the key in bytes. This
|
642
|
+
* property is `undefined` for asymmetric keys.
|
643
|
+
* @since v11.6.0
|
644
|
+
*/
|
645
|
+
symmetricKeySize?: number | undefined;
|
646
|
+
/**
|
647
|
+
* Depending on the type of this `KeyObject`, this property is either`'secret'` for secret (symmetric) keys, `'public'` for public (asymmetric) keys
|
648
|
+
* or `'private'` for private (asymmetric) keys.
|
649
|
+
* @since v11.6.0
|
650
|
+
*/
|
651
|
+
type: KeyObjectType;
|
652
|
+
}
|
653
|
+
type CipherCCMTypes = "aes-128-ccm" | "aes-192-ccm" | "aes-256-ccm" | "chacha20-poly1305";
|
654
|
+
type CipherGCMTypes = "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm";
|
655
|
+
type CipherOCBTypes = "aes-128-ocb" | "aes-192-ocb" | "aes-256-ocb";
|
656
|
+
type BinaryLike = string | NodeJS.ArrayBufferView;
|
657
|
+
type CipherKey = BinaryLike | KeyObject;
|
658
|
+
interface CipherCCMOptions extends stream.TransformOptions {
|
659
|
+
authTagLength: number;
|
660
|
+
}
|
661
|
+
interface CipherGCMOptions extends stream.TransformOptions {
|
662
|
+
authTagLength?: number | undefined;
|
663
|
+
}
|
664
|
+
interface CipherOCBOptions extends stream.TransformOptions {
|
665
|
+
authTagLength: number;
|
666
|
+
}
|
667
|
+
/**
|
668
|
+
* Creates and returns a `Cipher` object that uses the given `algorithm` and`password`.
|
669
|
+
*
|
670
|
+
* The `options` argument controls stream behavior and is optional except when a
|
671
|
+
* cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
|
672
|
+
* authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
|
673
|
+
* tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
|
674
|
+
* For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
|
675
|
+
*
|
676
|
+
* The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
|
677
|
+
* recent OpenSSL releases, `openssl list -cipher-algorithms` will
|
678
|
+
* display the available cipher algorithms.
|
679
|
+
*
|
680
|
+
* The `password` is used to derive the cipher key and initialization vector (IV).
|
681
|
+
* The value must be either a `'latin1'` encoded string, a `Buffer`, a`TypedArray`, or a `DataView`.
|
682
|
+
*
|
683
|
+
* **This function is semantically insecure for all**
|
684
|
+
* **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
|
685
|
+
* **GCM, or CCM).**
|
686
|
+
*
|
687
|
+
* The implementation of `crypto.createCipher()` derives keys using the OpenSSL
|
688
|
+
* function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
|
689
|
+
* iteration, and no salt. The lack of salt allows dictionary attacks as the same
|
690
|
+
* password always creates the same key. The low iteration count and
|
691
|
+
* non-cryptographically secure hash algorithm allow passwords to be tested very
|
692
|
+
* rapidly.
|
693
|
+
*
|
694
|
+
* In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
|
695
|
+
* developers derive a key and IV on
|
696
|
+
* their own using {@link scrypt} and to use {@link createCipheriv} to create the `Cipher` object. Users should not use ciphers with counter mode
|
697
|
+
* (e.g. CTR, GCM, or CCM) in `crypto.createCipher()`. A warning is emitted when
|
698
|
+
* they are used in order to avoid the risk of IV reuse that causes
|
699
|
+
* vulnerabilities. For the case when IV is reused in GCM, see [Nonce-Disrespecting Adversaries](https://github.com/nonce-disrespect/nonce-disrespect) for details.
|
700
|
+
* @since v0.1.94
|
701
|
+
* @deprecated Since v10.0.0 - Use {@link createCipheriv} instead.
|
702
|
+
* @param options `stream.transform` options
|
703
|
+
*/
|
704
|
+
function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
|
705
|
+
/** @deprecated since v10.0.0 use `createCipheriv()` */
|
706
|
+
function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
|
707
|
+
/** @deprecated since v10.0.0 use `createCipheriv()` */
|
708
|
+
function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
|
709
|
+
/**
|
710
|
+
* Creates and returns a `Cipher` object, with the given `algorithm`, `key` and
|
711
|
+
* initialization vector (`iv`).
|
712
|
+
*
|
713
|
+
* The `options` argument controls stream behavior and is optional except when a
|
714
|
+
* cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
|
715
|
+
* authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
|
716
|
+
* tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
|
717
|
+
* For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
|
718
|
+
*
|
719
|
+
* The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
|
720
|
+
* recent OpenSSL releases, `openssl list -cipher-algorithms` will
|
721
|
+
* display the available cipher algorithms.
|
722
|
+
*
|
723
|
+
* The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded
|
724
|
+
* strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be
|
725
|
+
* a `KeyObject` of type `secret`. If the cipher does not need
|
726
|
+
* an initialization vector, `iv` may be `null`.
|
727
|
+
*
|
728
|
+
* When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`.
|
729
|
+
*
|
730
|
+
* Initialization vectors should be unpredictable and unique; ideally, they will be
|
731
|
+
* cryptographically random. They do not have to be secret: IVs are typically just
|
732
|
+
* added to ciphertext messages unencrypted. It may sound contradictory that
|
733
|
+
* something has to be unpredictable and unique, but does not have to be secret;
|
734
|
+
* remember that an attacker must not be able to predict ahead of time what a
|
735
|
+
* given IV will be.
|
736
|
+
* @since v0.1.94
|
737
|
+
* @param options `stream.transform` options
|
738
|
+
*/
|
739
|
+
function createCipheriv(
|
740
|
+
algorithm: CipherCCMTypes,
|
741
|
+
key: CipherKey,
|
742
|
+
iv: BinaryLike,
|
743
|
+
options: CipherCCMOptions,
|
744
|
+
): CipherCCM;
|
745
|
+
function createCipheriv(
|
746
|
+
algorithm: CipherOCBTypes,
|
747
|
+
key: CipherKey,
|
748
|
+
iv: BinaryLike,
|
749
|
+
options: CipherOCBOptions,
|
750
|
+
): CipherOCB;
|
751
|
+
function createCipheriv(
|
752
|
+
algorithm: CipherGCMTypes,
|
753
|
+
key: CipherKey,
|
754
|
+
iv: BinaryLike,
|
755
|
+
options?: CipherGCMOptions,
|
756
|
+
): CipherGCM;
|
757
|
+
function createCipheriv(
|
758
|
+
algorithm: string,
|
759
|
+
key: CipherKey,
|
760
|
+
iv: BinaryLike | null,
|
761
|
+
options?: stream.TransformOptions,
|
762
|
+
): Cipher;
|
763
|
+
/**
|
764
|
+
* Instances of the `Cipher` class are used to encrypt data. The class can be
|
765
|
+
* used in one of two ways:
|
766
|
+
*
|
767
|
+
* * As a `stream` that is both readable and writable, where plain unencrypted
|
768
|
+
* data is written to produce encrypted data on the readable side, or
|
769
|
+
* * Using the `cipher.update()` and `cipher.final()` methods to produce
|
770
|
+
* the encrypted data.
|
771
|
+
*
|
772
|
+
* The {@link createCipher} or {@link createCipheriv} methods are
|
773
|
+
* used to create `Cipher` instances. `Cipher` objects are not to be created
|
774
|
+
* directly using the `new` keyword.
|
775
|
+
*
|
776
|
+
* Example: Using `Cipher` objects as streams:
|
777
|
+
*
|
778
|
+
* ```js
|
779
|
+
* const {
|
780
|
+
* scrypt,
|
781
|
+
* randomFill,
|
782
|
+
* createCipheriv,
|
783
|
+
* } = await import('node:crypto');
|
784
|
+
*
|
785
|
+
* const algorithm = 'aes-192-cbc';
|
786
|
+
* const password = 'Password used to generate key';
|
787
|
+
*
|
788
|
+
* // First, we'll generate the key. The key length is dependent on the algorithm.
|
789
|
+
* // In this case for aes192, it is 24 bytes (192 bits).
|
790
|
+
* scrypt(password, 'salt', 24, (err, key) => {
|
791
|
+
* if (err) throw err;
|
792
|
+
* // Then, we'll generate a random initialization vector
|
793
|
+
* randomFill(new Uint8Array(16), (err, iv) => {
|
794
|
+
* if (err) throw err;
|
795
|
+
*
|
796
|
+
* // Once we have the key and iv, we can create and use the cipher...
|
797
|
+
* const cipher = createCipheriv(algorithm, key, iv);
|
798
|
+
*
|
799
|
+
* let encrypted = '';
|
800
|
+
* cipher.setEncoding('hex');
|
801
|
+
*
|
802
|
+
* cipher.on('data', (chunk) => encrypted += chunk);
|
803
|
+
* cipher.on('end', () => console.log(encrypted));
|
804
|
+
*
|
805
|
+
* cipher.write('some clear text data');
|
806
|
+
* cipher.end();
|
807
|
+
* });
|
808
|
+
* });
|
809
|
+
* ```
|
810
|
+
*
|
811
|
+
* Example: Using `Cipher` and piped streams:
|
812
|
+
*
|
813
|
+
* ```js
|
814
|
+
* import {
|
815
|
+
* createReadStream,
|
816
|
+
* createWriteStream,
|
817
|
+
* } from 'node:fs';
|
818
|
+
*
|
819
|
+
* import {
|
820
|
+
* pipeline,
|
821
|
+
* } from 'node:stream';
|
822
|
+
*
|
823
|
+
* const {
|
824
|
+
* scrypt,
|
825
|
+
* randomFill,
|
826
|
+
* createCipheriv,
|
827
|
+
* } = await import('node:crypto');
|
828
|
+
*
|
829
|
+
* const algorithm = 'aes-192-cbc';
|
830
|
+
* const password = 'Password used to generate key';
|
831
|
+
*
|
832
|
+
* // First, we'll generate the key. The key length is dependent on the algorithm.
|
833
|
+
* // In this case for aes192, it is 24 bytes (192 bits).
|
834
|
+
* scrypt(password, 'salt', 24, (err, key) => {
|
835
|
+
* if (err) throw err;
|
836
|
+
* // Then, we'll generate a random initialization vector
|
837
|
+
* randomFill(new Uint8Array(16), (err, iv) => {
|
838
|
+
* if (err) throw err;
|
839
|
+
*
|
840
|
+
* const cipher = createCipheriv(algorithm, key, iv);
|
841
|
+
*
|
842
|
+
* const input = createReadStream('test.js');
|
843
|
+
* const output = createWriteStream('test.enc');
|
844
|
+
*
|
845
|
+
* pipeline(input, cipher, output, (err) => {
|
846
|
+
* if (err) throw err;
|
847
|
+
* });
|
848
|
+
* });
|
849
|
+
* });
|
850
|
+
* ```
|
851
|
+
*
|
852
|
+
* Example: Using the `cipher.update()` and `cipher.final()` methods:
|
853
|
+
*
|
854
|
+
* ```js
|
855
|
+
* const {
|
856
|
+
* scrypt,
|
857
|
+
* randomFill,
|
858
|
+
* createCipheriv,
|
859
|
+
* } = await import('node:crypto');
|
860
|
+
*
|
861
|
+
* const algorithm = 'aes-192-cbc';
|
862
|
+
* const password = 'Password used to generate key';
|
863
|
+
*
|
864
|
+
* // First, we'll generate the key. The key length is dependent on the algorithm.
|
865
|
+
* // In this case for aes192, it is 24 bytes (192 bits).
|
866
|
+
* scrypt(password, 'salt', 24, (err, key) => {
|
867
|
+
* if (err) throw err;
|
868
|
+
* // Then, we'll generate a random initialization vector
|
869
|
+
* randomFill(new Uint8Array(16), (err, iv) => {
|
870
|
+
* if (err) throw err;
|
871
|
+
*
|
872
|
+
* const cipher = createCipheriv(algorithm, key, iv);
|
873
|
+
*
|
874
|
+
* let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
|
875
|
+
* encrypted += cipher.final('hex');
|
876
|
+
* console.log(encrypted);
|
877
|
+
* });
|
878
|
+
* });
|
879
|
+
* ```
|
880
|
+
* @since v0.1.94
|
881
|
+
*/
|
882
|
+
class Cipher extends stream.Transform {
|
883
|
+
private constructor();
|
884
|
+
/**
|
885
|
+
* Updates the cipher with `data`. If the `inputEncoding` argument is given,
|
886
|
+
* the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`, `TypedArray`, or`DataView`. If `data` is a `Buffer`,
|
887
|
+
* `TypedArray`, or `DataView`, then`inputEncoding` is ignored.
|
888
|
+
*
|
889
|
+
* The `outputEncoding` specifies the output format of the enciphered
|
890
|
+
* data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
|
891
|
+
*
|
892
|
+
* The `cipher.update()` method can be called multiple times with new data until `cipher.final()` is called. Calling `cipher.update()` after `cipher.final()` will result in an error being
|
893
|
+
* thrown.
|
894
|
+
* @since v0.1.94
|
895
|
+
* @param inputEncoding The `encoding` of the data.
|
896
|
+
* @param outputEncoding The `encoding` of the return value.
|
897
|
+
*/
|
898
|
+
update(data: BinaryLike): Buffer;
|
899
|
+
update(data: string, inputEncoding: Encoding): Buffer;
|
900
|
+
update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
|
901
|
+
update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
|
902
|
+
/**
|
903
|
+
* Once the `cipher.final()` method has been called, the `Cipher` object can no
|
904
|
+
* longer be used to encrypt data. Attempts to call `cipher.final()` more than
|
905
|
+
* once will result in an error being thrown.
|
906
|
+
* @since v0.1.94
|
907
|
+
* @param outputEncoding The `encoding` of the return value.
|
908
|
+
* @return Any remaining enciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
|
909
|
+
*/
|
910
|
+
final(): Buffer;
|
911
|
+
final(outputEncoding: BufferEncoding): string;
|
912
|
+
/**
|
913
|
+
* When using block encryption algorithms, the `Cipher` class will automatically
|
914
|
+
* add padding to the input data to the appropriate block size. To disable the
|
915
|
+
* default padding call `cipher.setAutoPadding(false)`.
|
916
|
+
*
|
917
|
+
* When `autoPadding` is `false`, the length of the entire input data must be a
|
918
|
+
* multiple of the cipher's block size or `cipher.final()` will throw an error.
|
919
|
+
* Disabling automatic padding is useful for non-standard padding, for instance
|
920
|
+
* using `0x0` instead of PKCS padding.
|
921
|
+
*
|
922
|
+
* The `cipher.setAutoPadding()` method must be called before `cipher.final()`.
|
923
|
+
* @since v0.7.1
|
924
|
+
* @param [autoPadding=true]
|
925
|
+
* @return for method chaining.
|
926
|
+
*/
|
927
|
+
setAutoPadding(autoPadding?: boolean): this;
|
928
|
+
}
|
929
|
+
interface CipherCCM extends Cipher {
|
930
|
+
setAAD(
|
931
|
+
buffer: NodeJS.ArrayBufferView,
|
932
|
+
options: {
|
933
|
+
plaintextLength: number;
|
934
|
+
},
|
935
|
+
): this;
|
936
|
+
getAuthTag(): Buffer;
|
937
|
+
}
|
938
|
+
interface CipherGCM extends Cipher {
|
939
|
+
setAAD(
|
940
|
+
buffer: NodeJS.ArrayBufferView,
|
941
|
+
options?: {
|
942
|
+
plaintextLength: number;
|
943
|
+
},
|
944
|
+
): this;
|
945
|
+
getAuthTag(): Buffer;
|
946
|
+
}
|
947
|
+
interface CipherOCB extends Cipher {
|
948
|
+
setAAD(
|
949
|
+
buffer: NodeJS.ArrayBufferView,
|
950
|
+
options?: {
|
951
|
+
plaintextLength: number;
|
952
|
+
},
|
953
|
+
): this;
|
954
|
+
getAuthTag(): Buffer;
|
955
|
+
}
|
956
|
+
/**
|
957
|
+
* Creates and returns a `Decipher` object that uses the given `algorithm` and`password` (key).
|
958
|
+
*
|
959
|
+
* The `options` argument controls stream behavior and is optional except when a
|
960
|
+
* cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
|
961
|
+
* authentication tag in bytes, see `CCM mode`.
|
962
|
+
* For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
|
963
|
+
*
|
964
|
+
* **This function is semantically insecure for all**
|
965
|
+
* **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
|
966
|
+
* **GCM, or CCM).**
|
967
|
+
*
|
968
|
+
* The implementation of `crypto.createDecipher()` derives keys using the OpenSSL
|
969
|
+
* function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
|
970
|
+
* iteration, and no salt. The lack of salt allows dictionary attacks as the same
|
971
|
+
* password always creates the same key. The low iteration count and
|
972
|
+
* non-cryptographically secure hash algorithm allow passwords to be tested very
|
973
|
+
* rapidly.
|
974
|
+
*
|
975
|
+
* In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
|
976
|
+
* developers derive a key and IV on
|
977
|
+
* their own using {@link scrypt} and to use {@link createDecipheriv} to create the `Decipher` object.
|
978
|
+
* @since v0.1.94
|
979
|
+
* @deprecated Since v10.0.0 - Use {@link createDecipheriv} instead.
|
980
|
+
* @param options `stream.transform` options
|
981
|
+
*/
|
982
|
+
function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
|
983
|
+
/** @deprecated since v10.0.0 use `createDecipheriv()` */
|
984
|
+
function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
|
985
|
+
/** @deprecated since v10.0.0 use `createDecipheriv()` */
|
986
|
+
function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
|
987
|
+
/**
|
988
|
+
* Creates and returns a `Decipher` object that uses the given `algorithm`, `key`and initialization vector (`iv`).
|
989
|
+
*
|
990
|
+
* The `options` argument controls stream behavior and is optional except when a
|
991
|
+
* cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
|
992
|
+
* authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to restrict accepted authentication tags
|
993
|
+
* to those with the specified length.
|
994
|
+
* For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
|
995
|
+
*
|
996
|
+
* The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
|
997
|
+
* recent OpenSSL releases, `openssl list -cipher-algorithms` will
|
998
|
+
* display the available cipher algorithms.
|
999
|
+
*
|
1000
|
+
* The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded
|
1001
|
+
* strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be
|
1002
|
+
* a `KeyObject` of type `secret`. If the cipher does not need
|
1003
|
+
* an initialization vector, `iv` may be `null`.
|
1004
|
+
*
|
1005
|
+
* When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`.
|
1006
|
+
*
|
1007
|
+
* Initialization vectors should be unpredictable and unique; ideally, they will be
|
1008
|
+
* cryptographically random. They do not have to be secret: IVs are typically just
|
1009
|
+
* added to ciphertext messages unencrypted. It may sound contradictory that
|
1010
|
+
* something has to be unpredictable and unique, but does not have to be secret;
|
1011
|
+
* remember that an attacker must not be able to predict ahead of time what a given
|
1012
|
+
* IV will be.
|
1013
|
+
* @since v0.1.94
|
1014
|
+
* @param options `stream.transform` options
|
1015
|
+
*/
|
1016
|
+
function createDecipheriv(
|
1017
|
+
algorithm: CipherCCMTypes,
|
1018
|
+
key: CipherKey,
|
1019
|
+
iv: BinaryLike,
|
1020
|
+
options: CipherCCMOptions,
|
1021
|
+
): DecipherCCM;
|
1022
|
+
function createDecipheriv(
|
1023
|
+
algorithm: CipherOCBTypes,
|
1024
|
+
key: CipherKey,
|
1025
|
+
iv: BinaryLike,
|
1026
|
+
options: CipherOCBOptions,
|
1027
|
+
): DecipherOCB;
|
1028
|
+
function createDecipheriv(
|
1029
|
+
algorithm: CipherGCMTypes,
|
1030
|
+
key: CipherKey,
|
1031
|
+
iv: BinaryLike,
|
1032
|
+
options?: CipherGCMOptions,
|
1033
|
+
): DecipherGCM;
|
1034
|
+
function createDecipheriv(
|
1035
|
+
algorithm: string,
|
1036
|
+
key: CipherKey,
|
1037
|
+
iv: BinaryLike | null,
|
1038
|
+
options?: stream.TransformOptions,
|
1039
|
+
): Decipher;
|
1040
|
+
/**
|
1041
|
+
* Instances of the `Decipher` class are used to decrypt data. The class can be
|
1042
|
+
* used in one of two ways:
|
1043
|
+
*
|
1044
|
+
* * As a `stream` that is both readable and writable, where plain encrypted
|
1045
|
+
* data is written to produce unencrypted data on the readable side, or
|
1046
|
+
* * Using the `decipher.update()` and `decipher.final()` methods to
|
1047
|
+
* produce the unencrypted data.
|
1048
|
+
*
|
1049
|
+
* The {@link createDecipher} or {@link createDecipheriv} methods are
|
1050
|
+
* used to create `Decipher` instances. `Decipher` objects are not to be created
|
1051
|
+
* directly using the `new` keyword.
|
1052
|
+
*
|
1053
|
+
* Example: Using `Decipher` objects as streams:
|
1054
|
+
*
|
1055
|
+
* ```js
|
1056
|
+
* import { Buffer } from 'node:buffer';
|
1057
|
+
* const {
|
1058
|
+
* scryptSync,
|
1059
|
+
* createDecipheriv,
|
1060
|
+
* } = await import('node:crypto');
|
1061
|
+
*
|
1062
|
+
* const algorithm = 'aes-192-cbc';
|
1063
|
+
* const password = 'Password used to generate key';
|
1064
|
+
* // Key length is dependent on the algorithm. In this case for aes192, it is
|
1065
|
+
* // 24 bytes (192 bits).
|
1066
|
+
* // Use the async `crypto.scrypt()` instead.
|
1067
|
+
* const key = scryptSync(password, 'salt', 24);
|
1068
|
+
* // The IV is usually passed along with the ciphertext.
|
1069
|
+
* const iv = Buffer.alloc(16, 0); // Initialization vector.
|
1070
|
+
*
|
1071
|
+
* const decipher = createDecipheriv(algorithm, key, iv);
|
1072
|
+
*
|
1073
|
+
* let decrypted = '';
|
1074
|
+
* decipher.on('readable', () => {
|
1075
|
+
* let chunk;
|
1076
|
+
* while (null !== (chunk = decipher.read())) {
|
1077
|
+
* decrypted += chunk.toString('utf8');
|
1078
|
+
* }
|
1079
|
+
* });
|
1080
|
+
* decipher.on('end', () => {
|
1081
|
+
* console.log(decrypted);
|
1082
|
+
* // Prints: some clear text data
|
1083
|
+
* });
|
1084
|
+
*
|
1085
|
+
* // Encrypted with same algorithm, key and iv.
|
1086
|
+
* const encrypted =
|
1087
|
+
* 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
|
1088
|
+
* decipher.write(encrypted, 'hex');
|
1089
|
+
* decipher.end();
|
1090
|
+
* ```
|
1091
|
+
*
|
1092
|
+
* Example: Using `Decipher` and piped streams:
|
1093
|
+
*
|
1094
|
+
* ```js
|
1095
|
+
* import {
|
1096
|
+
* createReadStream,
|
1097
|
+
* createWriteStream,
|
1098
|
+
* } from 'node:fs';
|
1099
|
+
* import { Buffer } from 'node:buffer';
|
1100
|
+
* const {
|
1101
|
+
* scryptSync,
|
1102
|
+
* createDecipheriv,
|
1103
|
+
* } = await import('node:crypto');
|
1104
|
+
*
|
1105
|
+
* const algorithm = 'aes-192-cbc';
|
1106
|
+
* const password = 'Password used to generate key';
|
1107
|
+
* // Use the async `crypto.scrypt()` instead.
|
1108
|
+
* const key = scryptSync(password, 'salt', 24);
|
1109
|
+
* // The IV is usually passed along with the ciphertext.
|
1110
|
+
* const iv = Buffer.alloc(16, 0); // Initialization vector.
|
1111
|
+
*
|
1112
|
+
* const decipher = createDecipheriv(algorithm, key, iv);
|
1113
|
+
*
|
1114
|
+
* const input = createReadStream('test.enc');
|
1115
|
+
* const output = createWriteStream('test.js');
|
1116
|
+
*
|
1117
|
+
* input.pipe(decipher).pipe(output);
|
1118
|
+
* ```
|
1119
|
+
*
|
1120
|
+
* Example: Using the `decipher.update()` and `decipher.final()` methods:
|
1121
|
+
*
|
1122
|
+
* ```js
|
1123
|
+
* import { Buffer } from 'node:buffer';
|
1124
|
+
* const {
|
1125
|
+
* scryptSync,
|
1126
|
+
* createDecipheriv,
|
1127
|
+
* } = await import('node:crypto');
|
1128
|
+
*
|
1129
|
+
* const algorithm = 'aes-192-cbc';
|
1130
|
+
* const password = 'Password used to generate key';
|
1131
|
+
* // Use the async `crypto.scrypt()` instead.
|
1132
|
+
* const key = scryptSync(password, 'salt', 24);
|
1133
|
+
* // The IV is usually passed along with the ciphertext.
|
1134
|
+
* const iv = Buffer.alloc(16, 0); // Initialization vector.
|
1135
|
+
*
|
1136
|
+
* const decipher = createDecipheriv(algorithm, key, iv);
|
1137
|
+
*
|
1138
|
+
* // Encrypted using same algorithm, key and iv.
|
1139
|
+
* const encrypted =
|
1140
|
+
* 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
|
1141
|
+
* let decrypted = decipher.update(encrypted, 'hex', 'utf8');
|
1142
|
+
* decrypted += decipher.final('utf8');
|
1143
|
+
* console.log(decrypted);
|
1144
|
+
* // Prints: some clear text data
|
1145
|
+
* ```
|
1146
|
+
* @since v0.1.94
|
1147
|
+
*/
|
1148
|
+
class Decipher extends stream.Transform {
|
1149
|
+
private constructor();
|
1150
|
+
/**
|
1151
|
+
* Updates the decipher with `data`. If the `inputEncoding` argument is given,
|
1152
|
+
* the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`. If `data` is a `Buffer` then `inputEncoding` is
|
1153
|
+
* ignored.
|
1154
|
+
*
|
1155
|
+
* The `outputEncoding` specifies the output format of the enciphered
|
1156
|
+
* data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
|
1157
|
+
*
|
1158
|
+
* The `decipher.update()` method can be called multiple times with new data until `decipher.final()` is called. Calling `decipher.update()` after `decipher.final()` will result in an error
|
1159
|
+
* being thrown.
|
1160
|
+
* @since v0.1.94
|
1161
|
+
* @param inputEncoding The `encoding` of the `data` string.
|
1162
|
+
* @param outputEncoding The `encoding` of the return value.
|
1163
|
+
*/
|
1164
|
+
update(data: NodeJS.ArrayBufferView): Buffer;
|
1165
|
+
update(data: string, inputEncoding: Encoding): Buffer;
|
1166
|
+
update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
|
1167
|
+
update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
|
1168
|
+
/**
|
1169
|
+
* Once the `decipher.final()` method has been called, the `Decipher` object can
|
1170
|
+
* no longer be used to decrypt data. Attempts to call `decipher.final()` more
|
1171
|
+
* than once will result in an error being thrown.
|
1172
|
+
* @since v0.1.94
|
1173
|
+
* @param outputEncoding The `encoding` of the return value.
|
1174
|
+
* @return Any remaining deciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
|
1175
|
+
*/
|
1176
|
+
final(): Buffer;
|
1177
|
+
final(outputEncoding: BufferEncoding): string;
|
1178
|
+
/**
|
1179
|
+
* When data has been encrypted without standard block padding, calling`decipher.setAutoPadding(false)` will disable automatic padding to prevent `decipher.final()` from checking for and
|
1180
|
+
* removing padding.
|
1181
|
+
*
|
1182
|
+
* Turning auto padding off will only work if the input data's length is a
|
1183
|
+
* multiple of the ciphers block size.
|
1184
|
+
*
|
1185
|
+
* The `decipher.setAutoPadding()` method must be called before `decipher.final()`.
|
1186
|
+
* @since v0.7.1
|
1187
|
+
* @param [autoPadding=true]
|
1188
|
+
* @return for method chaining.
|
1189
|
+
*/
|
1190
|
+
setAutoPadding(auto_padding?: boolean): this;
|
1191
|
+
}
|
1192
|
+
interface DecipherCCM extends Decipher {
|
1193
|
+
setAuthTag(buffer: NodeJS.ArrayBufferView): this;
|
1194
|
+
setAAD(
|
1195
|
+
buffer: NodeJS.ArrayBufferView,
|
1196
|
+
options: {
|
1197
|
+
plaintextLength: number;
|
1198
|
+
},
|
1199
|
+
): this;
|
1200
|
+
}
|
1201
|
+
interface DecipherGCM extends Decipher {
|
1202
|
+
setAuthTag(buffer: NodeJS.ArrayBufferView): this;
|
1203
|
+
setAAD(
|
1204
|
+
buffer: NodeJS.ArrayBufferView,
|
1205
|
+
options?: {
|
1206
|
+
plaintextLength: number;
|
1207
|
+
},
|
1208
|
+
): this;
|
1209
|
+
}
|
1210
|
+
interface DecipherOCB extends Decipher {
|
1211
|
+
setAuthTag(buffer: NodeJS.ArrayBufferView): this;
|
1212
|
+
setAAD(
|
1213
|
+
buffer: NodeJS.ArrayBufferView,
|
1214
|
+
options?: {
|
1215
|
+
plaintextLength: number;
|
1216
|
+
},
|
1217
|
+
): this;
|
1218
|
+
}
|
1219
|
+
interface PrivateKeyInput {
|
1220
|
+
key: string | Buffer;
|
1221
|
+
format?: KeyFormat | undefined;
|
1222
|
+
type?: "pkcs1" | "pkcs8" | "sec1" | undefined;
|
1223
|
+
passphrase?: string | Buffer | undefined;
|
1224
|
+
encoding?: string | undefined;
|
1225
|
+
}
|
1226
|
+
interface PublicKeyInput {
|
1227
|
+
key: string | Buffer;
|
1228
|
+
format?: KeyFormat | undefined;
|
1229
|
+
type?: "pkcs1" | "spki" | undefined;
|
1230
|
+
encoding?: string | undefined;
|
1231
|
+
}
|
1232
|
+
/**
|
1233
|
+
* Asynchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
|
1234
|
+
*
|
1235
|
+
* ```js
|
1236
|
+
* const {
|
1237
|
+
* generateKey,
|
1238
|
+
* } = await import('node:crypto');
|
1239
|
+
*
|
1240
|
+
* generateKey('hmac', { length: 512 }, (err, key) => {
|
1241
|
+
* if (err) throw err;
|
1242
|
+
* console.log(key.export().toString('hex')); // 46e..........620
|
1243
|
+
* });
|
1244
|
+
* ```
|
1245
|
+
*
|
1246
|
+
* The size of a generated HMAC key should not exceed the block size of the
|
1247
|
+
* underlying hash function. See {@link createHmac} for more information.
|
1248
|
+
* @since v15.0.0
|
1249
|
+
* @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
|
1250
|
+
*/
|
1251
|
+
function generateKey(
|
1252
|
+
type: "hmac" | "aes",
|
1253
|
+
options: {
|
1254
|
+
length: number;
|
1255
|
+
},
|
1256
|
+
callback: (err: Error | null, key: KeyObject) => void,
|
1257
|
+
): void;
|
1258
|
+
/**
|
1259
|
+
* Synchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
|
1260
|
+
*
|
1261
|
+
* ```js
|
1262
|
+
* const {
|
1263
|
+
* generateKeySync,
|
1264
|
+
* } = await import('node:crypto');
|
1265
|
+
*
|
1266
|
+
* const key = generateKeySync('hmac', { length: 512 });
|
1267
|
+
* console.log(key.export().toString('hex')); // e89..........41e
|
1268
|
+
* ```
|
1269
|
+
*
|
1270
|
+
* The size of a generated HMAC key should not exceed the block size of the
|
1271
|
+
* underlying hash function. See {@link createHmac} for more information.
|
1272
|
+
* @since v15.0.0
|
1273
|
+
* @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
|
1274
|
+
*/
|
1275
|
+
function generateKeySync(
|
1276
|
+
type: "hmac" | "aes",
|
1277
|
+
options: {
|
1278
|
+
length: number;
|
1279
|
+
},
|
1280
|
+
): KeyObject;
|
1281
|
+
interface JsonWebKeyInput {
|
1282
|
+
key: JsonWebKey;
|
1283
|
+
format: "jwk";
|
1284
|
+
}
|
1285
|
+
/**
|
1286
|
+
* Creates and returns a new key object containing a private key. If `key` is a
|
1287
|
+
* string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`must be an object with the properties described above.
|
1288
|
+
*
|
1289
|
+
* If the private key is encrypted, a `passphrase` must be specified. The length
|
1290
|
+
* of the passphrase is limited to 1024 bytes.
|
1291
|
+
* @since v11.6.0
|
1292
|
+
*/
|
1293
|
+
function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
|
1294
|
+
/**
|
1295
|
+
* Creates and returns a new key object containing a public key. If `key` is a
|
1296
|
+
* string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject`with type `'private'`, the public key is derived from the given private key;
|
1297
|
+
* otherwise, `key` must be an object with the properties described above.
|
1298
|
+
*
|
1299
|
+
* If the format is `'pem'`, the `'key'` may also be an X.509 certificate.
|
1300
|
+
*
|
1301
|
+
* Because public keys can be derived from private keys, a private key may be
|
1302
|
+
* passed instead of a public key. In that case, this function behaves as if {@link createPrivateKey} had been called, except that the type of the
|
1303
|
+
* returned `KeyObject` will be `'public'` and that the private key cannot be
|
1304
|
+
* extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type`'private'` is given, a new `KeyObject` with type `'public'` will be returned
|
1305
|
+
* and it will be impossible to extract the private key from the returned object.
|
1306
|
+
* @since v11.6.0
|
1307
|
+
*/
|
1308
|
+
function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject | JsonWebKeyInput): KeyObject;
|
1309
|
+
/**
|
1310
|
+
* Creates and returns a new key object containing a secret key for symmetric
|
1311
|
+
* encryption or `Hmac`.
|
1312
|
+
* @since v11.6.0
|
1313
|
+
* @param encoding The string encoding when `key` is a string.
|
1314
|
+
*/
|
1315
|
+
function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
|
1316
|
+
function createSecretKey(key: string, encoding: BufferEncoding): KeyObject;
|
1317
|
+
/**
|
1318
|
+
* Creates and returns a `Sign` object that uses the given `algorithm`. Use {@link getHashes} to obtain the names of the available digest algorithms.
|
1319
|
+
* Optional `options` argument controls the `stream.Writable` behavior.
|
1320
|
+
*
|
1321
|
+
* In some cases, a `Sign` instance can be created using the name of a signature
|
1322
|
+
* algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
|
1323
|
+
* the corresponding digest algorithm. This does not work for all signature
|
1324
|
+
* algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
|
1325
|
+
* algorithm names.
|
1326
|
+
* @since v0.1.92
|
1327
|
+
* @param options `stream.Writable` options
|
1328
|
+
*/
|
1329
|
+
function createSign(algorithm: string, options?: stream.WritableOptions): Sign;
|
1330
|
+
type DSAEncoding = "der" | "ieee-p1363";
|
1331
|
+
interface SigningOptions {
|
1332
|
+
/**
|
1333
|
+
* @see crypto.constants.RSA_PKCS1_PADDING
|
1334
|
+
*/
|
1335
|
+
padding?: number | undefined;
|
1336
|
+
saltLength?: number | undefined;
|
1337
|
+
dsaEncoding?: DSAEncoding | undefined;
|
1338
|
+
}
|
1339
|
+
interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
|
1340
|
+
interface SignKeyObjectInput extends SigningOptions {
|
1341
|
+
key: KeyObject;
|
1342
|
+
}
|
1343
|
+
interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions {}
|
1344
|
+
interface VerifyKeyObjectInput extends SigningOptions {
|
1345
|
+
key: KeyObject;
|
1346
|
+
}
|
1347
|
+
interface VerifyJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
|
1348
|
+
type KeyLike = string | Buffer | KeyObject;
|
1349
|
+
/**
|
1350
|
+
* The `Sign` class is a utility for generating signatures. It can be used in one
|
1351
|
+
* of two ways:
|
1352
|
+
*
|
1353
|
+
* * As a writable `stream`, where data to be signed is written and the `sign.sign()` method is used to generate and return the signature, or
|
1354
|
+
* * Using the `sign.update()` and `sign.sign()` methods to produce the
|
1355
|
+
* signature.
|
1356
|
+
*
|
1357
|
+
* The {@link createSign} method is used to create `Sign` instances. The
|
1358
|
+
* argument is the string name of the hash function to use. `Sign` objects are not
|
1359
|
+
* to be created directly using the `new` keyword.
|
1360
|
+
*
|
1361
|
+
* Example: Using `Sign` and `Verify` objects as streams:
|
1362
|
+
*
|
1363
|
+
* ```js
|
1364
|
+
* const {
|
1365
|
+
* generateKeyPairSync,
|
1366
|
+
* createSign,
|
1367
|
+
* createVerify,
|
1368
|
+
* } = await import('node:crypto');
|
1369
|
+
*
|
1370
|
+
* const { privateKey, publicKey } = generateKeyPairSync('ec', {
|
1371
|
+
* namedCurve: 'sect239k1',
|
1372
|
+
* });
|
1373
|
+
*
|
1374
|
+
* const sign = createSign('SHA256');
|
1375
|
+
* sign.write('some data to sign');
|
1376
|
+
* sign.end();
|
1377
|
+
* const signature = sign.sign(privateKey, 'hex');
|
1378
|
+
*
|
1379
|
+
* const verify = createVerify('SHA256');
|
1380
|
+
* verify.write('some data to sign');
|
1381
|
+
* verify.end();
|
1382
|
+
* console.log(verify.verify(publicKey, signature, 'hex'));
|
1383
|
+
* // Prints: true
|
1384
|
+
* ```
|
1385
|
+
*
|
1386
|
+
* Example: Using the `sign.update()` and `verify.update()` methods:
|
1387
|
+
*
|
1388
|
+
* ```js
|
1389
|
+
* const {
|
1390
|
+
* generateKeyPairSync,
|
1391
|
+
* createSign,
|
1392
|
+
* createVerify,
|
1393
|
+
* } = await import('node:crypto');
|
1394
|
+
*
|
1395
|
+
* const { privateKey, publicKey } = generateKeyPairSync('rsa', {
|
1396
|
+
* modulusLength: 2048,
|
1397
|
+
* });
|
1398
|
+
*
|
1399
|
+
* const sign = createSign('SHA256');
|
1400
|
+
* sign.update('some data to sign');
|
1401
|
+
* sign.end();
|
1402
|
+
* const signature = sign.sign(privateKey);
|
1403
|
+
*
|
1404
|
+
* const verify = createVerify('SHA256');
|
1405
|
+
* verify.update('some data to sign');
|
1406
|
+
* verify.end();
|
1407
|
+
* console.log(verify.verify(publicKey, signature));
|
1408
|
+
* // Prints: true
|
1409
|
+
* ```
|
1410
|
+
* @since v0.1.92
|
1411
|
+
*/
|
1412
|
+
class Sign extends stream.Writable {
|
1413
|
+
private constructor();
|
1414
|
+
/**
|
1415
|
+
* Updates the `Sign` content with the given `data`, the encoding of which
|
1416
|
+
* is given in `inputEncoding`.
|
1417
|
+
* If `encoding` is not provided, and the `data` is a string, an
|
1418
|
+
* encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
|
1419
|
+
*
|
1420
|
+
* This can be called many times with new data as it is streamed.
|
1421
|
+
* @since v0.1.92
|
1422
|
+
* @param inputEncoding The `encoding` of the `data` string.
|
1423
|
+
*/
|
1424
|
+
update(data: BinaryLike): this;
|
1425
|
+
update(data: string, inputEncoding: Encoding): this;
|
1426
|
+
/**
|
1427
|
+
* Calculates the signature on all the data passed through using either `sign.update()` or `sign.write()`.
|
1428
|
+
*
|
1429
|
+
* If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
|
1430
|
+
* object, the following additional properties can be passed:
|
1431
|
+
*
|
1432
|
+
* If `outputEncoding` is provided a string is returned; otherwise a `Buffer` is returned.
|
1433
|
+
*
|
1434
|
+
* The `Sign` object can not be again used after `sign.sign()` method has been
|
1435
|
+
* called. Multiple calls to `sign.sign()` will result in an error being thrown.
|
1436
|
+
* @since v0.1.92
|
1437
|
+
*/
|
1438
|
+
sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
|
1439
|
+
sign(
|
1440
|
+
privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
|
1441
|
+
outputFormat: BinaryToTextEncoding,
|
1442
|
+
): string;
|
1443
|
+
}
|
1444
|
+
/**
|
1445
|
+
* Creates and returns a `Verify` object that uses the given algorithm.
|
1446
|
+
* Use {@link getHashes} to obtain an array of names of the available
|
1447
|
+
* signing algorithms. Optional `options` argument controls the`stream.Writable` behavior.
|
1448
|
+
*
|
1449
|
+
* In some cases, a `Verify` instance can be created using the name of a signature
|
1450
|
+
* algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
|
1451
|
+
* the corresponding digest algorithm. This does not work for all signature
|
1452
|
+
* algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
|
1453
|
+
* algorithm names.
|
1454
|
+
* @since v0.1.92
|
1455
|
+
* @param options `stream.Writable` options
|
1456
|
+
*/
|
1457
|
+
function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
|
1458
|
+
/**
|
1459
|
+
* The `Verify` class is a utility for verifying signatures. It can be used in one
|
1460
|
+
* of two ways:
|
1461
|
+
*
|
1462
|
+
* * As a writable `stream` where written data is used to validate against the
|
1463
|
+
* supplied signature, or
|
1464
|
+
* * Using the `verify.update()` and `verify.verify()` methods to verify
|
1465
|
+
* the signature.
|
1466
|
+
*
|
1467
|
+
* The {@link createVerify} method is used to create `Verify` instances.`Verify` objects are not to be created directly using the `new` keyword.
|
1468
|
+
*
|
1469
|
+
* See `Sign` for examples.
|
1470
|
+
* @since v0.1.92
|
1471
|
+
*/
|
1472
|
+
class Verify extends stream.Writable {
|
1473
|
+
private constructor();
|
1474
|
+
/**
|
1475
|
+
* Updates the `Verify` content with the given `data`, the encoding of which
|
1476
|
+
* is given in `inputEncoding`.
|
1477
|
+
* If `inputEncoding` is not provided, and the `data` is a string, an
|
1478
|
+
* encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
|
1479
|
+
*
|
1480
|
+
* This can be called many times with new data as it is streamed.
|
1481
|
+
* @since v0.1.92
|
1482
|
+
* @param inputEncoding The `encoding` of the `data` string.
|
1483
|
+
*/
|
1484
|
+
update(data: BinaryLike): Verify;
|
1485
|
+
update(data: string, inputEncoding: Encoding): Verify;
|
1486
|
+
/**
|
1487
|
+
* Verifies the provided data using the given `object` and `signature`.
|
1488
|
+
*
|
1489
|
+
* If `object` is not a `KeyObject`, this function behaves as if`object` had been passed to {@link createPublicKey}. If it is an
|
1490
|
+
* object, the following additional properties can be passed:
|
1491
|
+
*
|
1492
|
+
* The `signature` argument is the previously calculated signature for the data, in
|
1493
|
+
* the `signatureEncoding`.
|
1494
|
+
* If a `signatureEncoding` is specified, the `signature` is expected to be a
|
1495
|
+
* string; otherwise `signature` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
|
1496
|
+
*
|
1497
|
+
* The `verify` object can not be used again after `verify.verify()` has been
|
1498
|
+
* called. Multiple calls to `verify.verify()` will result in an error being
|
1499
|
+
* thrown.
|
1500
|
+
*
|
1501
|
+
* Because public keys can be derived from private keys, a private key may
|
1502
|
+
* be passed instead of a public key.
|
1503
|
+
* @since v0.1.92
|
1504
|
+
*/
|
1505
|
+
verify(
|
1506
|
+
object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
|
1507
|
+
signature: NodeJS.ArrayBufferView,
|
1508
|
+
): boolean;
|
1509
|
+
verify(
|
1510
|
+
object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
|
1511
|
+
signature: string,
|
1512
|
+
signature_format?: BinaryToTextEncoding,
|
1513
|
+
): boolean;
|
1514
|
+
}
|
1515
|
+
/**
|
1516
|
+
* Creates a `DiffieHellman` key exchange object using the supplied `prime` and an
|
1517
|
+
* optional specific `generator`.
|
1518
|
+
*
|
1519
|
+
* The `generator` argument can be a number, string, or `Buffer`. If`generator` is not specified, the value `2` is used.
|
1520
|
+
*
|
1521
|
+
* If `primeEncoding` is specified, `prime` is expected to be a string; otherwise
|
1522
|
+
* a `Buffer`, `TypedArray`, or `DataView` is expected.
|
1523
|
+
*
|
1524
|
+
* If `generatorEncoding` is specified, `generator` is expected to be a string;
|
1525
|
+
* otherwise a number, `Buffer`, `TypedArray`, or `DataView` is expected.
|
1526
|
+
* @since v0.11.12
|
1527
|
+
* @param primeEncoding The `encoding` of the `prime` string.
|
1528
|
+
* @param [generator=2]
|
1529
|
+
* @param generatorEncoding The `encoding` of the `generator` string.
|
1530
|
+
*/
|
1531
|
+
function createDiffieHellman(primeLength: number, generator?: number): DiffieHellman;
|
1532
|
+
function createDiffieHellman(
|
1533
|
+
prime: ArrayBuffer | NodeJS.ArrayBufferView,
|
1534
|
+
generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
|
1535
|
+
): DiffieHellman;
|
1536
|
+
function createDiffieHellman(
|
1537
|
+
prime: ArrayBuffer | NodeJS.ArrayBufferView,
|
1538
|
+
generator: string,
|
1539
|
+
generatorEncoding: BinaryToTextEncoding,
|
1540
|
+
): DiffieHellman;
|
1541
|
+
function createDiffieHellman(
|
1542
|
+
prime: string,
|
1543
|
+
primeEncoding: BinaryToTextEncoding,
|
1544
|
+
generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
|
1545
|
+
): DiffieHellman;
|
1546
|
+
function createDiffieHellman(
|
1547
|
+
prime: string,
|
1548
|
+
primeEncoding: BinaryToTextEncoding,
|
1549
|
+
generator: string,
|
1550
|
+
generatorEncoding: BinaryToTextEncoding,
|
1551
|
+
): DiffieHellman;
|
1552
|
+
/**
|
1553
|
+
* The `DiffieHellman` class is a utility for creating Diffie-Hellman key
|
1554
|
+
* exchanges.
|
1555
|
+
*
|
1556
|
+
* Instances of the `DiffieHellman` class can be created using the {@link createDiffieHellman} function.
|
1557
|
+
*
|
1558
|
+
* ```js
|
1559
|
+
* import assert from 'node:assert';
|
1560
|
+
*
|
1561
|
+
* const {
|
1562
|
+
* createDiffieHellman,
|
1563
|
+
* } = await import('node:crypto');
|
1564
|
+
*
|
1565
|
+
* // Generate Alice's keys...
|
1566
|
+
* const alice = createDiffieHellman(2048);
|
1567
|
+
* const aliceKey = alice.generateKeys();
|
1568
|
+
*
|
1569
|
+
* // Generate Bob's keys...
|
1570
|
+
* const bob = createDiffieHellman(alice.getPrime(), alice.getGenerator());
|
1571
|
+
* const bobKey = bob.generateKeys();
|
1572
|
+
*
|
1573
|
+
* // Exchange and generate the secret...
|
1574
|
+
* const aliceSecret = alice.computeSecret(bobKey);
|
1575
|
+
* const bobSecret = bob.computeSecret(aliceKey);
|
1576
|
+
*
|
1577
|
+
* // OK
|
1578
|
+
* assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
|
1579
|
+
* ```
|
1580
|
+
* @since v0.5.0
|
1581
|
+
*/
|
1582
|
+
class DiffieHellman {
|
1583
|
+
private constructor();
|
1584
|
+
/**
|
1585
|
+
* Generates private and public Diffie-Hellman key values unless they have been
|
1586
|
+
* generated or computed already, and returns
|
1587
|
+
* the public key in the specified `encoding`. This key should be
|
1588
|
+
* transferred to the other party.
|
1589
|
+
* If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
|
1590
|
+
*
|
1591
|
+
* This function is a thin wrapper around [`DH_generate_key()`](https://www.openssl.org/docs/man3.0/man3/DH_generate_key.html). In particular,
|
1592
|
+
* once a private key has been generated or set, calling this function only updates
|
1593
|
+
* the public key but does not generate a new private key.
|
1594
|
+
* @since v0.5.0
|
1595
|
+
* @param encoding The `encoding` of the return value.
|
1596
|
+
*/
|
1597
|
+
generateKeys(): Buffer;
|
1598
|
+
generateKeys(encoding: BinaryToTextEncoding): string;
|
1599
|
+
/**
|
1600
|
+
* Computes the shared secret using `otherPublicKey` as the other
|
1601
|
+
* party's public key and returns the computed shared secret. The supplied
|
1602
|
+
* key is interpreted using the specified `inputEncoding`, and secret is
|
1603
|
+
* encoded using specified `outputEncoding`.
|
1604
|
+
* If the `inputEncoding` is not
|
1605
|
+
* provided, `otherPublicKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
|
1606
|
+
*
|
1607
|
+
* If `outputEncoding` is given a string is returned; otherwise, a `Buffer` is returned.
|
1608
|
+
* @since v0.5.0
|
1609
|
+
* @param inputEncoding The `encoding` of an `otherPublicKey` string.
|
1610
|
+
* @param outputEncoding The `encoding` of the return value.
|
1611
|
+
*/
|
1612
|
+
computeSecret(otherPublicKey: NodeJS.ArrayBufferView, inputEncoding?: null, outputEncoding?: null): Buffer;
|
1613
|
+
computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding, outputEncoding?: null): Buffer;
|
1614
|
+
computeSecret(
|
1615
|
+
otherPublicKey: NodeJS.ArrayBufferView,
|
1616
|
+
inputEncoding: null,
|
1617
|
+
outputEncoding: BinaryToTextEncoding,
|
1618
|
+
): string;
|
1619
|
+
computeSecret(
|
1620
|
+
otherPublicKey: string,
|
1621
|
+
inputEncoding: BinaryToTextEncoding,
|
1622
|
+
outputEncoding: BinaryToTextEncoding,
|
1623
|
+
): string;
|
1624
|
+
/**
|
1625
|
+
* Returns the Diffie-Hellman prime in the specified `encoding`.
|
1626
|
+
* If `encoding` is provided a string is
|
1627
|
+
* returned; otherwise a `Buffer` is returned.
|
1628
|
+
* @since v0.5.0
|
1629
|
+
* @param encoding The `encoding` of the return value.
|
1630
|
+
*/
|
1631
|
+
getPrime(): Buffer;
|
1632
|
+
getPrime(encoding: BinaryToTextEncoding): string;
|
1633
|
+
/**
|
1634
|
+
* Returns the Diffie-Hellman generator in the specified `encoding`.
|
1635
|
+
* If `encoding` is provided a string is
|
1636
|
+
* returned; otherwise a `Buffer` is returned.
|
1637
|
+
* @since v0.5.0
|
1638
|
+
* @param encoding The `encoding` of the return value.
|
1639
|
+
*/
|
1640
|
+
getGenerator(): Buffer;
|
1641
|
+
getGenerator(encoding: BinaryToTextEncoding): string;
|
1642
|
+
/**
|
1643
|
+
* Returns the Diffie-Hellman public key in the specified `encoding`.
|
1644
|
+
* If `encoding` is provided a
|
1645
|
+
* string is returned; otherwise a `Buffer` is returned.
|
1646
|
+
* @since v0.5.0
|
1647
|
+
* @param encoding The `encoding` of the return value.
|
1648
|
+
*/
|
1649
|
+
getPublicKey(): Buffer;
|
1650
|
+
getPublicKey(encoding: BinaryToTextEncoding): string;
|
1651
|
+
/**
|
1652
|
+
* Returns the Diffie-Hellman private key in the specified `encoding`.
|
1653
|
+
* If `encoding` is provided a
|
1654
|
+
* string is returned; otherwise a `Buffer` is returned.
|
1655
|
+
* @since v0.5.0
|
1656
|
+
* @param encoding The `encoding` of the return value.
|
1657
|
+
*/
|
1658
|
+
getPrivateKey(): Buffer;
|
1659
|
+
getPrivateKey(encoding: BinaryToTextEncoding): string;
|
1660
|
+
/**
|
1661
|
+
* Sets the Diffie-Hellman public key. If the `encoding` argument is provided,`publicKey` is expected
|
1662
|
+
* to be a string. If no `encoding` is provided, `publicKey` is expected
|
1663
|
+
* to be a `Buffer`, `TypedArray`, or `DataView`.
|
1664
|
+
* @since v0.5.0
|
1665
|
+
* @param encoding The `encoding` of the `publicKey` string.
|
1666
|
+
*/
|
1667
|
+
setPublicKey(publicKey: NodeJS.ArrayBufferView): void;
|
1668
|
+
setPublicKey(publicKey: string, encoding: BufferEncoding): void;
|
1669
|
+
/**
|
1670
|
+
* Sets the Diffie-Hellman private key. If the `encoding` argument is provided,`privateKey` is expected
|
1671
|
+
* to be a string. If no `encoding` is provided, `privateKey` is expected
|
1672
|
+
* to be a `Buffer`, `TypedArray`, or `DataView`.
|
1673
|
+
*
|
1674
|
+
* This function does not automatically compute the associated public key. Either `diffieHellman.setPublicKey()` or `diffieHellman.generateKeys()` can be
|
1675
|
+
* used to manually provide the public key or to automatically derive it.
|
1676
|
+
* @since v0.5.0
|
1677
|
+
* @param encoding The `encoding` of the `privateKey` string.
|
1678
|
+
*/
|
1679
|
+
setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
|
1680
|
+
setPrivateKey(privateKey: string, encoding: BufferEncoding): void;
|
1681
|
+
/**
|
1682
|
+
* A bit field containing any warnings and/or errors resulting from a check
|
1683
|
+
* performed during initialization of the `DiffieHellman` object.
|
1684
|
+
*
|
1685
|
+
* The following values are valid for this property (as defined in `node:constants` module):
|
1686
|
+
*
|
1687
|
+
* * `DH_CHECK_P_NOT_SAFE_PRIME`
|
1688
|
+
* * `DH_CHECK_P_NOT_PRIME`
|
1689
|
+
* * `DH_UNABLE_TO_CHECK_GENERATOR`
|
1690
|
+
* * `DH_NOT_SUITABLE_GENERATOR`
|
1691
|
+
* @since v0.11.12
|
1692
|
+
*/
|
1693
|
+
verifyError: number;
|
1694
|
+
}
|
1695
|
+
/**
|
1696
|
+
* The `DiffieHellmanGroup` class takes a well-known modp group as its argument.
|
1697
|
+
* It works the same as `DiffieHellman`, except that it does not allow changing its keys after creation.
|
1698
|
+
* In other words, it does not implement `setPublicKey()` or `setPrivateKey()` methods.
|
1699
|
+
*
|
1700
|
+
* ```js
|
1701
|
+
* const { createDiffieHellmanGroup } = await import('node:crypto');
|
1702
|
+
* const dh = createDiffieHellmanGroup('modp1');
|
1703
|
+
* ```
|
1704
|
+
* The name (e.g. `'modp1'`) is taken from [RFC 2412](https://www.rfc-editor.org/rfc/rfc2412.txt) (modp1 and 2) and [RFC 3526](https://www.rfc-editor.org/rfc/rfc3526.txt):
|
1705
|
+
* ```bash
|
1706
|
+
* $ perl -ne 'print "$1\n" if /"(modp\d+)"/' src/node_crypto_groups.h
|
1707
|
+
* modp1 # 768 bits
|
1708
|
+
* modp2 # 1024 bits
|
1709
|
+
* modp5 # 1536 bits
|
1710
|
+
* modp14 # 2048 bits
|
1711
|
+
* modp15 # etc.
|
1712
|
+
* modp16
|
1713
|
+
* modp17
|
1714
|
+
* modp18
|
1715
|
+
* ```
|
1716
|
+
* @since v0.7.5
|
1717
|
+
*/
|
1718
|
+
const DiffieHellmanGroup: DiffieHellmanGroupConstructor;
|
1719
|
+
interface DiffieHellmanGroupConstructor {
|
1720
|
+
new(name: string): DiffieHellmanGroup;
|
1721
|
+
(name: string): DiffieHellmanGroup;
|
1722
|
+
readonly prototype: DiffieHellmanGroup;
|
1723
|
+
}
|
1724
|
+
type DiffieHellmanGroup = Omit<DiffieHellman, "setPublicKey" | "setPrivateKey">;
|
1725
|
+
/**
|
1726
|
+
* Creates a predefined `DiffieHellmanGroup` key exchange object. The
|
1727
|
+
* supported groups are listed in the documentation for `DiffieHellmanGroup`.
|
1728
|
+
*
|
1729
|
+
* The returned object mimics the interface of objects created by {@link createDiffieHellman}, but will not allow changing
|
1730
|
+
* the keys (with `diffieHellman.setPublicKey()`, for example). The
|
1731
|
+
* advantage of using this method is that the parties do not have to
|
1732
|
+
* generate nor exchange a group modulus beforehand, saving both processor
|
1733
|
+
* and communication time.
|
1734
|
+
*
|
1735
|
+
* Example (obtaining a shared secret):
|
1736
|
+
*
|
1737
|
+
* ```js
|
1738
|
+
* const {
|
1739
|
+
* getDiffieHellman,
|
1740
|
+
* } = await import('node:crypto');
|
1741
|
+
* const alice = getDiffieHellman('modp14');
|
1742
|
+
* const bob = getDiffieHellman('modp14');
|
1743
|
+
*
|
1744
|
+
* alice.generateKeys();
|
1745
|
+
* bob.generateKeys();
|
1746
|
+
*
|
1747
|
+
* const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
|
1748
|
+
* const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
|
1749
|
+
*
|
1750
|
+
* // aliceSecret and bobSecret should be the same
|
1751
|
+
* console.log(aliceSecret === bobSecret);
|
1752
|
+
* ```
|
1753
|
+
* @since v0.7.5
|
1754
|
+
*/
|
1755
|
+
function getDiffieHellman(groupName: string): DiffieHellmanGroup;
|
1756
|
+
/**
|
1757
|
+
* An alias for {@link getDiffieHellman}
|
1758
|
+
* @since v0.9.3
|
1759
|
+
*/
|
1760
|
+
function createDiffieHellmanGroup(name: string): DiffieHellmanGroup;
|
1761
|
+
/**
|
1762
|
+
* Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
|
1763
|
+
* implementation. A selected HMAC digest algorithm specified by `digest` is
|
1764
|
+
* applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
|
1765
|
+
*
|
1766
|
+
* The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an error occurs while deriving the key, `err` will be set;
|
1767
|
+
* otherwise `err` will be `null`. By default, the successfully generated`derivedKey` will be passed to the callback as a `Buffer`. An error will be
|
1768
|
+
* thrown if any of the input arguments specify invalid values or types.
|
1769
|
+
*
|
1770
|
+
* The `iterations` argument must be a number set as high as possible. The
|
1771
|
+
* higher the number of iterations, the more secure the derived key will be,
|
1772
|
+
* but will take a longer amount of time to complete.
|
1773
|
+
*
|
1774
|
+
* The `salt` should be as unique as possible. It is recommended that a salt is
|
1775
|
+
* random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
|
1776
|
+
*
|
1777
|
+
* When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
|
1778
|
+
*
|
1779
|
+
* ```js
|
1780
|
+
* const {
|
1781
|
+
* pbkdf2,
|
1782
|
+
* } = await import('node:crypto');
|
1783
|
+
*
|
1784
|
+
* pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
|
1785
|
+
* if (err) throw err;
|
1786
|
+
* console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
|
1787
|
+
* });
|
1788
|
+
* ```
|
1789
|
+
*
|
1790
|
+
* An array of supported digest functions can be retrieved using {@link getHashes}.
|
1791
|
+
*
|
1792
|
+
* This API uses libuv's threadpool, which can have surprising and
|
1793
|
+
* negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
|
1794
|
+
* @since v0.5.5
|
1795
|
+
*/
|
1796
|
+
function pbkdf2(
|
1797
|
+
password: BinaryLike,
|
1798
|
+
salt: BinaryLike,
|
1799
|
+
iterations: number,
|
1800
|
+
keylen: number,
|
1801
|
+
digest: string,
|
1802
|
+
callback: (err: Error | null, derivedKey: Buffer) => void,
|
1803
|
+
): void;
|
1804
|
+
/**
|
1805
|
+
* Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
|
1806
|
+
* implementation. A selected HMAC digest algorithm specified by `digest` is
|
1807
|
+
* applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
|
1808
|
+
*
|
1809
|
+
* If an error occurs an `Error` will be thrown, otherwise the derived key will be
|
1810
|
+
* returned as a `Buffer`.
|
1811
|
+
*
|
1812
|
+
* The `iterations` argument must be a number set as high as possible. The
|
1813
|
+
* higher the number of iterations, the more secure the derived key will be,
|
1814
|
+
* but will take a longer amount of time to complete.
|
1815
|
+
*
|
1816
|
+
* The `salt` should be as unique as possible. It is recommended that a salt is
|
1817
|
+
* random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
|
1818
|
+
*
|
1819
|
+
* When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
|
1820
|
+
*
|
1821
|
+
* ```js
|
1822
|
+
* const {
|
1823
|
+
* pbkdf2Sync,
|
1824
|
+
* } = await import('node:crypto');
|
1825
|
+
*
|
1826
|
+
* const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
|
1827
|
+
* console.log(key.toString('hex')); // '3745e48...08d59ae'
|
1828
|
+
* ```
|
1829
|
+
*
|
1830
|
+
* An array of supported digest functions can be retrieved using {@link getHashes}.
|
1831
|
+
* @since v0.9.3
|
1832
|
+
*/
|
1833
|
+
function pbkdf2Sync(
|
1834
|
+
password: BinaryLike,
|
1835
|
+
salt: BinaryLike,
|
1836
|
+
iterations: number,
|
1837
|
+
keylen: number,
|
1838
|
+
digest: string,
|
1839
|
+
): Buffer;
|
1840
|
+
/**
|
1841
|
+
* Generates cryptographically strong pseudorandom data. The `size` argument
|
1842
|
+
* is a number indicating the number of bytes to generate.
|
1843
|
+
*
|
1844
|
+
* If a `callback` function is provided, the bytes are generated asynchronously
|
1845
|
+
* and the `callback` function is invoked with two arguments: `err` and `buf`.
|
1846
|
+
* If an error occurs, `err` will be an `Error` object; otherwise it is `null`. The`buf` argument is a `Buffer` containing the generated bytes.
|
1847
|
+
*
|
1848
|
+
* ```js
|
1849
|
+
* // Asynchronous
|
1850
|
+
* const {
|
1851
|
+
* randomBytes,
|
1852
|
+
* } = await import('node:crypto');
|
1853
|
+
*
|
1854
|
+
* randomBytes(256, (err, buf) => {
|
1855
|
+
* if (err) throw err;
|
1856
|
+
* console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
|
1857
|
+
* });
|
1858
|
+
* ```
|
1859
|
+
*
|
1860
|
+
* If the `callback` function is not provided, the random bytes are generated
|
1861
|
+
* synchronously and returned as a `Buffer`. An error will be thrown if
|
1862
|
+
* there is a problem generating the bytes.
|
1863
|
+
*
|
1864
|
+
* ```js
|
1865
|
+
* // Synchronous
|
1866
|
+
* const {
|
1867
|
+
* randomBytes,
|
1868
|
+
* } = await import('node:crypto');
|
1869
|
+
*
|
1870
|
+
* const buf = randomBytes(256);
|
1871
|
+
* console.log(
|
1872
|
+
* `${buf.length} bytes of random data: ${buf.toString('hex')}`);
|
1873
|
+
* ```
|
1874
|
+
*
|
1875
|
+
* The `crypto.randomBytes()` method will not complete until there is
|
1876
|
+
* sufficient entropy available.
|
1877
|
+
* This should normally never take longer than a few milliseconds. The only time
|
1878
|
+
* when generating the random bytes may conceivably block for a longer period of
|
1879
|
+
* time is right after boot, when the whole system is still low on entropy.
|
1880
|
+
*
|
1881
|
+
* This API uses libuv's threadpool, which can have surprising and
|
1882
|
+
* negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
|
1883
|
+
*
|
1884
|
+
* The asynchronous version of `crypto.randomBytes()` is carried out in a single
|
1885
|
+
* threadpool request. To minimize threadpool task length variation, partition
|
1886
|
+
* large `randomBytes` requests when doing so as part of fulfilling a client
|
1887
|
+
* request.
|
1888
|
+
* @since v0.5.8
|
1889
|
+
* @param size The number of bytes to generate. The `size` must not be larger than `2**31 - 1`.
|
1890
|
+
* @return if the `callback` function is not provided.
|
1891
|
+
*/
|
1892
|
+
function randomBytes(size: number): Buffer;
|
1893
|
+
function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
|
1894
|
+
function pseudoRandomBytes(size: number): Buffer;
|
1895
|
+
function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
|
1896
|
+
/**
|
1897
|
+
* Return a random integer `n` such that `min <= n < max`. This
|
1898
|
+
* implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias).
|
1899
|
+
*
|
1900
|
+
* The range (`max - min`) must be less than 248. `min` and `max` must
|
1901
|
+
* be [safe integers](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger).
|
1902
|
+
*
|
1903
|
+
* If the `callback` function is not provided, the random integer is
|
1904
|
+
* generated synchronously.
|
1905
|
+
*
|
1906
|
+
* ```js
|
1907
|
+
* // Asynchronous
|
1908
|
+
* const {
|
1909
|
+
* randomInt,
|
1910
|
+
* } = await import('node:crypto');
|
1911
|
+
*
|
1912
|
+
* randomInt(3, (err, n) => {
|
1913
|
+
* if (err) throw err;
|
1914
|
+
* console.log(`Random number chosen from (0, 1, 2): ${n}`);
|
1915
|
+
* });
|
1916
|
+
* ```
|
1917
|
+
*
|
1918
|
+
* ```js
|
1919
|
+
* // Synchronous
|
1920
|
+
* const {
|
1921
|
+
* randomInt,
|
1922
|
+
* } = await import('node:crypto');
|
1923
|
+
*
|
1924
|
+
* const n = randomInt(3);
|
1925
|
+
* console.log(`Random number chosen from (0, 1, 2): ${n}`);
|
1926
|
+
* ```
|
1927
|
+
*
|
1928
|
+
* ```js
|
1929
|
+
* // With `min` argument
|
1930
|
+
* const {
|
1931
|
+
* randomInt,
|
1932
|
+
* } = await import('node:crypto');
|
1933
|
+
*
|
1934
|
+
* const n = randomInt(1, 7);
|
1935
|
+
* console.log(`The dice rolled: ${n}`);
|
1936
|
+
* ```
|
1937
|
+
* @since v14.10.0, v12.19.0
|
1938
|
+
* @param [min=0] Start of random range (inclusive).
|
1939
|
+
* @param max End of random range (exclusive).
|
1940
|
+
* @param callback `function(err, n) {}`.
|
1941
|
+
*/
|
1942
|
+
function randomInt(max: number): number;
|
1943
|
+
function randomInt(min: number, max: number): number;
|
1944
|
+
function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
|
1945
|
+
function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
|
1946
|
+
/**
|
1947
|
+
* Synchronous version of {@link randomFill}.
|
1948
|
+
*
|
1949
|
+
* ```js
|
1950
|
+
* import { Buffer } from 'node:buffer';
|
1951
|
+
* const { randomFillSync } = await import('node:crypto');
|
1952
|
+
*
|
1953
|
+
* const buf = Buffer.alloc(10);
|
1954
|
+
* console.log(randomFillSync(buf).toString('hex'));
|
1955
|
+
*
|
1956
|
+
* randomFillSync(buf, 5);
|
1957
|
+
* console.log(buf.toString('hex'));
|
1958
|
+
*
|
1959
|
+
* // The above is equivalent to the following:
|
1960
|
+
* randomFillSync(buf, 5, 5);
|
1961
|
+
* console.log(buf.toString('hex'));
|
1962
|
+
* ```
|
1963
|
+
*
|
1964
|
+
* Any `ArrayBuffer`, `TypedArray` or `DataView` instance may be passed as`buffer`.
|
1965
|
+
*
|
1966
|
+
* ```js
|
1967
|
+
* import { Buffer } from 'node:buffer';
|
1968
|
+
* const { randomFillSync } = await import('node:crypto');
|
1969
|
+
*
|
1970
|
+
* const a = new Uint32Array(10);
|
1971
|
+
* console.log(Buffer.from(randomFillSync(a).buffer,
|
1972
|
+
* a.byteOffset, a.byteLength).toString('hex'));
|
1973
|
+
*
|
1974
|
+
* const b = new DataView(new ArrayBuffer(10));
|
1975
|
+
* console.log(Buffer.from(randomFillSync(b).buffer,
|
1976
|
+
* b.byteOffset, b.byteLength).toString('hex'));
|
1977
|
+
*
|
1978
|
+
* const c = new ArrayBuffer(10);
|
1979
|
+
* console.log(Buffer.from(randomFillSync(c)).toString('hex'));
|
1980
|
+
* ```
|
1981
|
+
* @since v7.10.0, v6.13.0
|
1982
|
+
* @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`.
|
1983
|
+
* @param [offset=0]
|
1984
|
+
* @param [size=buffer.length - offset]
|
1985
|
+
* @return The object passed as `buffer` argument.
|
1986
|
+
*/
|
1987
|
+
function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
|
1988
|
+
/**
|
1989
|
+
* This function is similar to {@link randomBytes} but requires the first
|
1990
|
+
* argument to be a `Buffer` that will be filled. It also
|
1991
|
+
* requires that a callback is passed in.
|
1992
|
+
*
|
1993
|
+
* If the `callback` function is not provided, an error will be thrown.
|
1994
|
+
*
|
1995
|
+
* ```js
|
1996
|
+
* import { Buffer } from 'node:buffer';
|
1997
|
+
* const { randomFill } = await import('node:crypto');
|
1998
|
+
*
|
1999
|
+
* const buf = Buffer.alloc(10);
|
2000
|
+
* randomFill(buf, (err, buf) => {
|
2001
|
+
* if (err) throw err;
|
2002
|
+
* console.log(buf.toString('hex'));
|
2003
|
+
* });
|
2004
|
+
*
|
2005
|
+
* randomFill(buf, 5, (err, buf) => {
|
2006
|
+
* if (err) throw err;
|
2007
|
+
* console.log(buf.toString('hex'));
|
2008
|
+
* });
|
2009
|
+
*
|
2010
|
+
* // The above is equivalent to the following:
|
2011
|
+
* randomFill(buf, 5, 5, (err, buf) => {
|
2012
|
+
* if (err) throw err;
|
2013
|
+
* console.log(buf.toString('hex'));
|
2014
|
+
* });
|
2015
|
+
* ```
|
2016
|
+
*
|
2017
|
+
* Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as`buffer`.
|
2018
|
+
*
|
2019
|
+
* While this includes instances of `Float32Array` and `Float64Array`, this
|
2020
|
+
* function should not be used to generate random floating-point numbers. The
|
2021
|
+
* result may contain `+Infinity`, `-Infinity`, and `NaN`, and even if the array
|
2022
|
+
* contains finite numbers only, they are not drawn from a uniform random
|
2023
|
+
* distribution and have no meaningful lower or upper bounds.
|
2024
|
+
*
|
2025
|
+
* ```js
|
2026
|
+
* import { Buffer } from 'node:buffer';
|
2027
|
+
* const { randomFill } = await import('node:crypto');
|
2028
|
+
*
|
2029
|
+
* const a = new Uint32Array(10);
|
2030
|
+
* randomFill(a, (err, buf) => {
|
2031
|
+
* if (err) throw err;
|
2032
|
+
* console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
|
2033
|
+
* .toString('hex'));
|
2034
|
+
* });
|
2035
|
+
*
|
2036
|
+
* const b = new DataView(new ArrayBuffer(10));
|
2037
|
+
* randomFill(b, (err, buf) => {
|
2038
|
+
* if (err) throw err;
|
2039
|
+
* console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
|
2040
|
+
* .toString('hex'));
|
2041
|
+
* });
|
2042
|
+
*
|
2043
|
+
* const c = new ArrayBuffer(10);
|
2044
|
+
* randomFill(c, (err, buf) => {
|
2045
|
+
* if (err) throw err;
|
2046
|
+
* console.log(Buffer.from(buf).toString('hex'));
|
2047
|
+
* });
|
2048
|
+
* ```
|
2049
|
+
*
|
2050
|
+
* This API uses libuv's threadpool, which can have surprising and
|
2051
|
+
* negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
|
2052
|
+
*
|
2053
|
+
* The asynchronous version of `crypto.randomFill()` is carried out in a single
|
2054
|
+
* threadpool request. To minimize threadpool task length variation, partition
|
2055
|
+
* large `randomFill` requests when doing so as part of fulfilling a client
|
2056
|
+
* request.
|
2057
|
+
* @since v7.10.0, v6.13.0
|
2058
|
+
* @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`.
|
2059
|
+
* @param [offset=0]
|
2060
|
+
* @param [size=buffer.length - offset]
|
2061
|
+
* @param callback `function(err, buf) {}`.
|
2062
|
+
*/
|
2063
|
+
function randomFill<T extends NodeJS.ArrayBufferView>(
|
2064
|
+
buffer: T,
|
2065
|
+
callback: (err: Error | null, buf: T) => void,
|
2066
|
+
): void;
|
2067
|
+
function randomFill<T extends NodeJS.ArrayBufferView>(
|
2068
|
+
buffer: T,
|
2069
|
+
offset: number,
|
2070
|
+
callback: (err: Error | null, buf: T) => void,
|
2071
|
+
): void;
|
2072
|
+
function randomFill<T extends NodeJS.ArrayBufferView>(
|
2073
|
+
buffer: T,
|
2074
|
+
offset: number,
|
2075
|
+
size: number,
|
2076
|
+
callback: (err: Error | null, buf: T) => void,
|
2077
|
+
): void;
|
2078
|
+
interface ScryptOptions {
|
2079
|
+
cost?: number | undefined;
|
2080
|
+
blockSize?: number | undefined;
|
2081
|
+
parallelization?: number | undefined;
|
2082
|
+
N?: number | undefined;
|
2083
|
+
r?: number | undefined;
|
2084
|
+
p?: number | undefined;
|
2085
|
+
maxmem?: number | undefined;
|
2086
|
+
}
|
2087
|
+
/**
|
2088
|
+
* Provides an asynchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
|
2089
|
+
* key derivation function that is designed to be expensive computationally and
|
2090
|
+
* memory-wise in order to make brute-force attacks unrewarding.
|
2091
|
+
*
|
2092
|
+
* The `salt` should be as unique as possible. It is recommended that a salt is
|
2093
|
+
* random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
|
2094
|
+
*
|
2095
|
+
* When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
|
2096
|
+
*
|
2097
|
+
* The `callback` function is called with two arguments: `err` and `derivedKey`.`err` is an exception object when key derivation fails, otherwise `err` is`null`. `derivedKey` is passed to the
|
2098
|
+
* callback as a `Buffer`.
|
2099
|
+
*
|
2100
|
+
* An exception is thrown when any of the input arguments specify invalid values
|
2101
|
+
* or types.
|
2102
|
+
*
|
2103
|
+
* ```js
|
2104
|
+
* const {
|
2105
|
+
* scrypt,
|
2106
|
+
* } = await import('node:crypto');
|
2107
|
+
*
|
2108
|
+
* // Using the factory defaults.
|
2109
|
+
* scrypt('password', 'salt', 64, (err, derivedKey) => {
|
2110
|
+
* if (err) throw err;
|
2111
|
+
* console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
|
2112
|
+
* });
|
2113
|
+
* // Using a custom N parameter. Must be a power of two.
|
2114
|
+
* scrypt('password', 'salt', 64, { N: 1024 }, (err, derivedKey) => {
|
2115
|
+
* if (err) throw err;
|
2116
|
+
* console.log(derivedKey.toString('hex')); // '3745e48...aa39b34'
|
2117
|
+
* });
|
2118
|
+
* ```
|
2119
|
+
* @since v10.5.0
|
2120
|
+
*/
|
2121
|
+
function scrypt(
|
2122
|
+
password: BinaryLike,
|
2123
|
+
salt: BinaryLike,
|
2124
|
+
keylen: number,
|
2125
|
+
callback: (err: Error | null, derivedKey: Buffer) => void,
|
2126
|
+
): void;
|
2127
|
+
function scrypt(
|
2128
|
+
password: BinaryLike,
|
2129
|
+
salt: BinaryLike,
|
2130
|
+
keylen: number,
|
2131
|
+
options: ScryptOptions,
|
2132
|
+
callback: (err: Error | null, derivedKey: Buffer) => void,
|
2133
|
+
): void;
|
2134
|
+
/**
|
2135
|
+
* Provides a synchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
|
2136
|
+
* key derivation function that is designed to be expensive computationally and
|
2137
|
+
* memory-wise in order to make brute-force attacks unrewarding.
|
2138
|
+
*
|
2139
|
+
* The `salt` should be as unique as possible. It is recommended that a salt is
|
2140
|
+
* random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
|
2141
|
+
*
|
2142
|
+
* When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
|
2143
|
+
*
|
2144
|
+
* An exception is thrown when key derivation fails, otherwise the derived key is
|
2145
|
+
* returned as a `Buffer`.
|
2146
|
+
*
|
2147
|
+
* An exception is thrown when any of the input arguments specify invalid values
|
2148
|
+
* or types.
|
2149
|
+
*
|
2150
|
+
* ```js
|
2151
|
+
* const {
|
2152
|
+
* scryptSync,
|
2153
|
+
* } = await import('node:crypto');
|
2154
|
+
* // Using the factory defaults.
|
2155
|
+
*
|
2156
|
+
* const key1 = scryptSync('password', 'salt', 64);
|
2157
|
+
* console.log(key1.toString('hex')); // '3745e48...08d59ae'
|
2158
|
+
* // Using a custom N parameter. Must be a power of two.
|
2159
|
+
* const key2 = scryptSync('password', 'salt', 64, { N: 1024 });
|
2160
|
+
* console.log(key2.toString('hex')); // '3745e48...aa39b34'
|
2161
|
+
* ```
|
2162
|
+
* @since v10.5.0
|
2163
|
+
*/
|
2164
|
+
function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
|
2165
|
+
interface RsaPublicKey {
|
2166
|
+
key: KeyLike;
|
2167
|
+
padding?: number | undefined;
|
2168
|
+
}
|
2169
|
+
interface RsaPrivateKey {
|
2170
|
+
key: KeyLike;
|
2171
|
+
passphrase?: string | undefined;
|
2172
|
+
/**
|
2173
|
+
* @default 'sha1'
|
2174
|
+
*/
|
2175
|
+
oaepHash?: string | undefined;
|
2176
|
+
oaepLabel?: NodeJS.TypedArray | undefined;
|
2177
|
+
padding?: number | undefined;
|
2178
|
+
}
|
2179
|
+
/**
|
2180
|
+
* Encrypts the content of `buffer` with `key` and returns a new `Buffer` with encrypted content. The returned data can be decrypted using
|
2181
|
+
* the corresponding private key, for example using {@link privateDecrypt}.
|
2182
|
+
*
|
2183
|
+
* If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
|
2184
|
+
* object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
|
2185
|
+
*
|
2186
|
+
* Because RSA public keys can be derived from private keys, a private key may
|
2187
|
+
* be passed instead of a public key.
|
2188
|
+
* @since v0.11.14
|
2189
|
+
*/
|
2190
|
+
function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
|
2191
|
+
/**
|
2192
|
+
* Decrypts `buffer` with `key`.`buffer` was previously encrypted using
|
2193
|
+
* the corresponding private key, for example using {@link privateEncrypt}.
|
2194
|
+
*
|
2195
|
+
* If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
|
2196
|
+
* object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
|
2197
|
+
*
|
2198
|
+
* Because RSA public keys can be derived from private keys, a private key may
|
2199
|
+
* be passed instead of a public key.
|
2200
|
+
* @since v1.1.0
|
2201
|
+
*/
|
2202
|
+
function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
|
2203
|
+
/**
|
2204
|
+
* Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using
|
2205
|
+
* the corresponding public key, for example using {@link publicEncrypt}.
|
2206
|
+
*
|
2207
|
+
* If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
|
2208
|
+
* object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
|
2209
|
+
* @since v0.11.14
|
2210
|
+
*/
|
2211
|
+
function privateDecrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
|
2212
|
+
/**
|
2213
|
+
* Encrypts `buffer` with `privateKey`. The returned data can be decrypted using
|
2214
|
+
* the corresponding public key, for example using {@link publicDecrypt}.
|
2215
|
+
*
|
2216
|
+
* If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
|
2217
|
+
* object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
|
2218
|
+
* @since v1.1.0
|
2219
|
+
*/
|
2220
|
+
function privateEncrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
|
2221
|
+
/**
|
2222
|
+
* ```js
|
2223
|
+
* const {
|
2224
|
+
* getCiphers,
|
2225
|
+
* } = await import('node:crypto');
|
2226
|
+
*
|
2227
|
+
* console.log(getCiphers()); // ['aes-128-cbc', 'aes-128-ccm', ...]
|
2228
|
+
* ```
|
2229
|
+
* @since v0.9.3
|
2230
|
+
* @return An array with the names of the supported cipher algorithms.
|
2231
|
+
*/
|
2232
|
+
function getCiphers(): string[];
|
2233
|
+
/**
|
2234
|
+
* ```js
|
2235
|
+
* const {
|
2236
|
+
* getCurves,
|
2237
|
+
* } = await import('node:crypto');
|
2238
|
+
*
|
2239
|
+
* console.log(getCurves()); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]
|
2240
|
+
* ```
|
2241
|
+
* @since v2.3.0
|
2242
|
+
* @return An array with the names of the supported elliptic curves.
|
2243
|
+
*/
|
2244
|
+
function getCurves(): string[];
|
2245
|
+
/**
|
2246
|
+
* @since v10.0.0
|
2247
|
+
* @return `1` if and only if a FIPS compliant crypto provider is currently in use, `0` otherwise. A future semver-major release may change the return type of this API to a {boolean}.
|
2248
|
+
*/
|
2249
|
+
function getFips(): 1 | 0;
|
2250
|
+
/**
|
2251
|
+
* Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.
|
2252
|
+
* Throws an error if FIPS mode is not available.
|
2253
|
+
* @since v10.0.0
|
2254
|
+
* @param bool `true` to enable FIPS mode.
|
2255
|
+
*/
|
2256
|
+
function setFips(bool: boolean): void;
|
2257
|
+
/**
|
2258
|
+
* ```js
|
2259
|
+
* const {
|
2260
|
+
* getHashes,
|
2261
|
+
* } = await import('node:crypto');
|
2262
|
+
*
|
2263
|
+
* console.log(getHashes()); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
|
2264
|
+
* ```
|
2265
|
+
* @since v0.9.3
|
2266
|
+
* @return An array of the names of the supported hash algorithms, such as `'RSA-SHA256'`. Hash algorithms are also called "digest" algorithms.
|
2267
|
+
*/
|
2268
|
+
function getHashes(): string[];
|
2269
|
+
/**
|
2270
|
+
* The `ECDH` class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)
|
2271
|
+
* key exchanges.
|
2272
|
+
*
|
2273
|
+
* Instances of the `ECDH` class can be created using the {@link createECDH} function.
|
2274
|
+
*
|
2275
|
+
* ```js
|
2276
|
+
* import assert from 'node:assert';
|
2277
|
+
*
|
2278
|
+
* const {
|
2279
|
+
* createECDH,
|
2280
|
+
* } = await import('node:crypto');
|
2281
|
+
*
|
2282
|
+
* // Generate Alice's keys...
|
2283
|
+
* const alice = createECDH('secp521r1');
|
2284
|
+
* const aliceKey = alice.generateKeys();
|
2285
|
+
*
|
2286
|
+
* // Generate Bob's keys...
|
2287
|
+
* const bob = createECDH('secp521r1');
|
2288
|
+
* const bobKey = bob.generateKeys();
|
2289
|
+
*
|
2290
|
+
* // Exchange and generate the secret...
|
2291
|
+
* const aliceSecret = alice.computeSecret(bobKey);
|
2292
|
+
* const bobSecret = bob.computeSecret(aliceKey);
|
2293
|
+
*
|
2294
|
+
* assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
|
2295
|
+
* // OK
|
2296
|
+
* ```
|
2297
|
+
* @since v0.11.14
|
2298
|
+
*/
|
2299
|
+
class ECDH {
|
2300
|
+
private constructor();
|
2301
|
+
/**
|
2302
|
+
* Converts the EC Diffie-Hellman public key specified by `key` and `curve` to the
|
2303
|
+
* format specified by `format`. The `format` argument specifies point encoding
|
2304
|
+
* and can be `'compressed'`, `'uncompressed'` or `'hybrid'`. The supplied key is
|
2305
|
+
* interpreted using the specified `inputEncoding`, and the returned key is encoded
|
2306
|
+
* using the specified `outputEncoding`.
|
2307
|
+
*
|
2308
|
+
* Use {@link getCurves} to obtain a list of available curve names.
|
2309
|
+
* On recent OpenSSL releases, `openssl ecparam -list_curves` will also display
|
2310
|
+
* the name and description of each available elliptic curve.
|
2311
|
+
*
|
2312
|
+
* If `format` is not specified the point will be returned in `'uncompressed'`format.
|
2313
|
+
*
|
2314
|
+
* If the `inputEncoding` is not provided, `key` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
|
2315
|
+
*
|
2316
|
+
* Example (uncompressing a key):
|
2317
|
+
*
|
2318
|
+
* ```js
|
2319
|
+
* const {
|
2320
|
+
* createECDH,
|
2321
|
+
* ECDH,
|
2322
|
+
* } = await import('node:crypto');
|
2323
|
+
*
|
2324
|
+
* const ecdh = createECDH('secp256k1');
|
2325
|
+
* ecdh.generateKeys();
|
2326
|
+
*
|
2327
|
+
* const compressedKey = ecdh.getPublicKey('hex', 'compressed');
|
2328
|
+
*
|
2329
|
+
* const uncompressedKey = ECDH.convertKey(compressedKey,
|
2330
|
+
* 'secp256k1',
|
2331
|
+
* 'hex',
|
2332
|
+
* 'hex',
|
2333
|
+
* 'uncompressed');
|
2334
|
+
*
|
2335
|
+
* // The converted key and the uncompressed public key should be the same
|
2336
|
+
* console.log(uncompressedKey === ecdh.getPublicKey('hex'));
|
2337
|
+
* ```
|
2338
|
+
* @since v10.0.0
|
2339
|
+
* @param inputEncoding The `encoding` of the `key` string.
|
2340
|
+
* @param outputEncoding The `encoding` of the return value.
|
2341
|
+
* @param [format='uncompressed']
|
2342
|
+
*/
|
2343
|
+
static convertKey(
|
2344
|
+
key: BinaryLike,
|
2345
|
+
curve: string,
|
2346
|
+
inputEncoding?: BinaryToTextEncoding,
|
2347
|
+
outputEncoding?: "latin1" | "hex" | "base64" | "base64url",
|
2348
|
+
format?: "uncompressed" | "compressed" | "hybrid",
|
2349
|
+
): Buffer | string;
|
2350
|
+
/**
|
2351
|
+
* Generates private and public EC Diffie-Hellman key values, and returns
|
2352
|
+
* the public key in the specified `format` and `encoding`. This key should be
|
2353
|
+
* transferred to the other party.
|
2354
|
+
*
|
2355
|
+
* The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified, the point will be returned in`'uncompressed'` format.
|
2356
|
+
*
|
2357
|
+
* If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
|
2358
|
+
* @since v0.11.14
|
2359
|
+
* @param encoding The `encoding` of the return value.
|
2360
|
+
* @param [format='uncompressed']
|
2361
|
+
*/
|
2362
|
+
generateKeys(): Buffer;
|
2363
|
+
generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
|
2364
|
+
/**
|
2365
|
+
* Computes the shared secret using `otherPublicKey` as the other
|
2366
|
+
* party's public key and returns the computed shared secret. The supplied
|
2367
|
+
* key is interpreted using specified `inputEncoding`, and the returned secret
|
2368
|
+
* is encoded using the specified `outputEncoding`.
|
2369
|
+
* If the `inputEncoding` is not
|
2370
|
+
* provided, `otherPublicKey` is expected to be a `Buffer`, `TypedArray`, or`DataView`.
|
2371
|
+
*
|
2372
|
+
* If `outputEncoding` is given a string will be returned; otherwise a `Buffer` is returned.
|
2373
|
+
*
|
2374
|
+
* `ecdh.computeSecret` will throw an`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when `otherPublicKey`lies outside of the elliptic curve. Since `otherPublicKey` is
|
2375
|
+
* usually supplied from a remote user over an insecure network,
|
2376
|
+
* be sure to handle this exception accordingly.
|
2377
|
+
* @since v0.11.14
|
2378
|
+
* @param inputEncoding The `encoding` of the `otherPublicKey` string.
|
2379
|
+
* @param outputEncoding The `encoding` of the return value.
|
2380
|
+
*/
|
2381
|
+
computeSecret(otherPublicKey: NodeJS.ArrayBufferView): Buffer;
|
2382
|
+
computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding): Buffer;
|
2383
|
+
computeSecret(otherPublicKey: NodeJS.ArrayBufferView, outputEncoding: BinaryToTextEncoding): string;
|
2384
|
+
computeSecret(
|
2385
|
+
otherPublicKey: string,
|
2386
|
+
inputEncoding: BinaryToTextEncoding,
|
2387
|
+
outputEncoding: BinaryToTextEncoding,
|
2388
|
+
): string;
|
2389
|
+
/**
|
2390
|
+
* If `encoding` is specified, a string is returned; otherwise a `Buffer` is
|
2391
|
+
* returned.
|
2392
|
+
* @since v0.11.14
|
2393
|
+
* @param encoding The `encoding` of the return value.
|
2394
|
+
* @return The EC Diffie-Hellman in the specified `encoding`.
|
2395
|
+
*/
|
2396
|
+
getPrivateKey(): Buffer;
|
2397
|
+
getPrivateKey(encoding: BinaryToTextEncoding): string;
|
2398
|
+
/**
|
2399
|
+
* The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
|
2400
|
+
*
|
2401
|
+
* If `encoding` is specified, a string is returned; otherwise a `Buffer` is
|
2402
|
+
* returned.
|
2403
|
+
* @since v0.11.14
|
2404
|
+
* @param encoding The `encoding` of the return value.
|
2405
|
+
* @param [format='uncompressed']
|
2406
|
+
* @return The EC Diffie-Hellman public key in the specified `encoding` and `format`.
|
2407
|
+
*/
|
2408
|
+
getPublicKey(encoding?: null, format?: ECDHKeyFormat): Buffer;
|
2409
|
+
getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
|
2410
|
+
/**
|
2411
|
+
* Sets the EC Diffie-Hellman private key.
|
2412
|
+
* If `encoding` is provided, `privateKey` is expected
|
2413
|
+
* to be a string; otherwise `privateKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
|
2414
|
+
*
|
2415
|
+
* If `privateKey` is not valid for the curve specified when the `ECDH` object was
|
2416
|
+
* created, an error is thrown. Upon setting the private key, the associated
|
2417
|
+
* public point (key) is also generated and set in the `ECDH` object.
|
2418
|
+
* @since v0.11.14
|
2419
|
+
* @param encoding The `encoding` of the `privateKey` string.
|
2420
|
+
*/
|
2421
|
+
setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
|
2422
|
+
setPrivateKey(privateKey: string, encoding: BinaryToTextEncoding): void;
|
2423
|
+
}
|
2424
|
+
/**
|
2425
|
+
* Creates an Elliptic Curve Diffie-Hellman (`ECDH`) key exchange object using a
|
2426
|
+
* predefined curve specified by the `curveName` string. Use {@link getCurves} to obtain a list of available curve names. On recent
|
2427
|
+
* OpenSSL releases, `openssl ecparam -list_curves` will also display the name
|
2428
|
+
* and description of each available elliptic curve.
|
2429
|
+
* @since v0.11.14
|
2430
|
+
*/
|
2431
|
+
function createECDH(curveName: string): ECDH;
|
2432
|
+
/**
|
2433
|
+
* This function compares the underlying bytes that represent the given`ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time
|
2434
|
+
* algorithm.
|
2435
|
+
*
|
2436
|
+
* This function does not leak timing information that
|
2437
|
+
* would allow an attacker to guess one of the values. This is suitable for
|
2438
|
+
* comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/).
|
2439
|
+
*
|
2440
|
+
* `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they
|
2441
|
+
* must have the same byte length. An error is thrown if `a` and `b` have
|
2442
|
+
* different byte lengths.
|
2443
|
+
*
|
2444
|
+
* If at least one of `a` and `b` is a `TypedArray` with more than one byte per
|
2445
|
+
* entry, such as `Uint16Array`, the result will be computed using the platform
|
2446
|
+
* byte order.
|
2447
|
+
*
|
2448
|
+
* **When both of the inputs are `Float32Array`s or`Float64Array`s, this function might return unexpected results due to IEEE 754**
|
2449
|
+
* **encoding of floating-point numbers. In particular, neither `x === y` nor`Object.is(x, y)` implies that the byte representations of two floating-point**
|
2450
|
+
* **numbers `x` and `y` are equal.**
|
2451
|
+
*
|
2452
|
+
* Use of `crypto.timingSafeEqual` does not guarantee that the _surrounding_ code
|
2453
|
+
* is timing-safe. Care should be taken to ensure that the surrounding code does
|
2454
|
+
* not introduce timing vulnerabilities.
|
2455
|
+
* @since v6.6.0
|
2456
|
+
*/
|
2457
|
+
function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
|
2458
|
+
type KeyType = "rsa" | "rsa-pss" | "dsa" | "ec" | "ed25519" | "ed448" | "x25519" | "x448";
|
2459
|
+
type KeyFormat = "pem" | "der" | "jwk";
|
2460
|
+
interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
|
2461
|
+
format: T;
|
2462
|
+
cipher?: string | undefined;
|
2463
|
+
passphrase?: string | undefined;
|
2464
|
+
}
|
2465
|
+
interface KeyPairKeyObjectResult {
|
2466
|
+
publicKey: KeyObject;
|
2467
|
+
privateKey: KeyObject;
|
2468
|
+
}
|
2469
|
+
interface ED25519KeyPairKeyObjectOptions {}
|
2470
|
+
interface ED448KeyPairKeyObjectOptions {}
|
2471
|
+
interface X25519KeyPairKeyObjectOptions {}
|
2472
|
+
interface X448KeyPairKeyObjectOptions {}
|
2473
|
+
interface ECKeyPairKeyObjectOptions {
|
2474
|
+
/**
|
2475
|
+
* Name of the curve to use
|
2476
|
+
*/
|
2477
|
+
namedCurve: string;
|
2478
|
+
}
|
2479
|
+
interface RSAKeyPairKeyObjectOptions {
|
2480
|
+
/**
|
2481
|
+
* Key size in bits
|
2482
|
+
*/
|
2483
|
+
modulusLength: number;
|
2484
|
+
/**
|
2485
|
+
* Public exponent
|
2486
|
+
* @default 0x10001
|
2487
|
+
*/
|
2488
|
+
publicExponent?: number | undefined;
|
2489
|
+
}
|
2490
|
+
interface RSAPSSKeyPairKeyObjectOptions {
|
2491
|
+
/**
|
2492
|
+
* Key size in bits
|
2493
|
+
*/
|
2494
|
+
modulusLength: number;
|
2495
|
+
/**
|
2496
|
+
* Public exponent
|
2497
|
+
* @default 0x10001
|
2498
|
+
*/
|
2499
|
+
publicExponent?: number | undefined;
|
2500
|
+
/**
|
2501
|
+
* Name of the message digest
|
2502
|
+
*/
|
2503
|
+
hashAlgorithm?: string;
|
2504
|
+
/**
|
2505
|
+
* Name of the message digest used by MGF1
|
2506
|
+
*/
|
2507
|
+
mgf1HashAlgorithm?: string;
|
2508
|
+
/**
|
2509
|
+
* Minimal salt length in bytes
|
2510
|
+
*/
|
2511
|
+
saltLength?: string;
|
2512
|
+
}
|
2513
|
+
interface DSAKeyPairKeyObjectOptions {
|
2514
|
+
/**
|
2515
|
+
* Key size in bits
|
2516
|
+
*/
|
2517
|
+
modulusLength: number;
|
2518
|
+
/**
|
2519
|
+
* Size of q in bits
|
2520
|
+
*/
|
2521
|
+
divisorLength: number;
|
2522
|
+
}
|
2523
|
+
interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2524
|
+
/**
|
2525
|
+
* Key size in bits
|
2526
|
+
*/
|
2527
|
+
modulusLength: number;
|
2528
|
+
/**
|
2529
|
+
* Public exponent
|
2530
|
+
* @default 0x10001
|
2531
|
+
*/
|
2532
|
+
publicExponent?: number | undefined;
|
2533
|
+
publicKeyEncoding: {
|
2534
|
+
type: "pkcs1" | "spki";
|
2535
|
+
format: PubF;
|
2536
|
+
};
|
2537
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2538
|
+
type: "pkcs1" | "pkcs8";
|
2539
|
+
};
|
2540
|
+
}
|
2541
|
+
interface RSAPSSKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2542
|
+
/**
|
2543
|
+
* Key size in bits
|
2544
|
+
*/
|
2545
|
+
modulusLength: number;
|
2546
|
+
/**
|
2547
|
+
* Public exponent
|
2548
|
+
* @default 0x10001
|
2549
|
+
*/
|
2550
|
+
publicExponent?: number | undefined;
|
2551
|
+
/**
|
2552
|
+
* Name of the message digest
|
2553
|
+
*/
|
2554
|
+
hashAlgorithm?: string;
|
2555
|
+
/**
|
2556
|
+
* Name of the message digest used by MGF1
|
2557
|
+
*/
|
2558
|
+
mgf1HashAlgorithm?: string;
|
2559
|
+
/**
|
2560
|
+
* Minimal salt length in bytes
|
2561
|
+
*/
|
2562
|
+
saltLength?: string;
|
2563
|
+
publicKeyEncoding: {
|
2564
|
+
type: "spki";
|
2565
|
+
format: PubF;
|
2566
|
+
};
|
2567
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2568
|
+
type: "pkcs8";
|
2569
|
+
};
|
2570
|
+
}
|
2571
|
+
interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2572
|
+
/**
|
2573
|
+
* Key size in bits
|
2574
|
+
*/
|
2575
|
+
modulusLength: number;
|
2576
|
+
/**
|
2577
|
+
* Size of q in bits
|
2578
|
+
*/
|
2579
|
+
divisorLength: number;
|
2580
|
+
publicKeyEncoding: {
|
2581
|
+
type: "spki";
|
2582
|
+
format: PubF;
|
2583
|
+
};
|
2584
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2585
|
+
type: "pkcs8";
|
2586
|
+
};
|
2587
|
+
}
|
2588
|
+
interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2589
|
+
/**
|
2590
|
+
* Name of the curve to use.
|
2591
|
+
*/
|
2592
|
+
namedCurve: string;
|
2593
|
+
publicKeyEncoding: {
|
2594
|
+
type: "pkcs1" | "spki";
|
2595
|
+
format: PubF;
|
2596
|
+
};
|
2597
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2598
|
+
type: "sec1" | "pkcs8";
|
2599
|
+
};
|
2600
|
+
}
|
2601
|
+
interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2602
|
+
publicKeyEncoding: {
|
2603
|
+
type: "spki";
|
2604
|
+
format: PubF;
|
2605
|
+
};
|
2606
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2607
|
+
type: "pkcs8";
|
2608
|
+
};
|
2609
|
+
}
|
2610
|
+
interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2611
|
+
publicKeyEncoding: {
|
2612
|
+
type: "spki";
|
2613
|
+
format: PubF;
|
2614
|
+
};
|
2615
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2616
|
+
type: "pkcs8";
|
2617
|
+
};
|
2618
|
+
}
|
2619
|
+
interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2620
|
+
publicKeyEncoding: {
|
2621
|
+
type: "spki";
|
2622
|
+
format: PubF;
|
2623
|
+
};
|
2624
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2625
|
+
type: "pkcs8";
|
2626
|
+
};
|
2627
|
+
}
|
2628
|
+
interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
|
2629
|
+
publicKeyEncoding: {
|
2630
|
+
type: "spki";
|
2631
|
+
format: PubF;
|
2632
|
+
};
|
2633
|
+
privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
|
2634
|
+
type: "pkcs8";
|
2635
|
+
};
|
2636
|
+
}
|
2637
|
+
interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
|
2638
|
+
publicKey: T1;
|
2639
|
+
privateKey: T2;
|
2640
|
+
}
|
2641
|
+
/**
|
2642
|
+
* Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
|
2643
|
+
* Ed25519, Ed448, X25519, X448, and DH are currently supported.
|
2644
|
+
*
|
2645
|
+
* If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
|
2646
|
+
* behaves as if `keyObject.export()` had been called on its result. Otherwise,
|
2647
|
+
* the respective part of the key is returned as a `KeyObject`.
|
2648
|
+
*
|
2649
|
+
* When encoding public keys, it is recommended to use `'spki'`. When encoding
|
2650
|
+
* private keys, it is recommended to use `'pkcs8'` with a strong passphrase,
|
2651
|
+
* and to keep the passphrase confidential.
|
2652
|
+
*
|
2653
|
+
* ```js
|
2654
|
+
* const {
|
2655
|
+
* generateKeyPairSync,
|
2656
|
+
* } = await import('node:crypto');
|
2657
|
+
*
|
2658
|
+
* const {
|
2659
|
+
* publicKey,
|
2660
|
+
* privateKey,
|
2661
|
+
* } = generateKeyPairSync('rsa', {
|
2662
|
+
* modulusLength: 4096,
|
2663
|
+
* publicKeyEncoding: {
|
2664
|
+
* type: 'spki',
|
2665
|
+
* format: 'pem',
|
2666
|
+
* },
|
2667
|
+
* privateKeyEncoding: {
|
2668
|
+
* type: 'pkcs8',
|
2669
|
+
* format: 'pem',
|
2670
|
+
* cipher: 'aes-256-cbc',
|
2671
|
+
* passphrase: 'top secret',
|
2672
|
+
* },
|
2673
|
+
* });
|
2674
|
+
* ```
|
2675
|
+
*
|
2676
|
+
* The return value `{ publicKey, privateKey }` represents the generated key pair.
|
2677
|
+
* When PEM encoding was selected, the respective key will be a string, otherwise
|
2678
|
+
* it will be a buffer containing the data encoded as DER.
|
2679
|
+
* @since v10.12.0
|
2680
|
+
* @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
|
2681
|
+
*/
|
2682
|
+
function generateKeyPairSync(
|
2683
|
+
type: "rsa",
|
2684
|
+
options: RSAKeyPairOptions<"pem", "pem">,
|
2685
|
+
): KeyPairSyncResult<string, string>;
|
2686
|
+
function generateKeyPairSync(
|
2687
|
+
type: "rsa",
|
2688
|
+
options: RSAKeyPairOptions<"pem", "der">,
|
2689
|
+
): KeyPairSyncResult<string, Buffer>;
|
2690
|
+
function generateKeyPairSync(
|
2691
|
+
type: "rsa",
|
2692
|
+
options: RSAKeyPairOptions<"der", "pem">,
|
2693
|
+
): KeyPairSyncResult<Buffer, string>;
|
2694
|
+
function generateKeyPairSync(
|
2695
|
+
type: "rsa",
|
2696
|
+
options: RSAKeyPairOptions<"der", "der">,
|
2697
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2698
|
+
function generateKeyPairSync(type: "rsa", options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2699
|
+
function generateKeyPairSync(
|
2700
|
+
type: "rsa-pss",
|
2701
|
+
options: RSAPSSKeyPairOptions<"pem", "pem">,
|
2702
|
+
): KeyPairSyncResult<string, string>;
|
2703
|
+
function generateKeyPairSync(
|
2704
|
+
type: "rsa-pss",
|
2705
|
+
options: RSAPSSKeyPairOptions<"pem", "der">,
|
2706
|
+
): KeyPairSyncResult<string, Buffer>;
|
2707
|
+
function generateKeyPairSync(
|
2708
|
+
type: "rsa-pss",
|
2709
|
+
options: RSAPSSKeyPairOptions<"der", "pem">,
|
2710
|
+
): KeyPairSyncResult<Buffer, string>;
|
2711
|
+
function generateKeyPairSync(
|
2712
|
+
type: "rsa-pss",
|
2713
|
+
options: RSAPSSKeyPairOptions<"der", "der">,
|
2714
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2715
|
+
function generateKeyPairSync(type: "rsa-pss", options: RSAPSSKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2716
|
+
function generateKeyPairSync(
|
2717
|
+
type: "dsa",
|
2718
|
+
options: DSAKeyPairOptions<"pem", "pem">,
|
2719
|
+
): KeyPairSyncResult<string, string>;
|
2720
|
+
function generateKeyPairSync(
|
2721
|
+
type: "dsa",
|
2722
|
+
options: DSAKeyPairOptions<"pem", "der">,
|
2723
|
+
): KeyPairSyncResult<string, Buffer>;
|
2724
|
+
function generateKeyPairSync(
|
2725
|
+
type: "dsa",
|
2726
|
+
options: DSAKeyPairOptions<"der", "pem">,
|
2727
|
+
): KeyPairSyncResult<Buffer, string>;
|
2728
|
+
function generateKeyPairSync(
|
2729
|
+
type: "dsa",
|
2730
|
+
options: DSAKeyPairOptions<"der", "der">,
|
2731
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2732
|
+
function generateKeyPairSync(type: "dsa", options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2733
|
+
function generateKeyPairSync(
|
2734
|
+
type: "ec",
|
2735
|
+
options: ECKeyPairOptions<"pem", "pem">,
|
2736
|
+
): KeyPairSyncResult<string, string>;
|
2737
|
+
function generateKeyPairSync(
|
2738
|
+
type: "ec",
|
2739
|
+
options: ECKeyPairOptions<"pem", "der">,
|
2740
|
+
): KeyPairSyncResult<string, Buffer>;
|
2741
|
+
function generateKeyPairSync(
|
2742
|
+
type: "ec",
|
2743
|
+
options: ECKeyPairOptions<"der", "pem">,
|
2744
|
+
): KeyPairSyncResult<Buffer, string>;
|
2745
|
+
function generateKeyPairSync(
|
2746
|
+
type: "ec",
|
2747
|
+
options: ECKeyPairOptions<"der", "der">,
|
2748
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2749
|
+
function generateKeyPairSync(type: "ec", options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2750
|
+
function generateKeyPairSync(
|
2751
|
+
type: "ed25519",
|
2752
|
+
options: ED25519KeyPairOptions<"pem", "pem">,
|
2753
|
+
): KeyPairSyncResult<string, string>;
|
2754
|
+
function generateKeyPairSync(
|
2755
|
+
type: "ed25519",
|
2756
|
+
options: ED25519KeyPairOptions<"pem", "der">,
|
2757
|
+
): KeyPairSyncResult<string, Buffer>;
|
2758
|
+
function generateKeyPairSync(
|
2759
|
+
type: "ed25519",
|
2760
|
+
options: ED25519KeyPairOptions<"der", "pem">,
|
2761
|
+
): KeyPairSyncResult<Buffer, string>;
|
2762
|
+
function generateKeyPairSync(
|
2763
|
+
type: "ed25519",
|
2764
|
+
options: ED25519KeyPairOptions<"der", "der">,
|
2765
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2766
|
+
function generateKeyPairSync(type: "ed25519", options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2767
|
+
function generateKeyPairSync(
|
2768
|
+
type: "ed448",
|
2769
|
+
options: ED448KeyPairOptions<"pem", "pem">,
|
2770
|
+
): KeyPairSyncResult<string, string>;
|
2771
|
+
function generateKeyPairSync(
|
2772
|
+
type: "ed448",
|
2773
|
+
options: ED448KeyPairOptions<"pem", "der">,
|
2774
|
+
): KeyPairSyncResult<string, Buffer>;
|
2775
|
+
function generateKeyPairSync(
|
2776
|
+
type: "ed448",
|
2777
|
+
options: ED448KeyPairOptions<"der", "pem">,
|
2778
|
+
): KeyPairSyncResult<Buffer, string>;
|
2779
|
+
function generateKeyPairSync(
|
2780
|
+
type: "ed448",
|
2781
|
+
options: ED448KeyPairOptions<"der", "der">,
|
2782
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2783
|
+
function generateKeyPairSync(type: "ed448", options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2784
|
+
function generateKeyPairSync(
|
2785
|
+
type: "x25519",
|
2786
|
+
options: X25519KeyPairOptions<"pem", "pem">,
|
2787
|
+
): KeyPairSyncResult<string, string>;
|
2788
|
+
function generateKeyPairSync(
|
2789
|
+
type: "x25519",
|
2790
|
+
options: X25519KeyPairOptions<"pem", "der">,
|
2791
|
+
): KeyPairSyncResult<string, Buffer>;
|
2792
|
+
function generateKeyPairSync(
|
2793
|
+
type: "x25519",
|
2794
|
+
options: X25519KeyPairOptions<"der", "pem">,
|
2795
|
+
): KeyPairSyncResult<Buffer, string>;
|
2796
|
+
function generateKeyPairSync(
|
2797
|
+
type: "x25519",
|
2798
|
+
options: X25519KeyPairOptions<"der", "der">,
|
2799
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2800
|
+
function generateKeyPairSync(type: "x25519", options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2801
|
+
function generateKeyPairSync(
|
2802
|
+
type: "x448",
|
2803
|
+
options: X448KeyPairOptions<"pem", "pem">,
|
2804
|
+
): KeyPairSyncResult<string, string>;
|
2805
|
+
function generateKeyPairSync(
|
2806
|
+
type: "x448",
|
2807
|
+
options: X448KeyPairOptions<"pem", "der">,
|
2808
|
+
): KeyPairSyncResult<string, Buffer>;
|
2809
|
+
function generateKeyPairSync(
|
2810
|
+
type: "x448",
|
2811
|
+
options: X448KeyPairOptions<"der", "pem">,
|
2812
|
+
): KeyPairSyncResult<Buffer, string>;
|
2813
|
+
function generateKeyPairSync(
|
2814
|
+
type: "x448",
|
2815
|
+
options: X448KeyPairOptions<"der", "der">,
|
2816
|
+
): KeyPairSyncResult<Buffer, Buffer>;
|
2817
|
+
function generateKeyPairSync(type: "x448", options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
|
2818
|
+
/**
|
2819
|
+
* Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
|
2820
|
+
* Ed25519, Ed448, X25519, X448, and DH are currently supported.
|
2821
|
+
*
|
2822
|
+
* If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
|
2823
|
+
* behaves as if `keyObject.export()` had been called on its result. Otherwise,
|
2824
|
+
* the respective part of the key is returned as a `KeyObject`.
|
2825
|
+
*
|
2826
|
+
* It is recommended to encode public keys as `'spki'` and private keys as`'pkcs8'` with encryption for long-term storage:
|
2827
|
+
*
|
2828
|
+
* ```js
|
2829
|
+
* const {
|
2830
|
+
* generateKeyPair,
|
2831
|
+
* } = await import('node:crypto');
|
2832
|
+
*
|
2833
|
+
* generateKeyPair('rsa', {
|
2834
|
+
* modulusLength: 4096,
|
2835
|
+
* publicKeyEncoding: {
|
2836
|
+
* type: 'spki',
|
2837
|
+
* format: 'pem',
|
2838
|
+
* },
|
2839
|
+
* privateKeyEncoding: {
|
2840
|
+
* type: 'pkcs8',
|
2841
|
+
* format: 'pem',
|
2842
|
+
* cipher: 'aes-256-cbc',
|
2843
|
+
* passphrase: 'top secret',
|
2844
|
+
* },
|
2845
|
+
* }, (err, publicKey, privateKey) => {
|
2846
|
+
* // Handle errors and use the generated key pair.
|
2847
|
+
* });
|
2848
|
+
* ```
|
2849
|
+
*
|
2850
|
+
* On completion, `callback` will be called with `err` set to `undefined` and`publicKey` / `privateKey` representing the generated key pair.
|
2851
|
+
*
|
2852
|
+
* If this method is invoked as its `util.promisify()` ed version, it returns
|
2853
|
+
* a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
|
2854
|
+
* @since v10.12.0
|
2855
|
+
* @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
|
2856
|
+
*/
|
2857
|
+
function generateKeyPair(
|
2858
|
+
type: "rsa",
|
2859
|
+
options: RSAKeyPairOptions<"pem", "pem">,
|
2860
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
2861
|
+
): void;
|
2862
|
+
function generateKeyPair(
|
2863
|
+
type: "rsa",
|
2864
|
+
options: RSAKeyPairOptions<"pem", "der">,
|
2865
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
2866
|
+
): void;
|
2867
|
+
function generateKeyPair(
|
2868
|
+
type: "rsa",
|
2869
|
+
options: RSAKeyPairOptions<"der", "pem">,
|
2870
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
2871
|
+
): void;
|
2872
|
+
function generateKeyPair(
|
2873
|
+
type: "rsa",
|
2874
|
+
options: RSAKeyPairOptions<"der", "der">,
|
2875
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
2876
|
+
): void;
|
2877
|
+
function generateKeyPair(
|
2878
|
+
type: "rsa",
|
2879
|
+
options: RSAKeyPairKeyObjectOptions,
|
2880
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
2881
|
+
): void;
|
2882
|
+
function generateKeyPair(
|
2883
|
+
type: "rsa-pss",
|
2884
|
+
options: RSAPSSKeyPairOptions<"pem", "pem">,
|
2885
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
2886
|
+
): void;
|
2887
|
+
function generateKeyPair(
|
2888
|
+
type: "rsa-pss",
|
2889
|
+
options: RSAPSSKeyPairOptions<"pem", "der">,
|
2890
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
2891
|
+
): void;
|
2892
|
+
function generateKeyPair(
|
2893
|
+
type: "rsa-pss",
|
2894
|
+
options: RSAPSSKeyPairOptions<"der", "pem">,
|
2895
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
2896
|
+
): void;
|
2897
|
+
function generateKeyPair(
|
2898
|
+
type: "rsa-pss",
|
2899
|
+
options: RSAPSSKeyPairOptions<"der", "der">,
|
2900
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
2901
|
+
): void;
|
2902
|
+
function generateKeyPair(
|
2903
|
+
type: "rsa-pss",
|
2904
|
+
options: RSAPSSKeyPairKeyObjectOptions,
|
2905
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
2906
|
+
): void;
|
2907
|
+
function generateKeyPair(
|
2908
|
+
type: "dsa",
|
2909
|
+
options: DSAKeyPairOptions<"pem", "pem">,
|
2910
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
2911
|
+
): void;
|
2912
|
+
function generateKeyPair(
|
2913
|
+
type: "dsa",
|
2914
|
+
options: DSAKeyPairOptions<"pem", "der">,
|
2915
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
2916
|
+
): void;
|
2917
|
+
function generateKeyPair(
|
2918
|
+
type: "dsa",
|
2919
|
+
options: DSAKeyPairOptions<"der", "pem">,
|
2920
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
2921
|
+
): void;
|
2922
|
+
function generateKeyPair(
|
2923
|
+
type: "dsa",
|
2924
|
+
options: DSAKeyPairOptions<"der", "der">,
|
2925
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
2926
|
+
): void;
|
2927
|
+
function generateKeyPair(
|
2928
|
+
type: "dsa",
|
2929
|
+
options: DSAKeyPairKeyObjectOptions,
|
2930
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
2931
|
+
): void;
|
2932
|
+
function generateKeyPair(
|
2933
|
+
type: "ec",
|
2934
|
+
options: ECKeyPairOptions<"pem", "pem">,
|
2935
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
2936
|
+
): void;
|
2937
|
+
function generateKeyPair(
|
2938
|
+
type: "ec",
|
2939
|
+
options: ECKeyPairOptions<"pem", "der">,
|
2940
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
2941
|
+
): void;
|
2942
|
+
function generateKeyPair(
|
2943
|
+
type: "ec",
|
2944
|
+
options: ECKeyPairOptions<"der", "pem">,
|
2945
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
2946
|
+
): void;
|
2947
|
+
function generateKeyPair(
|
2948
|
+
type: "ec",
|
2949
|
+
options: ECKeyPairOptions<"der", "der">,
|
2950
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
2951
|
+
): void;
|
2952
|
+
function generateKeyPair(
|
2953
|
+
type: "ec",
|
2954
|
+
options: ECKeyPairKeyObjectOptions,
|
2955
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
2956
|
+
): void;
|
2957
|
+
function generateKeyPair(
|
2958
|
+
type: "ed25519",
|
2959
|
+
options: ED25519KeyPairOptions<"pem", "pem">,
|
2960
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
2961
|
+
): void;
|
2962
|
+
function generateKeyPair(
|
2963
|
+
type: "ed25519",
|
2964
|
+
options: ED25519KeyPairOptions<"pem", "der">,
|
2965
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
2966
|
+
): void;
|
2967
|
+
function generateKeyPair(
|
2968
|
+
type: "ed25519",
|
2969
|
+
options: ED25519KeyPairOptions<"der", "pem">,
|
2970
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
2971
|
+
): void;
|
2972
|
+
function generateKeyPair(
|
2973
|
+
type: "ed25519",
|
2974
|
+
options: ED25519KeyPairOptions<"der", "der">,
|
2975
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
2976
|
+
): void;
|
2977
|
+
function generateKeyPair(
|
2978
|
+
type: "ed25519",
|
2979
|
+
options: ED25519KeyPairKeyObjectOptions | undefined,
|
2980
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
2981
|
+
): void;
|
2982
|
+
function generateKeyPair(
|
2983
|
+
type: "ed448",
|
2984
|
+
options: ED448KeyPairOptions<"pem", "pem">,
|
2985
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
2986
|
+
): void;
|
2987
|
+
function generateKeyPair(
|
2988
|
+
type: "ed448",
|
2989
|
+
options: ED448KeyPairOptions<"pem", "der">,
|
2990
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
2991
|
+
): void;
|
2992
|
+
function generateKeyPair(
|
2993
|
+
type: "ed448",
|
2994
|
+
options: ED448KeyPairOptions<"der", "pem">,
|
2995
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
2996
|
+
): void;
|
2997
|
+
function generateKeyPair(
|
2998
|
+
type: "ed448",
|
2999
|
+
options: ED448KeyPairOptions<"der", "der">,
|
3000
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
3001
|
+
): void;
|
3002
|
+
function generateKeyPair(
|
3003
|
+
type: "ed448",
|
3004
|
+
options: ED448KeyPairKeyObjectOptions | undefined,
|
3005
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
3006
|
+
): void;
|
3007
|
+
function generateKeyPair(
|
3008
|
+
type: "x25519",
|
3009
|
+
options: X25519KeyPairOptions<"pem", "pem">,
|
3010
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
3011
|
+
): void;
|
3012
|
+
function generateKeyPair(
|
3013
|
+
type: "x25519",
|
3014
|
+
options: X25519KeyPairOptions<"pem", "der">,
|
3015
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
3016
|
+
): void;
|
3017
|
+
function generateKeyPair(
|
3018
|
+
type: "x25519",
|
3019
|
+
options: X25519KeyPairOptions<"der", "pem">,
|
3020
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
3021
|
+
): void;
|
3022
|
+
function generateKeyPair(
|
3023
|
+
type: "x25519",
|
3024
|
+
options: X25519KeyPairOptions<"der", "der">,
|
3025
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
3026
|
+
): void;
|
3027
|
+
function generateKeyPair(
|
3028
|
+
type: "x25519",
|
3029
|
+
options: X25519KeyPairKeyObjectOptions | undefined,
|
3030
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
3031
|
+
): void;
|
3032
|
+
function generateKeyPair(
|
3033
|
+
type: "x448",
|
3034
|
+
options: X448KeyPairOptions<"pem", "pem">,
|
3035
|
+
callback: (err: Error | null, publicKey: string, privateKey: string) => void,
|
3036
|
+
): void;
|
3037
|
+
function generateKeyPair(
|
3038
|
+
type: "x448",
|
3039
|
+
options: X448KeyPairOptions<"pem", "der">,
|
3040
|
+
callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
|
3041
|
+
): void;
|
3042
|
+
function generateKeyPair(
|
3043
|
+
type: "x448",
|
3044
|
+
options: X448KeyPairOptions<"der", "pem">,
|
3045
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
|
3046
|
+
): void;
|
3047
|
+
function generateKeyPair(
|
3048
|
+
type: "x448",
|
3049
|
+
options: X448KeyPairOptions<"der", "der">,
|
3050
|
+
callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
|
3051
|
+
): void;
|
3052
|
+
function generateKeyPair(
|
3053
|
+
type: "x448",
|
3054
|
+
options: X448KeyPairKeyObjectOptions | undefined,
|
3055
|
+
callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
|
3056
|
+
): void;
|
3057
|
+
namespace generateKeyPair {
|
3058
|
+
function __promisify__(
|
3059
|
+
type: "rsa",
|
3060
|
+
options: RSAKeyPairOptions<"pem", "pem">,
|
3061
|
+
): Promise<{
|
3062
|
+
publicKey: string;
|
3063
|
+
privateKey: string;
|
3064
|
+
}>;
|
3065
|
+
function __promisify__(
|
3066
|
+
type: "rsa",
|
3067
|
+
options: RSAKeyPairOptions<"pem", "der">,
|
3068
|
+
): Promise<{
|
3069
|
+
publicKey: string;
|
3070
|
+
privateKey: Buffer;
|
3071
|
+
}>;
|
3072
|
+
function __promisify__(
|
3073
|
+
type: "rsa",
|
3074
|
+
options: RSAKeyPairOptions<"der", "pem">,
|
3075
|
+
): Promise<{
|
3076
|
+
publicKey: Buffer;
|
3077
|
+
privateKey: string;
|
3078
|
+
}>;
|
3079
|
+
function __promisify__(
|
3080
|
+
type: "rsa",
|
3081
|
+
options: RSAKeyPairOptions<"der", "der">,
|
3082
|
+
): Promise<{
|
3083
|
+
publicKey: Buffer;
|
3084
|
+
privateKey: Buffer;
|
3085
|
+
}>;
|
3086
|
+
function __promisify__(type: "rsa", options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
|
3087
|
+
function __promisify__(
|
3088
|
+
type: "rsa-pss",
|
3089
|
+
options: RSAPSSKeyPairOptions<"pem", "pem">,
|
3090
|
+
): Promise<{
|
3091
|
+
publicKey: string;
|
3092
|
+
privateKey: string;
|
3093
|
+
}>;
|
3094
|
+
function __promisify__(
|
3095
|
+
type: "rsa-pss",
|
3096
|
+
options: RSAPSSKeyPairOptions<"pem", "der">,
|
3097
|
+
): Promise<{
|
3098
|
+
publicKey: string;
|
3099
|
+
privateKey: Buffer;
|
3100
|
+
}>;
|
3101
|
+
function __promisify__(
|
3102
|
+
type: "rsa-pss",
|
3103
|
+
options: RSAPSSKeyPairOptions<"der", "pem">,
|
3104
|
+
): Promise<{
|
3105
|
+
publicKey: Buffer;
|
3106
|
+
privateKey: string;
|
3107
|
+
}>;
|
3108
|
+
function __promisify__(
|
3109
|
+
type: "rsa-pss",
|
3110
|
+
options: RSAPSSKeyPairOptions<"der", "der">,
|
3111
|
+
): Promise<{
|
3112
|
+
publicKey: Buffer;
|
3113
|
+
privateKey: Buffer;
|
3114
|
+
}>;
|
3115
|
+
function __promisify__(
|
3116
|
+
type: "rsa-pss",
|
3117
|
+
options: RSAPSSKeyPairKeyObjectOptions,
|
3118
|
+
): Promise<KeyPairKeyObjectResult>;
|
3119
|
+
function __promisify__(
|
3120
|
+
type: "dsa",
|
3121
|
+
options: DSAKeyPairOptions<"pem", "pem">,
|
3122
|
+
): Promise<{
|
3123
|
+
publicKey: string;
|
3124
|
+
privateKey: string;
|
3125
|
+
}>;
|
3126
|
+
function __promisify__(
|
3127
|
+
type: "dsa",
|
3128
|
+
options: DSAKeyPairOptions<"pem", "der">,
|
3129
|
+
): Promise<{
|
3130
|
+
publicKey: string;
|
3131
|
+
privateKey: Buffer;
|
3132
|
+
}>;
|
3133
|
+
function __promisify__(
|
3134
|
+
type: "dsa",
|
3135
|
+
options: DSAKeyPairOptions<"der", "pem">,
|
3136
|
+
): Promise<{
|
3137
|
+
publicKey: Buffer;
|
3138
|
+
privateKey: string;
|
3139
|
+
}>;
|
3140
|
+
function __promisify__(
|
3141
|
+
type: "dsa",
|
3142
|
+
options: DSAKeyPairOptions<"der", "der">,
|
3143
|
+
): Promise<{
|
3144
|
+
publicKey: Buffer;
|
3145
|
+
privateKey: Buffer;
|
3146
|
+
}>;
|
3147
|
+
function __promisify__(type: "dsa", options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
|
3148
|
+
function __promisify__(
|
3149
|
+
type: "ec",
|
3150
|
+
options: ECKeyPairOptions<"pem", "pem">,
|
3151
|
+
): Promise<{
|
3152
|
+
publicKey: string;
|
3153
|
+
privateKey: string;
|
3154
|
+
}>;
|
3155
|
+
function __promisify__(
|
3156
|
+
type: "ec",
|
3157
|
+
options: ECKeyPairOptions<"pem", "der">,
|
3158
|
+
): Promise<{
|
3159
|
+
publicKey: string;
|
3160
|
+
privateKey: Buffer;
|
3161
|
+
}>;
|
3162
|
+
function __promisify__(
|
3163
|
+
type: "ec",
|
3164
|
+
options: ECKeyPairOptions<"der", "pem">,
|
3165
|
+
): Promise<{
|
3166
|
+
publicKey: Buffer;
|
3167
|
+
privateKey: string;
|
3168
|
+
}>;
|
3169
|
+
function __promisify__(
|
3170
|
+
type: "ec",
|
3171
|
+
options: ECKeyPairOptions<"der", "der">,
|
3172
|
+
): Promise<{
|
3173
|
+
publicKey: Buffer;
|
3174
|
+
privateKey: Buffer;
|
3175
|
+
}>;
|
3176
|
+
function __promisify__(type: "ec", options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
|
3177
|
+
function __promisify__(
|
3178
|
+
type: "ed25519",
|
3179
|
+
options: ED25519KeyPairOptions<"pem", "pem">,
|
3180
|
+
): Promise<{
|
3181
|
+
publicKey: string;
|
3182
|
+
privateKey: string;
|
3183
|
+
}>;
|
3184
|
+
function __promisify__(
|
3185
|
+
type: "ed25519",
|
3186
|
+
options: ED25519KeyPairOptions<"pem", "der">,
|
3187
|
+
): Promise<{
|
3188
|
+
publicKey: string;
|
3189
|
+
privateKey: Buffer;
|
3190
|
+
}>;
|
3191
|
+
function __promisify__(
|
3192
|
+
type: "ed25519",
|
3193
|
+
options: ED25519KeyPairOptions<"der", "pem">,
|
3194
|
+
): Promise<{
|
3195
|
+
publicKey: Buffer;
|
3196
|
+
privateKey: string;
|
3197
|
+
}>;
|
3198
|
+
function __promisify__(
|
3199
|
+
type: "ed25519",
|
3200
|
+
options: ED25519KeyPairOptions<"der", "der">,
|
3201
|
+
): Promise<{
|
3202
|
+
publicKey: Buffer;
|
3203
|
+
privateKey: Buffer;
|
3204
|
+
}>;
|
3205
|
+
function __promisify__(
|
3206
|
+
type: "ed25519",
|
3207
|
+
options?: ED25519KeyPairKeyObjectOptions,
|
3208
|
+
): Promise<KeyPairKeyObjectResult>;
|
3209
|
+
function __promisify__(
|
3210
|
+
type: "ed448",
|
3211
|
+
options: ED448KeyPairOptions<"pem", "pem">,
|
3212
|
+
): Promise<{
|
3213
|
+
publicKey: string;
|
3214
|
+
privateKey: string;
|
3215
|
+
}>;
|
3216
|
+
function __promisify__(
|
3217
|
+
type: "ed448",
|
3218
|
+
options: ED448KeyPairOptions<"pem", "der">,
|
3219
|
+
): Promise<{
|
3220
|
+
publicKey: string;
|
3221
|
+
privateKey: Buffer;
|
3222
|
+
}>;
|
3223
|
+
function __promisify__(
|
3224
|
+
type: "ed448",
|
3225
|
+
options: ED448KeyPairOptions<"der", "pem">,
|
3226
|
+
): Promise<{
|
3227
|
+
publicKey: Buffer;
|
3228
|
+
privateKey: string;
|
3229
|
+
}>;
|
3230
|
+
function __promisify__(
|
3231
|
+
type: "ed448",
|
3232
|
+
options: ED448KeyPairOptions<"der", "der">,
|
3233
|
+
): Promise<{
|
3234
|
+
publicKey: Buffer;
|
3235
|
+
privateKey: Buffer;
|
3236
|
+
}>;
|
3237
|
+
function __promisify__(type: "ed448", options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
|
3238
|
+
function __promisify__(
|
3239
|
+
type: "x25519",
|
3240
|
+
options: X25519KeyPairOptions<"pem", "pem">,
|
3241
|
+
): Promise<{
|
3242
|
+
publicKey: string;
|
3243
|
+
privateKey: string;
|
3244
|
+
}>;
|
3245
|
+
function __promisify__(
|
3246
|
+
type: "x25519",
|
3247
|
+
options: X25519KeyPairOptions<"pem", "der">,
|
3248
|
+
): Promise<{
|
3249
|
+
publicKey: string;
|
3250
|
+
privateKey: Buffer;
|
3251
|
+
}>;
|
3252
|
+
function __promisify__(
|
3253
|
+
type: "x25519",
|
3254
|
+
options: X25519KeyPairOptions<"der", "pem">,
|
3255
|
+
): Promise<{
|
3256
|
+
publicKey: Buffer;
|
3257
|
+
privateKey: string;
|
3258
|
+
}>;
|
3259
|
+
function __promisify__(
|
3260
|
+
type: "x25519",
|
3261
|
+
options: X25519KeyPairOptions<"der", "der">,
|
3262
|
+
): Promise<{
|
3263
|
+
publicKey: Buffer;
|
3264
|
+
privateKey: Buffer;
|
3265
|
+
}>;
|
3266
|
+
function __promisify__(
|
3267
|
+
type: "x25519",
|
3268
|
+
options?: X25519KeyPairKeyObjectOptions,
|
3269
|
+
): Promise<KeyPairKeyObjectResult>;
|
3270
|
+
function __promisify__(
|
3271
|
+
type: "x448",
|
3272
|
+
options: X448KeyPairOptions<"pem", "pem">,
|
3273
|
+
): Promise<{
|
3274
|
+
publicKey: string;
|
3275
|
+
privateKey: string;
|
3276
|
+
}>;
|
3277
|
+
function __promisify__(
|
3278
|
+
type: "x448",
|
3279
|
+
options: X448KeyPairOptions<"pem", "der">,
|
3280
|
+
): Promise<{
|
3281
|
+
publicKey: string;
|
3282
|
+
privateKey: Buffer;
|
3283
|
+
}>;
|
3284
|
+
function __promisify__(
|
3285
|
+
type: "x448",
|
3286
|
+
options: X448KeyPairOptions<"der", "pem">,
|
3287
|
+
): Promise<{
|
3288
|
+
publicKey: Buffer;
|
3289
|
+
privateKey: string;
|
3290
|
+
}>;
|
3291
|
+
function __promisify__(
|
3292
|
+
type: "x448",
|
3293
|
+
options: X448KeyPairOptions<"der", "der">,
|
3294
|
+
): Promise<{
|
3295
|
+
publicKey: Buffer;
|
3296
|
+
privateKey: Buffer;
|
3297
|
+
}>;
|
3298
|
+
function __promisify__(type: "x448", options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
|
3299
|
+
}
|
3300
|
+
/**
|
3301
|
+
* Calculates and returns the signature for `data` using the given private key and
|
3302
|
+
* algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
|
3303
|
+
* dependent upon the key type (especially Ed25519 and Ed448).
|
3304
|
+
*
|
3305
|
+
* If `key` is not a `KeyObject`, this function behaves as if `key` had been
|
3306
|
+
* passed to {@link createPrivateKey}. If it is an object, the following
|
3307
|
+
* additional properties can be passed:
|
3308
|
+
*
|
3309
|
+
* If the `callback` function is provided this function uses libuv's threadpool.
|
3310
|
+
* @since v12.0.0
|
3311
|
+
*/
|
3312
|
+
function sign(
|
3313
|
+
algorithm: string | null | undefined,
|
3314
|
+
data: NodeJS.ArrayBufferView,
|
3315
|
+
key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
|
3316
|
+
): Buffer;
|
3317
|
+
function sign(
|
3318
|
+
algorithm: string | null | undefined,
|
3319
|
+
data: NodeJS.ArrayBufferView,
|
3320
|
+
key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
|
3321
|
+
callback: (error: Error | null, data: Buffer) => void,
|
3322
|
+
): void;
|
3323
|
+
/**
|
3324
|
+
* Verifies the given signature for `data` using the given key and algorithm. If`algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
|
3325
|
+
* key type (especially Ed25519 and Ed448).
|
3326
|
+
*
|
3327
|
+
* If `key` is not a `KeyObject`, this function behaves as if `key` had been
|
3328
|
+
* passed to {@link createPublicKey}. If it is an object, the following
|
3329
|
+
* additional properties can be passed:
|
3330
|
+
*
|
3331
|
+
* The `signature` argument is the previously calculated signature for the `data`.
|
3332
|
+
*
|
3333
|
+
* Because public keys can be derived from private keys, a private key or a public
|
3334
|
+
* key may be passed for `key`.
|
3335
|
+
*
|
3336
|
+
* If the `callback` function is provided this function uses libuv's threadpool.
|
3337
|
+
* @since v12.0.0
|
3338
|
+
*/
|
3339
|
+
function verify(
|
3340
|
+
algorithm: string | null | undefined,
|
3341
|
+
data: NodeJS.ArrayBufferView,
|
3342
|
+
key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
|
3343
|
+
signature: NodeJS.ArrayBufferView,
|
3344
|
+
): boolean;
|
3345
|
+
function verify(
|
3346
|
+
algorithm: string | null | undefined,
|
3347
|
+
data: NodeJS.ArrayBufferView,
|
3348
|
+
key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
|
3349
|
+
signature: NodeJS.ArrayBufferView,
|
3350
|
+
callback: (error: Error | null, result: boolean) => void,
|
3351
|
+
): void;
|
3352
|
+
/**
|
3353
|
+
* Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
|
3354
|
+
* Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'`(for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
|
3355
|
+
* @since v13.9.0, v12.17.0
|
3356
|
+
*/
|
3357
|
+
function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
|
3358
|
+
type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
|
3359
|
+
interface CipherInfoOptions {
|
3360
|
+
/**
|
3361
|
+
* A test key length.
|
3362
|
+
*/
|
3363
|
+
keyLength?: number | undefined;
|
3364
|
+
/**
|
3365
|
+
* A test IV length.
|
3366
|
+
*/
|
3367
|
+
ivLength?: number | undefined;
|
3368
|
+
}
|
3369
|
+
interface CipherInfo {
|
3370
|
+
/**
|
3371
|
+
* The name of the cipher.
|
3372
|
+
*/
|
3373
|
+
name: string;
|
3374
|
+
/**
|
3375
|
+
* The nid of the cipher.
|
3376
|
+
*/
|
3377
|
+
nid: number;
|
3378
|
+
/**
|
3379
|
+
* The block size of the cipher in bytes.
|
3380
|
+
* This property is omitted when mode is 'stream'.
|
3381
|
+
*/
|
3382
|
+
blockSize?: number | undefined;
|
3383
|
+
/**
|
3384
|
+
* The expected or default initialization vector length in bytes.
|
3385
|
+
* This property is omitted if the cipher does not use an initialization vector.
|
3386
|
+
*/
|
3387
|
+
ivLength?: number | undefined;
|
3388
|
+
/**
|
3389
|
+
* The expected or default key length in bytes.
|
3390
|
+
*/
|
3391
|
+
keyLength: number;
|
3392
|
+
/**
|
3393
|
+
* The cipher mode.
|
3394
|
+
*/
|
3395
|
+
mode: CipherMode;
|
3396
|
+
}
|
3397
|
+
/**
|
3398
|
+
* Returns information about a given cipher.
|
3399
|
+
*
|
3400
|
+
* Some ciphers accept variable length keys and initialization vectors. By default,
|
3401
|
+
* the `crypto.getCipherInfo()` method will return the default values for these
|
3402
|
+
* ciphers. To test if a given key length or iv length is acceptable for given
|
3403
|
+
* cipher, use the `keyLength` and `ivLength` options. If the given values are
|
3404
|
+
* unacceptable, `undefined` will be returned.
|
3405
|
+
* @since v15.0.0
|
3406
|
+
* @param nameOrNid The name or nid of the cipher to query.
|
3407
|
+
*/
|
3408
|
+
function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
|
3409
|
+
/**
|
3410
|
+
* HKDF is a simple key derivation function defined in RFC 5869\. The given `ikm`,`salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
|
3411
|
+
*
|
3412
|
+
* The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an errors occurs while deriving the key, `err` will be set;
|
3413
|
+
* otherwise `err` will be `null`. The successfully generated `derivedKey` will
|
3414
|
+
* be passed to the callback as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). An error will be thrown if any
|
3415
|
+
* of the input arguments specify invalid values or types.
|
3416
|
+
*
|
3417
|
+
* ```js
|
3418
|
+
* import { Buffer } from 'node:buffer';
|
3419
|
+
* const {
|
3420
|
+
* hkdf,
|
3421
|
+
* } = await import('node:crypto');
|
3422
|
+
*
|
3423
|
+
* hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
|
3424
|
+
* if (err) throw err;
|
3425
|
+
* console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
|
3426
|
+
* });
|
3427
|
+
* ```
|
3428
|
+
* @since v15.0.0
|
3429
|
+
* @param digest The digest algorithm to use.
|
3430
|
+
* @param ikm The input keying material. Must be provided but can be zero-length.
|
3431
|
+
* @param salt The salt value. Must be provided but can be zero-length.
|
3432
|
+
* @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
|
3433
|
+
* @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
|
3434
|
+
* generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
|
3435
|
+
*/
|
3436
|
+
function hkdf(
|
3437
|
+
digest: string,
|
3438
|
+
irm: BinaryLike | KeyObject,
|
3439
|
+
salt: BinaryLike,
|
3440
|
+
info: BinaryLike,
|
3441
|
+
keylen: number,
|
3442
|
+
callback: (err: Error | null, derivedKey: ArrayBuffer) => void,
|
3443
|
+
): void;
|
3444
|
+
/**
|
3445
|
+
* Provides a synchronous HKDF key derivation function as defined in RFC 5869\. The
|
3446
|
+
* given `ikm`, `salt` and `info` are used with the `digest` to derive a key of`keylen` bytes.
|
3447
|
+
*
|
3448
|
+
* The successfully generated `derivedKey` will be returned as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer).
|
3449
|
+
*
|
3450
|
+
* An error will be thrown if any of the input arguments specify invalid values or
|
3451
|
+
* types, or if the derived key cannot be generated.
|
3452
|
+
*
|
3453
|
+
* ```js
|
3454
|
+
* import { Buffer } from 'node:buffer';
|
3455
|
+
* const {
|
3456
|
+
* hkdfSync,
|
3457
|
+
* } = await import('node:crypto');
|
3458
|
+
*
|
3459
|
+
* const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
|
3460
|
+
* console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
|
3461
|
+
* ```
|
3462
|
+
* @since v15.0.0
|
3463
|
+
* @param digest The digest algorithm to use.
|
3464
|
+
* @param ikm The input keying material. Must be provided but can be zero-length.
|
3465
|
+
* @param salt The salt value. Must be provided but can be zero-length.
|
3466
|
+
* @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
|
3467
|
+
* @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
|
3468
|
+
* generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
|
3469
|
+
*/
|
3470
|
+
function hkdfSync(
|
3471
|
+
digest: string,
|
3472
|
+
ikm: BinaryLike | KeyObject,
|
3473
|
+
salt: BinaryLike,
|
3474
|
+
info: BinaryLike,
|
3475
|
+
keylen: number,
|
3476
|
+
): ArrayBuffer;
|
3477
|
+
interface SecureHeapUsage {
|
3478
|
+
/**
|
3479
|
+
* The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
|
3480
|
+
*/
|
3481
|
+
total: number;
|
3482
|
+
/**
|
3483
|
+
* The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
|
3484
|
+
*/
|
3485
|
+
min: number;
|
3486
|
+
/**
|
3487
|
+
* The total number of bytes currently allocated from the secure heap.
|
3488
|
+
*/
|
3489
|
+
used: number;
|
3490
|
+
/**
|
3491
|
+
* The calculated ratio of `used` to `total` allocated bytes.
|
3492
|
+
*/
|
3493
|
+
utilization: number;
|
3494
|
+
}
|
3495
|
+
/**
|
3496
|
+
* @since v15.6.0
|
3497
|
+
*/
|
3498
|
+
function secureHeapUsed(): SecureHeapUsage;
|
3499
|
+
interface RandomUUIDOptions {
|
3500
|
+
/**
|
3501
|
+
* By default, to improve performance,
|
3502
|
+
* Node.js will pre-emptively generate and persistently cache enough
|
3503
|
+
* random data to generate up to 128 random UUIDs. To generate a UUID
|
3504
|
+
* without using the cache, set `disableEntropyCache` to `true`.
|
3505
|
+
*
|
3506
|
+
* @default `false`
|
3507
|
+
*/
|
3508
|
+
disableEntropyCache?: boolean | undefined;
|
3509
|
+
}
|
3510
|
+
/**
|
3511
|
+
* Generates a random [RFC 4122](https://www.rfc-editor.org/rfc/rfc4122.txt) version 4 UUID. The UUID is generated using a
|
3512
|
+
* cryptographic pseudorandom number generator.
|
3513
|
+
* @since v15.6.0, v14.17.0
|
3514
|
+
*/
|
3515
|
+
function randomUUID(options?: RandomUUIDOptions): string;
|
3516
|
+
interface X509CheckOptions {
|
3517
|
+
/**
|
3518
|
+
* @default 'always'
|
3519
|
+
*/
|
3520
|
+
subject?: "always" | "default" | "never";
|
3521
|
+
/**
|
3522
|
+
* @default true
|
3523
|
+
*/
|
3524
|
+
wildcards?: boolean;
|
3525
|
+
/**
|
3526
|
+
* @default true
|
3527
|
+
*/
|
3528
|
+
partialWildcards?: boolean;
|
3529
|
+
/**
|
3530
|
+
* @default false
|
3531
|
+
*/
|
3532
|
+
multiLabelWildcards?: boolean;
|
3533
|
+
/**
|
3534
|
+
* @default false
|
3535
|
+
*/
|
3536
|
+
singleLabelSubdomains?: boolean;
|
3537
|
+
}
|
3538
|
+
/**
|
3539
|
+
* Encapsulates an X509 certificate and provides read-only access to
|
3540
|
+
* its information.
|
3541
|
+
*
|
3542
|
+
* ```js
|
3543
|
+
* const { X509Certificate } = await import('node:crypto');
|
3544
|
+
*
|
3545
|
+
* const x509 = new X509Certificate('{... pem encoded cert ...}');
|
3546
|
+
*
|
3547
|
+
* console.log(x509.subject);
|
3548
|
+
* ```
|
3549
|
+
* @since v15.6.0
|
3550
|
+
*/
|
3551
|
+
class X509Certificate {
|
3552
|
+
/**
|
3553
|
+
* Will be \`true\` if this is a Certificate Authority (CA) certificate.
|
3554
|
+
* @since v15.6.0
|
3555
|
+
*/
|
3556
|
+
readonly ca: boolean;
|
3557
|
+
/**
|
3558
|
+
* The SHA-1 fingerprint of this certificate.
|
3559
|
+
*
|
3560
|
+
* Because SHA-1 is cryptographically broken and because the security of SHA-1 is
|
3561
|
+
* significantly worse than that of algorithms that are commonly used to sign
|
3562
|
+
* certificates, consider using `x509.fingerprint256` instead.
|
3563
|
+
* @since v15.6.0
|
3564
|
+
*/
|
3565
|
+
readonly fingerprint: string;
|
3566
|
+
/**
|
3567
|
+
* The SHA-256 fingerprint of this certificate.
|
3568
|
+
* @since v15.6.0
|
3569
|
+
*/
|
3570
|
+
readonly fingerprint256: string;
|
3571
|
+
/**
|
3572
|
+
* The SHA-512 fingerprint of this certificate.
|
3573
|
+
*
|
3574
|
+
* Because computing the SHA-256 fingerprint is usually faster and because it is
|
3575
|
+
* only half the size of the SHA-512 fingerprint, `x509.fingerprint256` may be
|
3576
|
+
* a better choice. While SHA-512 presumably provides a higher level of security in
|
3577
|
+
* general, the security of SHA-256 matches that of most algorithms that are
|
3578
|
+
* commonly used to sign certificates.
|
3579
|
+
* @since v17.2.0, v16.14.0
|
3580
|
+
*/
|
3581
|
+
readonly fingerprint512: string;
|
3582
|
+
/**
|
3583
|
+
* The complete subject of this certificate.
|
3584
|
+
* @since v15.6.0
|
3585
|
+
*/
|
3586
|
+
readonly subject: string;
|
3587
|
+
/**
|
3588
|
+
* The subject alternative name specified for this certificate.
|
3589
|
+
*
|
3590
|
+
* This is a comma-separated list of subject alternative names. Each entry begins
|
3591
|
+
* with a string identifying the kind of the subject alternative name followed by
|
3592
|
+
* a colon and the value associated with the entry.
|
3593
|
+
*
|
3594
|
+
* Earlier versions of Node.js incorrectly assumed that it is safe to split this
|
3595
|
+
* property at the two-character sequence `', '` (see [CVE-2021-44532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532)). However,
|
3596
|
+
* both malicious and legitimate certificates can contain subject alternative names
|
3597
|
+
* that include this sequence when represented as a string.
|
3598
|
+
*
|
3599
|
+
* After the prefix denoting the type of the entry, the remainder of each entry
|
3600
|
+
* might be enclosed in quotes to indicate that the value is a JSON string literal.
|
3601
|
+
* For backward compatibility, Node.js only uses JSON string literals within this
|
3602
|
+
* property when necessary to avoid ambiguity. Third-party code should be prepared
|
3603
|
+
* to handle both possible entry formats.
|
3604
|
+
* @since v15.6.0
|
3605
|
+
*/
|
3606
|
+
readonly subjectAltName: string | undefined;
|
3607
|
+
/**
|
3608
|
+
* A textual representation of the certificate's authority information access
|
3609
|
+
* extension.
|
3610
|
+
*
|
3611
|
+
* This is a line feed separated list of access descriptions. Each line begins with
|
3612
|
+
* the access method and the kind of the access location, followed by a colon and
|
3613
|
+
* the value associated with the access location.
|
3614
|
+
*
|
3615
|
+
* After the prefix denoting the access method and the kind of the access location,
|
3616
|
+
* the remainder of each line might be enclosed in quotes to indicate that the
|
3617
|
+
* value is a JSON string literal. For backward compatibility, Node.js only uses
|
3618
|
+
* JSON string literals within this property when necessary to avoid ambiguity.
|
3619
|
+
* Third-party code should be prepared to handle both possible entry formats.
|
3620
|
+
* @since v15.6.0
|
3621
|
+
*/
|
3622
|
+
readonly infoAccess: string | undefined;
|
3623
|
+
/**
|
3624
|
+
* An array detailing the key usages for this certificate.
|
3625
|
+
* @since v15.6.0
|
3626
|
+
*/
|
3627
|
+
readonly keyUsage: string[];
|
3628
|
+
/**
|
3629
|
+
* The issuer identification included in this certificate.
|
3630
|
+
* @since v15.6.0
|
3631
|
+
*/
|
3632
|
+
readonly issuer: string;
|
3633
|
+
/**
|
3634
|
+
* The issuer certificate or `undefined` if the issuer certificate is not
|
3635
|
+
* available.
|
3636
|
+
* @since v15.9.0
|
3637
|
+
*/
|
3638
|
+
readonly issuerCertificate?: X509Certificate | undefined;
|
3639
|
+
/**
|
3640
|
+
* The public key `KeyObject` for this certificate.
|
3641
|
+
* @since v15.6.0
|
3642
|
+
*/
|
3643
|
+
readonly publicKey: KeyObject;
|
3644
|
+
/**
|
3645
|
+
* A `Buffer` containing the DER encoding of this certificate.
|
3646
|
+
* @since v15.6.0
|
3647
|
+
*/
|
3648
|
+
readonly raw: Buffer;
|
3649
|
+
/**
|
3650
|
+
* The serial number of this certificate.
|
3651
|
+
*
|
3652
|
+
* Serial numbers are assigned by certificate authorities and do not uniquely
|
3653
|
+
* identify certificates. Consider using `x509.fingerprint256` as a unique
|
3654
|
+
* identifier instead.
|
3655
|
+
* @since v15.6.0
|
3656
|
+
*/
|
3657
|
+
readonly serialNumber: string;
|
3658
|
+
/**
|
3659
|
+
* The date/time from which this certificate is considered valid.
|
3660
|
+
* @since v15.6.0
|
3661
|
+
*/
|
3662
|
+
readonly validFrom: string;
|
3663
|
+
/**
|
3664
|
+
* The date/time until which this certificate is considered valid.
|
3665
|
+
* @since v15.6.0
|
3666
|
+
*/
|
3667
|
+
readonly validTo: string;
|
3668
|
+
constructor(buffer: BinaryLike);
|
3669
|
+
/**
|
3670
|
+
* Checks whether the certificate matches the given email address.
|
3671
|
+
*
|
3672
|
+
* If the `'subject'` option is undefined or set to `'default'`, the certificate
|
3673
|
+
* subject is only considered if the subject alternative name extension either does
|
3674
|
+
* not exist or does not contain any email addresses.
|
3675
|
+
*
|
3676
|
+
* If the `'subject'` option is set to `'always'` and if the subject alternative
|
3677
|
+
* name extension either does not exist or does not contain a matching email
|
3678
|
+
* address, the certificate subject is considered.
|
3679
|
+
*
|
3680
|
+
* If the `'subject'` option is set to `'never'`, the certificate subject is never
|
3681
|
+
* considered, even if the certificate contains no subject alternative names.
|
3682
|
+
* @since v15.6.0
|
3683
|
+
* @return Returns `email` if the certificate matches, `undefined` if it does not.
|
3684
|
+
*/
|
3685
|
+
checkEmail(email: string, options?: Pick<X509CheckOptions, "subject">): string | undefined;
|
3686
|
+
/**
|
3687
|
+
* Checks whether the certificate matches the given host name.
|
3688
|
+
*
|
3689
|
+
* If the certificate matches the given host name, the matching subject name is
|
3690
|
+
* returned. The returned name might be an exact match (e.g., `foo.example.com`)
|
3691
|
+
* or it might contain wildcards (e.g., `*.example.com`). Because host name
|
3692
|
+
* comparisons are case-insensitive, the returned subject name might also differ
|
3693
|
+
* from the given `name` in capitalization.
|
3694
|
+
*
|
3695
|
+
* If the `'subject'` option is undefined or set to `'default'`, the certificate
|
3696
|
+
* subject is only considered if the subject alternative name extension either does
|
3697
|
+
* not exist or does not contain any DNS names. This behavior is consistent with [RFC 2818](https://www.rfc-editor.org/rfc/rfc2818.txt) ("HTTP Over TLS").
|
3698
|
+
*
|
3699
|
+
* If the `'subject'` option is set to `'always'` and if the subject alternative
|
3700
|
+
* name extension either does not exist or does not contain a matching DNS name,
|
3701
|
+
* the certificate subject is considered.
|
3702
|
+
*
|
3703
|
+
* If the `'subject'` option is set to `'never'`, the certificate subject is never
|
3704
|
+
* considered, even if the certificate contains no subject alternative names.
|
3705
|
+
* @since v15.6.0
|
3706
|
+
* @return Returns a subject name that matches `name`, or `undefined` if no subject name matches `name`.
|
3707
|
+
*/
|
3708
|
+
checkHost(name: string, options?: X509CheckOptions): string | undefined;
|
3709
|
+
/**
|
3710
|
+
* Checks whether the certificate matches the given IP address (IPv4 or IPv6).
|
3711
|
+
*
|
3712
|
+
* Only [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.txt) `iPAddress` subject alternative names are considered, and they
|
3713
|
+
* must match the given `ip` address exactly. Other subject alternative names as
|
3714
|
+
* well as the subject field of the certificate are ignored.
|
3715
|
+
* @since v15.6.0
|
3716
|
+
* @return Returns `ip` if the certificate matches, `undefined` if it does not.
|
3717
|
+
*/
|
3718
|
+
checkIP(ip: string): string | undefined;
|
3719
|
+
/**
|
3720
|
+
* Checks whether this certificate was issued by the given `otherCert`.
|
3721
|
+
* @since v15.6.0
|
3722
|
+
*/
|
3723
|
+
checkIssued(otherCert: X509Certificate): boolean;
|
3724
|
+
/**
|
3725
|
+
* Checks whether the public key for this certificate is consistent with
|
3726
|
+
* the given private key.
|
3727
|
+
* @since v15.6.0
|
3728
|
+
* @param privateKey A private key.
|
3729
|
+
*/
|
3730
|
+
checkPrivateKey(privateKey: KeyObject): boolean;
|
3731
|
+
/**
|
3732
|
+
* There is no standard JSON encoding for X509 certificates. The`toJSON()` method returns a string containing the PEM encoded
|
3733
|
+
* certificate.
|
3734
|
+
* @since v15.6.0
|
3735
|
+
*/
|
3736
|
+
toJSON(): string;
|
3737
|
+
/**
|
3738
|
+
* Returns information about this certificate using the legacy `certificate object` encoding.
|
3739
|
+
* @since v15.6.0
|
3740
|
+
*/
|
3741
|
+
toLegacyObject(): PeerCertificate;
|
3742
|
+
/**
|
3743
|
+
* Returns the PEM-encoded certificate.
|
3744
|
+
* @since v15.6.0
|
3745
|
+
*/
|
3746
|
+
toString(): string;
|
3747
|
+
/**
|
3748
|
+
* Verifies that this certificate was signed by the given public key.
|
3749
|
+
* Does not perform any other validation checks on the certificate.
|
3750
|
+
* @since v15.6.0
|
3751
|
+
* @param publicKey A public key.
|
3752
|
+
*/
|
3753
|
+
verify(publicKey: KeyObject): boolean;
|
3754
|
+
}
|
3755
|
+
type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
|
3756
|
+
interface GeneratePrimeOptions {
|
3757
|
+
add?: LargeNumberLike | undefined;
|
3758
|
+
rem?: LargeNumberLike | undefined;
|
3759
|
+
/**
|
3760
|
+
* @default false
|
3761
|
+
*/
|
3762
|
+
safe?: boolean | undefined;
|
3763
|
+
bigint?: boolean | undefined;
|
3764
|
+
}
|
3765
|
+
interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
|
3766
|
+
bigint: true;
|
3767
|
+
}
|
3768
|
+
interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
|
3769
|
+
bigint?: false | undefined;
|
3770
|
+
}
|
3771
|
+
/**
|
3772
|
+
* Generates a pseudorandom prime of `size` bits.
|
3773
|
+
*
|
3774
|
+
* If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
|
3775
|
+
*
|
3776
|
+
* The `options.add` and `options.rem` parameters can be used to enforce additional
|
3777
|
+
* requirements, e.g., for Diffie-Hellman:
|
3778
|
+
*
|
3779
|
+
* * If `options.add` and `options.rem` are both set, the prime will satisfy the
|
3780
|
+
* condition that `prime % add = rem`.
|
3781
|
+
* * If only `options.add` is set and `options.safe` is not `true`, the prime will
|
3782
|
+
* satisfy the condition that `prime % add = 1`.
|
3783
|
+
* * If only `options.add` is set and `options.safe` is set to `true`, the prime
|
3784
|
+
* will instead satisfy the condition that `prime % add = 3`. This is necessary
|
3785
|
+
* because `prime % add = 1` for `options.add > 2` would contradict the condition
|
3786
|
+
* enforced by `options.safe`.
|
3787
|
+
* * `options.rem` is ignored if `options.add` is not given.
|
3788
|
+
*
|
3789
|
+
* Both `options.add` and `options.rem` must be encoded as big-endian sequences
|
3790
|
+
* if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
|
3791
|
+
*
|
3792
|
+
* By default, the prime is encoded as a big-endian sequence of octets
|
3793
|
+
* in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
|
3794
|
+
* [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.
|
3795
|
+
* @since v15.8.0
|
3796
|
+
* @param size The size (in bits) of the prime to generate.
|
3797
|
+
*/
|
3798
|
+
function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
|
3799
|
+
function generatePrime(
|
3800
|
+
size: number,
|
3801
|
+
options: GeneratePrimeOptionsBigInt,
|
3802
|
+
callback: (err: Error | null, prime: bigint) => void,
|
3803
|
+
): void;
|
3804
|
+
function generatePrime(
|
3805
|
+
size: number,
|
3806
|
+
options: GeneratePrimeOptionsArrayBuffer,
|
3807
|
+
callback: (err: Error | null, prime: ArrayBuffer) => void,
|
3808
|
+
): void;
|
3809
|
+
function generatePrime(
|
3810
|
+
size: number,
|
3811
|
+
options: GeneratePrimeOptions,
|
3812
|
+
callback: (err: Error | null, prime: ArrayBuffer | bigint) => void,
|
3813
|
+
): void;
|
3814
|
+
/**
|
3815
|
+
* Generates a pseudorandom prime of `size` bits.
|
3816
|
+
*
|
3817
|
+
* If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
|
3818
|
+
*
|
3819
|
+
* The `options.add` and `options.rem` parameters can be used to enforce additional
|
3820
|
+
* requirements, e.g., for Diffie-Hellman:
|
3821
|
+
*
|
3822
|
+
* * If `options.add` and `options.rem` are both set, the prime will satisfy the
|
3823
|
+
* condition that `prime % add = rem`.
|
3824
|
+
* * If only `options.add` is set and `options.safe` is not `true`, the prime will
|
3825
|
+
* satisfy the condition that `prime % add = 1`.
|
3826
|
+
* * If only `options.add` is set and `options.safe` is set to `true`, the prime
|
3827
|
+
* will instead satisfy the condition that `prime % add = 3`. This is necessary
|
3828
|
+
* because `prime % add = 1` for `options.add > 2` would contradict the condition
|
3829
|
+
* enforced by `options.safe`.
|
3830
|
+
* * `options.rem` is ignored if `options.add` is not given.
|
3831
|
+
*
|
3832
|
+
* Both `options.add` and `options.rem` must be encoded as big-endian sequences
|
3833
|
+
* if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
|
3834
|
+
*
|
3835
|
+
* By default, the prime is encoded as a big-endian sequence of octets
|
3836
|
+
* in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
|
3837
|
+
* [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.
|
3838
|
+
* @since v15.8.0
|
3839
|
+
* @param size The size (in bits) of the prime to generate.
|
3840
|
+
*/
|
3841
|
+
function generatePrimeSync(size: number): ArrayBuffer;
|
3842
|
+
function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
|
3843
|
+
function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
|
3844
|
+
function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
|
3845
|
+
interface CheckPrimeOptions {
|
3846
|
+
/**
|
3847
|
+
* The number of Miller-Rabin probabilistic primality iterations to perform.
|
3848
|
+
* When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most `2**-64` for random input.
|
3849
|
+
* Care must be used when selecting a number of checks.
|
3850
|
+
* Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
|
3851
|
+
*
|
3852
|
+
* @default 0
|
3853
|
+
*/
|
3854
|
+
checks?: number | undefined;
|
3855
|
+
}
|
3856
|
+
/**
|
3857
|
+
* Checks the primality of the `candidate`.
|
3858
|
+
* @since v15.8.0
|
3859
|
+
* @param candidate A possible prime encoded as a sequence of big endian octets of arbitrary length.
|
3860
|
+
*/
|
3861
|
+
function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
|
3862
|
+
function checkPrime(
|
3863
|
+
value: LargeNumberLike,
|
3864
|
+
options: CheckPrimeOptions,
|
3865
|
+
callback: (err: Error | null, result: boolean) => void,
|
3866
|
+
): void;
|
3867
|
+
/**
|
3868
|
+
* Checks the primality of the `candidate`.
|
3869
|
+
* @since v15.8.0
|
3870
|
+
* @param candidate A possible prime encoded as a sequence of big endian octets of arbitrary length.
|
3871
|
+
* @return `true` if the candidate is a prime with an error probability less than `0.25 ** options.checks`.
|
3872
|
+
*/
|
3873
|
+
function checkPrimeSync(candidate: LargeNumberLike, options?: CheckPrimeOptions): boolean;
|
3874
|
+
/**
|
3875
|
+
* Load and set the `engine` for some or all OpenSSL functions (selected by flags).
|
3876
|
+
*
|
3877
|
+
* `engine` could be either an id or a path to the engine's shared library.
|
3878
|
+
*
|
3879
|
+
* The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`is a bit field taking one of or a mix of the following flags (defined in`crypto.constants`):
|
3880
|
+
*
|
3881
|
+
* * `crypto.constants.ENGINE_METHOD_RSA`
|
3882
|
+
* * `crypto.constants.ENGINE_METHOD_DSA`
|
3883
|
+
* * `crypto.constants.ENGINE_METHOD_DH`
|
3884
|
+
* * `crypto.constants.ENGINE_METHOD_RAND`
|
3885
|
+
* * `crypto.constants.ENGINE_METHOD_EC`
|
3886
|
+
* * `crypto.constants.ENGINE_METHOD_CIPHERS`
|
3887
|
+
* * `crypto.constants.ENGINE_METHOD_DIGESTS`
|
3888
|
+
* * `crypto.constants.ENGINE_METHOD_PKEY_METHS`
|
3889
|
+
* * `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
|
3890
|
+
* * `crypto.constants.ENGINE_METHOD_ALL`
|
3891
|
+
* * `crypto.constants.ENGINE_METHOD_NONE`
|
3892
|
+
* @since v0.11.11
|
3893
|
+
* @param flags
|
3894
|
+
*/
|
3895
|
+
function setEngine(engine: string, flags?: number): void;
|
3896
|
+
/**
|
3897
|
+
* A convenient alias for {@link webcrypto.getRandomValues}. This
|
3898
|
+
* implementation is not compliant with the Web Crypto spec, to write
|
3899
|
+
* web-compatible code use {@link webcrypto.getRandomValues} instead.
|
3900
|
+
* @since v17.4.0
|
3901
|
+
* @return Returns `typedArray`.
|
3902
|
+
*/
|
3903
|
+
function getRandomValues<T extends webcrypto.BufferSource>(typedArray: T): T;
|
3904
|
+
/**
|
3905
|
+
* A convenient alias for `crypto.webcrypto.subtle`.
|
3906
|
+
* @since v17.4.0
|
3907
|
+
*/
|
3908
|
+
const subtle: webcrypto.SubtleCrypto;
|
3909
|
+
/**
|
3910
|
+
* An implementation of the Web Crypto API standard.
|
3911
|
+
*
|
3912
|
+
* See the {@link https://nodejs.org/docs/latest/api/webcrypto.html Web Crypto API documentation} for details.
|
3913
|
+
* @since v15.0.0
|
3914
|
+
*/
|
3915
|
+
const webcrypto: webcrypto.Crypto;
|
3916
|
+
namespace webcrypto {
|
3917
|
+
type BufferSource = ArrayBufferView | ArrayBuffer;
|
3918
|
+
type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
|
3919
|
+
type KeyType = "private" | "public" | "secret";
|
3920
|
+
type KeyUsage =
|
3921
|
+
| "decrypt"
|
3922
|
+
| "deriveBits"
|
3923
|
+
| "deriveKey"
|
3924
|
+
| "encrypt"
|
3925
|
+
| "sign"
|
3926
|
+
| "unwrapKey"
|
3927
|
+
| "verify"
|
3928
|
+
| "wrapKey";
|
3929
|
+
type AlgorithmIdentifier = Algorithm | string;
|
3930
|
+
type HashAlgorithmIdentifier = AlgorithmIdentifier;
|
3931
|
+
type NamedCurve = string;
|
3932
|
+
type BigInteger = Uint8Array;
|
3933
|
+
interface AesCbcParams extends Algorithm {
|
3934
|
+
iv: BufferSource;
|
3935
|
+
}
|
3936
|
+
interface AesCtrParams extends Algorithm {
|
3937
|
+
counter: BufferSource;
|
3938
|
+
length: number;
|
3939
|
+
}
|
3940
|
+
interface AesDerivedKeyParams extends Algorithm {
|
3941
|
+
length: number;
|
3942
|
+
}
|
3943
|
+
interface AesGcmParams extends Algorithm {
|
3944
|
+
additionalData?: BufferSource;
|
3945
|
+
iv: BufferSource;
|
3946
|
+
tagLength?: number;
|
3947
|
+
}
|
3948
|
+
interface AesKeyAlgorithm extends KeyAlgorithm {
|
3949
|
+
length: number;
|
3950
|
+
}
|
3951
|
+
interface AesKeyGenParams extends Algorithm {
|
3952
|
+
length: number;
|
3953
|
+
}
|
3954
|
+
interface Algorithm {
|
3955
|
+
name: string;
|
3956
|
+
}
|
3957
|
+
interface EcKeyAlgorithm extends KeyAlgorithm {
|
3958
|
+
namedCurve: NamedCurve;
|
3959
|
+
}
|
3960
|
+
interface EcKeyGenParams extends Algorithm {
|
3961
|
+
namedCurve: NamedCurve;
|
3962
|
+
}
|
3963
|
+
interface EcKeyImportParams extends Algorithm {
|
3964
|
+
namedCurve: NamedCurve;
|
3965
|
+
}
|
3966
|
+
interface EcdhKeyDeriveParams extends Algorithm {
|
3967
|
+
public: CryptoKey;
|
3968
|
+
}
|
3969
|
+
interface EcdsaParams extends Algorithm {
|
3970
|
+
hash: HashAlgorithmIdentifier;
|
3971
|
+
}
|
3972
|
+
interface Ed448Params extends Algorithm {
|
3973
|
+
context?: BufferSource;
|
3974
|
+
}
|
3975
|
+
interface HkdfParams extends Algorithm {
|
3976
|
+
hash: HashAlgorithmIdentifier;
|
3977
|
+
info: BufferSource;
|
3978
|
+
salt: BufferSource;
|
3979
|
+
}
|
3980
|
+
interface HmacImportParams extends Algorithm {
|
3981
|
+
hash: HashAlgorithmIdentifier;
|
3982
|
+
length?: number;
|
3983
|
+
}
|
3984
|
+
interface HmacKeyAlgorithm extends KeyAlgorithm {
|
3985
|
+
hash: KeyAlgorithm;
|
3986
|
+
length: number;
|
3987
|
+
}
|
3988
|
+
interface HmacKeyGenParams extends Algorithm {
|
3989
|
+
hash: HashAlgorithmIdentifier;
|
3990
|
+
length?: number;
|
3991
|
+
}
|
3992
|
+
interface JsonWebKey {
|
3993
|
+
alg?: string;
|
3994
|
+
crv?: string;
|
3995
|
+
d?: string;
|
3996
|
+
dp?: string;
|
3997
|
+
dq?: string;
|
3998
|
+
e?: string;
|
3999
|
+
ext?: boolean;
|
4000
|
+
k?: string;
|
4001
|
+
key_ops?: string[];
|
4002
|
+
kty?: string;
|
4003
|
+
n?: string;
|
4004
|
+
oth?: RsaOtherPrimesInfo[];
|
4005
|
+
p?: string;
|
4006
|
+
q?: string;
|
4007
|
+
qi?: string;
|
4008
|
+
use?: string;
|
4009
|
+
x?: string;
|
4010
|
+
y?: string;
|
4011
|
+
}
|
4012
|
+
interface KeyAlgorithm {
|
4013
|
+
name: string;
|
4014
|
+
}
|
4015
|
+
interface Pbkdf2Params extends Algorithm {
|
4016
|
+
hash: HashAlgorithmIdentifier;
|
4017
|
+
iterations: number;
|
4018
|
+
salt: BufferSource;
|
4019
|
+
}
|
4020
|
+
interface RsaHashedImportParams extends Algorithm {
|
4021
|
+
hash: HashAlgorithmIdentifier;
|
4022
|
+
}
|
4023
|
+
interface RsaHashedKeyAlgorithm extends RsaKeyAlgorithm {
|
4024
|
+
hash: KeyAlgorithm;
|
4025
|
+
}
|
4026
|
+
interface RsaHashedKeyGenParams extends RsaKeyGenParams {
|
4027
|
+
hash: HashAlgorithmIdentifier;
|
4028
|
+
}
|
4029
|
+
interface RsaKeyAlgorithm extends KeyAlgorithm {
|
4030
|
+
modulusLength: number;
|
4031
|
+
publicExponent: BigInteger;
|
4032
|
+
}
|
4033
|
+
interface RsaKeyGenParams extends Algorithm {
|
4034
|
+
modulusLength: number;
|
4035
|
+
publicExponent: BigInteger;
|
4036
|
+
}
|
4037
|
+
interface RsaOaepParams extends Algorithm {
|
4038
|
+
label?: BufferSource;
|
4039
|
+
}
|
4040
|
+
interface RsaOtherPrimesInfo {
|
4041
|
+
d?: string;
|
4042
|
+
r?: string;
|
4043
|
+
t?: string;
|
4044
|
+
}
|
4045
|
+
interface RsaPssParams extends Algorithm {
|
4046
|
+
saltLength: number;
|
4047
|
+
}
|
4048
|
+
/**
|
4049
|
+
* Calling `require('node:crypto').webcrypto` returns an instance of the `Crypto` class.
|
4050
|
+
* `Crypto` is a singleton that provides access to the remainder of the crypto API.
|
4051
|
+
* @since v15.0.0
|
4052
|
+
*/
|
4053
|
+
interface Crypto {
|
4054
|
+
/**
|
4055
|
+
* Provides access to the `SubtleCrypto` API.
|
4056
|
+
* @since v15.0.0
|
4057
|
+
*/
|
4058
|
+
readonly subtle: SubtleCrypto;
|
4059
|
+
/**
|
4060
|
+
* Generates cryptographically strong random values.
|
4061
|
+
* The given `typedArray` is filled with random values, and a reference to `typedArray` is returned.
|
4062
|
+
*
|
4063
|
+
* The given `typedArray` must be an integer-based instance of {@link NodeJS.TypedArray}, i.e. `Float32Array` and `Float64Array` are not accepted.
|
4064
|
+
*
|
4065
|
+
* An error will be thrown if the given `typedArray` is larger than 65,536 bytes.
|
4066
|
+
* @since v15.0.0
|
4067
|
+
*/
|
4068
|
+
getRandomValues<T extends Exclude<NodeJS.TypedArray, Float32Array | Float64Array>>(typedArray: T): T;
|
4069
|
+
/**
|
4070
|
+
* Generates a random {@link https://www.rfc-editor.org/rfc/rfc4122.txt RFC 4122} version 4 UUID.
|
4071
|
+
* The UUID is generated using a cryptographic pseudorandom number generator.
|
4072
|
+
* @since v16.7.0
|
4073
|
+
*/
|
4074
|
+
randomUUID(): string;
|
4075
|
+
CryptoKey: CryptoKeyConstructor;
|
4076
|
+
}
|
4077
|
+
// This constructor throws ILLEGAL_CONSTRUCTOR so it should not be newable.
|
4078
|
+
interface CryptoKeyConstructor {
|
4079
|
+
/** Illegal constructor */
|
4080
|
+
(_: { readonly _: unique symbol }): never; // Allows instanceof to work but not be callable by the user.
|
4081
|
+
readonly length: 0;
|
4082
|
+
readonly name: "CryptoKey";
|
4083
|
+
readonly prototype: CryptoKey;
|
4084
|
+
}
|
4085
|
+
/**
|
4086
|
+
* @since v15.0.0
|
4087
|
+
*/
|
4088
|
+
interface CryptoKey {
|
4089
|
+
/**
|
4090
|
+
* An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters.
|
4091
|
+
* @since v15.0.0
|
4092
|
+
*/
|
4093
|
+
readonly algorithm: KeyAlgorithm;
|
4094
|
+
/**
|
4095
|
+
* When `true`, the {@link CryptoKey} can be extracted using either `subtleCrypto.exportKey()` or `subtleCrypto.wrapKey()`.
|
4096
|
+
* @since v15.0.0
|
4097
|
+
*/
|
4098
|
+
readonly extractable: boolean;
|
4099
|
+
/**
|
4100
|
+
* A string identifying whether the key is a symmetric (`'secret'`) or asymmetric (`'private'` or `'public'`) key.
|
4101
|
+
* @since v15.0.0
|
4102
|
+
*/
|
4103
|
+
readonly type: KeyType;
|
4104
|
+
/**
|
4105
|
+
* An array of strings identifying the operations for which the key may be used.
|
4106
|
+
*
|
4107
|
+
* The possible usages are:
|
4108
|
+
* - `'encrypt'` - The key may be used to encrypt data.
|
4109
|
+
* - `'decrypt'` - The key may be used to decrypt data.
|
4110
|
+
* - `'sign'` - The key may be used to generate digital signatures.
|
4111
|
+
* - `'verify'` - The key may be used to verify digital signatures.
|
4112
|
+
* - `'deriveKey'` - The key may be used to derive a new key.
|
4113
|
+
* - `'deriveBits'` - The key may be used to derive bits.
|
4114
|
+
* - `'wrapKey'` - The key may be used to wrap another key.
|
4115
|
+
* - `'unwrapKey'` - The key may be used to unwrap another key.
|
4116
|
+
*
|
4117
|
+
* Valid key usages depend on the key algorithm (identified by `cryptokey.algorithm.name`).
|
4118
|
+
* @since v15.0.0
|
4119
|
+
*/
|
4120
|
+
readonly usages: KeyUsage[];
|
4121
|
+
}
|
4122
|
+
/**
|
4123
|
+
* The `CryptoKeyPair` is a simple dictionary object with `publicKey` and `privateKey` properties, representing an asymmetric key pair.
|
4124
|
+
* @since v15.0.0
|
4125
|
+
*/
|
4126
|
+
interface CryptoKeyPair {
|
4127
|
+
/**
|
4128
|
+
* A {@link CryptoKey} whose type will be `'private'`.
|
4129
|
+
* @since v15.0.0
|
4130
|
+
*/
|
4131
|
+
privateKey: CryptoKey;
|
4132
|
+
/**
|
4133
|
+
* A {@link CryptoKey} whose type will be `'public'`.
|
4134
|
+
* @since v15.0.0
|
4135
|
+
*/
|
4136
|
+
publicKey: CryptoKey;
|
4137
|
+
}
|
4138
|
+
/**
|
4139
|
+
* @since v15.0.0
|
4140
|
+
*/
|
4141
|
+
interface SubtleCrypto {
|
4142
|
+
/**
|
4143
|
+
* Using the method and parameters specified in `algorithm` and the keying material provided by `key`,
|
4144
|
+
* `subtle.decrypt()` attempts to decipher the provided `data`. If successful,
|
4145
|
+
* the returned promise will be resolved with an `<ArrayBuffer>` containing the plaintext result.
|
4146
|
+
*
|
4147
|
+
* The algorithms currently supported include:
|
4148
|
+
*
|
4149
|
+
* - `'RSA-OAEP'`
|
4150
|
+
* - `'AES-CTR'`
|
4151
|
+
* - `'AES-CBC'`
|
4152
|
+
* - `'AES-GCM'`
|
4153
|
+
* @since v15.0.0
|
4154
|
+
*/
|
4155
|
+
decrypt(
|
4156
|
+
algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
|
4157
|
+
key: CryptoKey,
|
4158
|
+
data: BufferSource,
|
4159
|
+
): Promise<ArrayBuffer>;
|
4160
|
+
/**
|
4161
|
+
* Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`,
|
4162
|
+
* `subtle.deriveBits()` attempts to generate `length` bits.
|
4163
|
+
* The Node.js implementation requires that when `length` is a number it must be multiple of `8`.
|
4164
|
+
* When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed
|
4165
|
+
* for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms.
|
4166
|
+
* If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the generated data.
|
4167
|
+
*
|
4168
|
+
* The algorithms currently supported include:
|
4169
|
+
*
|
4170
|
+
* - `'ECDH'`
|
4171
|
+
* - `'X25519'`
|
4172
|
+
* - `'X448'`
|
4173
|
+
* - `'HKDF'`
|
4174
|
+
* - `'PBKDF2'`
|
4175
|
+
* @since v15.0.0
|
4176
|
+
*/
|
4177
|
+
deriveBits(algorithm: EcdhKeyDeriveParams, baseKey: CryptoKey, length: number | null): Promise<ArrayBuffer>;
|
4178
|
+
deriveBits(
|
4179
|
+
algorithm: AlgorithmIdentifier | HkdfParams | Pbkdf2Params,
|
4180
|
+
baseKey: CryptoKey,
|
4181
|
+
length: number,
|
4182
|
+
): Promise<ArrayBuffer>;
|
4183
|
+
/**
|
4184
|
+
* Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`,
|
4185
|
+
* `subtle.deriveKey()` attempts to generate a new <CryptoKey>` based on the method and parameters in `derivedKeyAlgorithm`.
|
4186
|
+
*
|
4187
|
+
* Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material,
|
4188
|
+
* then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input.
|
4189
|
+
*
|
4190
|
+
* The algorithms currently supported include:
|
4191
|
+
*
|
4192
|
+
* - `'ECDH'`
|
4193
|
+
* - `'X25519'`
|
4194
|
+
* - `'X448'`
|
4195
|
+
* - `'HKDF'`
|
4196
|
+
* - `'PBKDF2'`
|
4197
|
+
* @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
|
4198
|
+
* @since v15.0.0
|
4199
|
+
*/
|
4200
|
+
deriveKey(
|
4201
|
+
algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
|
4202
|
+
baseKey: CryptoKey,
|
4203
|
+
derivedKeyAlgorithm:
|
4204
|
+
| AlgorithmIdentifier
|
4205
|
+
| AesDerivedKeyParams
|
4206
|
+
| HmacImportParams
|
4207
|
+
| HkdfParams
|
4208
|
+
| Pbkdf2Params,
|
4209
|
+
extractable: boolean,
|
4210
|
+
keyUsages: readonly KeyUsage[],
|
4211
|
+
): Promise<CryptoKey>;
|
4212
|
+
/**
|
4213
|
+
* Using the method identified by `algorithm`, `subtle.digest()` attempts to generate a digest of `data`.
|
4214
|
+
* If successful, the returned promise is resolved with an `<ArrayBuffer>` containing the computed digest.
|
4215
|
+
*
|
4216
|
+
* If `algorithm` is provided as a `<string>`, it must be one of:
|
4217
|
+
*
|
4218
|
+
* - `'SHA-1'`
|
4219
|
+
* - `'SHA-256'`
|
4220
|
+
* - `'SHA-384'`
|
4221
|
+
* - `'SHA-512'`
|
4222
|
+
*
|
4223
|
+
* If `algorithm` is provided as an `<Object>`, it must have a `name` property whose value is one of the above.
|
4224
|
+
* @since v15.0.0
|
4225
|
+
*/
|
4226
|
+
digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
|
4227
|
+
/**
|
4228
|
+
* Using the method and parameters specified by `algorithm` and the keying material provided by `key`,
|
4229
|
+
* `subtle.encrypt()` attempts to encipher `data`. If successful,
|
4230
|
+
* the returned promise is resolved with an `<ArrayBuffer>` containing the encrypted result.
|
4231
|
+
*
|
4232
|
+
* The algorithms currently supported include:
|
4233
|
+
*
|
4234
|
+
* - `'RSA-OAEP'`
|
4235
|
+
* - `'AES-CTR'`
|
4236
|
+
* - `'AES-CBC'`
|
4237
|
+
* - `'AES-GCM'`
|
4238
|
+
* @since v15.0.0
|
4239
|
+
*/
|
4240
|
+
encrypt(
|
4241
|
+
algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
|
4242
|
+
key: CryptoKey,
|
4243
|
+
data: BufferSource,
|
4244
|
+
): Promise<ArrayBuffer>;
|
4245
|
+
/**
|
4246
|
+
* Exports the given key into the specified format, if supported.
|
4247
|
+
*
|
4248
|
+
* If the `<CryptoKey>` is not extractable, the returned promise will reject.
|
4249
|
+
*
|
4250
|
+
* When `format` is either `'pkcs8'` or `'spki'` and the export is successful,
|
4251
|
+
* the returned promise will be resolved with an `<ArrayBuffer>` containing the exported key data.
|
4252
|
+
*
|
4253
|
+
* When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a
|
4254
|
+
* JavaScript object conforming to the {@link https://tools.ietf.org/html/rfc7517 JSON Web Key} specification.
|
4255
|
+
* @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
|
4256
|
+
* @returns `<Promise>` containing `<ArrayBuffer>`.
|
4257
|
+
* @since v15.0.0
|
4258
|
+
*/
|
4259
|
+
exportKey(format: "jwk", key: CryptoKey): Promise<JsonWebKey>;
|
4260
|
+
exportKey(format: Exclude<KeyFormat, "jwk">, key: CryptoKey): Promise<ArrayBuffer>;
|
4261
|
+
/**
|
4262
|
+
* Using the method and parameters provided in `algorithm`,
|
4263
|
+
* `subtle.generateKey()` attempts to generate new keying material.
|
4264
|
+
* Depending the method used, the method may generate either a single `<CryptoKey>` or a `<CryptoKeyPair>`.
|
4265
|
+
*
|
4266
|
+
* The `<CryptoKeyPair>` (public and private key) generating algorithms supported include:
|
4267
|
+
*
|
4268
|
+
* - `'RSASSA-PKCS1-v1_5'`
|
4269
|
+
* - `'RSA-PSS'`
|
4270
|
+
* - `'RSA-OAEP'`
|
4271
|
+
* - `'ECDSA'`
|
4272
|
+
* - `'Ed25519'`
|
4273
|
+
* - `'Ed448'`
|
4274
|
+
* - `'ECDH'`
|
4275
|
+
* - `'X25519'`
|
4276
|
+
* - `'X448'`
|
4277
|
+
* The `<CryptoKey>` (secret key) generating algorithms supported include:
|
4278
|
+
*
|
4279
|
+
* - `'HMAC'`
|
4280
|
+
* - `'AES-CTR'`
|
4281
|
+
* - `'AES-CBC'`
|
4282
|
+
* - `'AES-GCM'`
|
4283
|
+
* - `'AES-KW'`
|
4284
|
+
* @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
|
4285
|
+
* @since v15.0.0
|
4286
|
+
*/
|
4287
|
+
generateKey(
|
4288
|
+
algorithm: RsaHashedKeyGenParams | EcKeyGenParams,
|
4289
|
+
extractable: boolean,
|
4290
|
+
keyUsages: readonly KeyUsage[],
|
4291
|
+
): Promise<CryptoKeyPair>;
|
4292
|
+
generateKey(
|
4293
|
+
algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params,
|
4294
|
+
extractable: boolean,
|
4295
|
+
keyUsages: readonly KeyUsage[],
|
4296
|
+
): Promise<CryptoKey>;
|
4297
|
+
generateKey(
|
4298
|
+
algorithm: AlgorithmIdentifier,
|
4299
|
+
extractable: boolean,
|
4300
|
+
keyUsages: KeyUsage[],
|
4301
|
+
): Promise<CryptoKeyPair | CryptoKey>;
|
4302
|
+
/**
|
4303
|
+
* The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format`
|
4304
|
+
* to create a `<CryptoKey>` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments.
|
4305
|
+
* If the import is successful, the returned promise will be resolved with the created `<CryptoKey>`.
|
4306
|
+
*
|
4307
|
+
* If importing a `'PBKDF2'` key, `extractable` must be `false`.
|
4308
|
+
* @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
|
4309
|
+
* @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
|
4310
|
+
* @since v15.0.0
|
4311
|
+
*/
|
4312
|
+
importKey(
|
4313
|
+
format: "jwk",
|
4314
|
+
keyData: JsonWebKey,
|
4315
|
+
algorithm:
|
4316
|
+
| AlgorithmIdentifier
|
4317
|
+
| RsaHashedImportParams
|
4318
|
+
| EcKeyImportParams
|
4319
|
+
| HmacImportParams
|
4320
|
+
| AesKeyAlgorithm,
|
4321
|
+
extractable: boolean,
|
4322
|
+
keyUsages: readonly KeyUsage[],
|
4323
|
+
): Promise<CryptoKey>;
|
4324
|
+
importKey(
|
4325
|
+
format: Exclude<KeyFormat, "jwk">,
|
4326
|
+
keyData: BufferSource,
|
4327
|
+
algorithm:
|
4328
|
+
| AlgorithmIdentifier
|
4329
|
+
| RsaHashedImportParams
|
4330
|
+
| EcKeyImportParams
|
4331
|
+
| HmacImportParams
|
4332
|
+
| AesKeyAlgorithm,
|
4333
|
+
extractable: boolean,
|
4334
|
+
keyUsages: KeyUsage[],
|
4335
|
+
): Promise<CryptoKey>;
|
4336
|
+
/**
|
4337
|
+
* Using the method and parameters given by `algorithm` and the keying material provided by `key`,
|
4338
|
+
* `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful,
|
4339
|
+
* the returned promise is resolved with an `<ArrayBuffer>` containing the generated signature.
|
4340
|
+
*
|
4341
|
+
* The algorithms currently supported include:
|
4342
|
+
*
|
4343
|
+
* - `'RSASSA-PKCS1-v1_5'`
|
4344
|
+
* - `'RSA-PSS'`
|
4345
|
+
* - `'ECDSA'`
|
4346
|
+
* - `'Ed25519'`
|
4347
|
+
* - `'Ed448'`
|
4348
|
+
* - `'HMAC'`
|
4349
|
+
* @since v15.0.0
|
4350
|
+
*/
|
4351
|
+
sign(
|
4352
|
+
algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
|
4353
|
+
key: CryptoKey,
|
4354
|
+
data: BufferSource,
|
4355
|
+
): Promise<ArrayBuffer>;
|
4356
|
+
/**
|
4357
|
+
* In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
|
4358
|
+
* The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `<CryptoKey>` instance.
|
4359
|
+
* It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input)
|
4360
|
+
* then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs.
|
4361
|
+
* If successful, the returned promise is resolved with a `<CryptoKey>` object.
|
4362
|
+
*
|
4363
|
+
* The wrapping algorithms currently supported include:
|
4364
|
+
*
|
4365
|
+
* - `'RSA-OAEP'`
|
4366
|
+
* - `'AES-CTR'`
|
4367
|
+
* - `'AES-CBC'`
|
4368
|
+
* - `'AES-GCM'`
|
4369
|
+
* - `'AES-KW'`
|
4370
|
+
*
|
4371
|
+
* The unwrapped key algorithms supported include:
|
4372
|
+
*
|
4373
|
+
* - `'RSASSA-PKCS1-v1_5'`
|
4374
|
+
* - `'RSA-PSS'`
|
4375
|
+
* - `'RSA-OAEP'`
|
4376
|
+
* - `'ECDSA'`
|
4377
|
+
* - `'Ed25519'`
|
4378
|
+
* - `'Ed448'`
|
4379
|
+
* - `'ECDH'`
|
4380
|
+
* - `'X25519'`
|
4381
|
+
* - `'X448'`
|
4382
|
+
* - `'HMAC'`
|
4383
|
+
* - `'AES-CTR'`
|
4384
|
+
* - `'AES-CBC'`
|
4385
|
+
* - `'AES-GCM'`
|
4386
|
+
* - `'AES-KW'`
|
4387
|
+
* @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
|
4388
|
+
* @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
|
4389
|
+
* @since v15.0.0
|
4390
|
+
*/
|
4391
|
+
unwrapKey(
|
4392
|
+
format: KeyFormat,
|
4393
|
+
wrappedKey: BufferSource,
|
4394
|
+
unwrappingKey: CryptoKey,
|
4395
|
+
unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
|
4396
|
+
unwrappedKeyAlgorithm:
|
4397
|
+
| AlgorithmIdentifier
|
4398
|
+
| RsaHashedImportParams
|
4399
|
+
| EcKeyImportParams
|
4400
|
+
| HmacImportParams
|
4401
|
+
| AesKeyAlgorithm,
|
4402
|
+
extractable: boolean,
|
4403
|
+
keyUsages: KeyUsage[],
|
4404
|
+
): Promise<CryptoKey>;
|
4405
|
+
/**
|
4406
|
+
* Using the method and parameters given in `algorithm` and the keying material provided by `key`,
|
4407
|
+
* `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`.
|
4408
|
+
* The returned promise is resolved with either `true` or `false`.
|
4409
|
+
*
|
4410
|
+
* The algorithms currently supported include:
|
4411
|
+
*
|
4412
|
+
* - `'RSASSA-PKCS1-v1_5'`
|
4413
|
+
* - `'RSA-PSS'`
|
4414
|
+
* - `'ECDSA'`
|
4415
|
+
* - `'Ed25519'`
|
4416
|
+
* - `'Ed448'`
|
4417
|
+
* - `'HMAC'`
|
4418
|
+
* @since v15.0.0
|
4419
|
+
*/
|
4420
|
+
verify(
|
4421
|
+
algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
|
4422
|
+
key: CryptoKey,
|
4423
|
+
signature: BufferSource,
|
4424
|
+
data: BufferSource,
|
4425
|
+
): Promise<boolean>;
|
4426
|
+
/**
|
4427
|
+
* In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
|
4428
|
+
* The `subtle.wrapKey()` method exports the keying material into the format identified by `format`,
|
4429
|
+
* then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`.
|
4430
|
+
* It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments,
|
4431
|
+
* then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs.
|
4432
|
+
* If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the encrypted key data.
|
4433
|
+
*
|
4434
|
+
* The wrapping algorithms currently supported include:
|
4435
|
+
*
|
4436
|
+
* - `'RSA-OAEP'`
|
4437
|
+
* - `'AES-CTR'`
|
4438
|
+
* - `'AES-CBC'`
|
4439
|
+
* - `'AES-GCM'`
|
4440
|
+
* - `'AES-KW'`
|
4441
|
+
* @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
|
4442
|
+
* @since v15.0.0
|
4443
|
+
*/
|
4444
|
+
wrapKey(
|
4445
|
+
format: KeyFormat,
|
4446
|
+
key: CryptoKey,
|
4447
|
+
wrappingKey: CryptoKey,
|
4448
|
+
wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
|
4449
|
+
): Promise<ArrayBuffer>;
|
4450
|
+
}
|
4451
|
+
}
|
4452
|
+
}
|
4453
|
+
declare module "node:crypto" {
|
4454
|
+
export * from "crypto";
|
4455
|
+
}
|