omegon 0.8.3 → 0.9.0

package/node_modules/@types/node/crypto.d.ts

@@ -14,9 +14,9 @@
  * // Prints:
  * //   c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
  * ```
- * @see [source](https://github.com/nodejs/node/blob/v25.x/lib/crypto.js)
+ * @see [source](https://github.com/nodejs/node/blob/v22.x/lib/crypto.js)
  */
-declare module "node:crypto" {
+declare module "crypto" {
     import { NonSharedBuffer } from "node:buffer";
     import * as stream from "node:stream";
     import { PeerCertificate } from "node:tls";
@@ -97,7 +97,7 @@ declare module "node:crypto" {
         verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
     }
     namespace constants {
-        // https://nodejs.org/dist/latest-v25.x/docs/api/crypto.html#crypto-constants
+        // https://nodejs.org/dist/latest-v22.x/docs/api/crypto.html#crypto-constants
         const OPENSSL_VERSION_NUMBER: number;
         /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
         const SSL_OP_ALL: number;
@@ -471,6 +471,7 @@ declare module "node:crypto" {
      * //   7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
      * ```
      * @since v0.1.94
+     * @deprecated Since v20.13.0 Calling `Hmac` class directly with `Hmac()` or `new Hmac()` is deprecated due to being internals, not intended for public use. Please use the {@link createHmac} method to create Hmac instances.
      */
     class Hmac extends stream.Transform {
         private constructor();
@@ -499,66 +500,32 @@ declare module "node:crypto" {
         digest(): NonSharedBuffer;
         digest(encoding: BinaryToTextEncoding): string;
     }
-    type KeyFormat = "pem" | "der" | "jwk";
     type KeyObjectType = "secret" | "public" | "private";
-    type PublicKeyExportType = "pkcs1" | "spki";
-    type PrivateKeyExportType = "pkcs1" | "pkcs8" | "sec1";
-    type KeyExportOptions =
-        | SymmetricKeyExportOptions
-        | PublicKeyExportOptions
-        | PrivateKeyExportOptions
-        | JwkKeyExportOptions;
-    interface SymmetricKeyExportOptions {
-        format?: "buffer" | undefined;
-    }
-    interface PublicKeyExportOptions<T extends PublicKeyExportType = PublicKeyExportType> {
-        type: T;
-        format: Exclude<KeyFormat, "jwk">;
-    }
-    interface PrivateKeyExportOptions<T extends PrivateKeyExportType = PrivateKeyExportType> {
-        type: T;
-        format: Exclude<KeyFormat, "jwk">;
+    interface KeyExportOptions<T extends KeyFormat> {
+        type: "pkcs1" | "spki" | "pkcs8" | "sec1";
+        format: T;
         cipher?: string | undefined;
         passphrase?: string | Buffer | undefined;
     }
     interface JwkKeyExportOptions {
         format: "jwk";
     }
-    interface KeyPairExportOptions<
-        TPublic extends PublicKeyExportType = PublicKeyExportType,
-        TPrivate extends PrivateKeyExportType = PrivateKeyExportType,
-    > {
-        publicKeyEncoding?: PublicKeyExportOptions<TPublic> | JwkKeyExportOptions | undefined;
-        privateKeyEncoding?: PrivateKeyExportOptions<TPrivate> | JwkKeyExportOptions | undefined;
-    }
-    type KeyExportResult<T, Default> = T extends { format: infer F extends KeyFormat }
-        ? { der: NonSharedBuffer; jwk: webcrypto.JsonWebKey; pem: string }[F]
-        : Default;
-    interface KeyPairExportResult<T extends KeyPairExportOptions> {
-        publicKey: KeyExportResult<T["publicKeyEncoding"], KeyObject>;
-        privateKey: KeyExportResult<T["privateKeyEncoding"], KeyObject>;
-    }
-    type KeyPairExportCallback<T extends KeyPairExportOptions> = (
-        err: Error | null,
-        publicKey: KeyExportResult<T["publicKeyEncoding"], KeyObject>,
-        privateKey: KeyExportResult<T["privateKeyEncoding"], KeyObject>,
-    ) => void;
-    type MLDSAKeyType = `ml-dsa-${44 | 65 | 87}`;
-    type MLKEMKeyType = `ml-kem-${1024 | 512 | 768}`;
-    type SLHDSAKeyType = `slh-dsa-${"sha2" | "shake"}-${128 | 192 | 256}${"f" | "s"}`;
-    type AsymmetricKeyType =
-        | "dh"
-        | "dsa"
-        | "ec"
-        | "ed25519"
-        | "ed448"
-        | MLDSAKeyType
-        | MLKEMKeyType
-        | "rsa-pss"
-        | "rsa"
-        | SLHDSAKeyType
-        | "x25519"
-        | "x448";
+    interface JsonWebKey {
+        crv?: string;
+        d?: string;
+        dp?: string;
+        dq?: string;
+        e?: string;
+        k?: string;
+        kty?: string;
+        n?: string;
+        p?: string;
+        q?: string;
+        qi?: string;
+        x?: string;
+        y?: string;
+        [key: string]: unknown;
+    }
     interface AsymmetricKeyDetails {
         /**
          * Key size in bits (RSA, DSA).
@@ -625,14 +592,24 @@ declare module "node:crypto" {
          */
         static from(key: webcrypto.CryptoKey): KeyObject;
         /**
-         * For asymmetric keys, this property represents the type of the key. See the
-         * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
+         * For asymmetric keys, this property represents the type of the key. Supported key
+         * types are:
+         *
+         * * `'rsa'` (OID 1.2.840.113549.1.1.1)
+         * * `'rsa-pss'` (OID 1.2.840.113549.1.1.10)
+         * * `'dsa'` (OID 1.2.840.10040.4.1)
+         * * `'ec'` (OID 1.2.840.10045.2.1)
+         * * `'x25519'` (OID 1.3.101.110)
+         * * `'x448'` (OID 1.3.101.111)
+         * * `'ed25519'` (OID 1.3.101.112)
+         * * `'ed448'` (OID 1.3.101.113)
+         * * `'dh'` (OID 1.2.840.113549.1.3.1)
          *
          * This property is `undefined` for unrecognized `KeyObject` types and symmetric
          * keys.
          * @since v11.6.0
          */
-        asymmetricKeyType?: AsymmetricKeyType;
+        asymmetricKeyType?: KeyType;
         /**
          * This property exists only on asymmetric keys. Depending on the type of the key,
          * this object contains information about the key. None of the information obtained
@@ -670,7 +647,9 @@ declare module "node:crypto" {
          * PKCS#1 and SEC1 encryption.
          * @since v11.6.0
          */
-        export<T extends KeyExportOptions = {}>(options?: T): KeyExportResult<T, NonSharedBuffer>;
+        export(options: KeyExportOptions<"pem">): string | NonSharedBuffer;
+        export(options?: KeyExportOptions<"der">): NonSharedBuffer;
+        export(options?: JwkKeyExportOptions): JsonWebKey;
         /**
          * Returns `true` or `false` depending on whether the keys have exactly the same
          * type, value, and parameters. This method is not [constant time](https://en.wikipedia.org/wiki/Timing_attack).
@@ -782,9 +761,9 @@ declare module "node:crypto" {
         key: CipherKey,
         iv: BinaryLike | null,
         options?: stream.TransformOptions,
-    ): Cipheriv;
+    ): Cipher;
     /**
-     * Instances of the `Cipheriv` class are used to encrypt data. The class can be
+     * Instances of the `Cipher` class are used to encrypt data. The class can be
      * used in one of two ways:
      *
      * * As a `stream` that is both readable and writable, where plain unencrypted
@@ -793,10 +772,10 @@ declare module "node:crypto" {
      * the encrypted data.
      *
      * The {@link createCipheriv} method is
-     * used to create `Cipheriv` instances. `Cipheriv` objects are not to be created
+     * used to create `Cipher` instances. `Cipher` objects are not to be created
      * directly using the `new` keyword.
      *
-     * Example: Using `Cipheriv` objects as streams:
+     * Example: Using `Cipher` objects as streams:
      *
      * ```js
      * const {
@@ -831,7 +810,7 @@ declare module "node:crypto" {
      * });
      * ```
      *
-     * Example: Using `Cipheriv` and piped streams:
+     * Example: Using `Cipher` and piped streams:
      *
      * ```js
      * import {
@@ -902,7 +881,7 @@ declare module "node:crypto" {
      * ```
      * @since v0.1.94
      */
-    class Cipheriv extends stream.Transform {
+    class Cipher extends stream.Transform {
         private constructor();
         /**
          * Updates the cipher with `data`. If the `inputEncoding` argument is given,
@@ -923,7 +902,7 @@ declare module "node:crypto" {
         update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
         update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
         /**
-         * Once the `cipher.final()` method has been called, the `Cipheriv` object can no
+         * Once the `cipher.final()` method has been called, the `Cipher` object can no
          * longer be used to encrypt data. Attempts to call `cipher.final()` more than
          * once will result in an error being thrown.
          * @since v0.1.94
@@ -933,7 +912,7 @@ declare module "node:crypto" {
         final(): NonSharedBuffer;
         final(outputEncoding: BufferEncoding): string;
         /**
-         * When using block encryption algorithms, the `Cipheriv` class will automatically
+         * When using block encryption algorithms, the `Cipher` class will automatically
          * add padding to the input data to the appropriate block size. To disable the
          * default padding call `cipher.setAutoPadding(false)`.
          *
@@ -949,7 +928,7 @@ declare module "node:crypto" {
          */
         setAutoPadding(autoPadding?: boolean): this;
     }
-    interface CipherCCM extends Cipheriv {
+    interface CipherCCM extends Cipher {
         setAAD(
             buffer: NodeJS.ArrayBufferView,
             options: {
@@ -958,7 +937,7 @@ declare module "node:crypto" {
         ): this;
         getAuthTag(): NonSharedBuffer;
     }
-    interface CipherGCM extends Cipheriv {
+    interface CipherGCM extends Cipher {
         setAAD(
             buffer: NodeJS.ArrayBufferView,
             options?: {
@@ -967,7 +946,7 @@ declare module "node:crypto" {
         ): this;
         getAuthTag(): NonSharedBuffer;
     }
-    interface CipherOCB extends Cipheriv {
+    interface CipherOCB extends Cipher {
         setAAD(
             buffer: NodeJS.ArrayBufferView,
             options?: {
@@ -976,7 +955,7 @@ declare module "node:crypto" {
         ): this;
         getAuthTag(): NonSharedBuffer;
     }
-    interface CipherChaCha20Poly1305 extends Cipheriv {
+    interface CipherChaCha20Poly1305 extends Cipher {
         setAAD(
             buffer: NodeJS.ArrayBufferView,
             options: {
@@ -986,7 +965,7 @@ declare module "node:crypto" {
         getAuthTag(): NonSharedBuffer;
     }
     /**
-     * Creates and returns a `Decipheriv` object that uses the given `algorithm`, `key` and initialization vector (`iv`).
+     * Creates and returns a `Decipher` object that uses the given `algorithm`, `key` and initialization vector (`iv`).
      *
      * The `options` argument controls stream behavior and is optional except when a
      * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the
@@ -1043,9 +1022,9 @@ declare module "node:crypto" {
         key: CipherKey,
         iv: BinaryLike | null,
         options?: stream.TransformOptions,
-    ): Decipheriv;
+    ): Decipher;
     /**
-     * Instances of the `Decipheriv` class are used to decrypt data. The class can be
+     * Instances of the `Decipher` class are used to decrypt data. The class can be
      * used in one of two ways:
      *
      * * As a `stream` that is both readable and writable, where plain encrypted
@@ -1054,10 +1033,10 @@ declare module "node:crypto" {
      * produce the unencrypted data.
      *
      * The {@link createDecipheriv} method is
-     * used to create `Decipheriv` instances. `Decipheriv` objects are not to be created
+     * used to create `Decipher` instances. `Decipher` objects are not to be created
      * directly using the `new` keyword.
      *
-     * Example: Using `Decipheriv` objects as streams:
+     * Example: Using `Decipher` objects as streams:
      *
      * ```js
      * import { Buffer } from 'node:buffer';
@@ -1096,7 +1075,7 @@ declare module "node:crypto" {
      * decipher.end();
      * ```
      *
-     * Example: Using `Decipheriv` and piped streams:
+     * Example: Using `Decipher` and piped streams:
      *
      * ```js
      * import {
@@ -1152,7 +1131,7 @@ declare module "node:crypto" {
      * ```
      * @since v0.1.94
      */
-    class Decipheriv extends stream.Transform {
+    class Decipher extends stream.Transform {
         private constructor();
         /**
          * Updates the decipher with `data`. If the `inputEncoding` argument is given,
@@ -1173,7 +1152,7 @@ declare module "node:crypto" {
         update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
         update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
         /**
-         * Once the `decipher.final()` method has been called, the `Decipheriv` object can
+         * Once the `decipher.final()` method has been called, the `Decipher` object can
          * no longer be used to decrypt data. Attempts to call `decipher.final()` more
          * than once will result in an error being thrown.
          * @since v0.1.94
@@ -1196,7 +1175,7 @@ declare module "node:crypto" {
          */
         setAutoPadding(auto_padding?: boolean): this;
     }
-    interface DecipherCCM extends Decipheriv {
+    interface DecipherCCM extends Decipher {
         setAuthTag(buffer: NodeJS.ArrayBufferView): this;
         setAAD(
             buffer: NodeJS.ArrayBufferView,
@@ -1205,7 +1184,7 @@ declare module "node:crypto" {
             },
         ): this;
     }
-    interface DecipherGCM extends Decipheriv {
+    interface DecipherGCM extends Decipher {
         setAuthTag(buffer: NodeJS.ArrayBufferView): this;
         setAAD(
             buffer: NodeJS.ArrayBufferView,
@@ -1214,7 +1193,7 @@ declare module "node:crypto" {
             },
         ): this;
     }
-    interface DecipherOCB extends Decipheriv {
+    interface DecipherOCB extends Decipher {
         setAuthTag(buffer: NodeJS.ArrayBufferView): this;
         setAAD(
             buffer: NodeJS.ArrayBufferView,
@@ -1223,7 +1202,7 @@ declare module "node:crypto" {
             },
         ): this;
     }
-    interface DecipherChaCha20Poly1305 extends Decipheriv {
+    interface DecipherChaCha20Poly1305 extends Decipher {
         setAuthTag(buffer: NodeJS.ArrayBufferView): this;
         setAAD(
             buffer: NodeJS.ArrayBufferView,
@@ -1235,14 +1214,14 @@ declare module "node:crypto" {
     interface PrivateKeyInput {
         key: string | Buffer;
         format?: KeyFormat | undefined;
-        type?: PrivateKeyExportType | undefined;
+        type?: "pkcs1" | "pkcs8" | "sec1" | undefined;
         passphrase?: string | Buffer | undefined;
         encoding?: string | undefined;
     }
     interface PublicKeyInput {
         key: string | Buffer;
         format?: KeyFormat | undefined;
-        type?: PublicKeyExportType | undefined;
+        type?: "pkcs1" | "spki" | undefined;
         encoding?: string | undefined;
     }
     /**
@@ -1295,7 +1274,7 @@ declare module "node:crypto" {
         },
     ): KeyObject;
     interface JsonWebKeyInput {
-        key: webcrypto.JsonWebKey;
+        key: JsonWebKey;
         format: "jwk";
     }
     /**
@@ -1342,7 +1321,6 @@ declare module "node:crypto" {
      * @since v0.1.92
      * @param options `stream.Writable` options
      */
-    // TODO: signing algorithm type
     function createSign(algorithm: string, options?: stream.WritableOptions): Sign;
     type DSAEncoding = "der" | "ieee-p1363";
     interface SigningOptions {
@@ -1352,7 +1330,6 @@ declare module "node:crypto" {
         padding?: number | undefined;
         saltLength?: number | undefined;
         dsaEncoding?: DSAEncoding | undefined;
-        context?: ArrayBuffer | NodeJS.ArrayBufferView | undefined;
     }
     interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
     interface SignKeyObjectInput extends SigningOptions {
@@ -2499,27 +2476,66 @@ declare module "node:crypto" {
      * @since v6.6.0
      */
     function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
-    interface DHKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {
+    type KeyType = "rsa" | "rsa-pss" | "dsa" | "ec" | "ed25519" | "ed448" | "x25519" | "x448";
+    type KeyFormat = "pem" | "der" | "jwk";
+    interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
+        format: T;
+        cipher?: string | undefined;
+        passphrase?: string | undefined;
+    }
+    interface KeyPairKeyObjectResult {
+        publicKey: KeyObject;
+        privateKey: KeyObject;
+    }
+    interface ED25519KeyPairKeyObjectOptions {}
+    interface ED448KeyPairKeyObjectOptions {}
+    interface X25519KeyPairKeyObjectOptions {}
+    interface X448KeyPairKeyObjectOptions {}
+    interface ECKeyPairKeyObjectOptions {
+        /**
+         * Name of the curve to use
+         */
+        namedCurve: string;
+        /**
+         * Must be `'named'` or `'explicit'`. Default: `'named'`.
+         */
+        paramEncoding?: "explicit" | "named" | undefined;
+    }
+    interface RSAKeyPairKeyObjectOptions {
+        /**
+         * Key size in bits
+         */
+        modulusLength: number;
         /**
-         * The prime parameter
+         * Public exponent
+         * @default 0x10001
          */
-        prime?: Buffer | undefined;
+        publicExponent?: number | undefined;
+    }
+    interface RSAPSSKeyPairKeyObjectOptions {
         /**
-         * Prime length in bits
+         * Key size in bits
          */
-        primeLength?: number | undefined;
+        modulusLength: number;
         /**
-         * Custom generator
-         * @default 2
+         * Public exponent
+         * @default 0x10001
          */
-        generator?: number | undefined;
+        publicExponent?: number | undefined;
         /**
-         * Diffie-Hellman group name
-         * @see {@link getDiffieHellman}
+         * Name of the message digest
          */
-        groupName?: string | undefined;
+        hashAlgorithm?: string | undefined;
+        /**
+         * Name of the message digest used by MGF1
+         */
+        mgf1HashAlgorithm?: string | undefined;
+        /**
+         * Minimal salt length in bytes
+         */
+        saltLength?: string | undefined;
     }
-    interface DSAKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {
+    interface DSAKeyPairKeyObjectOptions {
         /**
          * Key size in bits
          */
@@ -2529,22 +2545,25 @@ declare module "node:crypto" {
          */
         divisorLength: number;
     }
-    interface ECKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8" | "sec1"> {
+    interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
         /**
-         * Name of the curve to use
+         * Key size in bits
          */
-        namedCurve: string;
+        modulusLength: number;
         /**
-         * Must be `'named'` or `'explicit'`
-         * @default 'named'
+         * Public exponent
+         * @default 0x10001
          */
-        paramEncoding?: "explicit" | "named" | undefined;
+        publicExponent?: number | undefined;
+        publicKeyEncoding: {
+            type: "pkcs1" | "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs1" | "pkcs8";
+        };
     }
-    interface ED25519KeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
-    interface ED448KeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
-    interface MLDSAKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
-    interface MLKEMKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
-    interface RSAPSSKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {
+    interface RSAPSSKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
         /**
          * Key size in bits
          */
@@ -2566,24 +2585,83 @@ declare module "node:crypto" {
          * Minimal salt length in bytes
          */
         saltLength?: string | undefined;
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
     }
-    interface RSAKeyPairOptions extends KeyPairExportOptions<"pkcs1" | "spki", "pkcs1" | "pkcs8"> {
+    interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
         /**
          * Key size in bits
          */
         modulusLength: number;
         /**
-         * Public exponent
-         * @default 0x10001
+         * Size of q in bits
          */
-        publicExponent?: number | undefined;
+        divisorLength: number;
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
+    interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> extends ECKeyPairKeyObjectOptions {
+        publicKeyEncoding: {
+            type: "pkcs1" | "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "sec1" | "pkcs8";
+        };
+    }
+    interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
+    interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
+    interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
+    interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
+        publicKeyEncoding: {
+            type: "spki";
+            format: PubF;
+        };
+        privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
+            type: "pkcs8";
+        };
+    }
+    interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
+        publicKey: T1;
+        privateKey: T2;
     }
-    interface SLHDSAKeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
-    interface X25519KeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
-    interface X448KeyPairOptions extends KeyPairExportOptions<"spki", "pkcs8"> {}
     /**
-     * Generates a new asymmetric key pair of the given `type`. See the
-     * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
+     * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
+     * Ed25519, Ed448, X25519, X448, and DH are currently supported.
      *
      * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
      * behaves as if `keyObject.export()` had been called on its result. Otherwise,
@@ -2620,60 +2698,147 @@ declare module "node:crypto" {
      * When PEM encoding was selected, the respective key will be a string, otherwise
      * it will be a buffer containing the data encoded as DER.
      * @since v10.12.0
-     * @param type The asymmetric key type to generate. See the
-     * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
-     */
-    function generateKeyPairSync<T extends DHKeyPairOptions>(
-        type: "dh",
-        options: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends DSAKeyPairOptions>(
+     * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
+     */
+    function generateKeyPairSync(
+        type: "rsa",
+        options: RSAKeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "rsa",
+        options: RSAKeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "rsa",
+        options: RSAKeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "rsa",
+        options: RSAKeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "rsa", options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "rsa-pss", options: RSAPSSKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type: "dsa",
+        options: DSAKeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "dsa",
+        options: DSAKeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
         type: "dsa",
-        options: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends ECKeyPairOptions>(
+        options: DSAKeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "dsa",
+        options: DSAKeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "dsa", options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type: "ec",
+        options: ECKeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
         type: "ec",
-        options: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends ED25519KeyPairOptions = {}>(
+        options: ECKeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "ec",
+        options: ECKeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "ec",
+        options: ECKeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "ec", options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type: "ed25519",
+        options: ED25519KeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "ed25519",
+        options: ED25519KeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "ed25519",
+        options: ED25519KeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
         type: "ed25519",
-        options?: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends ED448KeyPairOptions = {}>(
+        options: ED25519KeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "ed25519", options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
         type: "ed448",
-        options?: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends MLDSAKeyPairOptions = {}>(
-        type: MLDSAKeyType,
-        options?: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends MLKEMKeyPairOptions = {}>(
-        type: MLKEMKeyType,
-        options?: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends RSAPSSKeyPairOptions>(
-        type: "rsa-pss",
-        options: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends RSAKeyPairOptions>(
-        type: "rsa",
-        options: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends SLHDSAKeyPairOptions = {}>(
-        type: SLHDSAKeyType,
-        options?: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends X25519KeyPairOptions = {}>(
+        options: ED448KeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "ed448",
+        options: ED448KeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "ed448",
+        options: ED448KeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "ed448",
+        options: ED448KeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "ed448", options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
         type: "x25519",
-        options?: T,
-    ): KeyPairExportResult<T>;
-    function generateKeyPairSync<T extends X448KeyPairOptions = {}>(
+        options: X25519KeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "x25519",
+        options: X25519KeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "x25519",
+        options: X25519KeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
+        type: "x25519",
+        options: X25519KeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "x25519", options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
+    function generateKeyPairSync(
+        type: "x448",
+        options: X448KeyPairOptions<"pem", "pem">,
+    ): KeyPairSyncResult<string, string>;
+    function generateKeyPairSync(
+        type: "x448",
+        options: X448KeyPairOptions<"pem", "der">,
+    ): KeyPairSyncResult<string, NonSharedBuffer>;
+    function generateKeyPairSync(
+        type: "x448",
+        options: X448KeyPairOptions<"der", "pem">,
+    ): KeyPairSyncResult<NonSharedBuffer, string>;
+    function generateKeyPairSync(
         type: "x448",
-        options?: T,
-    ): KeyPairExportResult<T>;
+        options: X448KeyPairOptions<"der", "der">,
+    ): KeyPairSyncResult<NonSharedBuffer, NonSharedBuffer>;
+    function generateKeyPairSync(type: "x448", options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
     /**
-     * Generates a new asymmetric key pair of the given `type`. See the
-     * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
+     * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
+     * Ed25519, Ed448, X25519, X448, and DH are currently supported.
      *
      * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
      * behaves as if `keyObject.export()` had been called on its result. Otherwise,
@@ -2708,126 +2873,455 @@ declare module "node:crypto" {
      * If this method is invoked as its `util.promisify()` ed version, it returns
      * a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
      * @since v10.12.0
-     * @param type The asymmetric key type to generate. See the
-     * supported [asymmetric key types](https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types).
+     * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
      */
-    function generateKeyPair<T extends DHKeyPairOptions>(
-        type: "dh",
-        options: T,
-        callback: KeyPairExportCallback<T>,
+    function generateKeyPair(
+        type: "rsa",
+        options: RSAKeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa",
+        options: RSAKeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa",
+        options: RSAKeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa",
+        options: RSAKeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa",
+        options: RSAKeyPairKeyObjectOptions,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
-    function generateKeyPair<T extends DSAKeyPairOptions>(
+    function generateKeyPair(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "rsa-pss",
+        options: RSAPSSKeyPairKeyObjectOptions,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
+    function generateKeyPair(
+        type: "dsa",
+        options: DSAKeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "dsa",
+        options: DSAKeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "dsa",
+        options: DSAKeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
         type: "dsa",
-        options: T,
-        callback: KeyPairExportCallback<T>,
+        options: DSAKeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "dsa",
+        options: DSAKeyPairKeyObjectOptions,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ec",
+        options: ECKeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ec",
+        options: ECKeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ec",
+        options: ECKeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ec",
+        options: ECKeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
-    function generateKeyPair<T extends ECKeyPairOptions>(
+    function generateKeyPair(
         type: "ec",
-        options: T,
-        callback: KeyPairExportCallback<T>,
+        options: ECKeyPairKeyObjectOptions,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
     ): void;
-    function generateKeyPair<T extends ED25519KeyPairOptions = {}>(
+    function generateKeyPair(
         type: "ed25519",
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+        options: ED25519KeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
     ): void;
-    function generateKeyPair<T extends ED448KeyPairOptions = {}>(
+    function generateKeyPair(
+        type: "ed25519",
+        options: ED25519KeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ed25519",
+        options: ED25519KeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ed25519",
+        options: ED25519KeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "ed25519",
+        options: ED25519KeyPairKeyObjectOptions | undefined,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
+    function generateKeyPair(
         type: "ed448",
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+        options: ED448KeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
     ): void;
-    function generateKeyPair<T extends MLDSAKeyPairOptions = {}>(
-        type: MLDSAKeyType,
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+    function generateKeyPair(
+        type: "ed448",
+        options: ED448KeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
     ): void;
-    function generateKeyPair<T extends MLKEMKeyPairOptions = {}>(
-        type: MLKEMKeyType,
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+    function generateKeyPair(
+        type: "ed448",
+        options: ED448KeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
     ): void;
-    function generateKeyPair<T extends RSAPSSKeyPairOptions>(
-        type: "rsa-pss",
-        options: T,
-        callback: KeyPairExportCallback<T>,
+    function generateKeyPair(
+        type: "ed448",
+        options: ED448KeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
-    function generateKeyPair<T extends RSAKeyPairOptions>(
-        type: "rsa",
-        options: T,
-        callback: KeyPairExportCallback<T>,
+    function generateKeyPair(
+        type: "ed448",
+        options: ED448KeyPairKeyObjectOptions | undefined,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x25519",
+        options: X25519KeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
     ): void;
-    function generateKeyPair<T extends SLHDSAKeyPairOptions = {}>(
-        type: SLHDSAKeyType,
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+    function generateKeyPair(
+        type: "x25519",
+        options: X25519KeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x25519",
+        options: X25519KeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x25519",
+        options: X25519KeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
     ): void;
-    function generateKeyPair<T extends X25519KeyPairOptions = {}>(
+    function generateKeyPair(
         type: "x25519",
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+        options: X25519KeyPairKeyObjectOptions | undefined,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
     ): void;
-    function generateKeyPair<T extends X448KeyPairOptions = {}>(
+    function generateKeyPair(
         type: "x448",
-        options: T | undefined,
-        callback: KeyPairExportCallback<T>,
+        options: X448KeyPairOptions<"pem", "pem">,
+        callback: (err: Error | null, publicKey: string, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x448",
+        options: X448KeyPairOptions<"pem", "der">,
+        callback: (err: Error | null, publicKey: string, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x448",
+        options: X448KeyPairOptions<"der", "pem">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: string) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x448",
+        options: X448KeyPairOptions<"der", "der">,
+        callback: (err: Error | null, publicKey: NonSharedBuffer, privateKey: NonSharedBuffer) => void,
+    ): void;
+    function generateKeyPair(
+        type: "x448",
+        options: X448KeyPairKeyObjectOptions | undefined,
+        callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
     ): void;
     namespace generateKeyPair {
-        function __promisify__<T extends DHKeyPairOptions>(
-            type: "dh",
-            options: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends DSAKeyPairOptions>(
+        function __promisify__(
+            type: "rsa",
+            options: RSAKeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "rsa",
+            options: RSAKeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "rsa",
+            options: RSAKeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "rsa",
+            options: RSAKeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(type: "rsa", options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
+            type: "rsa-pss",
+            options: RSAPSSKeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "rsa-pss",
+            options: RSAPSSKeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "rsa-pss",
+            options: RSAPSSKeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "rsa-pss",
+            options: RSAPSSKeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "rsa-pss",
+            options: RSAPSSKeyPairKeyObjectOptions,
+        ): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
+            type: "dsa",
+            options: DSAKeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "dsa",
+            options: DSAKeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "dsa",
+            options: DSAKeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
             type: "dsa",
-            options: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends ECKeyPairOptions>(
+            options: DSAKeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(type: "dsa", options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
             type: "ec",
-            options: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends ED25519KeyPairOptions = {}>(
+            options: ECKeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ec",
+            options: ECKeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "ec",
+            options: ECKeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ec",
+            options: ECKeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(type: "ec", options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
+            type: "ed25519",
+            options: ED25519KeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ed25519",
+            options: ED25519KeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "ed25519",
+            options: ED25519KeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
             type: "ed25519",
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends ED448KeyPairOptions = {}>(
+            options: ED25519KeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "ed25519",
+            options?: ED25519KeyPairKeyObjectOptions,
+        ): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
             type: "ed448",
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends MLDSAKeyPairOptions = {}>(
-            type: MLDSAKeyType,
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends MLKEMKeyPairOptions = {}>(
-            type: MLKEMKeyType,
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends RSAPSSKeyPairOptions>(
-            type: "rsa-pss",
-            options: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends RSAKeyPairOptions>(
-            type: "rsa",
-            options: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends SLHDSAKeyPairOptions = {}>(
-            type: SLHDSAKeyType,
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends X25519KeyPairOptions = {}>(
+            options: ED448KeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ed448",
+            options: ED448KeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "ed448",
+            options: ED448KeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "ed448",
+            options: ED448KeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(type: "ed448", options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
+            type: "x25519",
+            options: X25519KeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "x25519",
+            options: X25519KeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "x25519",
+            options: X25519KeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "x25519",
+            options: X25519KeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
             type: "x25519",
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
-        function __promisify__<T extends X448KeyPairOptions = {}>(
+            options?: X25519KeyPairKeyObjectOptions,
+        ): Promise<KeyPairKeyObjectResult>;
+        function __promisify__(
             type: "x448",
-            options?: T,
-        ): Promise<KeyPairExportResult<T>>;
+            options: X448KeyPairOptions<"pem", "pem">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "x448",
+            options: X448KeyPairOptions<"pem", "der">,
+        ): Promise<{
+            publicKey: string;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(
+            type: "x448",
+            options: X448KeyPairOptions<"der", "pem">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: string;
+        }>;
+        function __promisify__(
+            type: "x448",
+            options: X448KeyPairOptions<"der", "der">,
+        ): Promise<{
+            publicKey: NonSharedBuffer;
+            privateKey: NonSharedBuffer;
+        }>;
+        function __promisify__(type: "x448", options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
     }
     /**
      * Calculates and returns the signature for `data` using the given private key and
      * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
-     * dependent upon the key type.
-     *
-     * `algorithm` is required to be `null` or `undefined` for Ed25519, Ed448, and
-     * ML-DSA.
+     * dependent upon the key type (especially Ed25519 and Ed448).
      *
      * If `key` is not a `KeyObject`, this function behaves as if `key` had been
      * passed to {@link createPrivateKey}. If it is an object, the following
@@ -2848,12 +3342,8 @@ declare module "node:crypto" {
         callback: (error: Error | null, data: NonSharedBuffer) => void,
     ): void;
     /**
-     * Verifies the given signature for `data` using the given key and algorithm. If
-     * `algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
-     * key type.
-     *
-     * `algorithm` is required to be `null` or `undefined` for Ed25519, Ed448, and
-     * ML-DSA.
+     * Verifies the given signature for `data` using the given key and algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
+     * key type (especially Ed25519 and Ed448).
      *
      * If `key` is not a `KeyObject`, this function behaves as if `key` had been
      * passed to {@link createPublicKey}. If it is an object, the following
@@ -2881,102 +3371,16 @@ declare module "node:crypto" {
         callback: (error: Error | null, result: boolean) => void,
     ): void;
     /**
-     * Key decapsulation using a KEM algorithm with a private key.
-     *
-     * Supported key types and their KEM algorithms are:
-     *
-     * * `'rsa'` RSA Secret Value Encapsulation
-     * * `'ec'` DHKEM(P-256, HKDF-SHA256), DHKEM(P-384, HKDF-SHA256), DHKEM(P-521, HKDF-SHA256)
-     * * `'x25519'` DHKEM(X25519, HKDF-SHA256)
-     * * `'x448'` DHKEM(X448, HKDF-SHA512)
-     * * `'ml-kem-512'` ML-KEM
-     * * `'ml-kem-768'` ML-KEM
-     * * `'ml-kem-1024'` ML-KEM
-     *
-     * If `key` is not a {@link KeyObject}, this function behaves as if `key` had been
-     * passed to `crypto.createPrivateKey()`.
-     *
-     * If the `callback` function is provided this function uses libuv's threadpool.
-     * @since v24.7.0
-     */
-    function decapsulate(
-        key: KeyLike | PrivateKeyInput | JsonWebKeyInput,
-        ciphertext: ArrayBuffer | NodeJS.ArrayBufferView,
-    ): NonSharedBuffer;
-    function decapsulate(
-        key: KeyLike | PrivateKeyInput | JsonWebKeyInput,
-        ciphertext: ArrayBuffer | NodeJS.ArrayBufferView,
-        callback: (err: Error, sharedKey: NonSharedBuffer) => void,
-    ): void;
-    /**
-     * Computes the Diffie-Hellman shared secret based on a `privateKey` and a `publicKey`.
-     * Both keys must have the same `asymmetricKeyType` and must support either the DH or
-     * ECDH operation.
-     *
-     * If the `callback` function is provided this function uses libuv's threadpool.
+     * Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
+     * Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'` (for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
      * @since v13.9.0, v12.17.0
      */
     function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): NonSharedBuffer;
-    function diffieHellman(
-        options: { privateKey: KeyObject; publicKey: KeyObject },
-        callback: (err: Error | null, secret: NonSharedBuffer) => void,
-    ): void;
-    /**
-     * Key encapsulation using a KEM algorithm with a public key.
-     *
-     * Supported key types and their KEM algorithms are:
-     *
-     * * `'rsa'` RSA Secret Value Encapsulation
-     * * `'ec'` DHKEM(P-256, HKDF-SHA256), DHKEM(P-384, HKDF-SHA256), DHKEM(P-521, HKDF-SHA256)
-     * * `'x25519'` DHKEM(X25519, HKDF-SHA256)
-     * * `'x448'` DHKEM(X448, HKDF-SHA512)
-     * * `'ml-kem-512'` ML-KEM
-     * * `'ml-kem-768'` ML-KEM
-     * * `'ml-kem-1024'` ML-KEM
-     *
-     * If `key` is not a {@link KeyObject}, this function behaves as if `key` had been
-     * passed to `crypto.createPublicKey()`.
-     *
-     * If the `callback` function is provided this function uses libuv's threadpool.
-     * @since v24.7.0
-     */
-    function encapsulate(
-        key: KeyLike | PublicKeyInput | JsonWebKeyInput,
-    ): { sharedKey: NonSharedBuffer; ciphertext: NonSharedBuffer };
-    function encapsulate(
-        key: KeyLike | PublicKeyInput | JsonWebKeyInput,
-        callback: (err: Error, result: { sharedKey: NonSharedBuffer; ciphertext: NonSharedBuffer }) => void,
-    ): void;
-    interface OneShotDigestOptions {
-        /**
-         * Encoding used to encode the returned digest.
-         * @default 'hex'
-         */
-        outputEncoding?: BinaryToTextEncoding | "buffer" | undefined;
-        /**
-         * For XOF hash functions such as 'shake256', the outputLength option
-         * can be used to specify the desired output length in bytes.
-         */
-        outputLength?: number | undefined;
-    }
-    interface OneShotDigestOptionsWithStringEncoding extends OneShotDigestOptions {
-        outputEncoding?: BinaryToTextEncoding | undefined;
-    }
-    interface OneShotDigestOptionsWithBufferEncoding extends OneShotDigestOptions {
-        outputEncoding: "buffer";
-    }
     /**
-     * A utility for creating one-shot hash digests of data. It can be faster than
-     * the object-based `crypto.createHash()` when hashing a smaller amount of data
-     * (<= 5MB) that's readily available. If the data can be big or if it is streamed,
-     * it's still recommended to use `crypto.createHash()` instead.
-     *
-     * The `algorithm` is dependent on the available algorithms supported by the
-     * version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
-     * On recent releases of OpenSSL, `openssl list -digest-algorithms` will
-     * display the available digest algorithms.
-     *
-     * If `options` is a string, then it specifies the `outputEncoding`.
+     * A utility for creating one-shot hash digests of data. It can be faster than the object-based `crypto.createHash()` when hashing a smaller amount of data
+     * (<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use `crypto.createHash()` instead. The `algorithm`
+     * is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc. On recent releases
+     * of OpenSSL, `openssl list -digest-algorithms` will display the available digest algorithms.
      *
      * Example:
      *
@@ -2996,25 +3400,16 @@ declare module "node:crypto" {
      * console.log(crypto.hash('sha1', Buffer.from(base64, 'base64'), 'buffer'));
      * ```
      * @since v21.7.0, v20.12.0
-     * @param data When `data` is a string, it will be encoded as UTF-8 before being hashed. If a different
-     * input encoding is desired for a string input, user could encode the string
-     * into a `TypedArray` using either `TextEncoder` or `Buffer.from()` and passing
-     * the encoded `TypedArray` into this API instead.
+     * @param data When `data` is a string, it will be encoded as UTF-8 before being hashed. If a different input encoding is desired for a string input, user
+     *             could encode the string into a `TypedArray` using either `TextEncoder` or `Buffer.from()` and passing the encoded `TypedArray` into this API instead.
+     * @param [outputEncoding='hex'] [Encoding](https://nodejs.org/docs/latest-v22.x/api/buffer.html#buffers-and-character-encodings) used to encode the returned digest.
      */
+    function hash(algorithm: string, data: BinaryLike, outputEncoding?: BinaryToTextEncoding): string;
+    function hash(algorithm: string, data: BinaryLike, outputEncoding: "buffer"): NonSharedBuffer;
     function hash(
         algorithm: string,
         data: BinaryLike,
-        options?: OneShotDigestOptionsWithStringEncoding | BinaryToTextEncoding,
-    ): string;
-    function hash(
-        algorithm: string,
-        data: BinaryLike,
-        options: OneShotDigestOptionsWithBufferEncoding | "buffer",
-    ): NonSharedBuffer;
-    function hash(
-        algorithm: string,
-        data: BinaryLike,
-        options: OneShotDigestOptions | BinaryToTextEncoding | "buffer",
+        outputEncoding?: BinaryToTextEncoding | "buffer",
     ): string | NonSharedBuffer;
     type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
     interface CipherInfoOptions {
@@ -3317,16 +3712,6 @@ declare module "node:crypto" {
          * @since v15.6.0
          */
         readonly serialNumber: string;
-        /**
-         * The algorithm used to sign the certificate or `undefined` if the signature algorithm is unknown by OpenSSL.
-         * @since v24.9.0
-         */
-        readonly signatureAlgorithm: string | undefined;
-        /**
-         * The OID of the algorithm used to sign the certificate.
-         * @since v24.9.0
-         */
-        readonly signatureAlgorithmOid: string;
         /**
          * The date/time from which this certificate is considered valid.
          * @since v15.6.0
@@ -3598,136 +3983,7 @@ declare module "node:crypto" {
      * @since v17.4.0
      * @return Returns `typedArray`.
      */
-    function getRandomValues<
-        T extends Exclude<
-            NodeJS.NonSharedTypedArray,
-            NodeJS.NonSharedFloat16Array | NodeJS.NonSharedFloat32Array | NodeJS.NonSharedFloat64Array
-        >,
-    >(typedArray: T): T;
-    type Argon2Algorithm = "argon2d" | "argon2i" | "argon2id";
-    interface Argon2Parameters {
-        /**
-         * REQUIRED, this is the password for password hashing applications of Argon2.
-         */
-        message: string | ArrayBuffer | NodeJS.ArrayBufferView;
-        /**
-         * REQUIRED, must be at least 8 bytes long. This is the salt for password hashing applications of Argon2.
-         */
-        nonce: string | ArrayBuffer | NodeJS.ArrayBufferView;
-        /**
-         * REQUIRED, degree of parallelism determines how many computational chains (lanes)
-         * can be run. Must be greater than 1 and less than `2**24-1`.
-         */
-        parallelism: number;
-        /**
-         * REQUIRED, the length of the key to generate. Must be greater than 4 and
-         * less than `2**32-1`.
-         */
-        tagLength: number;
-        /**
-         * REQUIRED, memory cost in 1KiB blocks. Must be greater than
-         * `8 * parallelism` and less than `2**32-1`. The actual number of blocks is rounded
-         * down to the nearest multiple of `4 * parallelism`.
-         */
-        memory: number;
-        /**
-         * REQUIRED, number of passes (iterations). Must be greater than 1 and less
-         * than `2**32-1`.
-         */
-        passes: number;
-        /**
-         * OPTIONAL, Random additional input,
-         * similar to the salt, that should **NOT** be stored with the derived key. This is known as pepper in
-         * password hashing applications. If used, must have a length not greater than `2**32-1` bytes.
-         */
-        secret?: string | ArrayBuffer | NodeJS.ArrayBufferView | undefined;
-        /**
-         * OPTIONAL, Additional data to
-         * be added to the hash, functionally equivalent to salt or secret, but meant for
-         * non-random data. If used, must have a length not greater than `2**32-1` bytes.
-         */
-        associatedData?: string | ArrayBuffer | NodeJS.ArrayBufferView | undefined;
-    }
-    /**
-     * Provides an asynchronous [Argon2](https://www.rfc-editor.org/rfc/rfc9106.html) implementation. Argon2 is a password-based
-     * key derivation function that is designed to be expensive computationally and
-     * memory-wise in order to make brute-force attacks unrewarding.
-     *
-     * The `nonce` should be as unique as possible. It is recommended that a nonce is
-     * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
-     *
-     * When passing strings for `message`, `nonce`, `secret` or `associatedData`, please
-     * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v25.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
-     *
-     * The `callback` function is called with two arguments: `err` and `derivedKey`.
-     * `err` is an exception object when key derivation fails, otherwise `err` is
-     * `null`. `derivedKey` is passed to the callback as a `Buffer`.
-     *
-     * An exception is thrown when any of the input arguments specify invalid values
-     * or types.
-     *
-     * ```js
-     * const { argon2, randomBytes } = await import('node:crypto');
-     *
-     * const parameters = {
-     *   message: 'password',
-     *   nonce: randomBytes(16),
-     *   parallelism: 4,
-     *   tagLength: 64,
-     *   memory: 65536,
-     *   passes: 3,
-     * };
-     *
-     * argon2('argon2id', parameters, (err, derivedKey) => {
-     *   if (err) throw err;
-     *   console.log(derivedKey.toString('hex'));  // 'af91dad...9520f15'
-     * });
-     * ```
-     * @since v24.7.0
-     * @param algorithm Variant of Argon2, one of `"argon2d"`, `"argon2i"` or `"argon2id"`.
-     * @experimental
-     */
-    function argon2(
-        algorithm: Argon2Algorithm,
-        parameters: Argon2Parameters,
-        callback: (err: Error | null, derivedKey: NonSharedBuffer) => void,
-    ): void;
-    /**
-     * Provides a synchronous [Argon2][] implementation. Argon2 is a password-based
-     * key derivation function that is designed to be expensive computationally and
-     * memory-wise in order to make brute-force attacks unrewarding.
-     *
-     * The `nonce` should be as unique as possible. It is recommended that a nonce is
-     * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
-     *
-     * When passing strings for `message`, `nonce`, `secret` or `associatedData`, please
-     * consider [caveats when using strings as inputs to cryptographic APIs](https://nodejs.org/docs/latest-v25.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis).
-     *
-     * An exception is thrown when key derivation fails, otherwise the derived key is
-     * returned as a `Buffer`.
-     *
-     * An exception is thrown when any of the input arguments specify invalid values
-     * or types.
-     *
-     * ```js
-     * const { argon2Sync, randomBytes } = await import('node:crypto');
-     *
-     * const parameters = {
-     *   message: 'password',
-     *   nonce: randomBytes(16),
-     *   parallelism: 4,
-     *   tagLength: 64,
-     *   memory: 65536,
-     *   passes: 3,
-     * };
-     *
-     * const derivedKey = argon2Sync('argon2id', parameters);
-     * console.log(derivedKey.toString('hex'));  // 'af91dad...9520f15'
-     * ```
-     * @since v24.7.0
-     * @experimental
-     */
-    function argon2Sync(algorithm: Argon2Algorithm, parameters: Argon2Parameters): NonSharedBuffer;
+    function getRandomValues<T extends webcrypto.BufferSource>(typedArray: T): T;
     /**
      * A convenient alias for `crypto.webcrypto.subtle`.
      * @since v17.4.0
@@ -3741,40 +3997,37 @@ declare module "node:crypto" {
      */
     const webcrypto: webcrypto.Crypto;
     namespace webcrypto {
-        type AlgorithmIdentifier = Algorithm | string;
-        type BigInteger = NodeJS.NonSharedUint8Array;
-        type KeyFormat = "jwk" | "pkcs8" | "raw" | "raw-public" | "raw-secret" | "raw-seed" | "spki";
+        type BufferSource = ArrayBufferView | ArrayBuffer;
+        type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
         type KeyType = "private" | "public" | "secret";
         type KeyUsage =
-            | "decapsulateBits"
-            | "decapsulateKey"
             | "decrypt"
             | "deriveBits"
             | "deriveKey"
-            | "encapsulateBits"
-            | "encapsulateKey"
             | "encrypt"
             | "sign"
             | "unwrapKey"
             | "verify"
             | "wrapKey";
+        type AlgorithmIdentifier = Algorithm | string;
         type HashAlgorithmIdentifier = AlgorithmIdentifier;
         type NamedCurve = string;
-        interface AeadParams extends Algorithm {
-            additionalData?: NodeJS.BufferSource;
-            iv: NodeJS.BufferSource;
-            tagLength: number;
-        }
+        type BigInteger = Uint8Array;
         interface AesCbcParams extends Algorithm {
-            iv: NodeJS.BufferSource;
+            iv: BufferSource;
         }
         interface AesCtrParams extends Algorithm {
-            counter: NodeJS.BufferSource;
+            counter: BufferSource;
             length: number;
         }
         interface AesDerivedKeyParams extends Algorithm {
             length: number;
         }
+        interface AesGcmParams extends Algorithm {
+            additionalData?: BufferSource;
+            iv: BufferSource;
+            tagLength?: number;
+        }
         interface AesKeyAlgorithm extends KeyAlgorithm {
             length: number;
         }
@@ -3784,23 +4037,6 @@ declare module "node:crypto" {
         interface Algorithm {
             name: string;
         }
-        interface Argon2Params extends Algorithm {
-            associatedData?: NodeJS.BufferSource;
-            memory: number;
-            nonce: NodeJS.BufferSource;
-            parallelism: number;
-            passes: number;
-            secretValue?: NodeJS.BufferSource;
-            version?: number;
-        }
-        interface CShakeParams extends Algorithm {
-            customization?: NodeJS.BufferSource;
-            functionName?: NodeJS.BufferSource;
-            length: number;
-        }
-        interface ContextParams extends Algorithm {
-            context?: NodeJS.BufferSource;
-        }
         interface EcKeyAlgorithm extends KeyAlgorithm {
             namedCurve: NamedCurve;
         }
@@ -3816,10 +4052,13 @@ declare module "node:crypto" {
         interface EcdsaParams extends Algorithm {
             hash: HashAlgorithmIdentifier;
         }
+        interface Ed448Params extends Algorithm {
+            context?: BufferSource;
+        }
         interface HkdfParams extends Algorithm {
             hash: HashAlgorithmIdentifier;
-            info: NodeJS.BufferSource;
-            salt: NodeJS.BufferSource;
+            info: BufferSource;
+            salt: BufferSource;
         }
         interface HmacImportParams extends Algorithm {
             hash: HashAlgorithmIdentifier;
@@ -3856,23 +4095,10 @@ declare module "node:crypto" {
         interface KeyAlgorithm {
             name: string;
         }
-        interface KmacImportParams extends Algorithm {
-            length?: number;
-        }
-        interface KmacKeyAlgorithm extends KeyAlgorithm {
-            length: number;
-        }
-        interface KmacKeyGenParams extends Algorithm {
-            length?: number;
-        }
-        interface KmacParams extends Algorithm {
-            customization?: NodeJS.BufferSource;
-            length: number;
-        }
         interface Pbkdf2Params extends Algorithm {
             hash: HashAlgorithmIdentifier;
             iterations: number;
-            salt: NodeJS.BufferSource;
+            salt: BufferSource;
         }
         interface RsaHashedImportParams extends Algorithm {
             hash: HashAlgorithmIdentifier;
@@ -3892,7 +4118,7 @@ declare module "node:crypto" {
             publicExponent: BigInteger;
         }
         interface RsaOaepParams extends Algorithm {
-            label?: NodeJS.BufferSource;
+            label?: BufferSource;
         }
         interface RsaOtherPrimesInfo {
             d?: string;
@@ -3902,103 +4128,269 @@ declare module "node:crypto" {
         interface RsaPssParams extends Algorithm {
             saltLength: number;
         }
+        /**
+         * Importing the `webcrypto` object (`import { webcrypto } from 'node:crypto'`) gives an instance of the `Crypto` class.
+         * `Crypto` is a singleton that provides access to the remainder of the crypto API.
+         * @since v15.0.0
+         */
         interface Crypto {
+            /**
+             * Provides access to the `SubtleCrypto` API.
+             * @since v15.0.0
+             */
             readonly subtle: SubtleCrypto;
-            getRandomValues<
-                T extends Exclude<
-                    NodeJS.NonSharedTypedArray,
-                    NodeJS.NonSharedFloat16Array | NodeJS.NonSharedFloat32Array | NodeJS.NonSharedFloat64Array
-                >,
-            >(
-                typedArray: T,
-            ): T;
+            /**
+             * Generates cryptographically strong random values.
+             * The given `typedArray` is filled with random values, and a reference to `typedArray` is returned.
+             *
+             * The given `typedArray` must be an integer-based instance of {@link NodeJS.TypedArray}, i.e. `Float32Array` and `Float64Array` are not accepted.
+             *
+             * An error will be thrown if the given `typedArray` is larger than 65,536 bytes.
+             * @since v15.0.0
+             */
+            getRandomValues<T extends Exclude<NodeJS.TypedArray, Float32Array | Float64Array>>(typedArray: T): T;
+            /**
+             * Generates a random {@link https://www.rfc-editor.org/rfc/rfc4122.txt RFC 4122} version 4 UUID.
+             * The UUID is generated using a cryptographic pseudorandom number generator.
+             * @since v16.7.0
+             */
             randomUUID(): UUID;
+            CryptoKey: CryptoKeyConstructor;
+        }
+        // This constructor throws ILLEGAL_CONSTRUCTOR so it should not be newable.
+        interface CryptoKeyConstructor {
+            /** Illegal constructor */
+            (_: { readonly _: unique symbol }): never; // Allows instanceof to work but not be callable by the user.
+            readonly length: 0;
+            readonly name: "CryptoKey";
+            readonly prototype: CryptoKey;
         }
+        /**
+         * @since v15.0.0
+         */
         interface CryptoKey {
+            /**
+             * An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters.
+             * @since v15.0.0
+             */
             readonly algorithm: KeyAlgorithm;
+            /**
+             * When `true`, the {@link CryptoKey} can be extracted using either `subtleCrypto.exportKey()` or `subtleCrypto.wrapKey()`.
+             * @since v15.0.0
+             */
             readonly extractable: boolean;
+            /**
+             * A string identifying whether the key is a symmetric (`'secret'`) or asymmetric (`'private'` or `'public'`) key.
+             * @since v15.0.0
+             */
             readonly type: KeyType;
+            /**
+             * An array of strings identifying the operations for which the key may be used.
+             *
+             * The possible usages are:
+             * - `'encrypt'` - The key may be used to encrypt data.
+             * - `'decrypt'` - The key may be used to decrypt data.
+             * - `'sign'` - The key may be used to generate digital signatures.
+             * - `'verify'` - The key may be used to verify digital signatures.
+             * - `'deriveKey'` - The key may be used to derive a new key.
+             * - `'deriveBits'` - The key may be used to derive bits.
+             * - `'wrapKey'` - The key may be used to wrap another key.
+             * - `'unwrapKey'` - The key may be used to unwrap another key.
+             *
+             * Valid key usages depend on the key algorithm (identified by `cryptokey.algorithm.name`).
+             * @since v15.0.0
+             */
             readonly usages: KeyUsage[];
         }
+        /**
+         * The `CryptoKeyPair` is a simple dictionary object with `publicKey` and `privateKey` properties, representing an asymmetric key pair.
+         * @since v15.0.0
+         */
         interface CryptoKeyPair {
+            /**
+             * A {@link CryptoKey} whose type will be `'private'`.
+             * @since v15.0.0
+             */
             privateKey: CryptoKey;
+            /**
+             * A {@link CryptoKey} whose type will be `'public'`.
+             * @since v15.0.0
+             */
             publicKey: CryptoKey;
         }
-        interface EncapsulatedBits {
-            sharedKey: ArrayBuffer;
-            ciphertext: ArrayBuffer;
-        }
-        interface EncapsulatedKey {
-            sharedKey: CryptoKey;
-            ciphertext: ArrayBuffer;
-        }
+        /**
+         * @since v15.0.0
+         */
         interface SubtleCrypto {
-            decapsulateBits(
-                decapsulationAlgorithm: AlgorithmIdentifier,
-                decapsulationKey: CryptoKey,
-                ciphertext: NodeJS.BufferSource,
-            ): Promise<ArrayBuffer>;
-            decapsulateKey(
-                decapsulationAlgorithm: AlgorithmIdentifier,
-                decapsulationKey: CryptoKey,
-                ciphertext: NodeJS.BufferSource,
-                sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,
-                extractable: boolean,
-                usages: KeyUsage[],
-            ): Promise<CryptoKey>;
+            /**
+             * Using the method and parameters specified in `algorithm` and the keying material provided by `key`,
+             * `subtle.decrypt()` attempts to decipher the provided `data`. If successful,
+             * the returned promise will be resolved with an `<ArrayBuffer>` containing the plaintext result.
+             *
+             * The algorithms currently supported include:
+             *
+             * - `'RSA-OAEP'`
+             * - `'AES-CTR'`
+             * - `'AES-CBC'`
+             * - `'AES-GCM'`
+             * @since v15.0.0
+             */
             decrypt(
-                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
+                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
                 key: CryptoKey,
-                data: NodeJS.BufferSource,
+                data: BufferSource,
             ): Promise<ArrayBuffer>;
+            /**
+             * Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`,
+             * `subtle.deriveBits()` attempts to generate `length` bits.
+             * The Node.js implementation requires that when `length` is a number it must be multiple of `8`.
+             * When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed
+             * for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms.
+             * If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the generated data.
+             *
+             * The algorithms currently supported include:
+             *
+             * - `'ECDH'`
+             * - `'X25519'`
+             * - `'X448'`
+             * - `'HKDF'`
+             * - `'PBKDF2'`
+             * @since v15.0.0
+             */
             deriveBits(
-                algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params | Argon2Params,
+                algorithm: EcdhKeyDeriveParams,
                 baseKey: CryptoKey,
                 length?: number | null,
             ): Promise<ArrayBuffer>;
+            deriveBits(
+                algorithm: EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
+                baseKey: CryptoKey,
+                length: number,
+            ): Promise<ArrayBuffer>;
+            /**
+             * Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`,
+             * `subtle.deriveKey()` attempts to generate a new <CryptoKey>` based on the method and parameters in `derivedKeyAlgorithm`.
+             *
+             * Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material,
+             * then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input.
+             *
+             * The algorithms currently supported include:
+             *
+             * - `'ECDH'`
+             * - `'X25519'`
+             * - `'X448'`
+             * - `'HKDF'`
+             * - `'PBKDF2'`
+             * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
+             * @since v15.0.0
+             */
             deriveKey(
-                algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params | Argon2Params,
+                algorithm: EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
                 baseKey: CryptoKey,
-                derivedKeyType: AlgorithmIdentifier | AesDerivedKeyParams | HmacImportParams | KmacImportParams,
+                derivedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams,
                 extractable: boolean,
                 keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKey>;
-            digest(algorithm: AlgorithmIdentifier | CShakeParams, data: NodeJS.BufferSource): Promise<ArrayBuffer>;
-            encapsulateBits(
-                encapsulationAlgorithm: AlgorithmIdentifier,
-                encapsulationKey: CryptoKey,
-            ): Promise<EncapsulatedBits>;
-            encapsulateKey(
-                encapsulationAlgorithm: AlgorithmIdentifier,
-                encapsulationKey: CryptoKey,
-                sharedKeyAlgorithm: AlgorithmIdentifier | AesDerivedKeyParams | HmacImportParams | KmacImportParams,
-                extractable: boolean,
-                usages: KeyUsage[],
-            ): Promise<EncapsulatedKey>;
+            /**
+             * Using the method identified by `algorithm`, `subtle.digest()` attempts to generate a digest of `data`.
+             * If successful, the returned promise is resolved with an `<ArrayBuffer>` containing the computed digest.
+             *
+             * If `algorithm` is provided as a `<string>`, it must be one of:
+             *
+             * - `'SHA-1'`
+             * - `'SHA-256'`
+             * - `'SHA-384'`
+             * - `'SHA-512'`
+             *
+             * If `algorithm` is provided as an `<Object>`, it must have a `name` property whose value is one of the above.
+             * @since v15.0.0
+             */
+            digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
+            /**
+             * Using the method and parameters specified by `algorithm` and the keying material provided by `key`,
+             * `subtle.encrypt()` attempts to encipher `data`. If successful,
+             * the returned promise is resolved with an `<ArrayBuffer>` containing the encrypted result.
+             *
+             * The algorithms currently supported include:
+             *
+             * - `'RSA-OAEP'`
+             * - `'AES-CTR'`
+             * - `'AES-CBC'`
+             * - `'AES-GCM'`
+             * @since v15.0.0
+             */
             encrypt(
-                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
+                algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
                 key: CryptoKey,
-                data: NodeJS.BufferSource,
+                data: BufferSource,
             ): Promise<ArrayBuffer>;
+            /**
+             * Exports the given key into the specified format, if supported.
+             *
+             * If the `<CryptoKey>` is not extractable, the returned promise will reject.
+             *
+             * When `format` is either `'pkcs8'` or `'spki'` and the export is successful,
+             * the returned promise will be resolved with an `<ArrayBuffer>` containing the exported key data.
+             *
+             * When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a
+             * JavaScript object conforming to the {@link https://tools.ietf.org/html/rfc7517 JSON Web Key} specification.
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * @returns `<Promise>` containing `<ArrayBuffer>`.
+             * @since v15.0.0
+             */
             exportKey(format: "jwk", key: CryptoKey): Promise<JsonWebKey>;
             exportKey(format: Exclude<KeyFormat, "jwk">, key: CryptoKey): Promise<ArrayBuffer>;
-            exportKey(format: KeyFormat, key: CryptoKey): Promise<ArrayBuffer | JsonWebKey>;
+            /**
+             * Using the method and parameters provided in `algorithm`,
+             * `subtle.generateKey()` attempts to generate new keying material.
+             * Depending the method used, the method may generate either a single `<CryptoKey>` or a `<CryptoKeyPair>`.
+             *
+             * The `<CryptoKeyPair>` (public and private key) generating algorithms supported include:
+             *
+             * - `'RSASSA-PKCS1-v1_5'`
+             * - `'RSA-PSS'`
+             * - `'RSA-OAEP'`
+             * - `'ECDSA'`
+             * - `'Ed25519'`
+             * - `'Ed448'`
+             * - `'ECDH'`
+             * - `'X25519'`
+             * - `'X448'`
+             * The `<CryptoKey>` (secret key) generating algorithms supported include:
+             *
+             * - `'HMAC'`
+             * - `'AES-CTR'`
+             * - `'AES-CBC'`
+             * - `'AES-GCM'`
+             * - `'AES-KW'`
+             * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
+             * @since v15.0.0
+             */
             generateKey(
                 algorithm: RsaHashedKeyGenParams | EcKeyGenParams,
                 extractable: boolean,
-                keyUsages: KeyUsage[],
+                keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKeyPair>;
             generateKey(
-                algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params | KmacKeyGenParams,
+                algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params,
                 extractable: boolean,
-                keyUsages: KeyUsage[],
+                keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKey>;
             generateKey(
                 algorithm: AlgorithmIdentifier,
                 extractable: boolean,
                 keyUsages: KeyUsage[],
             ): Promise<CryptoKeyPair | CryptoKey>;
-            getPublicKey(key: CryptoKey, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+            /**
+             * The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format`
+             * to create a `<CryptoKey>` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments.
+             * If the import is successful, the returned promise will be resolved with the created `<CryptoKey>`.
+             *
+             * If importing a `'PBKDF2'` key, `extractable` must be `false`.
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
+             * @since v15.0.0
+             */
             importKey(
                 format: "jwk",
                 keyData: JsonWebKey,
@@ -4007,59 +4399,147 @@ declare module "node:crypto" {
                     | RsaHashedImportParams
                     | EcKeyImportParams
                     | HmacImportParams
-                    | AesKeyAlgorithm
-                    | KmacImportParams,
+                    | AesKeyAlgorithm,
                 extractable: boolean,
-                keyUsages: KeyUsage[],
+                keyUsages: readonly KeyUsage[],
             ): Promise<CryptoKey>;
             importKey(
                 format: Exclude<KeyFormat, "jwk">,
-                keyData: NodeJS.BufferSource,
+                keyData: BufferSource,
                 algorithm:
                     | AlgorithmIdentifier
                     | RsaHashedImportParams
                     | EcKeyImportParams
                     | HmacImportParams
-                    | AesKeyAlgorithm
-                    | KmacImportParams,
+                    | AesKeyAlgorithm,
                 extractable: boolean,
                 keyUsages: KeyUsage[],
             ): Promise<CryptoKey>;
+            /**
+             * Using the method and parameters given by `algorithm` and the keying material provided by `key`,
+             * `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful,
+             * the returned promise is resolved with an `<ArrayBuffer>` containing the generated signature.
+             *
+             * The algorithms currently supported include:
+             *
+             * - `'RSASSA-PKCS1-v1_5'`
+             * - `'RSA-PSS'`
+             * - `'ECDSA'`
+             * - `'Ed25519'`
+             * - `'Ed448'`
+             * - `'HMAC'`
+             * @since v15.0.0
+             */
             sign(
-                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | ContextParams | KmacParams,
+                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
                 key: CryptoKey,
-                data: NodeJS.BufferSource,
+                data: BufferSource,
             ): Promise<ArrayBuffer>;
+            /**
+             * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
+             * The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `<CryptoKey>` instance.
+             * It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input)
+             * then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs.
+             * If successful, the returned promise is resolved with a `<CryptoKey>` object.
+             *
+             * The wrapping algorithms currently supported include:
+             *
+             * - `'RSA-OAEP'`
+             * - `'AES-CTR'`
+             * - `'AES-CBC'`
+             * - `'AES-GCM'`
+             * - `'AES-KW'`
+             *
+             * The unwrapped key algorithms supported include:
+             *
+             * - `'RSASSA-PKCS1-v1_5'`
+             * - `'RSA-PSS'`
+             * - `'RSA-OAEP'`
+             * - `'ECDSA'`
+             * - `'Ed25519'`
+             * - `'Ed448'`
+             * - `'ECDH'`
+             * - `'X25519'`
+             * - `'X448'`
+             * - `'HMAC'`
+             * - `'AES-CTR'`
+             * - `'AES-CBC'`
+             * - `'AES-GCM'`
+             * - `'AES-KW'`
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
+             * @since v15.0.0
+             */
             unwrapKey(
                 format: KeyFormat,
-                wrappedKey: NodeJS.BufferSource,
+                wrappedKey: BufferSource,
                 unwrappingKey: CryptoKey,
-                unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
+                unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
                 unwrappedKeyAlgorithm:
                     | AlgorithmIdentifier
                     | RsaHashedImportParams
                     | EcKeyImportParams
                     | HmacImportParams
-                    | AesKeyAlgorithm
-                    | KmacImportParams,
+                    | AesKeyAlgorithm,
                 extractable: boolean,
                 keyUsages: KeyUsage[],
             ): Promise<CryptoKey>;
+            /**
+             * Using the method and parameters given in `algorithm` and the keying material provided by `key`,
+             * `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`.
+             * The returned promise is resolved with either `true` or `false`.
+             *
+             * The algorithms currently supported include:
+             *
+             * - `'RSASSA-PKCS1-v1_5'`
+             * - `'RSA-PSS'`
+             * - `'ECDSA'`
+             * - `'Ed25519'`
+             * - `'Ed448'`
+             * - `'HMAC'`
+             * @since v15.0.0
+             */
             verify(
-                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | ContextParams | KmacParams,
+                algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
                 key: CryptoKey,
-                signature: NodeJS.BufferSource,
-                data: NodeJS.BufferSource,
+                signature: BufferSource,
+                data: BufferSource,
             ): Promise<boolean>;
+            /**
+             * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
+             * The `subtle.wrapKey()` method exports the keying material into the format identified by `format`,
+             * then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`.
+             * It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments,
+             * then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs.
+             * If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the encrypted key data.
+             *
+             * The wrapping algorithms currently supported include:
+             *
+             * - `'RSA-OAEP'`
+             * - `'AES-CTR'`
+             * - `'AES-CBC'`
+             * - `'AES-GCM'`
+             * - `'AES-KW'`
+             * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
+             * @since v15.0.0
+             */
             wrapKey(
                 format: KeyFormat,
                 key: CryptoKey,
                 wrappingKey: CryptoKey,
-                wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AeadParams,
+                wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
             ): Promise<ArrayBuffer>;
         }
     }
+
+    global {
+        var crypto: typeof globalThis extends {
+            crypto: infer T;
+            onmessage: any;
+        } ? T
+            : webcrypto.Crypto;
+    }
 }
-declare module "crypto" {
-    export * from "node:crypto";
+declare module "node:crypto" {
+    export * from "crypto";
 }