rahad-all-downloader 2.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (366) hide show
  1. package/.cache/nix/binary-cache-v6.sqlite +0 -0
  2. package/.cache/nix/binary-cache-v6.sqlite-journal +0 -0
  3. package/.cache/replit/__replit_disk_meta.json +1 -0
  4. package/.cache/replit/modules/nodejs-20.res +1 -0
  5. package/.cache/replit/modules/replit.res +1 -0
  6. package/.cache/replit/modules.stamp +0 -0
  7. package/.cache/replit/nix/env.json +1 -0
  8. package/.cache/typescript/5.0/node_modules/.package-lock.json +12 -0
  9. package/.cache/typescript/5.0/node_modules/types-registry/README.md +2 -0
  10. package/.cache/typescript/5.0/node_modules/types-registry/index.json +1 -0
  11. package/.cache/typescript/5.0/node_modules/types-registry/package.json +20 -0
  12. package/.cache/typescript/5.0/package-lock.json +17 -0
  13. package/.cache/typescript/5.0/package.json +1 -0
  14. package/.cache/typescript/5.3/node_modules/.package-lock.json +99 -0
  15. package/.cache/typescript/5.3/node_modules/@types/node/LICENSE +21 -0
  16. package/.cache/typescript/5.3/node_modules/@types/node/README.md +15 -0
  17. package/.cache/typescript/5.3/node_modules/@types/node/assert/strict.d.ts +8 -0
  18. package/.cache/typescript/5.3/node_modules/@types/node/assert.d.ts +996 -0
  19. package/.cache/typescript/5.3/node_modules/@types/node/async_hooks.d.ts +539 -0
  20. package/.cache/typescript/5.3/node_modules/@types/node/buffer.d.ts +2362 -0
  21. package/.cache/typescript/5.3/node_modules/@types/node/child_process.d.ts +1540 -0
  22. package/.cache/typescript/5.3/node_modules/@types/node/cluster.d.ts +432 -0
  23. package/.cache/typescript/5.3/node_modules/@types/node/console.d.ts +415 -0
  24. package/.cache/typescript/5.3/node_modules/@types/node/constants.d.ts +19 -0
  25. package/.cache/typescript/5.3/node_modules/@types/node/crypto.d.ts +4456 -0
  26. package/.cache/typescript/5.3/node_modules/@types/node/dgram.d.ts +586 -0
  27. package/.cache/typescript/5.3/node_modules/@types/node/diagnostics_channel.d.ts +191 -0
  28. package/.cache/typescript/5.3/node_modules/@types/node/dns/promises.d.ts +425 -0
  29. package/.cache/typescript/5.3/node_modules/@types/node/dns.d.ts +809 -0
  30. package/.cache/typescript/5.3/node_modules/@types/node/dom-events.d.ts +122 -0
  31. package/.cache/typescript/5.3/node_modules/@types/node/domain.d.ts +170 -0
  32. package/.cache/typescript/5.3/node_modules/@types/node/events.d.ts +879 -0
  33. package/.cache/typescript/5.3/node_modules/@types/node/fs/promises.d.ts +1239 -0
  34. package/.cache/typescript/5.3/node_modules/@types/node/fs.d.ts +4291 -0
  35. package/.cache/typescript/5.3/node_modules/@types/node/globals.d.ts +385 -0
  36. package/.cache/typescript/5.3/node_modules/@types/node/globals.global.d.ts +1 -0
  37. package/.cache/typescript/5.3/node_modules/@types/node/http.d.ts +1888 -0
  38. package/.cache/typescript/5.3/node_modules/@types/node/http2.d.ts +2382 -0
  39. package/.cache/typescript/5.3/node_modules/@types/node/https.d.ts +550 -0
  40. package/.cache/typescript/5.3/node_modules/@types/node/index.d.ts +88 -0
  41. package/.cache/typescript/5.3/node_modules/@types/node/inspector.d.ts +2747 -0
  42. package/.cache/typescript/5.3/node_modules/@types/node/module.d.ts +301 -0
  43. package/.cache/typescript/5.3/node_modules/@types/node/net.d.ts +949 -0
  44. package/.cache/typescript/5.3/node_modules/@types/node/os.d.ts +478 -0
  45. package/.cache/typescript/5.3/node_modules/@types/node/package.json +230 -0
  46. package/.cache/typescript/5.3/node_modules/@types/node/path.d.ts +191 -0
  47. package/.cache/typescript/5.3/node_modules/@types/node/perf_hooks.d.ts +639 -0
  48. package/.cache/typescript/5.3/node_modules/@types/node/process.d.ts +1539 -0
  49. package/.cache/typescript/5.3/node_modules/@types/node/punycode.d.ts +117 -0
  50. package/.cache/typescript/5.3/node_modules/@types/node/querystring.d.ts +141 -0
  51. package/.cache/typescript/5.3/node_modules/@types/node/readline/promises.d.ts +150 -0
  52. package/.cache/typescript/5.3/node_modules/@types/node/readline.d.ts +539 -0
  53. package/.cache/typescript/5.3/node_modules/@types/node/repl.d.ts +430 -0
  54. package/.cache/typescript/5.3/node_modules/@types/node/stream/consumers.d.ts +12 -0
  55. package/.cache/typescript/5.3/node_modules/@types/node/stream/promises.d.ts +83 -0
  56. package/.cache/typescript/5.3/node_modules/@types/node/stream/web.d.ts +350 -0
  57. package/.cache/typescript/5.3/node_modules/@types/node/stream.d.ts +1701 -0
  58. package/.cache/typescript/5.3/node_modules/@types/node/string_decoder.d.ts +67 -0
  59. package/.cache/typescript/5.3/node_modules/@types/node/test.d.ts +1382 -0
  60. package/.cache/typescript/5.3/node_modules/@types/node/timers/promises.d.ts +93 -0
  61. package/.cache/typescript/5.3/node_modules/@types/node/timers.d.ts +240 -0
  62. package/.cache/typescript/5.3/node_modules/@types/node/tls.d.ts +1210 -0
  63. package/.cache/typescript/5.3/node_modules/@types/node/trace_events.d.ts +182 -0
  64. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/assert/strict.d.ts +8 -0
  65. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/assert.d.ts +996 -0
  66. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/async_hooks.d.ts +539 -0
  67. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/buffer.d.ts +2362 -0
  68. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/child_process.d.ts +1540 -0
  69. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/cluster.d.ts +432 -0
  70. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/console.d.ts +415 -0
  71. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/constants.d.ts +19 -0
  72. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/crypto.d.ts +4455 -0
  73. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dgram.d.ts +586 -0
  74. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/diagnostics_channel.d.ts +191 -0
  75. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dns/promises.d.ts +425 -0
  76. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dns.d.ts +809 -0
  77. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dom-events.d.ts +122 -0
  78. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/domain.d.ts +170 -0
  79. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/events.d.ts +879 -0
  80. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/fs/promises.d.ts +1239 -0
  81. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/fs.d.ts +4291 -0
  82. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/globals.d.ts +385 -0
  83. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/globals.global.d.ts +1 -0
  84. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/http.d.ts +1888 -0
  85. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/http2.d.ts +2382 -0
  86. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/https.d.ts +550 -0
  87. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/index.d.ts +88 -0
  88. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/inspector.d.ts +2747 -0
  89. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/module.d.ts +301 -0
  90. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/net.d.ts +949 -0
  91. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/os.d.ts +478 -0
  92. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/path.d.ts +191 -0
  93. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/perf_hooks.d.ts +639 -0
  94. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/process.d.ts +1539 -0
  95. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/punycode.d.ts +117 -0
  96. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/querystring.d.ts +141 -0
  97. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/readline/promises.d.ts +150 -0
  98. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/readline.d.ts +539 -0
  99. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/repl.d.ts +430 -0
  100. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream/consumers.d.ts +12 -0
  101. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream/promises.d.ts +83 -0
  102. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream/web.d.ts +350 -0
  103. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream.d.ts +1701 -0
  104. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/string_decoder.d.ts +67 -0
  105. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/test.d.ts +1382 -0
  106. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/timers/promises.d.ts +93 -0
  107. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/timers.d.ts +240 -0
  108. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/tls.d.ts +1210 -0
  109. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/trace_events.d.ts +182 -0
  110. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/tty.d.ts +208 -0
  111. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/url.d.ts +927 -0
  112. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/util.d.ts +2183 -0
  113. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/v8.d.ts +635 -0
  114. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/vm.d.ts +903 -0
  115. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/wasi.d.ts +158 -0
  116. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/worker_threads.d.ts +691 -0
  117. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/zlib.d.ts +517 -0
  118. package/.cache/typescript/5.3/node_modules/@types/node/tty.d.ts +208 -0
  119. package/.cache/typescript/5.3/node_modules/@types/node/url.d.ts +927 -0
  120. package/.cache/typescript/5.3/node_modules/@types/node/util.d.ts +2183 -0
  121. package/.cache/typescript/5.3/node_modules/@types/node/v8.d.ts +635 -0
  122. package/.cache/typescript/5.3/node_modules/@types/node/vm.d.ts +903 -0
  123. package/.cache/typescript/5.3/node_modules/@types/node/wasi.d.ts +158 -0
  124. package/.cache/typescript/5.3/node_modules/@types/node/worker_threads.d.ts +691 -0
  125. package/.cache/typescript/5.3/node_modules/@types/node/zlib.d.ts +517 -0
  126. package/.cache/typescript/5.3/node_modules/@types/node-fetch/LICENSE +21 -0
  127. package/.cache/typescript/5.3/node_modules/@types/node-fetch/README.md +15 -0
  128. package/.cache/typescript/5.3/node_modules/@types/node-fetch/externals.d.ts +32 -0
  129. package/.cache/typescript/5.3/node_modules/@types/node-fetch/index.d.ts +214 -0
  130. package/.cache/typescript/5.3/node_modules/@types/node-fetch/package.json +83 -0
  131. package/.cache/typescript/5.3/node_modules/asynckit/LICENSE +21 -0
  132. package/.cache/typescript/5.3/node_modules/asynckit/README.md +233 -0
  133. package/.cache/typescript/5.3/node_modules/asynckit/bench.js +76 -0
  134. package/.cache/typescript/5.3/node_modules/asynckit/index.js +6 -0
  135. package/.cache/typescript/5.3/node_modules/asynckit/lib/abort.js +29 -0
  136. package/.cache/typescript/5.3/node_modules/asynckit/lib/async.js +34 -0
  137. package/.cache/typescript/5.3/node_modules/asynckit/lib/defer.js +26 -0
  138. package/.cache/typescript/5.3/node_modules/asynckit/lib/iterate.js +75 -0
  139. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_asynckit.js +91 -0
  140. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_parallel.js +25 -0
  141. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_serial.js +25 -0
  142. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_serial_ordered.js +29 -0
  143. package/.cache/typescript/5.3/node_modules/asynckit/lib/state.js +37 -0
  144. package/.cache/typescript/5.3/node_modules/asynckit/lib/streamify.js +141 -0
  145. package/.cache/typescript/5.3/node_modules/asynckit/lib/terminator.js +29 -0
  146. package/.cache/typescript/5.3/node_modules/asynckit/package.json +63 -0
  147. package/.cache/typescript/5.3/node_modules/asynckit/parallel.js +43 -0
  148. package/.cache/typescript/5.3/node_modules/asynckit/serial.js +17 -0
  149. package/.cache/typescript/5.3/node_modules/asynckit/serialOrdered.js +75 -0
  150. package/.cache/typescript/5.3/node_modules/asynckit/stream.js +21 -0
  151. package/.cache/typescript/5.3/node_modules/combined-stream/License +19 -0
  152. package/.cache/typescript/5.3/node_modules/combined-stream/Readme.md +138 -0
  153. package/.cache/typescript/5.3/node_modules/combined-stream/lib/combined_stream.js +208 -0
  154. package/.cache/typescript/5.3/node_modules/combined-stream/package.json +25 -0
  155. package/.cache/typescript/5.3/node_modules/combined-stream/yarn.lock +17 -0
  156. package/.cache/typescript/5.3/node_modules/delayed-stream/License +19 -0
  157. package/.cache/typescript/5.3/node_modules/delayed-stream/Makefile +7 -0
  158. package/.cache/typescript/5.3/node_modules/delayed-stream/Readme.md +141 -0
  159. package/.cache/typescript/5.3/node_modules/delayed-stream/lib/delayed_stream.js +107 -0
  160. package/.cache/typescript/5.3/node_modules/delayed-stream/package.json +27 -0
  161. package/.cache/typescript/5.3/node_modules/form-data/License +19 -0
  162. package/.cache/typescript/5.3/node_modules/form-data/README.md.bak +358 -0
  163. package/.cache/typescript/5.3/node_modules/form-data/Readme.md +358 -0
  164. package/.cache/typescript/5.3/node_modules/form-data/index.d.ts +62 -0
  165. package/.cache/typescript/5.3/node_modules/form-data/lib/browser.js +2 -0
  166. package/.cache/typescript/5.3/node_modules/form-data/lib/form_data.js +501 -0
  167. package/.cache/typescript/5.3/node_modules/form-data/lib/populate.js +10 -0
  168. package/.cache/typescript/5.3/node_modules/form-data/package.json +68 -0
  169. package/.cache/typescript/5.3/node_modules/mime-db/HISTORY.md +507 -0
  170. package/.cache/typescript/5.3/node_modules/mime-db/LICENSE +23 -0
  171. package/.cache/typescript/5.3/node_modules/mime-db/README.md +100 -0
  172. package/.cache/typescript/5.3/node_modules/mime-db/db.json +8519 -0
  173. package/.cache/typescript/5.3/node_modules/mime-db/index.js +12 -0
  174. package/.cache/typescript/5.3/node_modules/mime-db/package.json +60 -0
  175. package/.cache/typescript/5.3/node_modules/mime-types/HISTORY.md +397 -0
  176. package/.cache/typescript/5.3/node_modules/mime-types/LICENSE +23 -0
  177. package/.cache/typescript/5.3/node_modules/mime-types/README.md +113 -0
  178. package/.cache/typescript/5.3/node_modules/mime-types/index.js +188 -0
  179. package/.cache/typescript/5.3/node_modules/mime-types/package.json +44 -0
  180. package/.cache/typescript/5.3/node_modules/types-registry/README.md +2 -0
  181. package/.cache/typescript/5.3/node_modules/types-registry/index.json +1 -0
  182. package/.cache/typescript/5.3/node_modules/types-registry/package.json +20 -0
  183. package/.cache/typescript/5.3/node_modules/undici-types/README.md +6 -0
  184. package/.cache/typescript/5.3/node_modules/undici-types/agent.d.ts +31 -0
  185. package/.cache/typescript/5.3/node_modules/undici-types/api.d.ts +43 -0
  186. package/.cache/typescript/5.3/node_modules/undici-types/balanced-pool.d.ts +18 -0
  187. package/.cache/typescript/5.3/node_modules/undici-types/cache.d.ts +36 -0
  188. package/.cache/typescript/5.3/node_modules/undici-types/client.d.ts +97 -0
  189. package/.cache/typescript/5.3/node_modules/undici-types/connector.d.ts +34 -0
  190. package/.cache/typescript/5.3/node_modules/undici-types/content-type.d.ts +21 -0
  191. package/.cache/typescript/5.3/node_modules/undici-types/cookies.d.ts +28 -0
  192. package/.cache/typescript/5.3/node_modules/undici-types/diagnostics-channel.d.ts +67 -0
  193. package/.cache/typescript/5.3/node_modules/undici-types/dispatcher.d.ts +241 -0
  194. package/.cache/typescript/5.3/node_modules/undici-types/errors.d.ts +128 -0
  195. package/.cache/typescript/5.3/node_modules/undici-types/fetch.d.ts +209 -0
  196. package/.cache/typescript/5.3/node_modules/undici-types/file.d.ts +39 -0
  197. package/.cache/typescript/5.3/node_modules/undici-types/filereader.d.ts +54 -0
  198. package/.cache/typescript/5.3/node_modules/undici-types/formdata.d.ts +108 -0
  199. package/.cache/typescript/5.3/node_modules/undici-types/global-dispatcher.d.ts +9 -0
  200. package/.cache/typescript/5.3/node_modules/undici-types/global-origin.d.ts +7 -0
  201. package/.cache/typescript/5.3/node_modules/undici-types/handlers.d.ts +9 -0
  202. package/.cache/typescript/5.3/node_modules/undici-types/header.d.ts +4 -0
  203. package/.cache/typescript/5.3/node_modules/undici-types/index.d.ts +63 -0
  204. package/.cache/typescript/5.3/node_modules/undici-types/interceptors.d.ts +5 -0
  205. package/.cache/typescript/5.3/node_modules/undici-types/mock-agent.d.ts +50 -0
  206. package/.cache/typescript/5.3/node_modules/undici-types/mock-client.d.ts +25 -0
  207. package/.cache/typescript/5.3/node_modules/undici-types/mock-errors.d.ts +12 -0
  208. package/.cache/typescript/5.3/node_modules/undici-types/mock-interceptor.d.ts +93 -0
  209. package/.cache/typescript/5.3/node_modules/undici-types/mock-pool.d.ts +25 -0
  210. package/.cache/typescript/5.3/node_modules/undici-types/package.json +55 -0
  211. package/.cache/typescript/5.3/node_modules/undici-types/patch.d.ts +71 -0
  212. package/.cache/typescript/5.3/node_modules/undici-types/pool-stats.d.ts +19 -0
  213. package/.cache/typescript/5.3/node_modules/undici-types/pool.d.ts +28 -0
  214. package/.cache/typescript/5.3/node_modules/undici-types/proxy-agent.d.ts +30 -0
  215. package/.cache/typescript/5.3/node_modules/undici-types/readable.d.ts +61 -0
  216. package/.cache/typescript/5.3/node_modules/undici-types/webidl.d.ts +220 -0
  217. package/.cache/typescript/5.3/node_modules/undici-types/websocket.d.ts +131 -0
  218. package/.cache/typescript/5.3/package-lock.json +107 -0
  219. package/.cache/typescript/5.3/package.json +1 -0
  220. package/.cache/typescript/5.4/node_modules/.package-lock.json +115 -0
  221. package/.cache/typescript/5.4/node_modules/@types/body-parser/LICENSE +21 -0
  222. package/.cache/typescript/5.4/node_modules/@types/body-parser/README.md +15 -0
  223. package/.cache/typescript/5.4/node_modules/@types/body-parser/index.d.ts +95 -0
  224. package/.cache/typescript/5.4/node_modules/@types/body-parser/package.json +58 -0
  225. package/.cache/typescript/5.4/node_modules/@types/connect/LICENSE +21 -0
  226. package/.cache/typescript/5.4/node_modules/@types/connect/README.md +15 -0
  227. package/.cache/typescript/5.4/node_modules/@types/connect/index.d.ts +91 -0
  228. package/.cache/typescript/5.4/node_modules/@types/connect/package.json +32 -0
  229. package/.cache/typescript/5.4/node_modules/@types/express/LICENSE +21 -0
  230. package/.cache/typescript/5.4/node_modules/@types/express/README.md +15 -0
  231. package/.cache/typescript/5.4/node_modules/@types/express/index.d.ts +128 -0
  232. package/.cache/typescript/5.4/node_modules/@types/express/package.json +45 -0
  233. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/LICENSE +21 -0
  234. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/README.md +15 -0
  235. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/index.d.ts +1295 -0
  236. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/package.json +50 -0
  237. package/.cache/typescript/5.4/node_modules/@types/http-errors/LICENSE +21 -0
  238. package/.cache/typescript/5.4/node_modules/@types/http-errors/README.md +15 -0
  239. package/.cache/typescript/5.4/node_modules/@types/http-errors/index.d.ts +77 -0
  240. package/.cache/typescript/5.4/node_modules/@types/http-errors/package.json +30 -0
  241. package/.cache/typescript/5.4/node_modules/@types/mime/LICENSE +21 -0
  242. package/.cache/typescript/5.4/node_modules/@types/mime/Mime.d.ts +10 -0
  243. package/.cache/typescript/5.4/node_modules/@types/mime/README.md +15 -0
  244. package/.cache/typescript/5.4/node_modules/@types/mime/index.d.ts +31 -0
  245. package/.cache/typescript/5.4/node_modules/@types/mime/lite.d.ts +7 -0
  246. package/.cache/typescript/5.4/node_modules/@types/mime/package.json +30 -0
  247. package/.cache/typescript/5.4/node_modules/@types/node/LICENSE +21 -0
  248. package/.cache/typescript/5.4/node_modules/@types/node/README.md +15 -0
  249. package/.cache/typescript/5.4/node_modules/@types/node/assert/strict.d.ts +8 -0
  250. package/.cache/typescript/5.4/node_modules/@types/node/assert.d.ts +1040 -0
  251. package/.cache/typescript/5.4/node_modules/@types/node/async_hooks.d.ts +541 -0
  252. package/.cache/typescript/5.4/node_modules/@types/node/buffer.d.ts +2363 -0
  253. package/.cache/typescript/5.4/node_modules/@types/node/child_process.d.ts +1544 -0
  254. package/.cache/typescript/5.4/node_modules/@types/node/cluster.d.ts +578 -0
  255. package/.cache/typescript/5.4/node_modules/@types/node/console.d.ts +452 -0
  256. package/.cache/typescript/5.4/node_modules/@types/node/constants.d.ts +19 -0
  257. package/.cache/typescript/5.4/node_modules/@types/node/crypto.d.ts +4523 -0
  258. package/.cache/typescript/5.4/node_modules/@types/node/dgram.d.ts +596 -0
  259. package/.cache/typescript/5.4/node_modules/@types/node/diagnostics_channel.d.ts +554 -0
  260. package/.cache/typescript/5.4/node_modules/@types/node/dns/promises.d.ts +474 -0
  261. package/.cache/typescript/5.4/node_modules/@types/node/dns.d.ts +864 -0
  262. package/.cache/typescript/5.4/node_modules/@types/node/dom-events.d.ts +124 -0
  263. package/.cache/typescript/5.4/node_modules/@types/node/domain.d.ts +170 -0
  264. package/.cache/typescript/5.4/node_modules/@types/node/events.d.ts +909 -0
  265. package/.cache/typescript/5.4/node_modules/@types/node/fs/promises.d.ts +1245 -0
  266. package/.cache/typescript/5.4/node_modules/@types/node/fs.d.ts +4317 -0
  267. package/.cache/typescript/5.4/node_modules/@types/node/globals.d.ts +411 -0
  268. package/.cache/typescript/5.4/node_modules/@types/node/globals.global.d.ts +1 -0
  269. package/.cache/typescript/5.4/node_modules/@types/node/http.d.ts +1908 -0
  270. package/.cache/typescript/5.4/node_modules/@types/node/http2.d.ts +2418 -0
  271. package/.cache/typescript/5.4/node_modules/@types/node/https.d.ts +550 -0
  272. package/.cache/typescript/5.4/node_modules/@types/node/index.d.ts +89 -0
  273. package/.cache/typescript/5.4/node_modules/@types/node/inspector.d.ts +2746 -0
  274. package/.cache/typescript/5.4/node_modules/@types/node/module.d.ts +315 -0
  275. package/.cache/typescript/5.4/node_modules/@types/node/net.d.ts +999 -0
  276. package/.cache/typescript/5.4/node_modules/@types/node/os.d.ts +495 -0
  277. package/.cache/typescript/5.4/node_modules/@types/node/package.json +217 -0
  278. package/.cache/typescript/5.4/node_modules/@types/node/path.d.ts +191 -0
  279. package/.cache/typescript/5.4/node_modules/@types/node/perf_hooks.d.ts +905 -0
  280. package/.cache/typescript/5.4/node_modules/@types/node/process.d.ts +1754 -0
  281. package/.cache/typescript/5.4/node_modules/@types/node/punycode.d.ts +117 -0
  282. package/.cache/typescript/5.4/node_modules/@types/node/querystring.d.ts +153 -0
  283. package/.cache/typescript/5.4/node_modules/@types/node/readline/promises.d.ts +150 -0
  284. package/.cache/typescript/5.4/node_modules/@types/node/readline.d.ts +540 -0
  285. package/.cache/typescript/5.4/node_modules/@types/node/repl.d.ts +430 -0
  286. package/.cache/typescript/5.4/node_modules/@types/node/sea.d.ts +153 -0
  287. package/.cache/typescript/5.4/node_modules/@types/node/stream/consumers.d.ts +12 -0
  288. package/.cache/typescript/5.4/node_modules/@types/node/stream/promises.d.ts +83 -0
  289. package/.cache/typescript/5.4/node_modules/@types/node/stream/web.d.ts +367 -0
  290. package/.cache/typescript/5.4/node_modules/@types/node/stream.d.ts +1707 -0
  291. package/.cache/typescript/5.4/node_modules/@types/node/string_decoder.d.ts +67 -0
  292. package/.cache/typescript/5.4/node_modules/@types/node/test.d.ts +1718 -0
  293. package/.cache/typescript/5.4/node_modules/@types/node/timers/promises.d.ts +97 -0
  294. package/.cache/typescript/5.4/node_modules/@types/node/timers.d.ts +240 -0
  295. package/.cache/typescript/5.4/node_modules/@types/node/tls.d.ts +1217 -0
  296. package/.cache/typescript/5.4/node_modules/@types/node/trace_events.d.ts +197 -0
  297. package/.cache/typescript/5.4/node_modules/@types/node/tty.d.ts +208 -0
  298. package/.cache/typescript/5.4/node_modules/@types/node/url.d.ts +952 -0
  299. package/.cache/typescript/5.4/node_modules/@types/node/util.d.ts +2292 -0
  300. package/.cache/typescript/5.4/node_modules/@types/node/v8.d.ts +808 -0
  301. package/.cache/typescript/5.4/node_modules/@types/node/vm.d.ts +924 -0
  302. package/.cache/typescript/5.4/node_modules/@types/node/wasi.d.ts +181 -0
  303. package/.cache/typescript/5.4/node_modules/@types/node/worker_threads.d.ts +691 -0
  304. package/.cache/typescript/5.4/node_modules/@types/node/zlib.d.ts +530 -0
  305. package/.cache/typescript/5.4/node_modules/@types/qs/LICENSE +21 -0
  306. package/.cache/typescript/5.4/node_modules/@types/qs/README.md +15 -0
  307. package/.cache/typescript/5.4/node_modules/@types/qs/index.d.ts +79 -0
  308. package/.cache/typescript/5.4/node_modules/@types/qs/package.json +65 -0
  309. package/.cache/typescript/5.4/node_modules/@types/range-parser/LICENSE +21 -0
  310. package/.cache/typescript/5.4/node_modules/@types/range-parser/README.md +53 -0
  311. package/.cache/typescript/5.4/node_modules/@types/range-parser/index.d.ts +34 -0
  312. package/.cache/typescript/5.4/node_modules/@types/range-parser/package.json +25 -0
  313. package/.cache/typescript/5.4/node_modules/@types/send/LICENSE +21 -0
  314. package/.cache/typescript/5.4/node_modules/@types/send/README.md +15 -0
  315. package/.cache/typescript/5.4/node_modules/@types/send/index.d.ts +225 -0
  316. package/.cache/typescript/5.4/node_modules/@types/send/package.json +33 -0
  317. package/.cache/typescript/5.4/node_modules/@types/serve-static/LICENSE +21 -0
  318. package/.cache/typescript/5.4/node_modules/@types/serve-static/README.md +15 -0
  319. package/.cache/typescript/5.4/node_modules/@types/serve-static/index.d.ts +107 -0
  320. package/.cache/typescript/5.4/node_modules/@types/serve-static/package.json +39 -0
  321. package/.cache/typescript/5.4/node_modules/types-registry/README.md +2 -0
  322. package/.cache/typescript/5.4/node_modules/types-registry/index.json +1 -0
  323. package/.cache/typescript/5.4/node_modules/types-registry/package.json +20 -0
  324. package/.cache/typescript/5.4/node_modules/undici-types/README.md +6 -0
  325. package/.cache/typescript/5.4/node_modules/undici-types/agent.d.ts +31 -0
  326. package/.cache/typescript/5.4/node_modules/undici-types/api.d.ts +43 -0
  327. package/.cache/typescript/5.4/node_modules/undici-types/balanced-pool.d.ts +18 -0
  328. package/.cache/typescript/5.4/node_modules/undici-types/cache.d.ts +36 -0
  329. package/.cache/typescript/5.4/node_modules/undici-types/client.d.ts +97 -0
  330. package/.cache/typescript/5.4/node_modules/undici-types/connector.d.ts +34 -0
  331. package/.cache/typescript/5.4/node_modules/undici-types/content-type.d.ts +21 -0
  332. package/.cache/typescript/5.4/node_modules/undici-types/cookies.d.ts +28 -0
  333. package/.cache/typescript/5.4/node_modules/undici-types/diagnostics-channel.d.ts +67 -0
  334. package/.cache/typescript/5.4/node_modules/undici-types/dispatcher.d.ts +241 -0
  335. package/.cache/typescript/5.4/node_modules/undici-types/errors.d.ts +128 -0
  336. package/.cache/typescript/5.4/node_modules/undici-types/fetch.d.ts +209 -0
  337. package/.cache/typescript/5.4/node_modules/undici-types/file.d.ts +39 -0
  338. package/.cache/typescript/5.4/node_modules/undici-types/filereader.d.ts +54 -0
  339. package/.cache/typescript/5.4/node_modules/undici-types/formdata.d.ts +108 -0
  340. package/.cache/typescript/5.4/node_modules/undici-types/global-dispatcher.d.ts +9 -0
  341. package/.cache/typescript/5.4/node_modules/undici-types/global-origin.d.ts +7 -0
  342. package/.cache/typescript/5.4/node_modules/undici-types/handlers.d.ts +9 -0
  343. package/.cache/typescript/5.4/node_modules/undici-types/header.d.ts +4 -0
  344. package/.cache/typescript/5.4/node_modules/undici-types/index.d.ts +63 -0
  345. package/.cache/typescript/5.4/node_modules/undici-types/interceptors.d.ts +5 -0
  346. package/.cache/typescript/5.4/node_modules/undici-types/mock-agent.d.ts +50 -0
  347. package/.cache/typescript/5.4/node_modules/undici-types/mock-client.d.ts +25 -0
  348. package/.cache/typescript/5.4/node_modules/undici-types/mock-errors.d.ts +12 -0
  349. package/.cache/typescript/5.4/node_modules/undici-types/mock-interceptor.d.ts +93 -0
  350. package/.cache/typescript/5.4/node_modules/undici-types/mock-pool.d.ts +25 -0
  351. package/.cache/typescript/5.4/node_modules/undici-types/package.json +55 -0
  352. package/.cache/typescript/5.4/node_modules/undici-types/patch.d.ts +71 -0
  353. package/.cache/typescript/5.4/node_modules/undici-types/pool-stats.d.ts +19 -0
  354. package/.cache/typescript/5.4/node_modules/undici-types/pool.d.ts +28 -0
  355. package/.cache/typescript/5.4/node_modules/undici-types/proxy-agent.d.ts +30 -0
  356. package/.cache/typescript/5.4/node_modules/undici-types/readable.d.ts +61 -0
  357. package/.cache/typescript/5.4/node_modules/undici-types/webidl.d.ts +220 -0
  358. package/.cache/typescript/5.4/node_modules/undici-types/websocket.d.ts +131 -0
  359. package/.cache/typescript/5.4/package-lock.json +124 -0
  360. package/.cache/typescript/5.4/package.json +1 -0
  361. package/.replit +21 -0
  362. package/.upm/store.json +1 -0
  363. package/README.md +71 -0
  364. package/index.js +1 -0
  365. package/package.json +40 -0
  366. package/replit.nix +3 -0
@@ -0,0 +1,4455 @@
1
+ /**
2
+ * The `node:crypto` module provides cryptographic functionality that includes a
3
+ * set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify
4
+ * functions.
5
+ *
6
+ * ```js
7
+ * const { createHmac } = await import('node:crypto');
8
+ *
9
+ * const secret = 'abcdefg';
10
+ * const hash = createHmac('sha256', secret)
11
+ * .update('I love cupcakes')
12
+ * .digest('hex');
13
+ * console.log(hash);
14
+ * // Prints:
15
+ * // c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
16
+ * ```
17
+ * @see [source](https://github.com/nodejs/node/blob/v20.2.0/lib/crypto.js)
18
+ */
19
+ declare module "crypto" {
20
+ import * as stream from "node:stream";
21
+ import { PeerCertificate } from "node:tls";
22
+ /**
23
+ * SPKAC is a Certificate Signing Request mechanism originally implemented by
24
+ * Netscape and was specified formally as part of HTML5's `keygen` element.
25
+ *
26
+ * `<keygen>` is deprecated since [HTML 5.2](https://www.w3.org/TR/html52/changes.html#features-removed) and new projects
27
+ * should not use this element anymore.
28
+ *
29
+ * The `node:crypto` module provides the `Certificate` class for working with SPKAC
30
+ * data. The most common usage is handling output generated by the HTML5`<keygen>` element. Node.js uses [OpenSSL's SPKAC
31
+ * implementation](https://www.openssl.org/docs/man3.0/man1/openssl-spkac.html) internally.
32
+ * @since v0.11.8
33
+ */
34
+ class Certificate {
35
+ /**
36
+ * ```js
37
+ * const { Certificate } = await import('node:crypto');
38
+ * const spkac = getSpkacSomehow();
39
+ * const challenge = Certificate.exportChallenge(spkac);
40
+ * console.log(challenge.toString('utf8'));
41
+ * // Prints: the challenge as a UTF8 string
42
+ * ```
43
+ * @since v9.0.0
44
+ * @param encoding The `encoding` of the `spkac` string.
45
+ * @return The challenge component of the `spkac` data structure, which includes a public key and a challenge.
46
+ */
47
+ static exportChallenge(spkac: BinaryLike): Buffer;
48
+ /**
49
+ * ```js
50
+ * const { Certificate } = await import('node:crypto');
51
+ * const spkac = getSpkacSomehow();
52
+ * const publicKey = Certificate.exportPublicKey(spkac);
53
+ * console.log(publicKey);
54
+ * // Prints: the public key as <Buffer ...>
55
+ * ```
56
+ * @since v9.0.0
57
+ * @param encoding The `encoding` of the `spkac` string.
58
+ * @return The public key component of the `spkac` data structure, which includes a public key and a challenge.
59
+ */
60
+ static exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
61
+ /**
62
+ * ```js
63
+ * import { Buffer } from 'node:buffer';
64
+ * const { Certificate } = await import('node:crypto');
65
+ *
66
+ * const spkac = getSpkacSomehow();
67
+ * console.log(Certificate.verifySpkac(Buffer.from(spkac)));
68
+ * // Prints: true or false
69
+ * ```
70
+ * @since v9.0.0
71
+ * @param encoding The `encoding` of the `spkac` string.
72
+ * @return `true` if the given `spkac` data structure is valid, `false` otherwise.
73
+ */
74
+ static verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
75
+ /**
76
+ * @deprecated
77
+ * @param spkac
78
+ * @returns The challenge component of the `spkac` data structure,
79
+ * which includes a public key and a challenge.
80
+ */
81
+ exportChallenge(spkac: BinaryLike): Buffer;
82
+ /**
83
+ * @deprecated
84
+ * @param spkac
85
+ * @param encoding The encoding of the spkac string.
86
+ * @returns The public key component of the `spkac` data structure,
87
+ * which includes a public key and a challenge.
88
+ */
89
+ exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
90
+ /**
91
+ * @deprecated
92
+ * @param spkac
93
+ * @returns `true` if the given `spkac` data structure is valid,
94
+ * `false` otherwise.
95
+ */
96
+ verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
97
+ }
98
+ namespace constants {
99
+ // https://nodejs.org/dist/latest-v20.x/docs/api/crypto.html#crypto-constants
100
+ const OPENSSL_VERSION_NUMBER: number;
101
+ /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
102
+ const SSL_OP_ALL: number;
103
+ /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
104
+ const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
105
+ /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
106
+ const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
107
+ /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
108
+ const SSL_OP_CISCO_ANYCONNECT: number;
109
+ /** Instructs OpenSSL to turn on cookie exchange. */
110
+ const SSL_OP_COOKIE_EXCHANGE: number;
111
+ /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
112
+ const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
113
+ /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
114
+ const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
115
+ /** Allows initial connection to servers that do not support RI. */
116
+ const SSL_OP_LEGACY_SERVER_CONNECT: number;
117
+ /** Instructs OpenSSL to disable support for SSL/TLS compression. */
118
+ const SSL_OP_NO_COMPRESSION: number;
119
+ const SSL_OP_NO_QUERY_MTU: number;
120
+ /** Instructs OpenSSL to always start a new session when performing renegotiation. */
121
+ const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
122
+ const SSL_OP_NO_SSLv2: number;
123
+ const SSL_OP_NO_SSLv3: number;
124
+ const SSL_OP_NO_TICKET: number;
125
+ const SSL_OP_NO_TLSv1: number;
126
+ const SSL_OP_NO_TLSv1_1: number;
127
+ const SSL_OP_NO_TLSv1_2: number;
128
+ /** Instructs OpenSSL to disable version rollback attack detection. */
129
+ const SSL_OP_TLS_ROLLBACK_BUG: number;
130
+ const ENGINE_METHOD_RSA: number;
131
+ const ENGINE_METHOD_DSA: number;
132
+ const ENGINE_METHOD_DH: number;
133
+ const ENGINE_METHOD_RAND: number;
134
+ const ENGINE_METHOD_EC: number;
135
+ const ENGINE_METHOD_CIPHERS: number;
136
+ const ENGINE_METHOD_DIGESTS: number;
137
+ const ENGINE_METHOD_PKEY_METHS: number;
138
+ const ENGINE_METHOD_PKEY_ASN1_METHS: number;
139
+ const ENGINE_METHOD_ALL: number;
140
+ const ENGINE_METHOD_NONE: number;
141
+ const DH_CHECK_P_NOT_SAFE_PRIME: number;
142
+ const DH_CHECK_P_NOT_PRIME: number;
143
+ const DH_UNABLE_TO_CHECK_GENERATOR: number;
144
+ const DH_NOT_SUITABLE_GENERATOR: number;
145
+ const RSA_PKCS1_PADDING: number;
146
+ const RSA_SSLV23_PADDING: number;
147
+ const RSA_NO_PADDING: number;
148
+ const RSA_PKCS1_OAEP_PADDING: number;
149
+ const RSA_X931_PADDING: number;
150
+ const RSA_PKCS1_PSS_PADDING: number;
151
+ /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
152
+ const RSA_PSS_SALTLEN_DIGEST: number;
153
+ /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
154
+ const RSA_PSS_SALTLEN_MAX_SIGN: number;
155
+ /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
156
+ const RSA_PSS_SALTLEN_AUTO: number;
157
+ const POINT_CONVERSION_COMPRESSED: number;
158
+ const POINT_CONVERSION_UNCOMPRESSED: number;
159
+ const POINT_CONVERSION_HYBRID: number;
160
+ /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
161
+ const defaultCoreCipherList: string;
162
+ /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
163
+ const defaultCipherList: string;
164
+ }
165
+ interface HashOptions extends stream.TransformOptions {
166
+ /**
167
+ * For XOF hash functions such as `shake256`, the
168
+ * outputLength option can be used to specify the desired output length in bytes.
169
+ */
170
+ outputLength?: number | undefined;
171
+ }
172
+ /** @deprecated since v10.0.0 */
173
+ const fips: boolean;
174
+ /**
175
+ * Creates and returns a `Hash` object that can be used to generate hash digests
176
+ * using the given `algorithm`. Optional `options` argument controls stream
177
+ * behavior. For XOF hash functions such as `'shake256'`, the `outputLength` option
178
+ * can be used to specify the desired output length in bytes.
179
+ *
180
+ * The `algorithm` is dependent on the available algorithms supported by the
181
+ * version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
182
+ * On recent releases of OpenSSL, `openssl list -digest-algorithms` will
183
+ * display the available digest algorithms.
184
+ *
185
+ * Example: generating the sha256 sum of a file
186
+ *
187
+ * ```js
188
+ * import {
189
+ * createReadStream,
190
+ * } from 'node:fs';
191
+ * import { argv } from 'node:process';
192
+ * const {
193
+ * createHash,
194
+ * } = await import('node:crypto');
195
+ *
196
+ * const filename = argv[2];
197
+ *
198
+ * const hash = createHash('sha256');
199
+ *
200
+ * const input = createReadStream(filename);
201
+ * input.on('readable', () => {
202
+ * // Only one element is going to be produced by the
203
+ * // hash stream.
204
+ * const data = input.read();
205
+ * if (data)
206
+ * hash.update(data);
207
+ * else {
208
+ * console.log(`${hash.digest('hex')} ${filename}`);
209
+ * }
210
+ * });
211
+ * ```
212
+ * @since v0.1.92
213
+ * @param options `stream.transform` options
214
+ */
215
+ function createHash(algorithm: string, options?: HashOptions): Hash;
216
+ /**
217
+ * Creates and returns an `Hmac` object that uses the given `algorithm` and `key`.
218
+ * Optional `options` argument controls stream behavior.
219
+ *
220
+ * The `algorithm` is dependent on the available algorithms supported by the
221
+ * version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
222
+ * On recent releases of OpenSSL, `openssl list -digest-algorithms` will
223
+ * display the available digest algorithms.
224
+ *
225
+ * The `key` is the HMAC key used to generate the cryptographic HMAC hash. If it is
226
+ * a `KeyObject`, its type must be `secret`. If it is a string, please consider `caveats when using strings as inputs to cryptographic APIs`. If it was
227
+ * obtained from a cryptographically secure source of entropy, such as {@link randomBytes} or {@link generateKey}, its length should not
228
+ * exceed the block size of `algorithm` (e.g., 512 bits for SHA-256).
229
+ *
230
+ * Example: generating the sha256 HMAC of a file
231
+ *
232
+ * ```js
233
+ * import {
234
+ * createReadStream,
235
+ * } from 'node:fs';
236
+ * import { argv } from 'node:process';
237
+ * const {
238
+ * createHmac,
239
+ * } = await import('node:crypto');
240
+ *
241
+ * const filename = argv[2];
242
+ *
243
+ * const hmac = createHmac('sha256', 'a secret');
244
+ *
245
+ * const input = createReadStream(filename);
246
+ * input.on('readable', () => {
247
+ * // Only one element is going to be produced by the
248
+ * // hash stream.
249
+ * const data = input.read();
250
+ * if (data)
251
+ * hmac.update(data);
252
+ * else {
253
+ * console.log(`${hmac.digest('hex')} ${filename}`);
254
+ * }
255
+ * });
256
+ * ```
257
+ * @since v0.1.94
258
+ * @param options `stream.transform` options
259
+ */
260
+ function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
261
+ // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
262
+ type BinaryToTextEncoding = "base64" | "base64url" | "hex" | "binary";
263
+ type CharacterEncoding = "utf8" | "utf-8" | "utf16le" | "utf-16le" | "latin1";
264
+ type LegacyCharacterEncoding = "ascii" | "binary" | "ucs2" | "ucs-2";
265
+ type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
266
+ type ECDHKeyFormat = "compressed" | "uncompressed" | "hybrid";
267
+ /**
268
+ * The `Hash` class is a utility for creating hash digests of data. It can be
269
+ * used in one of two ways:
270
+ *
271
+ * * As a `stream` that is both readable and writable, where data is written
272
+ * to produce a computed hash digest on the readable side, or
273
+ * * Using the `hash.update()` and `hash.digest()` methods to produce the
274
+ * computed hash.
275
+ *
276
+ * The {@link createHash} method is used to create `Hash` instances. `Hash`objects are not to be created directly using the `new` keyword.
277
+ *
278
+ * Example: Using `Hash` objects as streams:
279
+ *
280
+ * ```js
281
+ * const {
282
+ * createHash,
283
+ * } = await import('node:crypto');
284
+ *
285
+ * const hash = createHash('sha256');
286
+ *
287
+ * hash.on('readable', () => {
288
+ * // Only one element is going to be produced by the
289
+ * // hash stream.
290
+ * const data = hash.read();
291
+ * if (data) {
292
+ * console.log(data.toString('hex'));
293
+ * // Prints:
294
+ * // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
295
+ * }
296
+ * });
297
+ *
298
+ * hash.write('some data to hash');
299
+ * hash.end();
300
+ * ```
301
+ *
302
+ * Example: Using `Hash` and piped streams:
303
+ *
304
+ * ```js
305
+ * import { createReadStream } from 'node:fs';
306
+ * import { stdout } from 'node:process';
307
+ * const { createHash } = await import('node:crypto');
308
+ *
309
+ * const hash = createHash('sha256');
310
+ *
311
+ * const input = createReadStream('test.js');
312
+ * input.pipe(hash).setEncoding('hex').pipe(stdout);
313
+ * ```
314
+ *
315
+ * Example: Using the `hash.update()` and `hash.digest()` methods:
316
+ *
317
+ * ```js
318
+ * const {
319
+ * createHash,
320
+ * } = await import('node:crypto');
321
+ *
322
+ * const hash = createHash('sha256');
323
+ *
324
+ * hash.update('some data to hash');
325
+ * console.log(hash.digest('hex'));
326
+ * // Prints:
327
+ * // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
328
+ * ```
329
+ * @since v0.1.92
330
+ */
331
+ class Hash extends stream.Transform {
332
+ private constructor();
333
+ /**
334
+ * Creates a new `Hash` object that contains a deep copy of the internal state
335
+ * of the current `Hash` object.
336
+ *
337
+ * The optional `options` argument controls stream behavior. For XOF hash
338
+ * functions such as `'shake256'`, the `outputLength` option can be used to
339
+ * specify the desired output length in bytes.
340
+ *
341
+ * An error is thrown when an attempt is made to copy the `Hash` object after
342
+ * its `hash.digest()` method has been called.
343
+ *
344
+ * ```js
345
+ * // Calculate a rolling hash.
346
+ * const {
347
+ * createHash,
348
+ * } = await import('node:crypto');
349
+ *
350
+ * const hash = createHash('sha256');
351
+ *
352
+ * hash.update('one');
353
+ * console.log(hash.copy().digest('hex'));
354
+ *
355
+ * hash.update('two');
356
+ * console.log(hash.copy().digest('hex'));
357
+ *
358
+ * hash.update('three');
359
+ * console.log(hash.copy().digest('hex'));
360
+ *
361
+ * // Etc.
362
+ * ```
363
+ * @since v13.1.0
364
+ * @param options `stream.transform` options
365
+ */
366
+ copy(options?: stream.TransformOptions): Hash;
367
+ /**
368
+ * Updates the hash content with the given `data`, the encoding of which
369
+ * is given in `inputEncoding`.
370
+ * If `encoding` is not provided, and the `data` is a string, an
371
+ * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
372
+ *
373
+ * This can be called many times with new data as it is streamed.
374
+ * @since v0.1.92
375
+ * @param inputEncoding The `encoding` of the `data` string.
376
+ */
377
+ update(data: BinaryLike): Hash;
378
+ update(data: string, inputEncoding: Encoding): Hash;
379
+ /**
380
+ * Calculates the digest of all of the data passed to be hashed (using the `hash.update()` method).
381
+ * If `encoding` is provided a string will be returned; otherwise
382
+ * a `Buffer` is returned.
383
+ *
384
+ * The `Hash` object can not be used again after `hash.digest()` method has been
385
+ * called. Multiple calls will cause an error to be thrown.
386
+ * @since v0.1.92
387
+ * @param encoding The `encoding` of the return value.
388
+ */
389
+ digest(): Buffer;
390
+ digest(encoding: BinaryToTextEncoding): string;
391
+ }
392
+ /**
393
+ * The `Hmac` class is a utility for creating cryptographic HMAC digests. It can
394
+ * be used in one of two ways:
395
+ *
396
+ * * As a `stream` that is both readable and writable, where data is written
397
+ * to produce a computed HMAC digest on the readable side, or
398
+ * * Using the `hmac.update()` and `hmac.digest()` methods to produce the
399
+ * computed HMAC digest.
400
+ *
401
+ * The {@link createHmac} method is used to create `Hmac` instances. `Hmac`objects are not to be created directly using the `new` keyword.
402
+ *
403
+ * Example: Using `Hmac` objects as streams:
404
+ *
405
+ * ```js
406
+ * const {
407
+ * createHmac,
408
+ * } = await import('node:crypto');
409
+ *
410
+ * const hmac = createHmac('sha256', 'a secret');
411
+ *
412
+ * hmac.on('readable', () => {
413
+ * // Only one element is going to be produced by the
414
+ * // hash stream.
415
+ * const data = hmac.read();
416
+ * if (data) {
417
+ * console.log(data.toString('hex'));
418
+ * // Prints:
419
+ * // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
420
+ * }
421
+ * });
422
+ *
423
+ * hmac.write('some data to hash');
424
+ * hmac.end();
425
+ * ```
426
+ *
427
+ * Example: Using `Hmac` and piped streams:
428
+ *
429
+ * ```js
430
+ * import { createReadStream } from 'node:fs';
431
+ * import { stdout } from 'node:process';
432
+ * const {
433
+ * createHmac,
434
+ * } = await import('node:crypto');
435
+ *
436
+ * const hmac = createHmac('sha256', 'a secret');
437
+ *
438
+ * const input = createReadStream('test.js');
439
+ * input.pipe(hmac).pipe(stdout);
440
+ * ```
441
+ *
442
+ * Example: Using the `hmac.update()` and `hmac.digest()` methods:
443
+ *
444
+ * ```js
445
+ * const {
446
+ * createHmac,
447
+ * } = await import('node:crypto');
448
+ *
449
+ * const hmac = createHmac('sha256', 'a secret');
450
+ *
451
+ * hmac.update('some data to hash');
452
+ * console.log(hmac.digest('hex'));
453
+ * // Prints:
454
+ * // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
455
+ * ```
456
+ * @since v0.1.94
457
+ */
458
+ class Hmac extends stream.Transform {
459
+ private constructor();
460
+ /**
461
+ * Updates the `Hmac` content with the given `data`, the encoding of which
462
+ * is given in `inputEncoding`.
463
+ * If `encoding` is not provided, and the `data` is a string, an
464
+ * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
465
+ *
466
+ * This can be called many times with new data as it is streamed.
467
+ * @since v0.1.94
468
+ * @param inputEncoding The `encoding` of the `data` string.
469
+ */
470
+ update(data: BinaryLike): Hmac;
471
+ update(data: string, inputEncoding: Encoding): Hmac;
472
+ /**
473
+ * Calculates the HMAC digest of all of the data passed using `hmac.update()`.
474
+ * If `encoding` is
475
+ * provided a string is returned; otherwise a `Buffer` is returned;
476
+ *
477
+ * The `Hmac` object can not be used again after `hmac.digest()` has been
478
+ * called. Multiple calls to `hmac.digest()` will result in an error being thrown.
479
+ * @since v0.1.94
480
+ * @param encoding The `encoding` of the return value.
481
+ */
482
+ digest(): Buffer;
483
+ digest(encoding: BinaryToTextEncoding): string;
484
+ }
485
+ type KeyObjectType = "secret" | "public" | "private";
486
+ interface KeyExportOptions<T extends KeyFormat> {
487
+ type: "pkcs1" | "spki" | "pkcs8" | "sec1";
488
+ format: T;
489
+ cipher?: string | undefined;
490
+ passphrase?: string | Buffer | undefined;
491
+ }
492
+ interface JwkKeyExportOptions {
493
+ format: "jwk";
494
+ }
495
+ interface JsonWebKey {
496
+ crv?: string | undefined;
497
+ d?: string | undefined;
498
+ dp?: string | undefined;
499
+ dq?: string | undefined;
500
+ e?: string | undefined;
501
+ k?: string | undefined;
502
+ kty?: string | undefined;
503
+ n?: string | undefined;
504
+ p?: string | undefined;
505
+ q?: string | undefined;
506
+ qi?: string | undefined;
507
+ x?: string | undefined;
508
+ y?: string | undefined;
509
+ [key: string]: unknown;
510
+ }
511
+ interface AsymmetricKeyDetails {
512
+ /**
513
+ * Key size in bits (RSA, DSA).
514
+ */
515
+ modulusLength?: number | undefined;
516
+ /**
517
+ * Public exponent (RSA).
518
+ */
519
+ publicExponent?: bigint | undefined;
520
+ /**
521
+ * Name of the message digest (RSA-PSS).
522
+ */
523
+ hashAlgorithm?: string | undefined;
524
+ /**
525
+ * Name of the message digest used by MGF1 (RSA-PSS).
526
+ */
527
+ mgf1HashAlgorithm?: string | undefined;
528
+ /**
529
+ * Minimal salt length in bytes (RSA-PSS).
530
+ */
531
+ saltLength?: number | undefined;
532
+ /**
533
+ * Size of q in bits (DSA).
534
+ */
535
+ divisorLength?: number | undefined;
536
+ /**
537
+ * Name of the curve (EC).
538
+ */
539
+ namedCurve?: string | undefined;
540
+ }
541
+ /**
542
+ * Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key,
543
+ * and each kind of key exposes different functions. The {@link createSecretKey}, {@link createPublicKey} and {@link createPrivateKey} methods are used to create `KeyObject`instances. `KeyObject`
544
+ * objects are not to be created directly using the `new`keyword.
545
+ *
546
+ * Most applications should consider using the new `KeyObject` API instead of
547
+ * passing keys as strings or `Buffer`s due to improved security features.
548
+ *
549
+ * `KeyObject` instances can be passed to other threads via `postMessage()`.
550
+ * The receiver obtains a cloned `KeyObject`, and the `KeyObject` does not need to
551
+ * be listed in the `transferList` argument.
552
+ * @since v11.6.0
553
+ */
554
+ class KeyObject {
555
+ private constructor();
556
+ /**
557
+ * Example: Converting a `CryptoKey` instance to a `KeyObject`:
558
+ *
559
+ * ```js
560
+ * const { KeyObject } = await import('node:crypto');
561
+ * const { subtle } = globalThis.crypto;
562
+ *
563
+ * const key = await subtle.generateKey({
564
+ * name: 'HMAC',
565
+ * hash: 'SHA-256',
566
+ * length: 256,
567
+ * }, true, ['sign', 'verify']);
568
+ *
569
+ * const keyObject = KeyObject.from(key);
570
+ * console.log(keyObject.symmetricKeySize);
571
+ * // Prints: 32 (symmetric key size in bytes)
572
+ * ```
573
+ * @since v15.0.0
574
+ */
575
+ static from(key: webcrypto.CryptoKey): KeyObject;
576
+ /**
577
+ * For asymmetric keys, this property represents the type of the key. Supported key
578
+ * types are:
579
+ *
580
+ * * `'rsa'` (OID 1.2.840.113549.1.1.1)
581
+ * * `'rsa-pss'` (OID 1.2.840.113549.1.1.10)
582
+ * * `'dsa'` (OID 1.2.840.10040.4.1)
583
+ * * `'ec'` (OID 1.2.840.10045.2.1)
584
+ * * `'x25519'` (OID 1.3.101.110)
585
+ * * `'x448'` (OID 1.3.101.111)
586
+ * * `'ed25519'` (OID 1.3.101.112)
587
+ * * `'ed448'` (OID 1.3.101.113)
588
+ * * `'dh'` (OID 1.2.840.113549.1.3.1)
589
+ *
590
+ * This property is `undefined` for unrecognized `KeyObject` types and symmetric
591
+ * keys.
592
+ * @since v11.6.0
593
+ */
594
+ asymmetricKeyType?: KeyType | undefined;
595
+ /**
596
+ * For asymmetric keys, this property represents the size of the embedded key in
597
+ * bytes. This property is `undefined` for symmetric keys.
598
+ */
599
+ asymmetricKeySize?: number | undefined;
600
+ /**
601
+ * This property exists only on asymmetric keys. Depending on the type of the key,
602
+ * this object contains information about the key. None of the information obtained
603
+ * through this property can be used to uniquely identify a key or to compromise
604
+ * the security of the key.
605
+ *
606
+ * For RSA-PSS keys, if the key material contains a `RSASSA-PSS-params` sequence,
607
+ * the `hashAlgorithm`, `mgf1HashAlgorithm`, and `saltLength` properties will be
608
+ * set.
609
+ *
610
+ * Other key details might be exposed via this API using additional attributes.
611
+ * @since v15.7.0
612
+ */
613
+ asymmetricKeyDetails?: AsymmetricKeyDetails | undefined;
614
+ /**
615
+ * For symmetric keys, the following encoding options can be used:
616
+ *
617
+ * For public keys, the following encoding options can be used:
618
+ *
619
+ * For private keys, the following encoding options can be used:
620
+ *
621
+ * The result type depends on the selected encoding format, when PEM the
622
+ * result is a string, when DER it will be a buffer containing the data
623
+ * encoded as DER, when [JWK](https://tools.ietf.org/html/rfc7517) it will be an object.
624
+ *
625
+ * When [JWK](https://tools.ietf.org/html/rfc7517) encoding format was selected, all other encoding options are
626
+ * ignored.
627
+ *
628
+ * PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of
629
+ * the `cipher` and `format` options. The PKCS#8 `type` can be used with any`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a`cipher`. PKCS#1 and SEC1 can only be
630
+ * encrypted by specifying a `cipher`when the PEM `format` is used. For maximum compatibility, use PKCS#8 for
631
+ * encrypted private keys. Since PKCS#8 defines its own
632
+ * encryption mechanism, PEM-level encryption is not supported when encrypting
633
+ * a PKCS#8 key. See [RFC 5208](https://www.rfc-editor.org/rfc/rfc5208.txt) for PKCS#8 encryption and [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421.txt) for
634
+ * PKCS#1 and SEC1 encryption.
635
+ * @since v11.6.0
636
+ */
637
+ export(options: KeyExportOptions<"pem">): string | Buffer;
638
+ export(options?: KeyExportOptions<"der">): Buffer;
639
+ export(options?: JwkKeyExportOptions): JsonWebKey;
640
+ /**
641
+ * For secret keys, this property represents the size of the key in bytes. This
642
+ * property is `undefined` for asymmetric keys.
643
+ * @since v11.6.0
644
+ */
645
+ symmetricKeySize?: number | undefined;
646
+ /**
647
+ * Depending on the type of this `KeyObject`, this property is either`'secret'` for secret (symmetric) keys, `'public'` for public (asymmetric) keys
648
+ * or `'private'` for private (asymmetric) keys.
649
+ * @since v11.6.0
650
+ */
651
+ type: KeyObjectType;
652
+ }
653
+ type CipherCCMTypes = "aes-128-ccm" | "aes-192-ccm" | "aes-256-ccm" | "chacha20-poly1305";
654
+ type CipherGCMTypes = "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm";
655
+ type CipherOCBTypes = "aes-128-ocb" | "aes-192-ocb" | "aes-256-ocb";
656
+ type BinaryLike = string | NodeJS.ArrayBufferView;
657
+ type CipherKey = BinaryLike | KeyObject;
658
+ interface CipherCCMOptions extends stream.TransformOptions {
659
+ authTagLength: number;
660
+ }
661
+ interface CipherGCMOptions extends stream.TransformOptions {
662
+ authTagLength?: number | undefined;
663
+ }
664
+ interface CipherOCBOptions extends stream.TransformOptions {
665
+ authTagLength: number;
666
+ }
667
+ /**
668
+ * Creates and returns a `Cipher` object that uses the given `algorithm` and`password`.
669
+ *
670
+ * The `options` argument controls stream behavior and is optional except when a
671
+ * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
672
+ * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
673
+ * tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
674
+ * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
675
+ *
676
+ * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
677
+ * recent OpenSSL releases, `openssl list -cipher-algorithms` will
678
+ * display the available cipher algorithms.
679
+ *
680
+ * The `password` is used to derive the cipher key and initialization vector (IV).
681
+ * The value must be either a `'latin1'` encoded string, a `Buffer`, a`TypedArray`, or a `DataView`.
682
+ *
683
+ * **This function is semantically insecure for all**
684
+ * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
685
+ * **GCM, or CCM).**
686
+ *
687
+ * The implementation of `crypto.createCipher()` derives keys using the OpenSSL
688
+ * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
689
+ * iteration, and no salt. The lack of salt allows dictionary attacks as the same
690
+ * password always creates the same key. The low iteration count and
691
+ * non-cryptographically secure hash algorithm allow passwords to be tested very
692
+ * rapidly.
693
+ *
694
+ * In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
695
+ * developers derive a key and IV on
696
+ * their own using {@link scrypt} and to use {@link createCipheriv} to create the `Cipher` object. Users should not use ciphers with counter mode
697
+ * (e.g. CTR, GCM, or CCM) in `crypto.createCipher()`. A warning is emitted when
698
+ * they are used in order to avoid the risk of IV reuse that causes
699
+ * vulnerabilities. For the case when IV is reused in GCM, see [Nonce-Disrespecting Adversaries](https://github.com/nonce-disrespect/nonce-disrespect) for details.
700
+ * @since v0.1.94
701
+ * @deprecated Since v10.0.0 - Use {@link createCipheriv} instead.
702
+ * @param options `stream.transform` options
703
+ */
704
+ function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
705
+ /** @deprecated since v10.0.0 use `createCipheriv()` */
706
+ function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
707
+ /** @deprecated since v10.0.0 use `createCipheriv()` */
708
+ function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
709
+ /**
710
+ * Creates and returns a `Cipher` object, with the given `algorithm`, `key` and
711
+ * initialization vector (`iv`).
712
+ *
713
+ * The `options` argument controls stream behavior and is optional except when a
714
+ * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
715
+ * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
716
+ * tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
717
+ * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
718
+ *
719
+ * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
720
+ * recent OpenSSL releases, `openssl list -cipher-algorithms` will
721
+ * display the available cipher algorithms.
722
+ *
723
+ * The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded
724
+ * strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be
725
+ * a `KeyObject` of type `secret`. If the cipher does not need
726
+ * an initialization vector, `iv` may be `null`.
727
+ *
728
+ * When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`.
729
+ *
730
+ * Initialization vectors should be unpredictable and unique; ideally, they will be
731
+ * cryptographically random. They do not have to be secret: IVs are typically just
732
+ * added to ciphertext messages unencrypted. It may sound contradictory that
733
+ * something has to be unpredictable and unique, but does not have to be secret;
734
+ * remember that an attacker must not be able to predict ahead of time what a
735
+ * given IV will be.
736
+ * @since v0.1.94
737
+ * @param options `stream.transform` options
738
+ */
739
+ function createCipheriv(
740
+ algorithm: CipherCCMTypes,
741
+ key: CipherKey,
742
+ iv: BinaryLike,
743
+ options: CipherCCMOptions,
744
+ ): CipherCCM;
745
+ function createCipheriv(
746
+ algorithm: CipherOCBTypes,
747
+ key: CipherKey,
748
+ iv: BinaryLike,
749
+ options: CipherOCBOptions,
750
+ ): CipherOCB;
751
+ function createCipheriv(
752
+ algorithm: CipherGCMTypes,
753
+ key: CipherKey,
754
+ iv: BinaryLike,
755
+ options?: CipherGCMOptions,
756
+ ): CipherGCM;
757
+ function createCipheriv(
758
+ algorithm: string,
759
+ key: CipherKey,
760
+ iv: BinaryLike | null,
761
+ options?: stream.TransformOptions,
762
+ ): Cipher;
763
+ /**
764
+ * Instances of the `Cipher` class are used to encrypt data. The class can be
765
+ * used in one of two ways:
766
+ *
767
+ * * As a `stream` that is both readable and writable, where plain unencrypted
768
+ * data is written to produce encrypted data on the readable side, or
769
+ * * Using the `cipher.update()` and `cipher.final()` methods to produce
770
+ * the encrypted data.
771
+ *
772
+ * The {@link createCipher} or {@link createCipheriv} methods are
773
+ * used to create `Cipher` instances. `Cipher` objects are not to be created
774
+ * directly using the `new` keyword.
775
+ *
776
+ * Example: Using `Cipher` objects as streams:
777
+ *
778
+ * ```js
779
+ * const {
780
+ * scrypt,
781
+ * randomFill,
782
+ * createCipheriv,
783
+ * } = await import('node:crypto');
784
+ *
785
+ * const algorithm = 'aes-192-cbc';
786
+ * const password = 'Password used to generate key';
787
+ *
788
+ * // First, we'll generate the key. The key length is dependent on the algorithm.
789
+ * // In this case for aes192, it is 24 bytes (192 bits).
790
+ * scrypt(password, 'salt', 24, (err, key) => {
791
+ * if (err) throw err;
792
+ * // Then, we'll generate a random initialization vector
793
+ * randomFill(new Uint8Array(16), (err, iv) => {
794
+ * if (err) throw err;
795
+ *
796
+ * // Once we have the key and iv, we can create and use the cipher...
797
+ * const cipher = createCipheriv(algorithm, key, iv);
798
+ *
799
+ * let encrypted = '';
800
+ * cipher.setEncoding('hex');
801
+ *
802
+ * cipher.on('data', (chunk) => encrypted += chunk);
803
+ * cipher.on('end', () => console.log(encrypted));
804
+ *
805
+ * cipher.write('some clear text data');
806
+ * cipher.end();
807
+ * });
808
+ * });
809
+ * ```
810
+ *
811
+ * Example: Using `Cipher` and piped streams:
812
+ *
813
+ * ```js
814
+ * import {
815
+ * createReadStream,
816
+ * createWriteStream,
817
+ * } from 'node:fs';
818
+ *
819
+ * import {
820
+ * pipeline,
821
+ * } from 'node:stream';
822
+ *
823
+ * const {
824
+ * scrypt,
825
+ * randomFill,
826
+ * createCipheriv,
827
+ * } = await import('node:crypto');
828
+ *
829
+ * const algorithm = 'aes-192-cbc';
830
+ * const password = 'Password used to generate key';
831
+ *
832
+ * // First, we'll generate the key. The key length is dependent on the algorithm.
833
+ * // In this case for aes192, it is 24 bytes (192 bits).
834
+ * scrypt(password, 'salt', 24, (err, key) => {
835
+ * if (err) throw err;
836
+ * // Then, we'll generate a random initialization vector
837
+ * randomFill(new Uint8Array(16), (err, iv) => {
838
+ * if (err) throw err;
839
+ *
840
+ * const cipher = createCipheriv(algorithm, key, iv);
841
+ *
842
+ * const input = createReadStream('test.js');
843
+ * const output = createWriteStream('test.enc');
844
+ *
845
+ * pipeline(input, cipher, output, (err) => {
846
+ * if (err) throw err;
847
+ * });
848
+ * });
849
+ * });
850
+ * ```
851
+ *
852
+ * Example: Using the `cipher.update()` and `cipher.final()` methods:
853
+ *
854
+ * ```js
855
+ * const {
856
+ * scrypt,
857
+ * randomFill,
858
+ * createCipheriv,
859
+ * } = await import('node:crypto');
860
+ *
861
+ * const algorithm = 'aes-192-cbc';
862
+ * const password = 'Password used to generate key';
863
+ *
864
+ * // First, we'll generate the key. The key length is dependent on the algorithm.
865
+ * // In this case for aes192, it is 24 bytes (192 bits).
866
+ * scrypt(password, 'salt', 24, (err, key) => {
867
+ * if (err) throw err;
868
+ * // Then, we'll generate a random initialization vector
869
+ * randomFill(new Uint8Array(16), (err, iv) => {
870
+ * if (err) throw err;
871
+ *
872
+ * const cipher = createCipheriv(algorithm, key, iv);
873
+ *
874
+ * let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
875
+ * encrypted += cipher.final('hex');
876
+ * console.log(encrypted);
877
+ * });
878
+ * });
879
+ * ```
880
+ * @since v0.1.94
881
+ */
882
+ class Cipher extends stream.Transform {
883
+ private constructor();
884
+ /**
885
+ * Updates the cipher with `data`. If the `inputEncoding` argument is given,
886
+ * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`, `TypedArray`, or`DataView`. If `data` is a `Buffer`,
887
+ * `TypedArray`, or `DataView`, then`inputEncoding` is ignored.
888
+ *
889
+ * The `outputEncoding` specifies the output format of the enciphered
890
+ * data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
891
+ *
892
+ * The `cipher.update()` method can be called multiple times with new data until `cipher.final()` is called. Calling `cipher.update()` after `cipher.final()` will result in an error being
893
+ * thrown.
894
+ * @since v0.1.94
895
+ * @param inputEncoding The `encoding` of the data.
896
+ * @param outputEncoding The `encoding` of the return value.
897
+ */
898
+ update(data: BinaryLike): Buffer;
899
+ update(data: string, inputEncoding: Encoding): Buffer;
900
+ update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
901
+ update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
902
+ /**
903
+ * Once the `cipher.final()` method has been called, the `Cipher` object can no
904
+ * longer be used to encrypt data. Attempts to call `cipher.final()` more than
905
+ * once will result in an error being thrown.
906
+ * @since v0.1.94
907
+ * @param outputEncoding The `encoding` of the return value.
908
+ * @return Any remaining enciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
909
+ */
910
+ final(): Buffer;
911
+ final(outputEncoding: BufferEncoding): string;
912
+ /**
913
+ * When using block encryption algorithms, the `Cipher` class will automatically
914
+ * add padding to the input data to the appropriate block size. To disable the
915
+ * default padding call `cipher.setAutoPadding(false)`.
916
+ *
917
+ * When `autoPadding` is `false`, the length of the entire input data must be a
918
+ * multiple of the cipher's block size or `cipher.final()` will throw an error.
919
+ * Disabling automatic padding is useful for non-standard padding, for instance
920
+ * using `0x0` instead of PKCS padding.
921
+ *
922
+ * The `cipher.setAutoPadding()` method must be called before `cipher.final()`.
923
+ * @since v0.7.1
924
+ * @param [autoPadding=true]
925
+ * @return for method chaining.
926
+ */
927
+ setAutoPadding(autoPadding?: boolean): this;
928
+ }
929
+ interface CipherCCM extends Cipher {
930
+ setAAD(
931
+ buffer: NodeJS.ArrayBufferView,
932
+ options: {
933
+ plaintextLength: number;
934
+ },
935
+ ): this;
936
+ getAuthTag(): Buffer;
937
+ }
938
+ interface CipherGCM extends Cipher {
939
+ setAAD(
940
+ buffer: NodeJS.ArrayBufferView,
941
+ options?: {
942
+ plaintextLength: number;
943
+ },
944
+ ): this;
945
+ getAuthTag(): Buffer;
946
+ }
947
+ interface CipherOCB extends Cipher {
948
+ setAAD(
949
+ buffer: NodeJS.ArrayBufferView,
950
+ options?: {
951
+ plaintextLength: number;
952
+ },
953
+ ): this;
954
+ getAuthTag(): Buffer;
955
+ }
956
+ /**
957
+ * Creates and returns a `Decipher` object that uses the given `algorithm` and`password` (key).
958
+ *
959
+ * The `options` argument controls stream behavior and is optional except when a
960
+ * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
961
+ * authentication tag in bytes, see `CCM mode`.
962
+ * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
963
+ *
964
+ * **This function is semantically insecure for all**
965
+ * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
966
+ * **GCM, or CCM).**
967
+ *
968
+ * The implementation of `crypto.createDecipher()` derives keys using the OpenSSL
969
+ * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
970
+ * iteration, and no salt. The lack of salt allows dictionary attacks as the same
971
+ * password always creates the same key. The low iteration count and
972
+ * non-cryptographically secure hash algorithm allow passwords to be tested very
973
+ * rapidly.
974
+ *
975
+ * In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
976
+ * developers derive a key and IV on
977
+ * their own using {@link scrypt} and to use {@link createDecipheriv} to create the `Decipher` object.
978
+ * @since v0.1.94
979
+ * @deprecated Since v10.0.0 - Use {@link createDecipheriv} instead.
980
+ * @param options `stream.transform` options
981
+ */
982
+ function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
983
+ /** @deprecated since v10.0.0 use `createDecipheriv()` */
984
+ function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
985
+ /** @deprecated since v10.0.0 use `createDecipheriv()` */
986
+ function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
987
+ /**
988
+ * Creates and returns a `Decipher` object that uses the given `algorithm`, `key`and initialization vector (`iv`).
989
+ *
990
+ * The `options` argument controls stream behavior and is optional except when a
991
+ * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
992
+ * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to restrict accepted authentication tags
993
+ * to those with the specified length.
994
+ * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
995
+ *
996
+ * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
997
+ * recent OpenSSL releases, `openssl list -cipher-algorithms` will
998
+ * display the available cipher algorithms.
999
+ *
1000
+ * The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded
1001
+ * strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be
1002
+ * a `KeyObject` of type `secret`. If the cipher does not need
1003
+ * an initialization vector, `iv` may be `null`.
1004
+ *
1005
+ * When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`.
1006
+ *
1007
+ * Initialization vectors should be unpredictable and unique; ideally, they will be
1008
+ * cryptographically random. They do not have to be secret: IVs are typically just
1009
+ * added to ciphertext messages unencrypted. It may sound contradictory that
1010
+ * something has to be unpredictable and unique, but does not have to be secret;
1011
+ * remember that an attacker must not be able to predict ahead of time what a given
1012
+ * IV will be.
1013
+ * @since v0.1.94
1014
+ * @param options `stream.transform` options
1015
+ */
1016
+ function createDecipheriv(
1017
+ algorithm: CipherCCMTypes,
1018
+ key: CipherKey,
1019
+ iv: BinaryLike,
1020
+ options: CipherCCMOptions,
1021
+ ): DecipherCCM;
1022
+ function createDecipheriv(
1023
+ algorithm: CipherOCBTypes,
1024
+ key: CipherKey,
1025
+ iv: BinaryLike,
1026
+ options: CipherOCBOptions,
1027
+ ): DecipherOCB;
1028
+ function createDecipheriv(
1029
+ algorithm: CipherGCMTypes,
1030
+ key: CipherKey,
1031
+ iv: BinaryLike,
1032
+ options?: CipherGCMOptions,
1033
+ ): DecipherGCM;
1034
+ function createDecipheriv(
1035
+ algorithm: string,
1036
+ key: CipherKey,
1037
+ iv: BinaryLike | null,
1038
+ options?: stream.TransformOptions,
1039
+ ): Decipher;
1040
+ /**
1041
+ * Instances of the `Decipher` class are used to decrypt data. The class can be
1042
+ * used in one of two ways:
1043
+ *
1044
+ * * As a `stream` that is both readable and writable, where plain encrypted
1045
+ * data is written to produce unencrypted data on the readable side, or
1046
+ * * Using the `decipher.update()` and `decipher.final()` methods to
1047
+ * produce the unencrypted data.
1048
+ *
1049
+ * The {@link createDecipher} or {@link createDecipheriv} methods are
1050
+ * used to create `Decipher` instances. `Decipher` objects are not to be created
1051
+ * directly using the `new` keyword.
1052
+ *
1053
+ * Example: Using `Decipher` objects as streams:
1054
+ *
1055
+ * ```js
1056
+ * import { Buffer } from 'node:buffer';
1057
+ * const {
1058
+ * scryptSync,
1059
+ * createDecipheriv,
1060
+ * } = await import('node:crypto');
1061
+ *
1062
+ * const algorithm = 'aes-192-cbc';
1063
+ * const password = 'Password used to generate key';
1064
+ * // Key length is dependent on the algorithm. In this case for aes192, it is
1065
+ * // 24 bytes (192 bits).
1066
+ * // Use the async `crypto.scrypt()` instead.
1067
+ * const key = scryptSync(password, 'salt', 24);
1068
+ * // The IV is usually passed along with the ciphertext.
1069
+ * const iv = Buffer.alloc(16, 0); // Initialization vector.
1070
+ *
1071
+ * const decipher = createDecipheriv(algorithm, key, iv);
1072
+ *
1073
+ * let decrypted = '';
1074
+ * decipher.on('readable', () => {
1075
+ * let chunk;
1076
+ * while (null !== (chunk = decipher.read())) {
1077
+ * decrypted += chunk.toString('utf8');
1078
+ * }
1079
+ * });
1080
+ * decipher.on('end', () => {
1081
+ * console.log(decrypted);
1082
+ * // Prints: some clear text data
1083
+ * });
1084
+ *
1085
+ * // Encrypted with same algorithm, key and iv.
1086
+ * const encrypted =
1087
+ * 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
1088
+ * decipher.write(encrypted, 'hex');
1089
+ * decipher.end();
1090
+ * ```
1091
+ *
1092
+ * Example: Using `Decipher` and piped streams:
1093
+ *
1094
+ * ```js
1095
+ * import {
1096
+ * createReadStream,
1097
+ * createWriteStream,
1098
+ * } from 'node:fs';
1099
+ * import { Buffer } from 'node:buffer';
1100
+ * const {
1101
+ * scryptSync,
1102
+ * createDecipheriv,
1103
+ * } = await import('node:crypto');
1104
+ *
1105
+ * const algorithm = 'aes-192-cbc';
1106
+ * const password = 'Password used to generate key';
1107
+ * // Use the async `crypto.scrypt()` instead.
1108
+ * const key = scryptSync(password, 'salt', 24);
1109
+ * // The IV is usually passed along with the ciphertext.
1110
+ * const iv = Buffer.alloc(16, 0); // Initialization vector.
1111
+ *
1112
+ * const decipher = createDecipheriv(algorithm, key, iv);
1113
+ *
1114
+ * const input = createReadStream('test.enc');
1115
+ * const output = createWriteStream('test.js');
1116
+ *
1117
+ * input.pipe(decipher).pipe(output);
1118
+ * ```
1119
+ *
1120
+ * Example: Using the `decipher.update()` and `decipher.final()` methods:
1121
+ *
1122
+ * ```js
1123
+ * import { Buffer } from 'node:buffer';
1124
+ * const {
1125
+ * scryptSync,
1126
+ * createDecipheriv,
1127
+ * } = await import('node:crypto');
1128
+ *
1129
+ * const algorithm = 'aes-192-cbc';
1130
+ * const password = 'Password used to generate key';
1131
+ * // Use the async `crypto.scrypt()` instead.
1132
+ * const key = scryptSync(password, 'salt', 24);
1133
+ * // The IV is usually passed along with the ciphertext.
1134
+ * const iv = Buffer.alloc(16, 0); // Initialization vector.
1135
+ *
1136
+ * const decipher = createDecipheriv(algorithm, key, iv);
1137
+ *
1138
+ * // Encrypted using same algorithm, key and iv.
1139
+ * const encrypted =
1140
+ * 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
1141
+ * let decrypted = decipher.update(encrypted, 'hex', 'utf8');
1142
+ * decrypted += decipher.final('utf8');
1143
+ * console.log(decrypted);
1144
+ * // Prints: some clear text data
1145
+ * ```
1146
+ * @since v0.1.94
1147
+ */
1148
+ class Decipher extends stream.Transform {
1149
+ private constructor();
1150
+ /**
1151
+ * Updates the decipher with `data`. If the `inputEncoding` argument is given,
1152
+ * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`. If `data` is a `Buffer` then `inputEncoding` is
1153
+ * ignored.
1154
+ *
1155
+ * The `outputEncoding` specifies the output format of the enciphered
1156
+ * data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
1157
+ *
1158
+ * The `decipher.update()` method can be called multiple times with new data until `decipher.final()` is called. Calling `decipher.update()` after `decipher.final()` will result in an error
1159
+ * being thrown.
1160
+ * @since v0.1.94
1161
+ * @param inputEncoding The `encoding` of the `data` string.
1162
+ * @param outputEncoding The `encoding` of the return value.
1163
+ */
1164
+ update(data: NodeJS.ArrayBufferView): Buffer;
1165
+ update(data: string, inputEncoding: Encoding): Buffer;
1166
+ update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
1167
+ update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
1168
+ /**
1169
+ * Once the `decipher.final()` method has been called, the `Decipher` object can
1170
+ * no longer be used to decrypt data. Attempts to call `decipher.final()` more
1171
+ * than once will result in an error being thrown.
1172
+ * @since v0.1.94
1173
+ * @param outputEncoding The `encoding` of the return value.
1174
+ * @return Any remaining deciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
1175
+ */
1176
+ final(): Buffer;
1177
+ final(outputEncoding: BufferEncoding): string;
1178
+ /**
1179
+ * When data has been encrypted without standard block padding, calling`decipher.setAutoPadding(false)` will disable automatic padding to prevent `decipher.final()` from checking for and
1180
+ * removing padding.
1181
+ *
1182
+ * Turning auto padding off will only work if the input data's length is a
1183
+ * multiple of the ciphers block size.
1184
+ *
1185
+ * The `decipher.setAutoPadding()` method must be called before `decipher.final()`.
1186
+ * @since v0.7.1
1187
+ * @param [autoPadding=true]
1188
+ * @return for method chaining.
1189
+ */
1190
+ setAutoPadding(auto_padding?: boolean): this;
1191
+ }
1192
+ interface DecipherCCM extends Decipher {
1193
+ setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1194
+ setAAD(
1195
+ buffer: NodeJS.ArrayBufferView,
1196
+ options: {
1197
+ plaintextLength: number;
1198
+ },
1199
+ ): this;
1200
+ }
1201
+ interface DecipherGCM extends Decipher {
1202
+ setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1203
+ setAAD(
1204
+ buffer: NodeJS.ArrayBufferView,
1205
+ options?: {
1206
+ plaintextLength: number;
1207
+ },
1208
+ ): this;
1209
+ }
1210
+ interface DecipherOCB extends Decipher {
1211
+ setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1212
+ setAAD(
1213
+ buffer: NodeJS.ArrayBufferView,
1214
+ options?: {
1215
+ plaintextLength: number;
1216
+ },
1217
+ ): this;
1218
+ }
1219
+ interface PrivateKeyInput {
1220
+ key: string | Buffer;
1221
+ format?: KeyFormat | undefined;
1222
+ type?: "pkcs1" | "pkcs8" | "sec1" | undefined;
1223
+ passphrase?: string | Buffer | undefined;
1224
+ encoding?: string | undefined;
1225
+ }
1226
+ interface PublicKeyInput {
1227
+ key: string | Buffer;
1228
+ format?: KeyFormat | undefined;
1229
+ type?: "pkcs1" | "spki" | undefined;
1230
+ encoding?: string | undefined;
1231
+ }
1232
+ /**
1233
+ * Asynchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
1234
+ *
1235
+ * ```js
1236
+ * const {
1237
+ * generateKey,
1238
+ * } = await import('node:crypto');
1239
+ *
1240
+ * generateKey('hmac', { length: 512 }, (err, key) => {
1241
+ * if (err) throw err;
1242
+ * console.log(key.export().toString('hex')); // 46e..........620
1243
+ * });
1244
+ * ```
1245
+ *
1246
+ * The size of a generated HMAC key should not exceed the block size of the
1247
+ * underlying hash function. See {@link createHmac} for more information.
1248
+ * @since v15.0.0
1249
+ * @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
1250
+ */
1251
+ function generateKey(
1252
+ type: "hmac" | "aes",
1253
+ options: {
1254
+ length: number;
1255
+ },
1256
+ callback: (err: Error | null, key: KeyObject) => void,
1257
+ ): void;
1258
+ /**
1259
+ * Synchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
1260
+ *
1261
+ * ```js
1262
+ * const {
1263
+ * generateKeySync,
1264
+ * } = await import('node:crypto');
1265
+ *
1266
+ * const key = generateKeySync('hmac', { length: 512 });
1267
+ * console.log(key.export().toString('hex')); // e89..........41e
1268
+ * ```
1269
+ *
1270
+ * The size of a generated HMAC key should not exceed the block size of the
1271
+ * underlying hash function. See {@link createHmac} for more information.
1272
+ * @since v15.0.0
1273
+ * @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
1274
+ */
1275
+ function generateKeySync(
1276
+ type: "hmac" | "aes",
1277
+ options: {
1278
+ length: number;
1279
+ },
1280
+ ): KeyObject;
1281
+ interface JsonWebKeyInput {
1282
+ key: JsonWebKey;
1283
+ format: "jwk";
1284
+ }
1285
+ /**
1286
+ * Creates and returns a new key object containing a private key. If `key` is a
1287
+ * string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`must be an object with the properties described above.
1288
+ *
1289
+ * If the private key is encrypted, a `passphrase` must be specified. The length
1290
+ * of the passphrase is limited to 1024 bytes.
1291
+ * @since v11.6.0
1292
+ */
1293
+ function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
1294
+ /**
1295
+ * Creates and returns a new key object containing a public key. If `key` is a
1296
+ * string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject`with type `'private'`, the public key is derived from the given private key;
1297
+ * otherwise, `key` must be an object with the properties described above.
1298
+ *
1299
+ * If the format is `'pem'`, the `'key'` may also be an X.509 certificate.
1300
+ *
1301
+ * Because public keys can be derived from private keys, a private key may be
1302
+ * passed instead of a public key. In that case, this function behaves as if {@link createPrivateKey} had been called, except that the type of the
1303
+ * returned `KeyObject` will be `'public'` and that the private key cannot be
1304
+ * extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type`'private'` is given, a new `KeyObject` with type `'public'` will be returned
1305
+ * and it will be impossible to extract the private key from the returned object.
1306
+ * @since v11.6.0
1307
+ */
1308
+ function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject | JsonWebKeyInput): KeyObject;
1309
+ /**
1310
+ * Creates and returns a new key object containing a secret key for symmetric
1311
+ * encryption or `Hmac`.
1312
+ * @since v11.6.0
1313
+ * @param encoding The string encoding when `key` is a string.
1314
+ */
1315
+ function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
1316
+ function createSecretKey(key: string, encoding: BufferEncoding): KeyObject;
1317
+ /**
1318
+ * Creates and returns a `Sign` object that uses the given `algorithm`. Use {@link getHashes} to obtain the names of the available digest algorithms.
1319
+ * Optional `options` argument controls the `stream.Writable` behavior.
1320
+ *
1321
+ * In some cases, a `Sign` instance can be created using the name of a signature
1322
+ * algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
1323
+ * the corresponding digest algorithm. This does not work for all signature
1324
+ * algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
1325
+ * algorithm names.
1326
+ * @since v0.1.92
1327
+ * @param options `stream.Writable` options
1328
+ */
1329
+ function createSign(algorithm: string, options?: stream.WritableOptions): Sign;
1330
+ type DSAEncoding = "der" | "ieee-p1363";
1331
+ interface SigningOptions {
1332
+ /**
1333
+ * @see crypto.constants.RSA_PKCS1_PADDING
1334
+ */
1335
+ padding?: number | undefined;
1336
+ saltLength?: number | undefined;
1337
+ dsaEncoding?: DSAEncoding | undefined;
1338
+ }
1339
+ interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
1340
+ interface SignKeyObjectInput extends SigningOptions {
1341
+ key: KeyObject;
1342
+ }
1343
+ interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions {}
1344
+ interface VerifyKeyObjectInput extends SigningOptions {
1345
+ key: KeyObject;
1346
+ }
1347
+ interface VerifyJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
1348
+ type KeyLike = string | Buffer | KeyObject;
1349
+ /**
1350
+ * The `Sign` class is a utility for generating signatures. It can be used in one
1351
+ * of two ways:
1352
+ *
1353
+ * * As a writable `stream`, where data to be signed is written and the `sign.sign()` method is used to generate and return the signature, or
1354
+ * * Using the `sign.update()` and `sign.sign()` methods to produce the
1355
+ * signature.
1356
+ *
1357
+ * The {@link createSign} method is used to create `Sign` instances. The
1358
+ * argument is the string name of the hash function to use. `Sign` objects are not
1359
+ * to be created directly using the `new` keyword.
1360
+ *
1361
+ * Example: Using `Sign` and `Verify` objects as streams:
1362
+ *
1363
+ * ```js
1364
+ * const {
1365
+ * generateKeyPairSync,
1366
+ * createSign,
1367
+ * createVerify,
1368
+ * } = await import('node:crypto');
1369
+ *
1370
+ * const { privateKey, publicKey } = generateKeyPairSync('ec', {
1371
+ * namedCurve: 'sect239k1',
1372
+ * });
1373
+ *
1374
+ * const sign = createSign('SHA256');
1375
+ * sign.write('some data to sign');
1376
+ * sign.end();
1377
+ * const signature = sign.sign(privateKey, 'hex');
1378
+ *
1379
+ * const verify = createVerify('SHA256');
1380
+ * verify.write('some data to sign');
1381
+ * verify.end();
1382
+ * console.log(verify.verify(publicKey, signature, 'hex'));
1383
+ * // Prints: true
1384
+ * ```
1385
+ *
1386
+ * Example: Using the `sign.update()` and `verify.update()` methods:
1387
+ *
1388
+ * ```js
1389
+ * const {
1390
+ * generateKeyPairSync,
1391
+ * createSign,
1392
+ * createVerify,
1393
+ * } = await import('node:crypto');
1394
+ *
1395
+ * const { privateKey, publicKey } = generateKeyPairSync('rsa', {
1396
+ * modulusLength: 2048,
1397
+ * });
1398
+ *
1399
+ * const sign = createSign('SHA256');
1400
+ * sign.update('some data to sign');
1401
+ * sign.end();
1402
+ * const signature = sign.sign(privateKey);
1403
+ *
1404
+ * const verify = createVerify('SHA256');
1405
+ * verify.update('some data to sign');
1406
+ * verify.end();
1407
+ * console.log(verify.verify(publicKey, signature));
1408
+ * // Prints: true
1409
+ * ```
1410
+ * @since v0.1.92
1411
+ */
1412
+ class Sign extends stream.Writable {
1413
+ private constructor();
1414
+ /**
1415
+ * Updates the `Sign` content with the given `data`, the encoding of which
1416
+ * is given in `inputEncoding`.
1417
+ * If `encoding` is not provided, and the `data` is a string, an
1418
+ * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
1419
+ *
1420
+ * This can be called many times with new data as it is streamed.
1421
+ * @since v0.1.92
1422
+ * @param inputEncoding The `encoding` of the `data` string.
1423
+ */
1424
+ update(data: BinaryLike): this;
1425
+ update(data: string, inputEncoding: Encoding): this;
1426
+ /**
1427
+ * Calculates the signature on all the data passed through using either `sign.update()` or `sign.write()`.
1428
+ *
1429
+ * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
1430
+ * object, the following additional properties can be passed:
1431
+ *
1432
+ * If `outputEncoding` is provided a string is returned; otherwise a `Buffer` is returned.
1433
+ *
1434
+ * The `Sign` object can not be again used after `sign.sign()` method has been
1435
+ * called. Multiple calls to `sign.sign()` will result in an error being thrown.
1436
+ * @since v0.1.92
1437
+ */
1438
+ sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
1439
+ sign(
1440
+ privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1441
+ outputFormat: BinaryToTextEncoding,
1442
+ ): string;
1443
+ }
1444
+ /**
1445
+ * Creates and returns a `Verify` object that uses the given algorithm.
1446
+ * Use {@link getHashes} to obtain an array of names of the available
1447
+ * signing algorithms. Optional `options` argument controls the`stream.Writable` behavior.
1448
+ *
1449
+ * In some cases, a `Verify` instance can be created using the name of a signature
1450
+ * algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
1451
+ * the corresponding digest algorithm. This does not work for all signature
1452
+ * algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
1453
+ * algorithm names.
1454
+ * @since v0.1.92
1455
+ * @param options `stream.Writable` options
1456
+ */
1457
+ function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
1458
+ /**
1459
+ * The `Verify` class is a utility for verifying signatures. It can be used in one
1460
+ * of two ways:
1461
+ *
1462
+ * * As a writable `stream` where written data is used to validate against the
1463
+ * supplied signature, or
1464
+ * * Using the `verify.update()` and `verify.verify()` methods to verify
1465
+ * the signature.
1466
+ *
1467
+ * The {@link createVerify} method is used to create `Verify` instances.`Verify` objects are not to be created directly using the `new` keyword.
1468
+ *
1469
+ * See `Sign` for examples.
1470
+ * @since v0.1.92
1471
+ */
1472
+ class Verify extends stream.Writable {
1473
+ private constructor();
1474
+ /**
1475
+ * Updates the `Verify` content with the given `data`, the encoding of which
1476
+ * is given in `inputEncoding`.
1477
+ * If `inputEncoding` is not provided, and the `data` is a string, an
1478
+ * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
1479
+ *
1480
+ * This can be called many times with new data as it is streamed.
1481
+ * @since v0.1.92
1482
+ * @param inputEncoding The `encoding` of the `data` string.
1483
+ */
1484
+ update(data: BinaryLike): Verify;
1485
+ update(data: string, inputEncoding: Encoding): Verify;
1486
+ /**
1487
+ * Verifies the provided data using the given `object` and `signature`.
1488
+ *
1489
+ * If `object` is not a `KeyObject`, this function behaves as if`object` had been passed to {@link createPublicKey}. If it is an
1490
+ * object, the following additional properties can be passed:
1491
+ *
1492
+ * The `signature` argument is the previously calculated signature for the data, in
1493
+ * the `signatureEncoding`.
1494
+ * If a `signatureEncoding` is specified, the `signature` is expected to be a
1495
+ * string; otherwise `signature` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
1496
+ *
1497
+ * The `verify` object can not be used again after `verify.verify()` has been
1498
+ * called. Multiple calls to `verify.verify()` will result in an error being
1499
+ * thrown.
1500
+ *
1501
+ * Because public keys can be derived from private keys, a private key may
1502
+ * be passed instead of a public key.
1503
+ * @since v0.1.92
1504
+ */
1505
+ verify(
1506
+ object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
1507
+ signature: NodeJS.ArrayBufferView,
1508
+ ): boolean;
1509
+ verify(
1510
+ object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
1511
+ signature: string,
1512
+ signature_format?: BinaryToTextEncoding,
1513
+ ): boolean;
1514
+ }
1515
+ /**
1516
+ * Creates a `DiffieHellman` key exchange object using the supplied `prime` and an
1517
+ * optional specific `generator`.
1518
+ *
1519
+ * The `generator` argument can be a number, string, or `Buffer`. If`generator` is not specified, the value `2` is used.
1520
+ *
1521
+ * If `primeEncoding` is specified, `prime` is expected to be a string; otherwise
1522
+ * a `Buffer`, `TypedArray`, or `DataView` is expected.
1523
+ *
1524
+ * If `generatorEncoding` is specified, `generator` is expected to be a string;
1525
+ * otherwise a number, `Buffer`, `TypedArray`, or `DataView` is expected.
1526
+ * @since v0.11.12
1527
+ * @param primeEncoding The `encoding` of the `prime` string.
1528
+ * @param [generator=2]
1529
+ * @param generatorEncoding The `encoding` of the `generator` string.
1530
+ */
1531
+ function createDiffieHellman(primeLength: number, generator?: number): DiffieHellman;
1532
+ function createDiffieHellman(
1533
+ prime: ArrayBuffer | NodeJS.ArrayBufferView,
1534
+ generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
1535
+ ): DiffieHellman;
1536
+ function createDiffieHellman(
1537
+ prime: ArrayBuffer | NodeJS.ArrayBufferView,
1538
+ generator: string,
1539
+ generatorEncoding: BinaryToTextEncoding,
1540
+ ): DiffieHellman;
1541
+ function createDiffieHellman(
1542
+ prime: string,
1543
+ primeEncoding: BinaryToTextEncoding,
1544
+ generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
1545
+ ): DiffieHellman;
1546
+ function createDiffieHellman(
1547
+ prime: string,
1548
+ primeEncoding: BinaryToTextEncoding,
1549
+ generator: string,
1550
+ generatorEncoding: BinaryToTextEncoding,
1551
+ ): DiffieHellman;
1552
+ /**
1553
+ * The `DiffieHellman` class is a utility for creating Diffie-Hellman key
1554
+ * exchanges.
1555
+ *
1556
+ * Instances of the `DiffieHellman` class can be created using the {@link createDiffieHellman} function.
1557
+ *
1558
+ * ```js
1559
+ * import assert from 'node:assert';
1560
+ *
1561
+ * const {
1562
+ * createDiffieHellman,
1563
+ * } = await import('node:crypto');
1564
+ *
1565
+ * // Generate Alice's keys...
1566
+ * const alice = createDiffieHellman(2048);
1567
+ * const aliceKey = alice.generateKeys();
1568
+ *
1569
+ * // Generate Bob's keys...
1570
+ * const bob = createDiffieHellman(alice.getPrime(), alice.getGenerator());
1571
+ * const bobKey = bob.generateKeys();
1572
+ *
1573
+ * // Exchange and generate the secret...
1574
+ * const aliceSecret = alice.computeSecret(bobKey);
1575
+ * const bobSecret = bob.computeSecret(aliceKey);
1576
+ *
1577
+ * // OK
1578
+ * assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
1579
+ * ```
1580
+ * @since v0.5.0
1581
+ */
1582
+ class DiffieHellman {
1583
+ private constructor();
1584
+ /**
1585
+ * Generates private and public Diffie-Hellman key values unless they have been
1586
+ * generated or computed already, and returns
1587
+ * the public key in the specified `encoding`. This key should be
1588
+ * transferred to the other party.
1589
+ * If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
1590
+ *
1591
+ * This function is a thin wrapper around [`DH_generate_key()`](https://www.openssl.org/docs/man3.0/man3/DH_generate_key.html). In particular,
1592
+ * once a private key has been generated or set, calling this function only updates
1593
+ * the public key but does not generate a new private key.
1594
+ * @since v0.5.0
1595
+ * @param encoding The `encoding` of the return value.
1596
+ */
1597
+ generateKeys(): Buffer;
1598
+ generateKeys(encoding: BinaryToTextEncoding): string;
1599
+ /**
1600
+ * Computes the shared secret using `otherPublicKey` as the other
1601
+ * party's public key and returns the computed shared secret. The supplied
1602
+ * key is interpreted using the specified `inputEncoding`, and secret is
1603
+ * encoded using specified `outputEncoding`.
1604
+ * If the `inputEncoding` is not
1605
+ * provided, `otherPublicKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
1606
+ *
1607
+ * If `outputEncoding` is given a string is returned; otherwise, a `Buffer` is returned.
1608
+ * @since v0.5.0
1609
+ * @param inputEncoding The `encoding` of an `otherPublicKey` string.
1610
+ * @param outputEncoding The `encoding` of the return value.
1611
+ */
1612
+ computeSecret(otherPublicKey: NodeJS.ArrayBufferView, inputEncoding?: null, outputEncoding?: null): Buffer;
1613
+ computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding, outputEncoding?: null): Buffer;
1614
+ computeSecret(
1615
+ otherPublicKey: NodeJS.ArrayBufferView,
1616
+ inputEncoding: null,
1617
+ outputEncoding: BinaryToTextEncoding,
1618
+ ): string;
1619
+ computeSecret(
1620
+ otherPublicKey: string,
1621
+ inputEncoding: BinaryToTextEncoding,
1622
+ outputEncoding: BinaryToTextEncoding,
1623
+ ): string;
1624
+ /**
1625
+ * Returns the Diffie-Hellman prime in the specified `encoding`.
1626
+ * If `encoding` is provided a string is
1627
+ * returned; otherwise a `Buffer` is returned.
1628
+ * @since v0.5.0
1629
+ * @param encoding The `encoding` of the return value.
1630
+ */
1631
+ getPrime(): Buffer;
1632
+ getPrime(encoding: BinaryToTextEncoding): string;
1633
+ /**
1634
+ * Returns the Diffie-Hellman generator in the specified `encoding`.
1635
+ * If `encoding` is provided a string is
1636
+ * returned; otherwise a `Buffer` is returned.
1637
+ * @since v0.5.0
1638
+ * @param encoding The `encoding` of the return value.
1639
+ */
1640
+ getGenerator(): Buffer;
1641
+ getGenerator(encoding: BinaryToTextEncoding): string;
1642
+ /**
1643
+ * Returns the Diffie-Hellman public key in the specified `encoding`.
1644
+ * If `encoding` is provided a
1645
+ * string is returned; otherwise a `Buffer` is returned.
1646
+ * @since v0.5.0
1647
+ * @param encoding The `encoding` of the return value.
1648
+ */
1649
+ getPublicKey(): Buffer;
1650
+ getPublicKey(encoding: BinaryToTextEncoding): string;
1651
+ /**
1652
+ * Returns the Diffie-Hellman private key in the specified `encoding`.
1653
+ * If `encoding` is provided a
1654
+ * string is returned; otherwise a `Buffer` is returned.
1655
+ * @since v0.5.0
1656
+ * @param encoding The `encoding` of the return value.
1657
+ */
1658
+ getPrivateKey(): Buffer;
1659
+ getPrivateKey(encoding: BinaryToTextEncoding): string;
1660
+ /**
1661
+ * Sets the Diffie-Hellman public key. If the `encoding` argument is provided,`publicKey` is expected
1662
+ * to be a string. If no `encoding` is provided, `publicKey` is expected
1663
+ * to be a `Buffer`, `TypedArray`, or `DataView`.
1664
+ * @since v0.5.0
1665
+ * @param encoding The `encoding` of the `publicKey` string.
1666
+ */
1667
+ setPublicKey(publicKey: NodeJS.ArrayBufferView): void;
1668
+ setPublicKey(publicKey: string, encoding: BufferEncoding): void;
1669
+ /**
1670
+ * Sets the Diffie-Hellman private key. If the `encoding` argument is provided,`privateKey` is expected
1671
+ * to be a string. If no `encoding` is provided, `privateKey` is expected
1672
+ * to be a `Buffer`, `TypedArray`, or `DataView`.
1673
+ *
1674
+ * This function does not automatically compute the associated public key. Either `diffieHellman.setPublicKey()` or `diffieHellman.generateKeys()` can be
1675
+ * used to manually provide the public key or to automatically derive it.
1676
+ * @since v0.5.0
1677
+ * @param encoding The `encoding` of the `privateKey` string.
1678
+ */
1679
+ setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
1680
+ setPrivateKey(privateKey: string, encoding: BufferEncoding): void;
1681
+ /**
1682
+ * A bit field containing any warnings and/or errors resulting from a check
1683
+ * performed during initialization of the `DiffieHellman` object.
1684
+ *
1685
+ * The following values are valid for this property (as defined in `node:constants` module):
1686
+ *
1687
+ * * `DH_CHECK_P_NOT_SAFE_PRIME`
1688
+ * * `DH_CHECK_P_NOT_PRIME`
1689
+ * * `DH_UNABLE_TO_CHECK_GENERATOR`
1690
+ * * `DH_NOT_SUITABLE_GENERATOR`
1691
+ * @since v0.11.12
1692
+ */
1693
+ verifyError: number;
1694
+ }
1695
+ /**
1696
+ * The `DiffieHellmanGroup` class takes a well-known modp group as its argument.
1697
+ * It works the same as `DiffieHellman`, except that it does not allow changing its keys after creation.
1698
+ * In other words, it does not implement `setPublicKey()` or `setPrivateKey()` methods.
1699
+ *
1700
+ * ```js
1701
+ * const { createDiffieHellmanGroup } = await import('node:crypto');
1702
+ * const dh = createDiffieHellmanGroup('modp1');
1703
+ * ```
1704
+ * The name (e.g. `'modp1'`) is taken from [RFC 2412](https://www.rfc-editor.org/rfc/rfc2412.txt) (modp1 and 2) and [RFC 3526](https://www.rfc-editor.org/rfc/rfc3526.txt):
1705
+ * ```bash
1706
+ * $ perl -ne 'print "$1\n" if /"(modp\d+)"/' src/node_crypto_groups.h
1707
+ * modp1 # 768 bits
1708
+ * modp2 # 1024 bits
1709
+ * modp5 # 1536 bits
1710
+ * modp14 # 2048 bits
1711
+ * modp15 # etc.
1712
+ * modp16
1713
+ * modp17
1714
+ * modp18
1715
+ * ```
1716
+ * @since v0.7.5
1717
+ */
1718
+ const DiffieHellmanGroup: DiffieHellmanGroupConstructor;
1719
+ interface DiffieHellmanGroupConstructor {
1720
+ new(name: string): DiffieHellmanGroup;
1721
+ (name: string): DiffieHellmanGroup;
1722
+ readonly prototype: DiffieHellmanGroup;
1723
+ }
1724
+ type DiffieHellmanGroup = Omit<DiffieHellman, "setPublicKey" | "setPrivateKey">;
1725
+ /**
1726
+ * Creates a predefined `DiffieHellmanGroup` key exchange object. The
1727
+ * supported groups are listed in the documentation for `DiffieHellmanGroup`.
1728
+ *
1729
+ * The returned object mimics the interface of objects created by {@link createDiffieHellman}, but will not allow changing
1730
+ * the keys (with `diffieHellman.setPublicKey()`, for example). The
1731
+ * advantage of using this method is that the parties do not have to
1732
+ * generate nor exchange a group modulus beforehand, saving both processor
1733
+ * and communication time.
1734
+ *
1735
+ * Example (obtaining a shared secret):
1736
+ *
1737
+ * ```js
1738
+ * const {
1739
+ * getDiffieHellman,
1740
+ * } = await import('node:crypto');
1741
+ * const alice = getDiffieHellman('modp14');
1742
+ * const bob = getDiffieHellman('modp14');
1743
+ *
1744
+ * alice.generateKeys();
1745
+ * bob.generateKeys();
1746
+ *
1747
+ * const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
1748
+ * const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
1749
+ *
1750
+ * // aliceSecret and bobSecret should be the same
1751
+ * console.log(aliceSecret === bobSecret);
1752
+ * ```
1753
+ * @since v0.7.5
1754
+ */
1755
+ function getDiffieHellman(groupName: string): DiffieHellmanGroup;
1756
+ /**
1757
+ * An alias for {@link getDiffieHellman}
1758
+ * @since v0.9.3
1759
+ */
1760
+ function createDiffieHellmanGroup(name: string): DiffieHellmanGroup;
1761
+ /**
1762
+ * Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
1763
+ * implementation. A selected HMAC digest algorithm specified by `digest` is
1764
+ * applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
1765
+ *
1766
+ * The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an error occurs while deriving the key, `err` will be set;
1767
+ * otherwise `err` will be `null`. By default, the successfully generated`derivedKey` will be passed to the callback as a `Buffer`. An error will be
1768
+ * thrown if any of the input arguments specify invalid values or types.
1769
+ *
1770
+ * The `iterations` argument must be a number set as high as possible. The
1771
+ * higher the number of iterations, the more secure the derived key will be,
1772
+ * but will take a longer amount of time to complete.
1773
+ *
1774
+ * The `salt` should be as unique as possible. It is recommended that a salt is
1775
+ * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
1776
+ *
1777
+ * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
1778
+ *
1779
+ * ```js
1780
+ * const {
1781
+ * pbkdf2,
1782
+ * } = await import('node:crypto');
1783
+ *
1784
+ * pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
1785
+ * if (err) throw err;
1786
+ * console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
1787
+ * });
1788
+ * ```
1789
+ *
1790
+ * An array of supported digest functions can be retrieved using {@link getHashes}.
1791
+ *
1792
+ * This API uses libuv's threadpool, which can have surprising and
1793
+ * negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
1794
+ * @since v0.5.5
1795
+ */
1796
+ function pbkdf2(
1797
+ password: BinaryLike,
1798
+ salt: BinaryLike,
1799
+ iterations: number,
1800
+ keylen: number,
1801
+ digest: string,
1802
+ callback: (err: Error | null, derivedKey: Buffer) => void,
1803
+ ): void;
1804
+ /**
1805
+ * Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
1806
+ * implementation. A selected HMAC digest algorithm specified by `digest` is
1807
+ * applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
1808
+ *
1809
+ * If an error occurs an `Error` will be thrown, otherwise the derived key will be
1810
+ * returned as a `Buffer`.
1811
+ *
1812
+ * The `iterations` argument must be a number set as high as possible. The
1813
+ * higher the number of iterations, the more secure the derived key will be,
1814
+ * but will take a longer amount of time to complete.
1815
+ *
1816
+ * The `salt` should be as unique as possible. It is recommended that a salt is
1817
+ * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
1818
+ *
1819
+ * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
1820
+ *
1821
+ * ```js
1822
+ * const {
1823
+ * pbkdf2Sync,
1824
+ * } = await import('node:crypto');
1825
+ *
1826
+ * const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
1827
+ * console.log(key.toString('hex')); // '3745e48...08d59ae'
1828
+ * ```
1829
+ *
1830
+ * An array of supported digest functions can be retrieved using {@link getHashes}.
1831
+ * @since v0.9.3
1832
+ */
1833
+ function pbkdf2Sync(
1834
+ password: BinaryLike,
1835
+ salt: BinaryLike,
1836
+ iterations: number,
1837
+ keylen: number,
1838
+ digest: string,
1839
+ ): Buffer;
1840
+ /**
1841
+ * Generates cryptographically strong pseudorandom data. The `size` argument
1842
+ * is a number indicating the number of bytes to generate.
1843
+ *
1844
+ * If a `callback` function is provided, the bytes are generated asynchronously
1845
+ * and the `callback` function is invoked with two arguments: `err` and `buf`.
1846
+ * If an error occurs, `err` will be an `Error` object; otherwise it is `null`. The`buf` argument is a `Buffer` containing the generated bytes.
1847
+ *
1848
+ * ```js
1849
+ * // Asynchronous
1850
+ * const {
1851
+ * randomBytes,
1852
+ * } = await import('node:crypto');
1853
+ *
1854
+ * randomBytes(256, (err, buf) => {
1855
+ * if (err) throw err;
1856
+ * console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
1857
+ * });
1858
+ * ```
1859
+ *
1860
+ * If the `callback` function is not provided, the random bytes are generated
1861
+ * synchronously and returned as a `Buffer`. An error will be thrown if
1862
+ * there is a problem generating the bytes.
1863
+ *
1864
+ * ```js
1865
+ * // Synchronous
1866
+ * const {
1867
+ * randomBytes,
1868
+ * } = await import('node:crypto');
1869
+ *
1870
+ * const buf = randomBytes(256);
1871
+ * console.log(
1872
+ * `${buf.length} bytes of random data: ${buf.toString('hex')}`);
1873
+ * ```
1874
+ *
1875
+ * The `crypto.randomBytes()` method will not complete until there is
1876
+ * sufficient entropy available.
1877
+ * This should normally never take longer than a few milliseconds. The only time
1878
+ * when generating the random bytes may conceivably block for a longer period of
1879
+ * time is right after boot, when the whole system is still low on entropy.
1880
+ *
1881
+ * This API uses libuv's threadpool, which can have surprising and
1882
+ * negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
1883
+ *
1884
+ * The asynchronous version of `crypto.randomBytes()` is carried out in a single
1885
+ * threadpool request. To minimize threadpool task length variation, partition
1886
+ * large `randomBytes` requests when doing so as part of fulfilling a client
1887
+ * request.
1888
+ * @since v0.5.8
1889
+ * @param size The number of bytes to generate. The `size` must not be larger than `2**31 - 1`.
1890
+ * @return if the `callback` function is not provided.
1891
+ */
1892
+ function randomBytes(size: number): Buffer;
1893
+ function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
1894
+ function pseudoRandomBytes(size: number): Buffer;
1895
+ function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
1896
+ /**
1897
+ * Return a random integer `n` such that `min <= n < max`. This
1898
+ * implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias).
1899
+ *
1900
+ * The range (`max - min`) must be less than 248. `min` and `max` must
1901
+ * be [safe integers](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger).
1902
+ *
1903
+ * If the `callback` function is not provided, the random integer is
1904
+ * generated synchronously.
1905
+ *
1906
+ * ```js
1907
+ * // Asynchronous
1908
+ * const {
1909
+ * randomInt,
1910
+ * } = await import('node:crypto');
1911
+ *
1912
+ * randomInt(3, (err, n) => {
1913
+ * if (err) throw err;
1914
+ * console.log(`Random number chosen from (0, 1, 2): ${n}`);
1915
+ * });
1916
+ * ```
1917
+ *
1918
+ * ```js
1919
+ * // Synchronous
1920
+ * const {
1921
+ * randomInt,
1922
+ * } = await import('node:crypto');
1923
+ *
1924
+ * const n = randomInt(3);
1925
+ * console.log(`Random number chosen from (0, 1, 2): ${n}`);
1926
+ * ```
1927
+ *
1928
+ * ```js
1929
+ * // With `min` argument
1930
+ * const {
1931
+ * randomInt,
1932
+ * } = await import('node:crypto');
1933
+ *
1934
+ * const n = randomInt(1, 7);
1935
+ * console.log(`The dice rolled: ${n}`);
1936
+ * ```
1937
+ * @since v14.10.0, v12.19.0
1938
+ * @param [min=0] Start of random range (inclusive).
1939
+ * @param max End of random range (exclusive).
1940
+ * @param callback `function(err, n) {}`.
1941
+ */
1942
+ function randomInt(max: number): number;
1943
+ function randomInt(min: number, max: number): number;
1944
+ function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
1945
+ function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
1946
+ /**
1947
+ * Synchronous version of {@link randomFill}.
1948
+ *
1949
+ * ```js
1950
+ * import { Buffer } from 'node:buffer';
1951
+ * const { randomFillSync } = await import('node:crypto');
1952
+ *
1953
+ * const buf = Buffer.alloc(10);
1954
+ * console.log(randomFillSync(buf).toString('hex'));
1955
+ *
1956
+ * randomFillSync(buf, 5);
1957
+ * console.log(buf.toString('hex'));
1958
+ *
1959
+ * // The above is equivalent to the following:
1960
+ * randomFillSync(buf, 5, 5);
1961
+ * console.log(buf.toString('hex'));
1962
+ * ```
1963
+ *
1964
+ * Any `ArrayBuffer`, `TypedArray` or `DataView` instance may be passed as`buffer`.
1965
+ *
1966
+ * ```js
1967
+ * import { Buffer } from 'node:buffer';
1968
+ * const { randomFillSync } = await import('node:crypto');
1969
+ *
1970
+ * const a = new Uint32Array(10);
1971
+ * console.log(Buffer.from(randomFillSync(a).buffer,
1972
+ * a.byteOffset, a.byteLength).toString('hex'));
1973
+ *
1974
+ * const b = new DataView(new ArrayBuffer(10));
1975
+ * console.log(Buffer.from(randomFillSync(b).buffer,
1976
+ * b.byteOffset, b.byteLength).toString('hex'));
1977
+ *
1978
+ * const c = new ArrayBuffer(10);
1979
+ * console.log(Buffer.from(randomFillSync(c)).toString('hex'));
1980
+ * ```
1981
+ * @since v7.10.0, v6.13.0
1982
+ * @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`.
1983
+ * @param [offset=0]
1984
+ * @param [size=buffer.length - offset]
1985
+ * @return The object passed as `buffer` argument.
1986
+ */
1987
+ function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
1988
+ /**
1989
+ * This function is similar to {@link randomBytes} but requires the first
1990
+ * argument to be a `Buffer` that will be filled. It also
1991
+ * requires that a callback is passed in.
1992
+ *
1993
+ * If the `callback` function is not provided, an error will be thrown.
1994
+ *
1995
+ * ```js
1996
+ * import { Buffer } from 'node:buffer';
1997
+ * const { randomFill } = await import('node:crypto');
1998
+ *
1999
+ * const buf = Buffer.alloc(10);
2000
+ * randomFill(buf, (err, buf) => {
2001
+ * if (err) throw err;
2002
+ * console.log(buf.toString('hex'));
2003
+ * });
2004
+ *
2005
+ * randomFill(buf, 5, (err, buf) => {
2006
+ * if (err) throw err;
2007
+ * console.log(buf.toString('hex'));
2008
+ * });
2009
+ *
2010
+ * // The above is equivalent to the following:
2011
+ * randomFill(buf, 5, 5, (err, buf) => {
2012
+ * if (err) throw err;
2013
+ * console.log(buf.toString('hex'));
2014
+ * });
2015
+ * ```
2016
+ *
2017
+ * Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as`buffer`.
2018
+ *
2019
+ * While this includes instances of `Float32Array` and `Float64Array`, this
2020
+ * function should not be used to generate random floating-point numbers. The
2021
+ * result may contain `+Infinity`, `-Infinity`, and `NaN`, and even if the array
2022
+ * contains finite numbers only, they are not drawn from a uniform random
2023
+ * distribution and have no meaningful lower or upper bounds.
2024
+ *
2025
+ * ```js
2026
+ * import { Buffer } from 'node:buffer';
2027
+ * const { randomFill } = await import('node:crypto');
2028
+ *
2029
+ * const a = new Uint32Array(10);
2030
+ * randomFill(a, (err, buf) => {
2031
+ * if (err) throw err;
2032
+ * console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
2033
+ * .toString('hex'));
2034
+ * });
2035
+ *
2036
+ * const b = new DataView(new ArrayBuffer(10));
2037
+ * randomFill(b, (err, buf) => {
2038
+ * if (err) throw err;
2039
+ * console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
2040
+ * .toString('hex'));
2041
+ * });
2042
+ *
2043
+ * const c = new ArrayBuffer(10);
2044
+ * randomFill(c, (err, buf) => {
2045
+ * if (err) throw err;
2046
+ * console.log(Buffer.from(buf).toString('hex'));
2047
+ * });
2048
+ * ```
2049
+ *
2050
+ * This API uses libuv's threadpool, which can have surprising and
2051
+ * negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
2052
+ *
2053
+ * The asynchronous version of `crypto.randomFill()` is carried out in a single
2054
+ * threadpool request. To minimize threadpool task length variation, partition
2055
+ * large `randomFill` requests when doing so as part of fulfilling a client
2056
+ * request.
2057
+ * @since v7.10.0, v6.13.0
2058
+ * @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`.
2059
+ * @param [offset=0]
2060
+ * @param [size=buffer.length - offset]
2061
+ * @param callback `function(err, buf) {}`.
2062
+ */
2063
+ function randomFill<T extends NodeJS.ArrayBufferView>(
2064
+ buffer: T,
2065
+ callback: (err: Error | null, buf: T) => void,
2066
+ ): void;
2067
+ function randomFill<T extends NodeJS.ArrayBufferView>(
2068
+ buffer: T,
2069
+ offset: number,
2070
+ callback: (err: Error | null, buf: T) => void,
2071
+ ): void;
2072
+ function randomFill<T extends NodeJS.ArrayBufferView>(
2073
+ buffer: T,
2074
+ offset: number,
2075
+ size: number,
2076
+ callback: (err: Error | null, buf: T) => void,
2077
+ ): void;
2078
+ interface ScryptOptions {
2079
+ cost?: number | undefined;
2080
+ blockSize?: number | undefined;
2081
+ parallelization?: number | undefined;
2082
+ N?: number | undefined;
2083
+ r?: number | undefined;
2084
+ p?: number | undefined;
2085
+ maxmem?: number | undefined;
2086
+ }
2087
+ /**
2088
+ * Provides an asynchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
2089
+ * key derivation function that is designed to be expensive computationally and
2090
+ * memory-wise in order to make brute-force attacks unrewarding.
2091
+ *
2092
+ * The `salt` should be as unique as possible. It is recommended that a salt is
2093
+ * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
2094
+ *
2095
+ * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
2096
+ *
2097
+ * The `callback` function is called with two arguments: `err` and `derivedKey`.`err` is an exception object when key derivation fails, otherwise `err` is`null`. `derivedKey` is passed to the
2098
+ * callback as a `Buffer`.
2099
+ *
2100
+ * An exception is thrown when any of the input arguments specify invalid values
2101
+ * or types.
2102
+ *
2103
+ * ```js
2104
+ * const {
2105
+ * scrypt,
2106
+ * } = await import('node:crypto');
2107
+ *
2108
+ * // Using the factory defaults.
2109
+ * scrypt('password', 'salt', 64, (err, derivedKey) => {
2110
+ * if (err) throw err;
2111
+ * console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
2112
+ * });
2113
+ * // Using a custom N parameter. Must be a power of two.
2114
+ * scrypt('password', 'salt', 64, { N: 1024 }, (err, derivedKey) => {
2115
+ * if (err) throw err;
2116
+ * console.log(derivedKey.toString('hex')); // '3745e48...aa39b34'
2117
+ * });
2118
+ * ```
2119
+ * @since v10.5.0
2120
+ */
2121
+ function scrypt(
2122
+ password: BinaryLike,
2123
+ salt: BinaryLike,
2124
+ keylen: number,
2125
+ callback: (err: Error | null, derivedKey: Buffer) => void,
2126
+ ): void;
2127
+ function scrypt(
2128
+ password: BinaryLike,
2129
+ salt: BinaryLike,
2130
+ keylen: number,
2131
+ options: ScryptOptions,
2132
+ callback: (err: Error | null, derivedKey: Buffer) => void,
2133
+ ): void;
2134
+ /**
2135
+ * Provides a synchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
2136
+ * key derivation function that is designed to be expensive computationally and
2137
+ * memory-wise in order to make brute-force attacks unrewarding.
2138
+ *
2139
+ * The `salt` should be as unique as possible. It is recommended that a salt is
2140
+ * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
2141
+ *
2142
+ * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
2143
+ *
2144
+ * An exception is thrown when key derivation fails, otherwise the derived key is
2145
+ * returned as a `Buffer`.
2146
+ *
2147
+ * An exception is thrown when any of the input arguments specify invalid values
2148
+ * or types.
2149
+ *
2150
+ * ```js
2151
+ * const {
2152
+ * scryptSync,
2153
+ * } = await import('node:crypto');
2154
+ * // Using the factory defaults.
2155
+ *
2156
+ * const key1 = scryptSync('password', 'salt', 64);
2157
+ * console.log(key1.toString('hex')); // '3745e48...08d59ae'
2158
+ * // Using a custom N parameter. Must be a power of two.
2159
+ * const key2 = scryptSync('password', 'salt', 64, { N: 1024 });
2160
+ * console.log(key2.toString('hex')); // '3745e48...aa39b34'
2161
+ * ```
2162
+ * @since v10.5.0
2163
+ */
2164
+ function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
2165
+ interface RsaPublicKey {
2166
+ key: KeyLike;
2167
+ padding?: number | undefined;
2168
+ }
2169
+ interface RsaPrivateKey {
2170
+ key: KeyLike;
2171
+ passphrase?: string | undefined;
2172
+ /**
2173
+ * @default 'sha1'
2174
+ */
2175
+ oaepHash?: string | undefined;
2176
+ oaepLabel?: NodeJS.TypedArray | undefined;
2177
+ padding?: number | undefined;
2178
+ }
2179
+ /**
2180
+ * Encrypts the content of `buffer` with `key` and returns a new `Buffer` with encrypted content. The returned data can be decrypted using
2181
+ * the corresponding private key, for example using {@link privateDecrypt}.
2182
+ *
2183
+ * If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
2184
+ * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
2185
+ *
2186
+ * Because RSA public keys can be derived from private keys, a private key may
2187
+ * be passed instead of a public key.
2188
+ * @since v0.11.14
2189
+ */
2190
+ function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2191
+ /**
2192
+ * Decrypts `buffer` with `key`.`buffer` was previously encrypted using
2193
+ * the corresponding private key, for example using {@link privateEncrypt}.
2194
+ *
2195
+ * If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
2196
+ * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
2197
+ *
2198
+ * Because RSA public keys can be derived from private keys, a private key may
2199
+ * be passed instead of a public key.
2200
+ * @since v1.1.0
2201
+ */
2202
+ function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2203
+ /**
2204
+ * Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using
2205
+ * the corresponding public key, for example using {@link publicEncrypt}.
2206
+ *
2207
+ * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
2208
+ * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
2209
+ * @since v0.11.14
2210
+ */
2211
+ function privateDecrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2212
+ /**
2213
+ * Encrypts `buffer` with `privateKey`. The returned data can be decrypted using
2214
+ * the corresponding public key, for example using {@link publicDecrypt}.
2215
+ *
2216
+ * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
2217
+ * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
2218
+ * @since v1.1.0
2219
+ */
2220
+ function privateEncrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2221
+ /**
2222
+ * ```js
2223
+ * const {
2224
+ * getCiphers,
2225
+ * } = await import('node:crypto');
2226
+ *
2227
+ * console.log(getCiphers()); // ['aes-128-cbc', 'aes-128-ccm', ...]
2228
+ * ```
2229
+ * @since v0.9.3
2230
+ * @return An array with the names of the supported cipher algorithms.
2231
+ */
2232
+ function getCiphers(): string[];
2233
+ /**
2234
+ * ```js
2235
+ * const {
2236
+ * getCurves,
2237
+ * } = await import('node:crypto');
2238
+ *
2239
+ * console.log(getCurves()); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]
2240
+ * ```
2241
+ * @since v2.3.0
2242
+ * @return An array with the names of the supported elliptic curves.
2243
+ */
2244
+ function getCurves(): string[];
2245
+ /**
2246
+ * @since v10.0.0
2247
+ * @return `1` if and only if a FIPS compliant crypto provider is currently in use, `0` otherwise. A future semver-major release may change the return type of this API to a {boolean}.
2248
+ */
2249
+ function getFips(): 1 | 0;
2250
+ /**
2251
+ * Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.
2252
+ * Throws an error if FIPS mode is not available.
2253
+ * @since v10.0.0
2254
+ * @param bool `true` to enable FIPS mode.
2255
+ */
2256
+ function setFips(bool: boolean): void;
2257
+ /**
2258
+ * ```js
2259
+ * const {
2260
+ * getHashes,
2261
+ * } = await import('node:crypto');
2262
+ *
2263
+ * console.log(getHashes()); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
2264
+ * ```
2265
+ * @since v0.9.3
2266
+ * @return An array of the names of the supported hash algorithms, such as `'RSA-SHA256'`. Hash algorithms are also called "digest" algorithms.
2267
+ */
2268
+ function getHashes(): string[];
2269
+ /**
2270
+ * The `ECDH` class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)
2271
+ * key exchanges.
2272
+ *
2273
+ * Instances of the `ECDH` class can be created using the {@link createECDH} function.
2274
+ *
2275
+ * ```js
2276
+ * import assert from 'node:assert';
2277
+ *
2278
+ * const {
2279
+ * createECDH,
2280
+ * } = await import('node:crypto');
2281
+ *
2282
+ * // Generate Alice's keys...
2283
+ * const alice = createECDH('secp521r1');
2284
+ * const aliceKey = alice.generateKeys();
2285
+ *
2286
+ * // Generate Bob's keys...
2287
+ * const bob = createECDH('secp521r1');
2288
+ * const bobKey = bob.generateKeys();
2289
+ *
2290
+ * // Exchange and generate the secret...
2291
+ * const aliceSecret = alice.computeSecret(bobKey);
2292
+ * const bobSecret = bob.computeSecret(aliceKey);
2293
+ *
2294
+ * assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
2295
+ * // OK
2296
+ * ```
2297
+ * @since v0.11.14
2298
+ */
2299
+ class ECDH {
2300
+ private constructor();
2301
+ /**
2302
+ * Converts the EC Diffie-Hellman public key specified by `key` and `curve` to the
2303
+ * format specified by `format`. The `format` argument specifies point encoding
2304
+ * and can be `'compressed'`, `'uncompressed'` or `'hybrid'`. The supplied key is
2305
+ * interpreted using the specified `inputEncoding`, and the returned key is encoded
2306
+ * using the specified `outputEncoding`.
2307
+ *
2308
+ * Use {@link getCurves} to obtain a list of available curve names.
2309
+ * On recent OpenSSL releases, `openssl ecparam -list_curves` will also display
2310
+ * the name and description of each available elliptic curve.
2311
+ *
2312
+ * If `format` is not specified the point will be returned in `'uncompressed'`format.
2313
+ *
2314
+ * If the `inputEncoding` is not provided, `key` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
2315
+ *
2316
+ * Example (uncompressing a key):
2317
+ *
2318
+ * ```js
2319
+ * const {
2320
+ * createECDH,
2321
+ * ECDH,
2322
+ * } = await import('node:crypto');
2323
+ *
2324
+ * const ecdh = createECDH('secp256k1');
2325
+ * ecdh.generateKeys();
2326
+ *
2327
+ * const compressedKey = ecdh.getPublicKey('hex', 'compressed');
2328
+ *
2329
+ * const uncompressedKey = ECDH.convertKey(compressedKey,
2330
+ * 'secp256k1',
2331
+ * 'hex',
2332
+ * 'hex',
2333
+ * 'uncompressed');
2334
+ *
2335
+ * // The converted key and the uncompressed public key should be the same
2336
+ * console.log(uncompressedKey === ecdh.getPublicKey('hex'));
2337
+ * ```
2338
+ * @since v10.0.0
2339
+ * @param inputEncoding The `encoding` of the `key` string.
2340
+ * @param outputEncoding The `encoding` of the return value.
2341
+ * @param [format='uncompressed']
2342
+ */
2343
+ static convertKey(
2344
+ key: BinaryLike,
2345
+ curve: string,
2346
+ inputEncoding?: BinaryToTextEncoding,
2347
+ outputEncoding?: "latin1" | "hex" | "base64" | "base64url",
2348
+ format?: "uncompressed" | "compressed" | "hybrid",
2349
+ ): Buffer | string;
2350
+ /**
2351
+ * Generates private and public EC Diffie-Hellman key values, and returns
2352
+ * the public key in the specified `format` and `encoding`. This key should be
2353
+ * transferred to the other party.
2354
+ *
2355
+ * The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified, the point will be returned in`'uncompressed'` format.
2356
+ *
2357
+ * If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
2358
+ * @since v0.11.14
2359
+ * @param encoding The `encoding` of the return value.
2360
+ * @param [format='uncompressed']
2361
+ */
2362
+ generateKeys(): Buffer;
2363
+ generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
2364
+ /**
2365
+ * Computes the shared secret using `otherPublicKey` as the other
2366
+ * party's public key and returns the computed shared secret. The supplied
2367
+ * key is interpreted using specified `inputEncoding`, and the returned secret
2368
+ * is encoded using the specified `outputEncoding`.
2369
+ * If the `inputEncoding` is not
2370
+ * provided, `otherPublicKey` is expected to be a `Buffer`, `TypedArray`, or`DataView`.
2371
+ *
2372
+ * If `outputEncoding` is given a string will be returned; otherwise a `Buffer` is returned.
2373
+ *
2374
+ * `ecdh.computeSecret` will throw an`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when `otherPublicKey`lies outside of the elliptic curve. Since `otherPublicKey` is
2375
+ * usually supplied from a remote user over an insecure network,
2376
+ * be sure to handle this exception accordingly.
2377
+ * @since v0.11.14
2378
+ * @param inputEncoding The `encoding` of the `otherPublicKey` string.
2379
+ * @param outputEncoding The `encoding` of the return value.
2380
+ */
2381
+ computeSecret(otherPublicKey: NodeJS.ArrayBufferView): Buffer;
2382
+ computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding): Buffer;
2383
+ computeSecret(otherPublicKey: NodeJS.ArrayBufferView, outputEncoding: BinaryToTextEncoding): string;
2384
+ computeSecret(
2385
+ otherPublicKey: string,
2386
+ inputEncoding: BinaryToTextEncoding,
2387
+ outputEncoding: BinaryToTextEncoding,
2388
+ ): string;
2389
+ /**
2390
+ * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
2391
+ * returned.
2392
+ * @since v0.11.14
2393
+ * @param encoding The `encoding` of the return value.
2394
+ * @return The EC Diffie-Hellman in the specified `encoding`.
2395
+ */
2396
+ getPrivateKey(): Buffer;
2397
+ getPrivateKey(encoding: BinaryToTextEncoding): string;
2398
+ /**
2399
+ * The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
2400
+ *
2401
+ * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
2402
+ * returned.
2403
+ * @since v0.11.14
2404
+ * @param encoding The `encoding` of the return value.
2405
+ * @param [format='uncompressed']
2406
+ * @return The EC Diffie-Hellman public key in the specified `encoding` and `format`.
2407
+ */
2408
+ getPublicKey(encoding?: null, format?: ECDHKeyFormat): Buffer;
2409
+ getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
2410
+ /**
2411
+ * Sets the EC Diffie-Hellman private key.
2412
+ * If `encoding` is provided, `privateKey` is expected
2413
+ * to be a string; otherwise `privateKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
2414
+ *
2415
+ * If `privateKey` is not valid for the curve specified when the `ECDH` object was
2416
+ * created, an error is thrown. Upon setting the private key, the associated
2417
+ * public point (key) is also generated and set in the `ECDH` object.
2418
+ * @since v0.11.14
2419
+ * @param encoding The `encoding` of the `privateKey` string.
2420
+ */
2421
+ setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
2422
+ setPrivateKey(privateKey: string, encoding: BinaryToTextEncoding): void;
2423
+ }
2424
+ /**
2425
+ * Creates an Elliptic Curve Diffie-Hellman (`ECDH`) key exchange object using a
2426
+ * predefined curve specified by the `curveName` string. Use {@link getCurves} to obtain a list of available curve names. On recent
2427
+ * OpenSSL releases, `openssl ecparam -list_curves` will also display the name
2428
+ * and description of each available elliptic curve.
2429
+ * @since v0.11.14
2430
+ */
2431
+ function createECDH(curveName: string): ECDH;
2432
+ /**
2433
+ * This function compares the underlying bytes that represent the given`ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time
2434
+ * algorithm.
2435
+ *
2436
+ * This function does not leak timing information that
2437
+ * would allow an attacker to guess one of the values. This is suitable for
2438
+ * comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/).
2439
+ *
2440
+ * `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they
2441
+ * must have the same byte length. An error is thrown if `a` and `b` have
2442
+ * different byte lengths.
2443
+ *
2444
+ * If at least one of `a` and `b` is a `TypedArray` with more than one byte per
2445
+ * entry, such as `Uint16Array`, the result will be computed using the platform
2446
+ * byte order.
2447
+ *
2448
+ * **When both of the inputs are `Float32Array`s or`Float64Array`s, this function might return unexpected results due to IEEE 754**
2449
+ * **encoding of floating-point numbers. In particular, neither `x === y` nor`Object.is(x, y)` implies that the byte representations of two floating-point**
2450
+ * **numbers `x` and `y` are equal.**
2451
+ *
2452
+ * Use of `crypto.timingSafeEqual` does not guarantee that the _surrounding_ code
2453
+ * is timing-safe. Care should be taken to ensure that the surrounding code does
2454
+ * not introduce timing vulnerabilities.
2455
+ * @since v6.6.0
2456
+ */
2457
+ function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
2458
+ type KeyType = "rsa" | "rsa-pss" | "dsa" | "ec" | "ed25519" | "ed448" | "x25519" | "x448";
2459
+ type KeyFormat = "pem" | "der" | "jwk";
2460
+ interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
2461
+ format: T;
2462
+ cipher?: string | undefined;
2463
+ passphrase?: string | undefined;
2464
+ }
2465
+ interface KeyPairKeyObjectResult {
2466
+ publicKey: KeyObject;
2467
+ privateKey: KeyObject;
2468
+ }
2469
+ interface ED25519KeyPairKeyObjectOptions {}
2470
+ interface ED448KeyPairKeyObjectOptions {}
2471
+ interface X25519KeyPairKeyObjectOptions {}
2472
+ interface X448KeyPairKeyObjectOptions {}
2473
+ interface ECKeyPairKeyObjectOptions {
2474
+ /**
2475
+ * Name of the curve to use
2476
+ */
2477
+ namedCurve: string;
2478
+ }
2479
+ interface RSAKeyPairKeyObjectOptions {
2480
+ /**
2481
+ * Key size in bits
2482
+ */
2483
+ modulusLength: number;
2484
+ /**
2485
+ * Public exponent
2486
+ * @default 0x10001
2487
+ */
2488
+ publicExponent?: number | undefined;
2489
+ }
2490
+ interface RSAPSSKeyPairKeyObjectOptions {
2491
+ /**
2492
+ * Key size in bits
2493
+ */
2494
+ modulusLength: number;
2495
+ /**
2496
+ * Public exponent
2497
+ * @default 0x10001
2498
+ */
2499
+ publicExponent?: number | undefined;
2500
+ /**
2501
+ * Name of the message digest
2502
+ */
2503
+ hashAlgorithm?: string;
2504
+ /**
2505
+ * Name of the message digest used by MGF1
2506
+ */
2507
+ mgf1HashAlgorithm?: string;
2508
+ /**
2509
+ * Minimal salt length in bytes
2510
+ */
2511
+ saltLength?: string;
2512
+ }
2513
+ interface DSAKeyPairKeyObjectOptions {
2514
+ /**
2515
+ * Key size in bits
2516
+ */
2517
+ modulusLength: number;
2518
+ /**
2519
+ * Size of q in bits
2520
+ */
2521
+ divisorLength: number;
2522
+ }
2523
+ interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2524
+ /**
2525
+ * Key size in bits
2526
+ */
2527
+ modulusLength: number;
2528
+ /**
2529
+ * Public exponent
2530
+ * @default 0x10001
2531
+ */
2532
+ publicExponent?: number | undefined;
2533
+ publicKeyEncoding: {
2534
+ type: "pkcs1" | "spki";
2535
+ format: PubF;
2536
+ };
2537
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2538
+ type: "pkcs1" | "pkcs8";
2539
+ };
2540
+ }
2541
+ interface RSAPSSKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2542
+ /**
2543
+ * Key size in bits
2544
+ */
2545
+ modulusLength: number;
2546
+ /**
2547
+ * Public exponent
2548
+ * @default 0x10001
2549
+ */
2550
+ publicExponent?: number | undefined;
2551
+ /**
2552
+ * Name of the message digest
2553
+ */
2554
+ hashAlgorithm?: string;
2555
+ /**
2556
+ * Name of the message digest used by MGF1
2557
+ */
2558
+ mgf1HashAlgorithm?: string;
2559
+ /**
2560
+ * Minimal salt length in bytes
2561
+ */
2562
+ saltLength?: string;
2563
+ publicKeyEncoding: {
2564
+ type: "spki";
2565
+ format: PubF;
2566
+ };
2567
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2568
+ type: "pkcs8";
2569
+ };
2570
+ }
2571
+ interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2572
+ /**
2573
+ * Key size in bits
2574
+ */
2575
+ modulusLength: number;
2576
+ /**
2577
+ * Size of q in bits
2578
+ */
2579
+ divisorLength: number;
2580
+ publicKeyEncoding: {
2581
+ type: "spki";
2582
+ format: PubF;
2583
+ };
2584
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2585
+ type: "pkcs8";
2586
+ };
2587
+ }
2588
+ interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2589
+ /**
2590
+ * Name of the curve to use.
2591
+ */
2592
+ namedCurve: string;
2593
+ publicKeyEncoding: {
2594
+ type: "pkcs1" | "spki";
2595
+ format: PubF;
2596
+ };
2597
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2598
+ type: "sec1" | "pkcs8";
2599
+ };
2600
+ }
2601
+ interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2602
+ publicKeyEncoding: {
2603
+ type: "spki";
2604
+ format: PubF;
2605
+ };
2606
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2607
+ type: "pkcs8";
2608
+ };
2609
+ }
2610
+ interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2611
+ publicKeyEncoding: {
2612
+ type: "spki";
2613
+ format: PubF;
2614
+ };
2615
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2616
+ type: "pkcs8";
2617
+ };
2618
+ }
2619
+ interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2620
+ publicKeyEncoding: {
2621
+ type: "spki";
2622
+ format: PubF;
2623
+ };
2624
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2625
+ type: "pkcs8";
2626
+ };
2627
+ }
2628
+ interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2629
+ publicKeyEncoding: {
2630
+ type: "spki";
2631
+ format: PubF;
2632
+ };
2633
+ privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2634
+ type: "pkcs8";
2635
+ };
2636
+ }
2637
+ interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
2638
+ publicKey: T1;
2639
+ privateKey: T2;
2640
+ }
2641
+ /**
2642
+ * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
2643
+ * Ed25519, Ed448, X25519, X448, and DH are currently supported.
2644
+ *
2645
+ * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
2646
+ * behaves as if `keyObject.export()` had been called on its result. Otherwise,
2647
+ * the respective part of the key is returned as a `KeyObject`.
2648
+ *
2649
+ * When encoding public keys, it is recommended to use `'spki'`. When encoding
2650
+ * private keys, it is recommended to use `'pkcs8'` with a strong passphrase,
2651
+ * and to keep the passphrase confidential.
2652
+ *
2653
+ * ```js
2654
+ * const {
2655
+ * generateKeyPairSync,
2656
+ * } = await import('node:crypto');
2657
+ *
2658
+ * const {
2659
+ * publicKey,
2660
+ * privateKey,
2661
+ * } = generateKeyPairSync('rsa', {
2662
+ * modulusLength: 4096,
2663
+ * publicKeyEncoding: {
2664
+ * type: 'spki',
2665
+ * format: 'pem',
2666
+ * },
2667
+ * privateKeyEncoding: {
2668
+ * type: 'pkcs8',
2669
+ * format: 'pem',
2670
+ * cipher: 'aes-256-cbc',
2671
+ * passphrase: 'top secret',
2672
+ * },
2673
+ * });
2674
+ * ```
2675
+ *
2676
+ * The return value `{ publicKey, privateKey }` represents the generated key pair.
2677
+ * When PEM encoding was selected, the respective key will be a string, otherwise
2678
+ * it will be a buffer containing the data encoded as DER.
2679
+ * @since v10.12.0
2680
+ * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
2681
+ */
2682
+ function generateKeyPairSync(
2683
+ type: "rsa",
2684
+ options: RSAKeyPairOptions<"pem", "pem">,
2685
+ ): KeyPairSyncResult<string, string>;
2686
+ function generateKeyPairSync(
2687
+ type: "rsa",
2688
+ options: RSAKeyPairOptions<"pem", "der">,
2689
+ ): KeyPairSyncResult<string, Buffer>;
2690
+ function generateKeyPairSync(
2691
+ type: "rsa",
2692
+ options: RSAKeyPairOptions<"der", "pem">,
2693
+ ): KeyPairSyncResult<Buffer, string>;
2694
+ function generateKeyPairSync(
2695
+ type: "rsa",
2696
+ options: RSAKeyPairOptions<"der", "der">,
2697
+ ): KeyPairSyncResult<Buffer, Buffer>;
2698
+ function generateKeyPairSync(type: "rsa", options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2699
+ function generateKeyPairSync(
2700
+ type: "rsa-pss",
2701
+ options: RSAPSSKeyPairOptions<"pem", "pem">,
2702
+ ): KeyPairSyncResult<string, string>;
2703
+ function generateKeyPairSync(
2704
+ type: "rsa-pss",
2705
+ options: RSAPSSKeyPairOptions<"pem", "der">,
2706
+ ): KeyPairSyncResult<string, Buffer>;
2707
+ function generateKeyPairSync(
2708
+ type: "rsa-pss",
2709
+ options: RSAPSSKeyPairOptions<"der", "pem">,
2710
+ ): KeyPairSyncResult<Buffer, string>;
2711
+ function generateKeyPairSync(
2712
+ type: "rsa-pss",
2713
+ options: RSAPSSKeyPairOptions<"der", "der">,
2714
+ ): KeyPairSyncResult<Buffer, Buffer>;
2715
+ function generateKeyPairSync(type: "rsa-pss", options: RSAPSSKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2716
+ function generateKeyPairSync(
2717
+ type: "dsa",
2718
+ options: DSAKeyPairOptions<"pem", "pem">,
2719
+ ): KeyPairSyncResult<string, string>;
2720
+ function generateKeyPairSync(
2721
+ type: "dsa",
2722
+ options: DSAKeyPairOptions<"pem", "der">,
2723
+ ): KeyPairSyncResult<string, Buffer>;
2724
+ function generateKeyPairSync(
2725
+ type: "dsa",
2726
+ options: DSAKeyPairOptions<"der", "pem">,
2727
+ ): KeyPairSyncResult<Buffer, string>;
2728
+ function generateKeyPairSync(
2729
+ type: "dsa",
2730
+ options: DSAKeyPairOptions<"der", "der">,
2731
+ ): KeyPairSyncResult<Buffer, Buffer>;
2732
+ function generateKeyPairSync(type: "dsa", options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2733
+ function generateKeyPairSync(
2734
+ type: "ec",
2735
+ options: ECKeyPairOptions<"pem", "pem">,
2736
+ ): KeyPairSyncResult<string, string>;
2737
+ function generateKeyPairSync(
2738
+ type: "ec",
2739
+ options: ECKeyPairOptions<"pem", "der">,
2740
+ ): KeyPairSyncResult<string, Buffer>;
2741
+ function generateKeyPairSync(
2742
+ type: "ec",
2743
+ options: ECKeyPairOptions<"der", "pem">,
2744
+ ): KeyPairSyncResult<Buffer, string>;
2745
+ function generateKeyPairSync(
2746
+ type: "ec",
2747
+ options: ECKeyPairOptions<"der", "der">,
2748
+ ): KeyPairSyncResult<Buffer, Buffer>;
2749
+ function generateKeyPairSync(type: "ec", options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2750
+ function generateKeyPairSync(
2751
+ type: "ed25519",
2752
+ options: ED25519KeyPairOptions<"pem", "pem">,
2753
+ ): KeyPairSyncResult<string, string>;
2754
+ function generateKeyPairSync(
2755
+ type: "ed25519",
2756
+ options: ED25519KeyPairOptions<"pem", "der">,
2757
+ ): KeyPairSyncResult<string, Buffer>;
2758
+ function generateKeyPairSync(
2759
+ type: "ed25519",
2760
+ options: ED25519KeyPairOptions<"der", "pem">,
2761
+ ): KeyPairSyncResult<Buffer, string>;
2762
+ function generateKeyPairSync(
2763
+ type: "ed25519",
2764
+ options: ED25519KeyPairOptions<"der", "der">,
2765
+ ): KeyPairSyncResult<Buffer, Buffer>;
2766
+ function generateKeyPairSync(type: "ed25519", options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2767
+ function generateKeyPairSync(
2768
+ type: "ed448",
2769
+ options: ED448KeyPairOptions<"pem", "pem">,
2770
+ ): KeyPairSyncResult<string, string>;
2771
+ function generateKeyPairSync(
2772
+ type: "ed448",
2773
+ options: ED448KeyPairOptions<"pem", "der">,
2774
+ ): KeyPairSyncResult<string, Buffer>;
2775
+ function generateKeyPairSync(
2776
+ type: "ed448",
2777
+ options: ED448KeyPairOptions<"der", "pem">,
2778
+ ): KeyPairSyncResult<Buffer, string>;
2779
+ function generateKeyPairSync(
2780
+ type: "ed448",
2781
+ options: ED448KeyPairOptions<"der", "der">,
2782
+ ): KeyPairSyncResult<Buffer, Buffer>;
2783
+ function generateKeyPairSync(type: "ed448", options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2784
+ function generateKeyPairSync(
2785
+ type: "x25519",
2786
+ options: X25519KeyPairOptions<"pem", "pem">,
2787
+ ): KeyPairSyncResult<string, string>;
2788
+ function generateKeyPairSync(
2789
+ type: "x25519",
2790
+ options: X25519KeyPairOptions<"pem", "der">,
2791
+ ): KeyPairSyncResult<string, Buffer>;
2792
+ function generateKeyPairSync(
2793
+ type: "x25519",
2794
+ options: X25519KeyPairOptions<"der", "pem">,
2795
+ ): KeyPairSyncResult<Buffer, string>;
2796
+ function generateKeyPairSync(
2797
+ type: "x25519",
2798
+ options: X25519KeyPairOptions<"der", "der">,
2799
+ ): KeyPairSyncResult<Buffer, Buffer>;
2800
+ function generateKeyPairSync(type: "x25519", options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2801
+ function generateKeyPairSync(
2802
+ type: "x448",
2803
+ options: X448KeyPairOptions<"pem", "pem">,
2804
+ ): KeyPairSyncResult<string, string>;
2805
+ function generateKeyPairSync(
2806
+ type: "x448",
2807
+ options: X448KeyPairOptions<"pem", "der">,
2808
+ ): KeyPairSyncResult<string, Buffer>;
2809
+ function generateKeyPairSync(
2810
+ type: "x448",
2811
+ options: X448KeyPairOptions<"der", "pem">,
2812
+ ): KeyPairSyncResult<Buffer, string>;
2813
+ function generateKeyPairSync(
2814
+ type: "x448",
2815
+ options: X448KeyPairOptions<"der", "der">,
2816
+ ): KeyPairSyncResult<Buffer, Buffer>;
2817
+ function generateKeyPairSync(type: "x448", options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2818
+ /**
2819
+ * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
2820
+ * Ed25519, Ed448, X25519, X448, and DH are currently supported.
2821
+ *
2822
+ * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
2823
+ * behaves as if `keyObject.export()` had been called on its result. Otherwise,
2824
+ * the respective part of the key is returned as a `KeyObject`.
2825
+ *
2826
+ * It is recommended to encode public keys as `'spki'` and private keys as`'pkcs8'` with encryption for long-term storage:
2827
+ *
2828
+ * ```js
2829
+ * const {
2830
+ * generateKeyPair,
2831
+ * } = await import('node:crypto');
2832
+ *
2833
+ * generateKeyPair('rsa', {
2834
+ * modulusLength: 4096,
2835
+ * publicKeyEncoding: {
2836
+ * type: 'spki',
2837
+ * format: 'pem',
2838
+ * },
2839
+ * privateKeyEncoding: {
2840
+ * type: 'pkcs8',
2841
+ * format: 'pem',
2842
+ * cipher: 'aes-256-cbc',
2843
+ * passphrase: 'top secret',
2844
+ * },
2845
+ * }, (err, publicKey, privateKey) => {
2846
+ * // Handle errors and use the generated key pair.
2847
+ * });
2848
+ * ```
2849
+ *
2850
+ * On completion, `callback` will be called with `err` set to `undefined` and`publicKey` / `privateKey` representing the generated key pair.
2851
+ *
2852
+ * If this method is invoked as its `util.promisify()` ed version, it returns
2853
+ * a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
2854
+ * @since v10.12.0
2855
+ * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
2856
+ */
2857
+ function generateKeyPair(
2858
+ type: "rsa",
2859
+ options: RSAKeyPairOptions<"pem", "pem">,
2860
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2861
+ ): void;
2862
+ function generateKeyPair(
2863
+ type: "rsa",
2864
+ options: RSAKeyPairOptions<"pem", "der">,
2865
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2866
+ ): void;
2867
+ function generateKeyPair(
2868
+ type: "rsa",
2869
+ options: RSAKeyPairOptions<"der", "pem">,
2870
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2871
+ ): void;
2872
+ function generateKeyPair(
2873
+ type: "rsa",
2874
+ options: RSAKeyPairOptions<"der", "der">,
2875
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2876
+ ): void;
2877
+ function generateKeyPair(
2878
+ type: "rsa",
2879
+ options: RSAKeyPairKeyObjectOptions,
2880
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2881
+ ): void;
2882
+ function generateKeyPair(
2883
+ type: "rsa-pss",
2884
+ options: RSAPSSKeyPairOptions<"pem", "pem">,
2885
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2886
+ ): void;
2887
+ function generateKeyPair(
2888
+ type: "rsa-pss",
2889
+ options: RSAPSSKeyPairOptions<"pem", "der">,
2890
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2891
+ ): void;
2892
+ function generateKeyPair(
2893
+ type: "rsa-pss",
2894
+ options: RSAPSSKeyPairOptions<"der", "pem">,
2895
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2896
+ ): void;
2897
+ function generateKeyPair(
2898
+ type: "rsa-pss",
2899
+ options: RSAPSSKeyPairOptions<"der", "der">,
2900
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2901
+ ): void;
2902
+ function generateKeyPair(
2903
+ type: "rsa-pss",
2904
+ options: RSAPSSKeyPairKeyObjectOptions,
2905
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2906
+ ): void;
2907
+ function generateKeyPair(
2908
+ type: "dsa",
2909
+ options: DSAKeyPairOptions<"pem", "pem">,
2910
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2911
+ ): void;
2912
+ function generateKeyPair(
2913
+ type: "dsa",
2914
+ options: DSAKeyPairOptions<"pem", "der">,
2915
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2916
+ ): void;
2917
+ function generateKeyPair(
2918
+ type: "dsa",
2919
+ options: DSAKeyPairOptions<"der", "pem">,
2920
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2921
+ ): void;
2922
+ function generateKeyPair(
2923
+ type: "dsa",
2924
+ options: DSAKeyPairOptions<"der", "der">,
2925
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2926
+ ): void;
2927
+ function generateKeyPair(
2928
+ type: "dsa",
2929
+ options: DSAKeyPairKeyObjectOptions,
2930
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2931
+ ): void;
2932
+ function generateKeyPair(
2933
+ type: "ec",
2934
+ options: ECKeyPairOptions<"pem", "pem">,
2935
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2936
+ ): void;
2937
+ function generateKeyPair(
2938
+ type: "ec",
2939
+ options: ECKeyPairOptions<"pem", "der">,
2940
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2941
+ ): void;
2942
+ function generateKeyPair(
2943
+ type: "ec",
2944
+ options: ECKeyPairOptions<"der", "pem">,
2945
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2946
+ ): void;
2947
+ function generateKeyPair(
2948
+ type: "ec",
2949
+ options: ECKeyPairOptions<"der", "der">,
2950
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2951
+ ): void;
2952
+ function generateKeyPair(
2953
+ type: "ec",
2954
+ options: ECKeyPairKeyObjectOptions,
2955
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2956
+ ): void;
2957
+ function generateKeyPair(
2958
+ type: "ed25519",
2959
+ options: ED25519KeyPairOptions<"pem", "pem">,
2960
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2961
+ ): void;
2962
+ function generateKeyPair(
2963
+ type: "ed25519",
2964
+ options: ED25519KeyPairOptions<"pem", "der">,
2965
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2966
+ ): void;
2967
+ function generateKeyPair(
2968
+ type: "ed25519",
2969
+ options: ED25519KeyPairOptions<"der", "pem">,
2970
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2971
+ ): void;
2972
+ function generateKeyPair(
2973
+ type: "ed25519",
2974
+ options: ED25519KeyPairOptions<"der", "der">,
2975
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2976
+ ): void;
2977
+ function generateKeyPair(
2978
+ type: "ed25519",
2979
+ options: ED25519KeyPairKeyObjectOptions | undefined,
2980
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2981
+ ): void;
2982
+ function generateKeyPair(
2983
+ type: "ed448",
2984
+ options: ED448KeyPairOptions<"pem", "pem">,
2985
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2986
+ ): void;
2987
+ function generateKeyPair(
2988
+ type: "ed448",
2989
+ options: ED448KeyPairOptions<"pem", "der">,
2990
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2991
+ ): void;
2992
+ function generateKeyPair(
2993
+ type: "ed448",
2994
+ options: ED448KeyPairOptions<"der", "pem">,
2995
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2996
+ ): void;
2997
+ function generateKeyPair(
2998
+ type: "ed448",
2999
+ options: ED448KeyPairOptions<"der", "der">,
3000
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
3001
+ ): void;
3002
+ function generateKeyPair(
3003
+ type: "ed448",
3004
+ options: ED448KeyPairKeyObjectOptions | undefined,
3005
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
3006
+ ): void;
3007
+ function generateKeyPair(
3008
+ type: "x25519",
3009
+ options: X25519KeyPairOptions<"pem", "pem">,
3010
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
3011
+ ): void;
3012
+ function generateKeyPair(
3013
+ type: "x25519",
3014
+ options: X25519KeyPairOptions<"pem", "der">,
3015
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
3016
+ ): void;
3017
+ function generateKeyPair(
3018
+ type: "x25519",
3019
+ options: X25519KeyPairOptions<"der", "pem">,
3020
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
3021
+ ): void;
3022
+ function generateKeyPair(
3023
+ type: "x25519",
3024
+ options: X25519KeyPairOptions<"der", "der">,
3025
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
3026
+ ): void;
3027
+ function generateKeyPair(
3028
+ type: "x25519",
3029
+ options: X25519KeyPairKeyObjectOptions | undefined,
3030
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
3031
+ ): void;
3032
+ function generateKeyPair(
3033
+ type: "x448",
3034
+ options: X448KeyPairOptions<"pem", "pem">,
3035
+ callback: (err: Error | null, publicKey: string, privateKey: string) => void,
3036
+ ): void;
3037
+ function generateKeyPair(
3038
+ type: "x448",
3039
+ options: X448KeyPairOptions<"pem", "der">,
3040
+ callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
3041
+ ): void;
3042
+ function generateKeyPair(
3043
+ type: "x448",
3044
+ options: X448KeyPairOptions<"der", "pem">,
3045
+ callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
3046
+ ): void;
3047
+ function generateKeyPair(
3048
+ type: "x448",
3049
+ options: X448KeyPairOptions<"der", "der">,
3050
+ callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
3051
+ ): void;
3052
+ function generateKeyPair(
3053
+ type: "x448",
3054
+ options: X448KeyPairKeyObjectOptions | undefined,
3055
+ callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
3056
+ ): void;
3057
+ namespace generateKeyPair {
3058
+ function __promisify__(
3059
+ type: "rsa",
3060
+ options: RSAKeyPairOptions<"pem", "pem">,
3061
+ ): Promise<{
3062
+ publicKey: string;
3063
+ privateKey: string;
3064
+ }>;
3065
+ function __promisify__(
3066
+ type: "rsa",
3067
+ options: RSAKeyPairOptions<"pem", "der">,
3068
+ ): Promise<{
3069
+ publicKey: string;
3070
+ privateKey: Buffer;
3071
+ }>;
3072
+ function __promisify__(
3073
+ type: "rsa",
3074
+ options: RSAKeyPairOptions<"der", "pem">,
3075
+ ): Promise<{
3076
+ publicKey: Buffer;
3077
+ privateKey: string;
3078
+ }>;
3079
+ function __promisify__(
3080
+ type: "rsa",
3081
+ options: RSAKeyPairOptions<"der", "der">,
3082
+ ): Promise<{
3083
+ publicKey: Buffer;
3084
+ privateKey: Buffer;
3085
+ }>;
3086
+ function __promisify__(type: "rsa", options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3087
+ function __promisify__(
3088
+ type: "rsa-pss",
3089
+ options: RSAPSSKeyPairOptions<"pem", "pem">,
3090
+ ): Promise<{
3091
+ publicKey: string;
3092
+ privateKey: string;
3093
+ }>;
3094
+ function __promisify__(
3095
+ type: "rsa-pss",
3096
+ options: RSAPSSKeyPairOptions<"pem", "der">,
3097
+ ): Promise<{
3098
+ publicKey: string;
3099
+ privateKey: Buffer;
3100
+ }>;
3101
+ function __promisify__(
3102
+ type: "rsa-pss",
3103
+ options: RSAPSSKeyPairOptions<"der", "pem">,
3104
+ ): Promise<{
3105
+ publicKey: Buffer;
3106
+ privateKey: string;
3107
+ }>;
3108
+ function __promisify__(
3109
+ type: "rsa-pss",
3110
+ options: RSAPSSKeyPairOptions<"der", "der">,
3111
+ ): Promise<{
3112
+ publicKey: Buffer;
3113
+ privateKey: Buffer;
3114
+ }>;
3115
+ function __promisify__(
3116
+ type: "rsa-pss",
3117
+ options: RSAPSSKeyPairKeyObjectOptions,
3118
+ ): Promise<KeyPairKeyObjectResult>;
3119
+ function __promisify__(
3120
+ type: "dsa",
3121
+ options: DSAKeyPairOptions<"pem", "pem">,
3122
+ ): Promise<{
3123
+ publicKey: string;
3124
+ privateKey: string;
3125
+ }>;
3126
+ function __promisify__(
3127
+ type: "dsa",
3128
+ options: DSAKeyPairOptions<"pem", "der">,
3129
+ ): Promise<{
3130
+ publicKey: string;
3131
+ privateKey: Buffer;
3132
+ }>;
3133
+ function __promisify__(
3134
+ type: "dsa",
3135
+ options: DSAKeyPairOptions<"der", "pem">,
3136
+ ): Promise<{
3137
+ publicKey: Buffer;
3138
+ privateKey: string;
3139
+ }>;
3140
+ function __promisify__(
3141
+ type: "dsa",
3142
+ options: DSAKeyPairOptions<"der", "der">,
3143
+ ): Promise<{
3144
+ publicKey: Buffer;
3145
+ privateKey: Buffer;
3146
+ }>;
3147
+ function __promisify__(type: "dsa", options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3148
+ function __promisify__(
3149
+ type: "ec",
3150
+ options: ECKeyPairOptions<"pem", "pem">,
3151
+ ): Promise<{
3152
+ publicKey: string;
3153
+ privateKey: string;
3154
+ }>;
3155
+ function __promisify__(
3156
+ type: "ec",
3157
+ options: ECKeyPairOptions<"pem", "der">,
3158
+ ): Promise<{
3159
+ publicKey: string;
3160
+ privateKey: Buffer;
3161
+ }>;
3162
+ function __promisify__(
3163
+ type: "ec",
3164
+ options: ECKeyPairOptions<"der", "pem">,
3165
+ ): Promise<{
3166
+ publicKey: Buffer;
3167
+ privateKey: string;
3168
+ }>;
3169
+ function __promisify__(
3170
+ type: "ec",
3171
+ options: ECKeyPairOptions<"der", "der">,
3172
+ ): Promise<{
3173
+ publicKey: Buffer;
3174
+ privateKey: Buffer;
3175
+ }>;
3176
+ function __promisify__(type: "ec", options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3177
+ function __promisify__(
3178
+ type: "ed25519",
3179
+ options: ED25519KeyPairOptions<"pem", "pem">,
3180
+ ): Promise<{
3181
+ publicKey: string;
3182
+ privateKey: string;
3183
+ }>;
3184
+ function __promisify__(
3185
+ type: "ed25519",
3186
+ options: ED25519KeyPairOptions<"pem", "der">,
3187
+ ): Promise<{
3188
+ publicKey: string;
3189
+ privateKey: Buffer;
3190
+ }>;
3191
+ function __promisify__(
3192
+ type: "ed25519",
3193
+ options: ED25519KeyPairOptions<"der", "pem">,
3194
+ ): Promise<{
3195
+ publicKey: Buffer;
3196
+ privateKey: string;
3197
+ }>;
3198
+ function __promisify__(
3199
+ type: "ed25519",
3200
+ options: ED25519KeyPairOptions<"der", "der">,
3201
+ ): Promise<{
3202
+ publicKey: Buffer;
3203
+ privateKey: Buffer;
3204
+ }>;
3205
+ function __promisify__(
3206
+ type: "ed25519",
3207
+ options?: ED25519KeyPairKeyObjectOptions,
3208
+ ): Promise<KeyPairKeyObjectResult>;
3209
+ function __promisify__(
3210
+ type: "ed448",
3211
+ options: ED448KeyPairOptions<"pem", "pem">,
3212
+ ): Promise<{
3213
+ publicKey: string;
3214
+ privateKey: string;
3215
+ }>;
3216
+ function __promisify__(
3217
+ type: "ed448",
3218
+ options: ED448KeyPairOptions<"pem", "der">,
3219
+ ): Promise<{
3220
+ publicKey: string;
3221
+ privateKey: Buffer;
3222
+ }>;
3223
+ function __promisify__(
3224
+ type: "ed448",
3225
+ options: ED448KeyPairOptions<"der", "pem">,
3226
+ ): Promise<{
3227
+ publicKey: Buffer;
3228
+ privateKey: string;
3229
+ }>;
3230
+ function __promisify__(
3231
+ type: "ed448",
3232
+ options: ED448KeyPairOptions<"der", "der">,
3233
+ ): Promise<{
3234
+ publicKey: Buffer;
3235
+ privateKey: Buffer;
3236
+ }>;
3237
+ function __promisify__(type: "ed448", options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3238
+ function __promisify__(
3239
+ type: "x25519",
3240
+ options: X25519KeyPairOptions<"pem", "pem">,
3241
+ ): Promise<{
3242
+ publicKey: string;
3243
+ privateKey: string;
3244
+ }>;
3245
+ function __promisify__(
3246
+ type: "x25519",
3247
+ options: X25519KeyPairOptions<"pem", "der">,
3248
+ ): Promise<{
3249
+ publicKey: string;
3250
+ privateKey: Buffer;
3251
+ }>;
3252
+ function __promisify__(
3253
+ type: "x25519",
3254
+ options: X25519KeyPairOptions<"der", "pem">,
3255
+ ): Promise<{
3256
+ publicKey: Buffer;
3257
+ privateKey: string;
3258
+ }>;
3259
+ function __promisify__(
3260
+ type: "x25519",
3261
+ options: X25519KeyPairOptions<"der", "der">,
3262
+ ): Promise<{
3263
+ publicKey: Buffer;
3264
+ privateKey: Buffer;
3265
+ }>;
3266
+ function __promisify__(
3267
+ type: "x25519",
3268
+ options?: X25519KeyPairKeyObjectOptions,
3269
+ ): Promise<KeyPairKeyObjectResult>;
3270
+ function __promisify__(
3271
+ type: "x448",
3272
+ options: X448KeyPairOptions<"pem", "pem">,
3273
+ ): Promise<{
3274
+ publicKey: string;
3275
+ privateKey: string;
3276
+ }>;
3277
+ function __promisify__(
3278
+ type: "x448",
3279
+ options: X448KeyPairOptions<"pem", "der">,
3280
+ ): Promise<{
3281
+ publicKey: string;
3282
+ privateKey: Buffer;
3283
+ }>;
3284
+ function __promisify__(
3285
+ type: "x448",
3286
+ options: X448KeyPairOptions<"der", "pem">,
3287
+ ): Promise<{
3288
+ publicKey: Buffer;
3289
+ privateKey: string;
3290
+ }>;
3291
+ function __promisify__(
3292
+ type: "x448",
3293
+ options: X448KeyPairOptions<"der", "der">,
3294
+ ): Promise<{
3295
+ publicKey: Buffer;
3296
+ privateKey: Buffer;
3297
+ }>;
3298
+ function __promisify__(type: "x448", options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3299
+ }
3300
+ /**
3301
+ * Calculates and returns the signature for `data` using the given private key and
3302
+ * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
3303
+ * dependent upon the key type (especially Ed25519 and Ed448).
3304
+ *
3305
+ * If `key` is not a `KeyObject`, this function behaves as if `key` had been
3306
+ * passed to {@link createPrivateKey}. If it is an object, the following
3307
+ * additional properties can be passed:
3308
+ *
3309
+ * If the `callback` function is provided this function uses libuv's threadpool.
3310
+ * @since v12.0.0
3311
+ */
3312
+ function sign(
3313
+ algorithm: string | null | undefined,
3314
+ data: NodeJS.ArrayBufferView,
3315
+ key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
3316
+ ): Buffer;
3317
+ function sign(
3318
+ algorithm: string | null | undefined,
3319
+ data: NodeJS.ArrayBufferView,
3320
+ key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
3321
+ callback: (error: Error | null, data: Buffer) => void,
3322
+ ): void;
3323
+ /**
3324
+ * Verifies the given signature for `data` using the given key and algorithm. If`algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
3325
+ * key type (especially Ed25519 and Ed448).
3326
+ *
3327
+ * If `key` is not a `KeyObject`, this function behaves as if `key` had been
3328
+ * passed to {@link createPublicKey}. If it is an object, the following
3329
+ * additional properties can be passed:
3330
+ *
3331
+ * The `signature` argument is the previously calculated signature for the `data`.
3332
+ *
3333
+ * Because public keys can be derived from private keys, a private key or a public
3334
+ * key may be passed for `key`.
3335
+ *
3336
+ * If the `callback` function is provided this function uses libuv's threadpool.
3337
+ * @since v12.0.0
3338
+ */
3339
+ function verify(
3340
+ algorithm: string | null | undefined,
3341
+ data: NodeJS.ArrayBufferView,
3342
+ key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
3343
+ signature: NodeJS.ArrayBufferView,
3344
+ ): boolean;
3345
+ function verify(
3346
+ algorithm: string | null | undefined,
3347
+ data: NodeJS.ArrayBufferView,
3348
+ key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
3349
+ signature: NodeJS.ArrayBufferView,
3350
+ callback: (error: Error | null, result: boolean) => void,
3351
+ ): void;
3352
+ /**
3353
+ * Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
3354
+ * Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'`(for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
3355
+ * @since v13.9.0, v12.17.0
3356
+ */
3357
+ function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
3358
+ type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
3359
+ interface CipherInfoOptions {
3360
+ /**
3361
+ * A test key length.
3362
+ */
3363
+ keyLength?: number | undefined;
3364
+ /**
3365
+ * A test IV length.
3366
+ */
3367
+ ivLength?: number | undefined;
3368
+ }
3369
+ interface CipherInfo {
3370
+ /**
3371
+ * The name of the cipher.
3372
+ */
3373
+ name: string;
3374
+ /**
3375
+ * The nid of the cipher.
3376
+ */
3377
+ nid: number;
3378
+ /**
3379
+ * The block size of the cipher in bytes.
3380
+ * This property is omitted when mode is 'stream'.
3381
+ */
3382
+ blockSize?: number | undefined;
3383
+ /**
3384
+ * The expected or default initialization vector length in bytes.
3385
+ * This property is omitted if the cipher does not use an initialization vector.
3386
+ */
3387
+ ivLength?: number | undefined;
3388
+ /**
3389
+ * The expected or default key length in bytes.
3390
+ */
3391
+ keyLength: number;
3392
+ /**
3393
+ * The cipher mode.
3394
+ */
3395
+ mode: CipherMode;
3396
+ }
3397
+ /**
3398
+ * Returns information about a given cipher.
3399
+ *
3400
+ * Some ciphers accept variable length keys and initialization vectors. By default,
3401
+ * the `crypto.getCipherInfo()` method will return the default values for these
3402
+ * ciphers. To test if a given key length or iv length is acceptable for given
3403
+ * cipher, use the `keyLength` and `ivLength` options. If the given values are
3404
+ * unacceptable, `undefined` will be returned.
3405
+ * @since v15.0.0
3406
+ * @param nameOrNid The name or nid of the cipher to query.
3407
+ */
3408
+ function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
3409
+ /**
3410
+ * HKDF is a simple key derivation function defined in RFC 5869\. The given `ikm`,`salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
3411
+ *
3412
+ * The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an errors occurs while deriving the key, `err` will be set;
3413
+ * otherwise `err` will be `null`. The successfully generated `derivedKey` will
3414
+ * be passed to the callback as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). An error will be thrown if any
3415
+ * of the input arguments specify invalid values or types.
3416
+ *
3417
+ * ```js
3418
+ * import { Buffer } from 'node:buffer';
3419
+ * const {
3420
+ * hkdf,
3421
+ * } = await import('node:crypto');
3422
+ *
3423
+ * hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
3424
+ * if (err) throw err;
3425
+ * console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
3426
+ * });
3427
+ * ```
3428
+ * @since v15.0.0
3429
+ * @param digest The digest algorithm to use.
3430
+ * @param ikm The input keying material. Must be provided but can be zero-length.
3431
+ * @param salt The salt value. Must be provided but can be zero-length.
3432
+ * @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
3433
+ * @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
3434
+ * generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
3435
+ */
3436
+ function hkdf(
3437
+ digest: string,
3438
+ irm: BinaryLike | KeyObject,
3439
+ salt: BinaryLike,
3440
+ info: BinaryLike,
3441
+ keylen: number,
3442
+ callback: (err: Error | null, derivedKey: ArrayBuffer) => void,
3443
+ ): void;
3444
+ /**
3445
+ * Provides a synchronous HKDF key derivation function as defined in RFC 5869\. The
3446
+ * given `ikm`, `salt` and `info` are used with the `digest` to derive a key of`keylen` bytes.
3447
+ *
3448
+ * The successfully generated `derivedKey` will be returned as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer).
3449
+ *
3450
+ * An error will be thrown if any of the input arguments specify invalid values or
3451
+ * types, or if the derived key cannot be generated.
3452
+ *
3453
+ * ```js
3454
+ * import { Buffer } from 'node:buffer';
3455
+ * const {
3456
+ * hkdfSync,
3457
+ * } = await import('node:crypto');
3458
+ *
3459
+ * const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
3460
+ * console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
3461
+ * ```
3462
+ * @since v15.0.0
3463
+ * @param digest The digest algorithm to use.
3464
+ * @param ikm The input keying material. Must be provided but can be zero-length.
3465
+ * @param salt The salt value. Must be provided but can be zero-length.
3466
+ * @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
3467
+ * @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
3468
+ * generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
3469
+ */
3470
+ function hkdfSync(
3471
+ digest: string,
3472
+ ikm: BinaryLike | KeyObject,
3473
+ salt: BinaryLike,
3474
+ info: BinaryLike,
3475
+ keylen: number,
3476
+ ): ArrayBuffer;
3477
+ interface SecureHeapUsage {
3478
+ /**
3479
+ * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
3480
+ */
3481
+ total: number;
3482
+ /**
3483
+ * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
3484
+ */
3485
+ min: number;
3486
+ /**
3487
+ * The total number of bytes currently allocated from the secure heap.
3488
+ */
3489
+ used: number;
3490
+ /**
3491
+ * The calculated ratio of `used` to `total` allocated bytes.
3492
+ */
3493
+ utilization: number;
3494
+ }
3495
+ /**
3496
+ * @since v15.6.0
3497
+ */
3498
+ function secureHeapUsed(): SecureHeapUsage;
3499
+ interface RandomUUIDOptions {
3500
+ /**
3501
+ * By default, to improve performance,
3502
+ * Node.js will pre-emptively generate and persistently cache enough
3503
+ * random data to generate up to 128 random UUIDs. To generate a UUID
3504
+ * without using the cache, set `disableEntropyCache` to `true`.
3505
+ *
3506
+ * @default `false`
3507
+ */
3508
+ disableEntropyCache?: boolean | undefined;
3509
+ }
3510
+ /**
3511
+ * Generates a random [RFC 4122](https://www.rfc-editor.org/rfc/rfc4122.txt) version 4 UUID. The UUID is generated using a
3512
+ * cryptographic pseudorandom number generator.
3513
+ * @since v15.6.0, v14.17.0
3514
+ */
3515
+ function randomUUID(options?: RandomUUIDOptions): string;
3516
+ interface X509CheckOptions {
3517
+ /**
3518
+ * @default 'always'
3519
+ */
3520
+ subject?: "always" | "default" | "never";
3521
+ /**
3522
+ * @default true
3523
+ */
3524
+ wildcards?: boolean;
3525
+ /**
3526
+ * @default true
3527
+ */
3528
+ partialWildcards?: boolean;
3529
+ /**
3530
+ * @default false
3531
+ */
3532
+ multiLabelWildcards?: boolean;
3533
+ /**
3534
+ * @default false
3535
+ */
3536
+ singleLabelSubdomains?: boolean;
3537
+ }
3538
+ /**
3539
+ * Encapsulates an X509 certificate and provides read-only access to
3540
+ * its information.
3541
+ *
3542
+ * ```js
3543
+ * const { X509Certificate } = await import('node:crypto');
3544
+ *
3545
+ * const x509 = new X509Certificate('{... pem encoded cert ...}');
3546
+ *
3547
+ * console.log(x509.subject);
3548
+ * ```
3549
+ * @since v15.6.0
3550
+ */
3551
+ class X509Certificate {
3552
+ /**
3553
+ * Will be \`true\` if this is a Certificate Authority (CA) certificate.
3554
+ * @since v15.6.0
3555
+ */
3556
+ readonly ca: boolean;
3557
+ /**
3558
+ * The SHA-1 fingerprint of this certificate.
3559
+ *
3560
+ * Because SHA-1 is cryptographically broken and because the security of SHA-1 is
3561
+ * significantly worse than that of algorithms that are commonly used to sign
3562
+ * certificates, consider using `x509.fingerprint256` instead.
3563
+ * @since v15.6.0
3564
+ */
3565
+ readonly fingerprint: string;
3566
+ /**
3567
+ * The SHA-256 fingerprint of this certificate.
3568
+ * @since v15.6.0
3569
+ */
3570
+ readonly fingerprint256: string;
3571
+ /**
3572
+ * The SHA-512 fingerprint of this certificate.
3573
+ *
3574
+ * Because computing the SHA-256 fingerprint is usually faster and because it is
3575
+ * only half the size of the SHA-512 fingerprint, `x509.fingerprint256` may be
3576
+ * a better choice. While SHA-512 presumably provides a higher level of security in
3577
+ * general, the security of SHA-256 matches that of most algorithms that are
3578
+ * commonly used to sign certificates.
3579
+ * @since v17.2.0, v16.14.0
3580
+ */
3581
+ readonly fingerprint512: string;
3582
+ /**
3583
+ * The complete subject of this certificate.
3584
+ * @since v15.6.0
3585
+ */
3586
+ readonly subject: string;
3587
+ /**
3588
+ * The subject alternative name specified for this certificate.
3589
+ *
3590
+ * This is a comma-separated list of subject alternative names. Each entry begins
3591
+ * with a string identifying the kind of the subject alternative name followed by
3592
+ * a colon and the value associated with the entry.
3593
+ *
3594
+ * Earlier versions of Node.js incorrectly assumed that it is safe to split this
3595
+ * property at the two-character sequence `', '` (see [CVE-2021-44532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532)). However,
3596
+ * both malicious and legitimate certificates can contain subject alternative names
3597
+ * that include this sequence when represented as a string.
3598
+ *
3599
+ * After the prefix denoting the type of the entry, the remainder of each entry
3600
+ * might be enclosed in quotes to indicate that the value is a JSON string literal.
3601
+ * For backward compatibility, Node.js only uses JSON string literals within this
3602
+ * property when necessary to avoid ambiguity. Third-party code should be prepared
3603
+ * to handle both possible entry formats.
3604
+ * @since v15.6.0
3605
+ */
3606
+ readonly subjectAltName: string | undefined;
3607
+ /**
3608
+ * A textual representation of the certificate's authority information access
3609
+ * extension.
3610
+ *
3611
+ * This is a line feed separated list of access descriptions. Each line begins with
3612
+ * the access method and the kind of the access location, followed by a colon and
3613
+ * the value associated with the access location.
3614
+ *
3615
+ * After the prefix denoting the access method and the kind of the access location,
3616
+ * the remainder of each line might be enclosed in quotes to indicate that the
3617
+ * value is a JSON string literal. For backward compatibility, Node.js only uses
3618
+ * JSON string literals within this property when necessary to avoid ambiguity.
3619
+ * Third-party code should be prepared to handle both possible entry formats.
3620
+ * @since v15.6.0
3621
+ */
3622
+ readonly infoAccess: string | undefined;
3623
+ /**
3624
+ * An array detailing the key usages for this certificate.
3625
+ * @since v15.6.0
3626
+ */
3627
+ readonly keyUsage: string[];
3628
+ /**
3629
+ * The issuer identification included in this certificate.
3630
+ * @since v15.6.0
3631
+ */
3632
+ readonly issuer: string;
3633
+ /**
3634
+ * The issuer certificate or `undefined` if the issuer certificate is not
3635
+ * available.
3636
+ * @since v15.9.0
3637
+ */
3638
+ readonly issuerCertificate?: X509Certificate | undefined;
3639
+ /**
3640
+ * The public key `KeyObject` for this certificate.
3641
+ * @since v15.6.0
3642
+ */
3643
+ readonly publicKey: KeyObject;
3644
+ /**
3645
+ * A `Buffer` containing the DER encoding of this certificate.
3646
+ * @since v15.6.0
3647
+ */
3648
+ readonly raw: Buffer;
3649
+ /**
3650
+ * The serial number of this certificate.
3651
+ *
3652
+ * Serial numbers are assigned by certificate authorities and do not uniquely
3653
+ * identify certificates. Consider using `x509.fingerprint256` as a unique
3654
+ * identifier instead.
3655
+ * @since v15.6.0
3656
+ */
3657
+ readonly serialNumber: string;
3658
+ /**
3659
+ * The date/time from which this certificate is considered valid.
3660
+ * @since v15.6.0
3661
+ */
3662
+ readonly validFrom: string;
3663
+ /**
3664
+ * The date/time until which this certificate is considered valid.
3665
+ * @since v15.6.0
3666
+ */
3667
+ readonly validTo: string;
3668
+ constructor(buffer: BinaryLike);
3669
+ /**
3670
+ * Checks whether the certificate matches the given email address.
3671
+ *
3672
+ * If the `'subject'` option is undefined or set to `'default'`, the certificate
3673
+ * subject is only considered if the subject alternative name extension either does
3674
+ * not exist or does not contain any email addresses.
3675
+ *
3676
+ * If the `'subject'` option is set to `'always'` and if the subject alternative
3677
+ * name extension either does not exist or does not contain a matching email
3678
+ * address, the certificate subject is considered.
3679
+ *
3680
+ * If the `'subject'` option is set to `'never'`, the certificate subject is never
3681
+ * considered, even if the certificate contains no subject alternative names.
3682
+ * @since v15.6.0
3683
+ * @return Returns `email` if the certificate matches, `undefined` if it does not.
3684
+ */
3685
+ checkEmail(email: string, options?: Pick<X509CheckOptions, "subject">): string | undefined;
3686
+ /**
3687
+ * Checks whether the certificate matches the given host name.
3688
+ *
3689
+ * If the certificate matches the given host name, the matching subject name is
3690
+ * returned. The returned name might be an exact match (e.g., `foo.example.com`)
3691
+ * or it might contain wildcards (e.g., `*.example.com`). Because host name
3692
+ * comparisons are case-insensitive, the returned subject name might also differ
3693
+ * from the given `name` in capitalization.
3694
+ *
3695
+ * If the `'subject'` option is undefined or set to `'default'`, the certificate
3696
+ * subject is only considered if the subject alternative name extension either does
3697
+ * not exist or does not contain any DNS names. This behavior is consistent with [RFC 2818](https://www.rfc-editor.org/rfc/rfc2818.txt) ("HTTP Over TLS").
3698
+ *
3699
+ * If the `'subject'` option is set to `'always'` and if the subject alternative
3700
+ * name extension either does not exist or does not contain a matching DNS name,
3701
+ * the certificate subject is considered.
3702
+ *
3703
+ * If the `'subject'` option is set to `'never'`, the certificate subject is never
3704
+ * considered, even if the certificate contains no subject alternative names.
3705
+ * @since v15.6.0
3706
+ * @return Returns a subject name that matches `name`, or `undefined` if no subject name matches `name`.
3707
+ */
3708
+ checkHost(name: string, options?: X509CheckOptions): string | undefined;
3709
+ /**
3710
+ * Checks whether the certificate matches the given IP address (IPv4 or IPv6).
3711
+ *
3712
+ * Only [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.txt) `iPAddress` subject alternative names are considered, and they
3713
+ * must match the given `ip` address exactly. Other subject alternative names as
3714
+ * well as the subject field of the certificate are ignored.
3715
+ * @since v15.6.0
3716
+ * @return Returns `ip` if the certificate matches, `undefined` if it does not.
3717
+ */
3718
+ checkIP(ip: string): string | undefined;
3719
+ /**
3720
+ * Checks whether this certificate was issued by the given `otherCert`.
3721
+ * @since v15.6.0
3722
+ */
3723
+ checkIssued(otherCert: X509Certificate): boolean;
3724
+ /**
3725
+ * Checks whether the public key for this certificate is consistent with
3726
+ * the given private key.
3727
+ * @since v15.6.0
3728
+ * @param privateKey A private key.
3729
+ */
3730
+ checkPrivateKey(privateKey: KeyObject): boolean;
3731
+ /**
3732
+ * There is no standard JSON encoding for X509 certificates. The`toJSON()` method returns a string containing the PEM encoded
3733
+ * certificate.
3734
+ * @since v15.6.0
3735
+ */
3736
+ toJSON(): string;
3737
+ /**
3738
+ * Returns information about this certificate using the legacy `certificate object` encoding.
3739
+ * @since v15.6.0
3740
+ */
3741
+ toLegacyObject(): PeerCertificate;
3742
+ /**
3743
+ * Returns the PEM-encoded certificate.
3744
+ * @since v15.6.0
3745
+ */
3746
+ toString(): string;
3747
+ /**
3748
+ * Verifies that this certificate was signed by the given public key.
3749
+ * Does not perform any other validation checks on the certificate.
3750
+ * @since v15.6.0
3751
+ * @param publicKey A public key.
3752
+ */
3753
+ verify(publicKey: KeyObject): boolean;
3754
+ }
3755
+ type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
3756
+ interface GeneratePrimeOptions {
3757
+ add?: LargeNumberLike | undefined;
3758
+ rem?: LargeNumberLike | undefined;
3759
+ /**
3760
+ * @default false
3761
+ */
3762
+ safe?: boolean | undefined;
3763
+ bigint?: boolean | undefined;
3764
+ }
3765
+ interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
3766
+ bigint: true;
3767
+ }
3768
+ interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
3769
+ bigint?: false | undefined;
3770
+ }
3771
+ /**
3772
+ * Generates a pseudorandom prime of `size` bits.
3773
+ *
3774
+ * If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
3775
+ *
3776
+ * The `options.add` and `options.rem` parameters can be used to enforce additional
3777
+ * requirements, e.g., for Diffie-Hellman:
3778
+ *
3779
+ * * If `options.add` and `options.rem` are both set, the prime will satisfy the
3780
+ * condition that `prime % add = rem`.
3781
+ * * If only `options.add` is set and `options.safe` is not `true`, the prime will
3782
+ * satisfy the condition that `prime % add = 1`.
3783
+ * * If only `options.add` is set and `options.safe` is set to `true`, the prime
3784
+ * will instead satisfy the condition that `prime % add = 3`. This is necessary
3785
+ * because `prime % add = 1` for `options.add > 2` would contradict the condition
3786
+ * enforced by `options.safe`.
3787
+ * * `options.rem` is ignored if `options.add` is not given.
3788
+ *
3789
+ * Both `options.add` and `options.rem` must be encoded as big-endian sequences
3790
+ * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
3791
+ *
3792
+ * By default, the prime is encoded as a big-endian sequence of octets
3793
+ * in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
3794
+ * [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.
3795
+ * @since v15.8.0
3796
+ * @param size The size (in bits) of the prime to generate.
3797
+ */
3798
+ function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
3799
+ function generatePrime(
3800
+ size: number,
3801
+ options: GeneratePrimeOptionsBigInt,
3802
+ callback: (err: Error | null, prime: bigint) => void,
3803
+ ): void;
3804
+ function generatePrime(
3805
+ size: number,
3806
+ options: GeneratePrimeOptionsArrayBuffer,
3807
+ callback: (err: Error | null, prime: ArrayBuffer) => void,
3808
+ ): void;
3809
+ function generatePrime(
3810
+ size: number,
3811
+ options: GeneratePrimeOptions,
3812
+ callback: (err: Error | null, prime: ArrayBuffer | bigint) => void,
3813
+ ): void;
3814
+ /**
3815
+ * Generates a pseudorandom prime of `size` bits.
3816
+ *
3817
+ * If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
3818
+ *
3819
+ * The `options.add` and `options.rem` parameters can be used to enforce additional
3820
+ * requirements, e.g., for Diffie-Hellman:
3821
+ *
3822
+ * * If `options.add` and `options.rem` are both set, the prime will satisfy the
3823
+ * condition that `prime % add = rem`.
3824
+ * * If only `options.add` is set and `options.safe` is not `true`, the prime will
3825
+ * satisfy the condition that `prime % add = 1`.
3826
+ * * If only `options.add` is set and `options.safe` is set to `true`, the prime
3827
+ * will instead satisfy the condition that `prime % add = 3`. This is necessary
3828
+ * because `prime % add = 1` for `options.add > 2` would contradict the condition
3829
+ * enforced by `options.safe`.
3830
+ * * `options.rem` is ignored if `options.add` is not given.
3831
+ *
3832
+ * Both `options.add` and `options.rem` must be encoded as big-endian sequences
3833
+ * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
3834
+ *
3835
+ * By default, the prime is encoded as a big-endian sequence of octets
3836
+ * in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
3837
+ * [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.
3838
+ * @since v15.8.0
3839
+ * @param size The size (in bits) of the prime to generate.
3840
+ */
3841
+ function generatePrimeSync(size: number): ArrayBuffer;
3842
+ function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
3843
+ function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
3844
+ function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
3845
+ interface CheckPrimeOptions {
3846
+ /**
3847
+ * The number of Miller-Rabin probabilistic primality iterations to perform.
3848
+ * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most `2**-64` for random input.
3849
+ * Care must be used when selecting a number of checks.
3850
+ * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
3851
+ *
3852
+ * @default 0
3853
+ */
3854
+ checks?: number | undefined;
3855
+ }
3856
+ /**
3857
+ * Checks the primality of the `candidate`.
3858
+ * @since v15.8.0
3859
+ * @param candidate A possible prime encoded as a sequence of big endian octets of arbitrary length.
3860
+ */
3861
+ function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
3862
+ function checkPrime(
3863
+ value: LargeNumberLike,
3864
+ options: CheckPrimeOptions,
3865
+ callback: (err: Error | null, result: boolean) => void,
3866
+ ): void;
3867
+ /**
3868
+ * Checks the primality of the `candidate`.
3869
+ * @since v15.8.0
3870
+ * @param candidate A possible prime encoded as a sequence of big endian octets of arbitrary length.
3871
+ * @return `true` if the candidate is a prime with an error probability less than `0.25 ** options.checks`.
3872
+ */
3873
+ function checkPrimeSync(candidate: LargeNumberLike, options?: CheckPrimeOptions): boolean;
3874
+ /**
3875
+ * Load and set the `engine` for some or all OpenSSL functions (selected by flags).
3876
+ *
3877
+ * `engine` could be either an id or a path to the engine's shared library.
3878
+ *
3879
+ * The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`is a bit field taking one of or a mix of the following flags (defined in`crypto.constants`):
3880
+ *
3881
+ * * `crypto.constants.ENGINE_METHOD_RSA`
3882
+ * * `crypto.constants.ENGINE_METHOD_DSA`
3883
+ * * `crypto.constants.ENGINE_METHOD_DH`
3884
+ * * `crypto.constants.ENGINE_METHOD_RAND`
3885
+ * * `crypto.constants.ENGINE_METHOD_EC`
3886
+ * * `crypto.constants.ENGINE_METHOD_CIPHERS`
3887
+ * * `crypto.constants.ENGINE_METHOD_DIGESTS`
3888
+ * * `crypto.constants.ENGINE_METHOD_PKEY_METHS`
3889
+ * * `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
3890
+ * * `crypto.constants.ENGINE_METHOD_ALL`
3891
+ * * `crypto.constants.ENGINE_METHOD_NONE`
3892
+ * @since v0.11.11
3893
+ * @param flags
3894
+ */
3895
+ function setEngine(engine: string, flags?: number): void;
3896
+ /**
3897
+ * A convenient alias for {@link webcrypto.getRandomValues}. This
3898
+ * implementation is not compliant with the Web Crypto spec, to write
3899
+ * web-compatible code use {@link webcrypto.getRandomValues} instead.
3900
+ * @since v17.4.0
3901
+ * @return Returns `typedArray`.
3902
+ */
3903
+ function getRandomValues<T extends webcrypto.BufferSource>(typedArray: T): T;
3904
+ /**
3905
+ * A convenient alias for `crypto.webcrypto.subtle`.
3906
+ * @since v17.4.0
3907
+ */
3908
+ const subtle: webcrypto.SubtleCrypto;
3909
+ /**
3910
+ * An implementation of the Web Crypto API standard.
3911
+ *
3912
+ * See the {@link https://nodejs.org/docs/latest/api/webcrypto.html Web Crypto API documentation} for details.
3913
+ * @since v15.0.0
3914
+ */
3915
+ const webcrypto: webcrypto.Crypto;
3916
+ namespace webcrypto {
3917
+ type BufferSource = ArrayBufferView | ArrayBuffer;
3918
+ type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
3919
+ type KeyType = "private" | "public" | "secret";
3920
+ type KeyUsage =
3921
+ | "decrypt"
3922
+ | "deriveBits"
3923
+ | "deriveKey"
3924
+ | "encrypt"
3925
+ | "sign"
3926
+ | "unwrapKey"
3927
+ | "verify"
3928
+ | "wrapKey";
3929
+ type AlgorithmIdentifier = Algorithm | string;
3930
+ type HashAlgorithmIdentifier = AlgorithmIdentifier;
3931
+ type NamedCurve = string;
3932
+ type BigInteger = Uint8Array;
3933
+ interface AesCbcParams extends Algorithm {
3934
+ iv: BufferSource;
3935
+ }
3936
+ interface AesCtrParams extends Algorithm {
3937
+ counter: BufferSource;
3938
+ length: number;
3939
+ }
3940
+ interface AesDerivedKeyParams extends Algorithm {
3941
+ length: number;
3942
+ }
3943
+ interface AesGcmParams extends Algorithm {
3944
+ additionalData?: BufferSource;
3945
+ iv: BufferSource;
3946
+ tagLength?: number;
3947
+ }
3948
+ interface AesKeyAlgorithm extends KeyAlgorithm {
3949
+ length: number;
3950
+ }
3951
+ interface AesKeyGenParams extends Algorithm {
3952
+ length: number;
3953
+ }
3954
+ interface Algorithm {
3955
+ name: string;
3956
+ }
3957
+ interface EcKeyAlgorithm extends KeyAlgorithm {
3958
+ namedCurve: NamedCurve;
3959
+ }
3960
+ interface EcKeyGenParams extends Algorithm {
3961
+ namedCurve: NamedCurve;
3962
+ }
3963
+ interface EcKeyImportParams extends Algorithm {
3964
+ namedCurve: NamedCurve;
3965
+ }
3966
+ interface EcdhKeyDeriveParams extends Algorithm {
3967
+ public: CryptoKey;
3968
+ }
3969
+ interface EcdsaParams extends Algorithm {
3970
+ hash: HashAlgorithmIdentifier;
3971
+ }
3972
+ interface Ed448Params extends Algorithm {
3973
+ context?: BufferSource;
3974
+ }
3975
+ interface HkdfParams extends Algorithm {
3976
+ hash: HashAlgorithmIdentifier;
3977
+ info: BufferSource;
3978
+ salt: BufferSource;
3979
+ }
3980
+ interface HmacImportParams extends Algorithm {
3981
+ hash: HashAlgorithmIdentifier;
3982
+ length?: number;
3983
+ }
3984
+ interface HmacKeyAlgorithm extends KeyAlgorithm {
3985
+ hash: KeyAlgorithm;
3986
+ length: number;
3987
+ }
3988
+ interface HmacKeyGenParams extends Algorithm {
3989
+ hash: HashAlgorithmIdentifier;
3990
+ length?: number;
3991
+ }
3992
+ interface JsonWebKey {
3993
+ alg?: string;
3994
+ crv?: string;
3995
+ d?: string;
3996
+ dp?: string;
3997
+ dq?: string;
3998
+ e?: string;
3999
+ ext?: boolean;
4000
+ k?: string;
4001
+ key_ops?: string[];
4002
+ kty?: string;
4003
+ n?: string;
4004
+ oth?: RsaOtherPrimesInfo[];
4005
+ p?: string;
4006
+ q?: string;
4007
+ qi?: string;
4008
+ use?: string;
4009
+ x?: string;
4010
+ y?: string;
4011
+ }
4012
+ interface KeyAlgorithm {
4013
+ name: string;
4014
+ }
4015
+ interface Pbkdf2Params extends Algorithm {
4016
+ hash: HashAlgorithmIdentifier;
4017
+ iterations: number;
4018
+ salt: BufferSource;
4019
+ }
4020
+ interface RsaHashedImportParams extends Algorithm {
4021
+ hash: HashAlgorithmIdentifier;
4022
+ }
4023
+ interface RsaHashedKeyAlgorithm extends RsaKeyAlgorithm {
4024
+ hash: KeyAlgorithm;
4025
+ }
4026
+ interface RsaHashedKeyGenParams extends RsaKeyGenParams {
4027
+ hash: HashAlgorithmIdentifier;
4028
+ }
4029
+ interface RsaKeyAlgorithm extends KeyAlgorithm {
4030
+ modulusLength: number;
4031
+ publicExponent: BigInteger;
4032
+ }
4033
+ interface RsaKeyGenParams extends Algorithm {
4034
+ modulusLength: number;
4035
+ publicExponent: BigInteger;
4036
+ }
4037
+ interface RsaOaepParams extends Algorithm {
4038
+ label?: BufferSource;
4039
+ }
4040
+ interface RsaOtherPrimesInfo {
4041
+ d?: string;
4042
+ r?: string;
4043
+ t?: string;
4044
+ }
4045
+ interface RsaPssParams extends Algorithm {
4046
+ saltLength: number;
4047
+ }
4048
+ /**
4049
+ * Calling `require('node:crypto').webcrypto` returns an instance of the `Crypto` class.
4050
+ * `Crypto` is a singleton that provides access to the remainder of the crypto API.
4051
+ * @since v15.0.0
4052
+ */
4053
+ interface Crypto {
4054
+ /**
4055
+ * Provides access to the `SubtleCrypto` API.
4056
+ * @since v15.0.0
4057
+ */
4058
+ readonly subtle: SubtleCrypto;
4059
+ /**
4060
+ * Generates cryptographically strong random values.
4061
+ * The given `typedArray` is filled with random values, and a reference to `typedArray` is returned.
4062
+ *
4063
+ * The given `typedArray` must be an integer-based instance of {@link NodeJS.TypedArray}, i.e. `Float32Array` and `Float64Array` are not accepted.
4064
+ *
4065
+ * An error will be thrown if the given `typedArray` is larger than 65,536 bytes.
4066
+ * @since v15.0.0
4067
+ */
4068
+ getRandomValues<T extends Exclude<NodeJS.TypedArray, Float32Array | Float64Array>>(typedArray: T): T;
4069
+ /**
4070
+ * Generates a random {@link https://www.rfc-editor.org/rfc/rfc4122.txt RFC 4122} version 4 UUID.
4071
+ * The UUID is generated using a cryptographic pseudorandom number generator.
4072
+ * @since v16.7.0
4073
+ */
4074
+ randomUUID(): string;
4075
+ CryptoKey: CryptoKeyConstructor;
4076
+ }
4077
+ // This constructor throws ILLEGAL_CONSTRUCTOR so it should not be newable.
4078
+ interface CryptoKeyConstructor {
4079
+ /** Illegal constructor */
4080
+ (_: { readonly _: unique symbol }): never; // Allows instanceof to work but not be callable by the user.
4081
+ readonly length: 0;
4082
+ readonly name: "CryptoKey";
4083
+ readonly prototype: CryptoKey;
4084
+ }
4085
+ /**
4086
+ * @since v15.0.0
4087
+ */
4088
+ interface CryptoKey {
4089
+ /**
4090
+ * An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters.
4091
+ * @since v15.0.0
4092
+ */
4093
+ readonly algorithm: KeyAlgorithm;
4094
+ /**
4095
+ * When `true`, the {@link CryptoKey} can be extracted using either `subtleCrypto.exportKey()` or `subtleCrypto.wrapKey()`.
4096
+ * @since v15.0.0
4097
+ */
4098
+ readonly extractable: boolean;
4099
+ /**
4100
+ * A string identifying whether the key is a symmetric (`'secret'`) or asymmetric (`'private'` or `'public'`) key.
4101
+ * @since v15.0.0
4102
+ */
4103
+ readonly type: KeyType;
4104
+ /**
4105
+ * An array of strings identifying the operations for which the key may be used.
4106
+ *
4107
+ * The possible usages are:
4108
+ * - `'encrypt'` - The key may be used to encrypt data.
4109
+ * - `'decrypt'` - The key may be used to decrypt data.
4110
+ * - `'sign'` - The key may be used to generate digital signatures.
4111
+ * - `'verify'` - The key may be used to verify digital signatures.
4112
+ * - `'deriveKey'` - The key may be used to derive a new key.
4113
+ * - `'deriveBits'` - The key may be used to derive bits.
4114
+ * - `'wrapKey'` - The key may be used to wrap another key.
4115
+ * - `'unwrapKey'` - The key may be used to unwrap another key.
4116
+ *
4117
+ * Valid key usages depend on the key algorithm (identified by `cryptokey.algorithm.name`).
4118
+ * @since v15.0.0
4119
+ */
4120
+ readonly usages: KeyUsage[];
4121
+ }
4122
+ /**
4123
+ * The `CryptoKeyPair` is a simple dictionary object with `publicKey` and `privateKey` properties, representing an asymmetric key pair.
4124
+ * @since v15.0.0
4125
+ */
4126
+ interface CryptoKeyPair {
4127
+ /**
4128
+ * A {@link CryptoKey} whose type will be `'private'`.
4129
+ * @since v15.0.0
4130
+ */
4131
+ privateKey: CryptoKey;
4132
+ /**
4133
+ * A {@link CryptoKey} whose type will be `'public'`.
4134
+ * @since v15.0.0
4135
+ */
4136
+ publicKey: CryptoKey;
4137
+ }
4138
+ /**
4139
+ * @since v15.0.0
4140
+ */
4141
+ interface SubtleCrypto {
4142
+ /**
4143
+ * Using the method and parameters specified in `algorithm` and the keying material provided by `key`,
4144
+ * `subtle.decrypt()` attempts to decipher the provided `data`. If successful,
4145
+ * the returned promise will be resolved with an `<ArrayBuffer>` containing the plaintext result.
4146
+ *
4147
+ * The algorithms currently supported include:
4148
+ *
4149
+ * - `'RSA-OAEP'`
4150
+ * - `'AES-CTR'`
4151
+ * - `'AES-CBC'`
4152
+ * - `'AES-GCM'`
4153
+ * @since v15.0.0
4154
+ */
4155
+ decrypt(
4156
+ algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4157
+ key: CryptoKey,
4158
+ data: BufferSource,
4159
+ ): Promise<ArrayBuffer>;
4160
+ /**
4161
+ * Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`,
4162
+ * `subtle.deriveBits()` attempts to generate `length` bits.
4163
+ * The Node.js implementation requires that when `length` is a number it must be multiple of `8`.
4164
+ * When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed
4165
+ * for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms.
4166
+ * If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the generated data.
4167
+ *
4168
+ * The algorithms currently supported include:
4169
+ *
4170
+ * - `'ECDH'`
4171
+ * - `'X25519'`
4172
+ * - `'X448'`
4173
+ * - `'HKDF'`
4174
+ * - `'PBKDF2'`
4175
+ * @since v15.0.0
4176
+ */
4177
+ deriveBits(algorithm: EcdhKeyDeriveParams, baseKey: CryptoKey, length: number | null): Promise<ArrayBuffer>;
4178
+ deriveBits(
4179
+ algorithm: AlgorithmIdentifier | HkdfParams | Pbkdf2Params,
4180
+ baseKey: CryptoKey,
4181
+ length: number,
4182
+ ): Promise<ArrayBuffer>;
4183
+ /**
4184
+ * Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`,
4185
+ * `subtle.deriveKey()` attempts to generate a new <CryptoKey>` based on the method and parameters in `derivedKeyAlgorithm`.
4186
+ *
4187
+ * Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material,
4188
+ * then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input.
4189
+ *
4190
+ * The algorithms currently supported include:
4191
+ *
4192
+ * - `'ECDH'`
4193
+ * - `'X25519'`
4194
+ * - `'X448'`
4195
+ * - `'HKDF'`
4196
+ * - `'PBKDF2'`
4197
+ * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4198
+ * @since v15.0.0
4199
+ */
4200
+ deriveKey(
4201
+ algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
4202
+ baseKey: CryptoKey,
4203
+ derivedKeyAlgorithm:
4204
+ | AlgorithmIdentifier
4205
+ | AesDerivedKeyParams
4206
+ | HmacImportParams
4207
+ | HkdfParams
4208
+ | Pbkdf2Params,
4209
+ extractable: boolean,
4210
+ keyUsages: readonly KeyUsage[],
4211
+ ): Promise<CryptoKey>;
4212
+ /**
4213
+ * Using the method identified by `algorithm`, `subtle.digest()` attempts to generate a digest of `data`.
4214
+ * If successful, the returned promise is resolved with an `<ArrayBuffer>` containing the computed digest.
4215
+ *
4216
+ * If `algorithm` is provided as a `<string>`, it must be one of:
4217
+ *
4218
+ * - `'SHA-1'`
4219
+ * - `'SHA-256'`
4220
+ * - `'SHA-384'`
4221
+ * - `'SHA-512'`
4222
+ *
4223
+ * If `algorithm` is provided as an `<Object>`, it must have a `name` property whose value is one of the above.
4224
+ * @since v15.0.0
4225
+ */
4226
+ digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
4227
+ /**
4228
+ * Using the method and parameters specified by `algorithm` and the keying material provided by `key`,
4229
+ * `subtle.encrypt()` attempts to encipher `data`. If successful,
4230
+ * the returned promise is resolved with an `<ArrayBuffer>` containing the encrypted result.
4231
+ *
4232
+ * The algorithms currently supported include:
4233
+ *
4234
+ * - `'RSA-OAEP'`
4235
+ * - `'AES-CTR'`
4236
+ * - `'AES-CBC'`
4237
+ * - `'AES-GCM'`
4238
+ * @since v15.0.0
4239
+ */
4240
+ encrypt(
4241
+ algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4242
+ key: CryptoKey,
4243
+ data: BufferSource,
4244
+ ): Promise<ArrayBuffer>;
4245
+ /**
4246
+ * Exports the given key into the specified format, if supported.
4247
+ *
4248
+ * If the `<CryptoKey>` is not extractable, the returned promise will reject.
4249
+ *
4250
+ * When `format` is either `'pkcs8'` or `'spki'` and the export is successful,
4251
+ * the returned promise will be resolved with an `<ArrayBuffer>` containing the exported key data.
4252
+ *
4253
+ * When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a
4254
+ * JavaScript object conforming to the {@link https://tools.ietf.org/html/rfc7517 JSON Web Key} specification.
4255
+ * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4256
+ * @returns `<Promise>` containing `<ArrayBuffer>`.
4257
+ * @since v15.0.0
4258
+ */
4259
+ exportKey(format: "jwk", key: CryptoKey): Promise<JsonWebKey>;
4260
+ exportKey(format: Exclude<KeyFormat, "jwk">, key: CryptoKey): Promise<ArrayBuffer>;
4261
+ /**
4262
+ * Using the method and parameters provided in `algorithm`,
4263
+ * `subtle.generateKey()` attempts to generate new keying material.
4264
+ * Depending the method used, the method may generate either a single `<CryptoKey>` or a `<CryptoKeyPair>`.
4265
+ *
4266
+ * The `<CryptoKeyPair>` (public and private key) generating algorithms supported include:
4267
+ *
4268
+ * - `'RSASSA-PKCS1-v1_5'`
4269
+ * - `'RSA-PSS'`
4270
+ * - `'RSA-OAEP'`
4271
+ * - `'ECDSA'`
4272
+ * - `'Ed25519'`
4273
+ * - `'Ed448'`
4274
+ * - `'ECDH'`
4275
+ * - `'X25519'`
4276
+ * - `'X448'`
4277
+ * The `<CryptoKey>` (secret key) generating algorithms supported include:
4278
+ *
4279
+ * - `'HMAC'`
4280
+ * - `'AES-CTR'`
4281
+ * - `'AES-CBC'`
4282
+ * - `'AES-GCM'`
4283
+ * - `'AES-KW'`
4284
+ * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4285
+ * @since v15.0.0
4286
+ */
4287
+ generateKey(
4288
+ algorithm: RsaHashedKeyGenParams | EcKeyGenParams,
4289
+ extractable: boolean,
4290
+ keyUsages: readonly KeyUsage[],
4291
+ ): Promise<CryptoKeyPair>;
4292
+ generateKey(
4293
+ algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params,
4294
+ extractable: boolean,
4295
+ keyUsages: readonly KeyUsage[],
4296
+ ): Promise<CryptoKey>;
4297
+ generateKey(
4298
+ algorithm: AlgorithmIdentifier,
4299
+ extractable: boolean,
4300
+ keyUsages: KeyUsage[],
4301
+ ): Promise<CryptoKeyPair | CryptoKey>;
4302
+ /**
4303
+ * The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format`
4304
+ * to create a `<CryptoKey>` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments.
4305
+ * If the import is successful, the returned promise will be resolved with the created `<CryptoKey>`.
4306
+ *
4307
+ * If importing a `'PBKDF2'` key, `extractable` must be `false`.
4308
+ * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4309
+ * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4310
+ * @since v15.0.0
4311
+ */
4312
+ importKey(
4313
+ format: "jwk",
4314
+ keyData: JsonWebKey,
4315
+ algorithm:
4316
+ | AlgorithmIdentifier
4317
+ | RsaHashedImportParams
4318
+ | EcKeyImportParams
4319
+ | HmacImportParams
4320
+ | AesKeyAlgorithm,
4321
+ extractable: boolean,
4322
+ keyUsages: readonly KeyUsage[],
4323
+ ): Promise<CryptoKey>;
4324
+ importKey(
4325
+ format: Exclude<KeyFormat, "jwk">,
4326
+ keyData: BufferSource,
4327
+ algorithm:
4328
+ | AlgorithmIdentifier
4329
+ | RsaHashedImportParams
4330
+ | EcKeyImportParams
4331
+ | HmacImportParams
4332
+ | AesKeyAlgorithm,
4333
+ extractable: boolean,
4334
+ keyUsages: KeyUsage[],
4335
+ ): Promise<CryptoKey>;
4336
+ /**
4337
+ * Using the method and parameters given by `algorithm` and the keying material provided by `key`,
4338
+ * `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful,
4339
+ * the returned promise is resolved with an `<ArrayBuffer>` containing the generated signature.
4340
+ *
4341
+ * The algorithms currently supported include:
4342
+ *
4343
+ * - `'RSASSA-PKCS1-v1_5'`
4344
+ * - `'RSA-PSS'`
4345
+ * - `'ECDSA'`
4346
+ * - `'Ed25519'`
4347
+ * - `'Ed448'`
4348
+ * - `'HMAC'`
4349
+ * @since v15.0.0
4350
+ */
4351
+ sign(
4352
+ algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
4353
+ key: CryptoKey,
4354
+ data: BufferSource,
4355
+ ): Promise<ArrayBuffer>;
4356
+ /**
4357
+ * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
4358
+ * The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `<CryptoKey>` instance.
4359
+ * It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input)
4360
+ * then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs.
4361
+ * If successful, the returned promise is resolved with a `<CryptoKey>` object.
4362
+ *
4363
+ * The wrapping algorithms currently supported include:
4364
+ *
4365
+ * - `'RSA-OAEP'`
4366
+ * - `'AES-CTR'`
4367
+ * - `'AES-CBC'`
4368
+ * - `'AES-GCM'`
4369
+ * - `'AES-KW'`
4370
+ *
4371
+ * The unwrapped key algorithms supported include:
4372
+ *
4373
+ * - `'RSASSA-PKCS1-v1_5'`
4374
+ * - `'RSA-PSS'`
4375
+ * - `'RSA-OAEP'`
4376
+ * - `'ECDSA'`
4377
+ * - `'Ed25519'`
4378
+ * - `'Ed448'`
4379
+ * - `'ECDH'`
4380
+ * - `'X25519'`
4381
+ * - `'X448'`
4382
+ * - `'HMAC'`
4383
+ * - `'AES-CTR'`
4384
+ * - `'AES-CBC'`
4385
+ * - `'AES-GCM'`
4386
+ * - `'AES-KW'`
4387
+ * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4388
+ * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4389
+ * @since v15.0.0
4390
+ */
4391
+ unwrapKey(
4392
+ format: KeyFormat,
4393
+ wrappedKey: BufferSource,
4394
+ unwrappingKey: CryptoKey,
4395
+ unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4396
+ unwrappedKeyAlgorithm:
4397
+ | AlgorithmIdentifier
4398
+ | RsaHashedImportParams
4399
+ | EcKeyImportParams
4400
+ | HmacImportParams
4401
+ | AesKeyAlgorithm,
4402
+ extractable: boolean,
4403
+ keyUsages: KeyUsage[],
4404
+ ): Promise<CryptoKey>;
4405
+ /**
4406
+ * Using the method and parameters given in `algorithm` and the keying material provided by `key`,
4407
+ * `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`.
4408
+ * The returned promise is resolved with either `true` or `false`.
4409
+ *
4410
+ * The algorithms currently supported include:
4411
+ *
4412
+ * - `'RSASSA-PKCS1-v1_5'`
4413
+ * - `'RSA-PSS'`
4414
+ * - `'ECDSA'`
4415
+ * - `'Ed25519'`
4416
+ * - `'Ed448'`
4417
+ * - `'HMAC'`
4418
+ * @since v15.0.0
4419
+ */
4420
+ verify(
4421
+ algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
4422
+ key: CryptoKey,
4423
+ signature: BufferSource,
4424
+ data: BufferSource,
4425
+ ): Promise<boolean>;
4426
+ /**
4427
+ * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
4428
+ * The `subtle.wrapKey()` method exports the keying material into the format identified by `format`,
4429
+ * then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`.
4430
+ * It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments,
4431
+ * then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs.
4432
+ * If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the encrypted key data.
4433
+ *
4434
+ * The wrapping algorithms currently supported include:
4435
+ *
4436
+ * - `'RSA-OAEP'`
4437
+ * - `'AES-CTR'`
4438
+ * - `'AES-CBC'`
4439
+ * - `'AES-GCM'`
4440
+ * - `'AES-KW'`
4441
+ * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4442
+ * @since v15.0.0
4443
+ */
4444
+ wrapKey(
4445
+ format: KeyFormat,
4446
+ key: CryptoKey,
4447
+ wrappingKey: CryptoKey,
4448
+ wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4449
+ ): Promise<ArrayBuffer>;
4450
+ }
4451
+ }
4452
+ }
4453
+ declare module "node:crypto" {
4454
+ export * from "crypto";
4455
+ }