rahad-all-downloader 2.1.3 → 2.1.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (266) hide show
  1. package/.cache/nix/binary-cache-v6.sqlite +0 -0
  2. package/.cache/replit/modules/nix.res +1 -0
  3. package/.cache/replit/nix/env.json +1 -1
  4. package/.cache/typescript/5.4/node_modules/.package-lock.json +0 -88
  5. package/.cache/typescript/5.4/package-lock.json +0 -90
  6. package/.cache/typescript/5.4/package.json +1 -1
  7. package/.replit +4 -4
  8. package/README.md +14 -2
  9. package/index.js +1 -1
  10. package/package.json +3 -18
  11. package/.cache/replit/__replit_disk_meta.json +0 -1
  12. package/.cache/typescript/5.0/node_modules/.package-lock.json +0 -12
  13. package/.cache/typescript/5.0/node_modules/types-registry/README.md +0 -2
  14. package/.cache/typescript/5.0/node_modules/types-registry/index.json +0 -1
  15. package/.cache/typescript/5.0/node_modules/types-registry/package.json +0 -20
  16. package/.cache/typescript/5.0/package-lock.json +0 -17
  17. package/.cache/typescript/5.0/package.json +0 -1
  18. package/.cache/typescript/5.3/node_modules/.package-lock.json +0 -99
  19. package/.cache/typescript/5.3/node_modules/@types/node/LICENSE +0 -21
  20. package/.cache/typescript/5.3/node_modules/@types/node/README.md +0 -15
  21. package/.cache/typescript/5.3/node_modules/@types/node/assert/strict.d.ts +0 -8
  22. package/.cache/typescript/5.3/node_modules/@types/node/assert.d.ts +0 -996
  23. package/.cache/typescript/5.3/node_modules/@types/node/async_hooks.d.ts +0 -539
  24. package/.cache/typescript/5.3/node_modules/@types/node/buffer.d.ts +0 -2362
  25. package/.cache/typescript/5.3/node_modules/@types/node/child_process.d.ts +0 -1540
  26. package/.cache/typescript/5.3/node_modules/@types/node/cluster.d.ts +0 -432
  27. package/.cache/typescript/5.3/node_modules/@types/node/console.d.ts +0 -415
  28. package/.cache/typescript/5.3/node_modules/@types/node/constants.d.ts +0 -19
  29. package/.cache/typescript/5.3/node_modules/@types/node/crypto.d.ts +0 -4456
  30. package/.cache/typescript/5.3/node_modules/@types/node/dgram.d.ts +0 -586
  31. package/.cache/typescript/5.3/node_modules/@types/node/diagnostics_channel.d.ts +0 -191
  32. package/.cache/typescript/5.3/node_modules/@types/node/dns/promises.d.ts +0 -425
  33. package/.cache/typescript/5.3/node_modules/@types/node/dns.d.ts +0 -809
  34. package/.cache/typescript/5.3/node_modules/@types/node/dom-events.d.ts +0 -122
  35. package/.cache/typescript/5.3/node_modules/@types/node/domain.d.ts +0 -170
  36. package/.cache/typescript/5.3/node_modules/@types/node/events.d.ts +0 -879
  37. package/.cache/typescript/5.3/node_modules/@types/node/fs/promises.d.ts +0 -1239
  38. package/.cache/typescript/5.3/node_modules/@types/node/fs.d.ts +0 -4291
  39. package/.cache/typescript/5.3/node_modules/@types/node/globals.d.ts +0 -385
  40. package/.cache/typescript/5.3/node_modules/@types/node/globals.global.d.ts +0 -1
  41. package/.cache/typescript/5.3/node_modules/@types/node/http.d.ts +0 -1888
  42. package/.cache/typescript/5.3/node_modules/@types/node/http2.d.ts +0 -2382
  43. package/.cache/typescript/5.3/node_modules/@types/node/https.d.ts +0 -550
  44. package/.cache/typescript/5.3/node_modules/@types/node/index.d.ts +0 -88
  45. package/.cache/typescript/5.3/node_modules/@types/node/inspector.d.ts +0 -2747
  46. package/.cache/typescript/5.3/node_modules/@types/node/module.d.ts +0 -301
  47. package/.cache/typescript/5.3/node_modules/@types/node/net.d.ts +0 -949
  48. package/.cache/typescript/5.3/node_modules/@types/node/os.d.ts +0 -478
  49. package/.cache/typescript/5.3/node_modules/@types/node/package.json +0 -230
  50. package/.cache/typescript/5.3/node_modules/@types/node/path.d.ts +0 -191
  51. package/.cache/typescript/5.3/node_modules/@types/node/perf_hooks.d.ts +0 -639
  52. package/.cache/typescript/5.3/node_modules/@types/node/process.d.ts +0 -1539
  53. package/.cache/typescript/5.3/node_modules/@types/node/punycode.d.ts +0 -117
  54. package/.cache/typescript/5.3/node_modules/@types/node/querystring.d.ts +0 -141
  55. package/.cache/typescript/5.3/node_modules/@types/node/readline/promises.d.ts +0 -150
  56. package/.cache/typescript/5.3/node_modules/@types/node/readline.d.ts +0 -539
  57. package/.cache/typescript/5.3/node_modules/@types/node/repl.d.ts +0 -430
  58. package/.cache/typescript/5.3/node_modules/@types/node/stream/consumers.d.ts +0 -12
  59. package/.cache/typescript/5.3/node_modules/@types/node/stream/promises.d.ts +0 -83
  60. package/.cache/typescript/5.3/node_modules/@types/node/stream/web.d.ts +0 -350
  61. package/.cache/typescript/5.3/node_modules/@types/node/stream.d.ts +0 -1701
  62. package/.cache/typescript/5.3/node_modules/@types/node/string_decoder.d.ts +0 -67
  63. package/.cache/typescript/5.3/node_modules/@types/node/test.d.ts +0 -1382
  64. package/.cache/typescript/5.3/node_modules/@types/node/timers/promises.d.ts +0 -93
  65. package/.cache/typescript/5.3/node_modules/@types/node/timers.d.ts +0 -240
  66. package/.cache/typescript/5.3/node_modules/@types/node/tls.d.ts +0 -1210
  67. package/.cache/typescript/5.3/node_modules/@types/node/trace_events.d.ts +0 -182
  68. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/assert/strict.d.ts +0 -8
  69. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/assert.d.ts +0 -996
  70. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/async_hooks.d.ts +0 -539
  71. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/buffer.d.ts +0 -2362
  72. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/child_process.d.ts +0 -1540
  73. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/cluster.d.ts +0 -432
  74. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/console.d.ts +0 -415
  75. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/constants.d.ts +0 -19
  76. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/crypto.d.ts +0 -4455
  77. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dgram.d.ts +0 -586
  78. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/diagnostics_channel.d.ts +0 -191
  79. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dns/promises.d.ts +0 -425
  80. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dns.d.ts +0 -809
  81. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/dom-events.d.ts +0 -122
  82. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/domain.d.ts +0 -170
  83. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/events.d.ts +0 -879
  84. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/fs/promises.d.ts +0 -1239
  85. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/fs.d.ts +0 -4291
  86. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/globals.d.ts +0 -385
  87. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/globals.global.d.ts +0 -1
  88. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/http.d.ts +0 -1888
  89. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/http2.d.ts +0 -2382
  90. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/https.d.ts +0 -550
  91. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/index.d.ts +0 -88
  92. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/inspector.d.ts +0 -2747
  93. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/module.d.ts +0 -301
  94. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/net.d.ts +0 -949
  95. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/os.d.ts +0 -478
  96. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/path.d.ts +0 -191
  97. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/perf_hooks.d.ts +0 -639
  98. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/process.d.ts +0 -1539
  99. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/punycode.d.ts +0 -117
  100. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/querystring.d.ts +0 -141
  101. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/readline/promises.d.ts +0 -150
  102. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/readline.d.ts +0 -539
  103. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/repl.d.ts +0 -430
  104. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream/consumers.d.ts +0 -12
  105. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream/promises.d.ts +0 -83
  106. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream/web.d.ts +0 -350
  107. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/stream.d.ts +0 -1701
  108. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/string_decoder.d.ts +0 -67
  109. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/test.d.ts +0 -1382
  110. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/timers/promises.d.ts +0 -93
  111. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/timers.d.ts +0 -240
  112. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/tls.d.ts +0 -1210
  113. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/trace_events.d.ts +0 -182
  114. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/tty.d.ts +0 -208
  115. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/url.d.ts +0 -927
  116. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/util.d.ts +0 -2183
  117. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/v8.d.ts +0 -635
  118. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/vm.d.ts +0 -903
  119. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/wasi.d.ts +0 -158
  120. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/worker_threads.d.ts +0 -691
  121. package/.cache/typescript/5.3/node_modules/@types/node/ts4.8/zlib.d.ts +0 -517
  122. package/.cache/typescript/5.3/node_modules/@types/node/tty.d.ts +0 -208
  123. package/.cache/typescript/5.3/node_modules/@types/node/url.d.ts +0 -927
  124. package/.cache/typescript/5.3/node_modules/@types/node/util.d.ts +0 -2183
  125. package/.cache/typescript/5.3/node_modules/@types/node/v8.d.ts +0 -635
  126. package/.cache/typescript/5.3/node_modules/@types/node/vm.d.ts +0 -903
  127. package/.cache/typescript/5.3/node_modules/@types/node/wasi.d.ts +0 -158
  128. package/.cache/typescript/5.3/node_modules/@types/node/worker_threads.d.ts +0 -691
  129. package/.cache/typescript/5.3/node_modules/@types/node/zlib.d.ts +0 -517
  130. package/.cache/typescript/5.3/node_modules/@types/node-fetch/LICENSE +0 -21
  131. package/.cache/typescript/5.3/node_modules/@types/node-fetch/README.md +0 -15
  132. package/.cache/typescript/5.3/node_modules/@types/node-fetch/externals.d.ts +0 -32
  133. package/.cache/typescript/5.3/node_modules/@types/node-fetch/index.d.ts +0 -214
  134. package/.cache/typescript/5.3/node_modules/@types/node-fetch/package.json +0 -83
  135. package/.cache/typescript/5.3/node_modules/asynckit/LICENSE +0 -21
  136. package/.cache/typescript/5.3/node_modules/asynckit/README.md +0 -233
  137. package/.cache/typescript/5.3/node_modules/asynckit/bench.js +0 -76
  138. package/.cache/typescript/5.3/node_modules/asynckit/index.js +0 -6
  139. package/.cache/typescript/5.3/node_modules/asynckit/lib/abort.js +0 -29
  140. package/.cache/typescript/5.3/node_modules/asynckit/lib/async.js +0 -34
  141. package/.cache/typescript/5.3/node_modules/asynckit/lib/defer.js +0 -26
  142. package/.cache/typescript/5.3/node_modules/asynckit/lib/iterate.js +0 -75
  143. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_asynckit.js +0 -91
  144. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_parallel.js +0 -25
  145. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_serial.js +0 -25
  146. package/.cache/typescript/5.3/node_modules/asynckit/lib/readable_serial_ordered.js +0 -29
  147. package/.cache/typescript/5.3/node_modules/asynckit/lib/state.js +0 -37
  148. package/.cache/typescript/5.3/node_modules/asynckit/lib/streamify.js +0 -141
  149. package/.cache/typescript/5.3/node_modules/asynckit/lib/terminator.js +0 -29
  150. package/.cache/typescript/5.3/node_modules/asynckit/package.json +0 -63
  151. package/.cache/typescript/5.3/node_modules/asynckit/parallel.js +0 -43
  152. package/.cache/typescript/5.3/node_modules/asynckit/serial.js +0 -17
  153. package/.cache/typescript/5.3/node_modules/asynckit/serialOrdered.js +0 -75
  154. package/.cache/typescript/5.3/node_modules/asynckit/stream.js +0 -21
  155. package/.cache/typescript/5.3/node_modules/combined-stream/License +0 -19
  156. package/.cache/typescript/5.3/node_modules/combined-stream/Readme.md +0 -138
  157. package/.cache/typescript/5.3/node_modules/combined-stream/lib/combined_stream.js +0 -208
  158. package/.cache/typescript/5.3/node_modules/combined-stream/package.json +0 -25
  159. package/.cache/typescript/5.3/node_modules/combined-stream/yarn.lock +0 -17
  160. package/.cache/typescript/5.3/node_modules/delayed-stream/License +0 -19
  161. package/.cache/typescript/5.3/node_modules/delayed-stream/Makefile +0 -7
  162. package/.cache/typescript/5.3/node_modules/delayed-stream/Readme.md +0 -141
  163. package/.cache/typescript/5.3/node_modules/delayed-stream/lib/delayed_stream.js +0 -107
  164. package/.cache/typescript/5.3/node_modules/delayed-stream/package.json +0 -27
  165. package/.cache/typescript/5.3/node_modules/form-data/License +0 -19
  166. package/.cache/typescript/5.3/node_modules/form-data/README.md.bak +0 -358
  167. package/.cache/typescript/5.3/node_modules/form-data/Readme.md +0 -358
  168. package/.cache/typescript/5.3/node_modules/form-data/index.d.ts +0 -62
  169. package/.cache/typescript/5.3/node_modules/form-data/lib/browser.js +0 -2
  170. package/.cache/typescript/5.3/node_modules/form-data/lib/form_data.js +0 -501
  171. package/.cache/typescript/5.3/node_modules/form-data/lib/populate.js +0 -10
  172. package/.cache/typescript/5.3/node_modules/form-data/package.json +0 -68
  173. package/.cache/typescript/5.3/node_modules/mime-db/HISTORY.md +0 -507
  174. package/.cache/typescript/5.3/node_modules/mime-db/LICENSE +0 -23
  175. package/.cache/typescript/5.3/node_modules/mime-db/README.md +0 -100
  176. package/.cache/typescript/5.3/node_modules/mime-db/db.json +0 -8519
  177. package/.cache/typescript/5.3/node_modules/mime-db/index.js +0 -12
  178. package/.cache/typescript/5.3/node_modules/mime-db/package.json +0 -60
  179. package/.cache/typescript/5.3/node_modules/mime-types/HISTORY.md +0 -397
  180. package/.cache/typescript/5.3/node_modules/mime-types/LICENSE +0 -23
  181. package/.cache/typescript/5.3/node_modules/mime-types/README.md +0 -113
  182. package/.cache/typescript/5.3/node_modules/mime-types/index.js +0 -188
  183. package/.cache/typescript/5.3/node_modules/mime-types/package.json +0 -44
  184. package/.cache/typescript/5.3/node_modules/types-registry/README.md +0 -2
  185. package/.cache/typescript/5.3/node_modules/types-registry/index.json +0 -1
  186. package/.cache/typescript/5.3/node_modules/types-registry/package.json +0 -20
  187. package/.cache/typescript/5.3/node_modules/undici-types/README.md +0 -6
  188. package/.cache/typescript/5.3/node_modules/undici-types/agent.d.ts +0 -31
  189. package/.cache/typescript/5.3/node_modules/undici-types/api.d.ts +0 -43
  190. package/.cache/typescript/5.3/node_modules/undici-types/balanced-pool.d.ts +0 -18
  191. package/.cache/typescript/5.3/node_modules/undici-types/cache.d.ts +0 -36
  192. package/.cache/typescript/5.3/node_modules/undici-types/client.d.ts +0 -97
  193. package/.cache/typescript/5.3/node_modules/undici-types/connector.d.ts +0 -34
  194. package/.cache/typescript/5.3/node_modules/undici-types/content-type.d.ts +0 -21
  195. package/.cache/typescript/5.3/node_modules/undici-types/cookies.d.ts +0 -28
  196. package/.cache/typescript/5.3/node_modules/undici-types/diagnostics-channel.d.ts +0 -67
  197. package/.cache/typescript/5.3/node_modules/undici-types/dispatcher.d.ts +0 -241
  198. package/.cache/typescript/5.3/node_modules/undici-types/errors.d.ts +0 -128
  199. package/.cache/typescript/5.3/node_modules/undici-types/fetch.d.ts +0 -209
  200. package/.cache/typescript/5.3/node_modules/undici-types/file.d.ts +0 -39
  201. package/.cache/typescript/5.3/node_modules/undici-types/filereader.d.ts +0 -54
  202. package/.cache/typescript/5.3/node_modules/undici-types/formdata.d.ts +0 -108
  203. package/.cache/typescript/5.3/node_modules/undici-types/global-dispatcher.d.ts +0 -9
  204. package/.cache/typescript/5.3/node_modules/undici-types/global-origin.d.ts +0 -7
  205. package/.cache/typescript/5.3/node_modules/undici-types/handlers.d.ts +0 -9
  206. package/.cache/typescript/5.3/node_modules/undici-types/header.d.ts +0 -4
  207. package/.cache/typescript/5.3/node_modules/undici-types/index.d.ts +0 -63
  208. package/.cache/typescript/5.3/node_modules/undici-types/interceptors.d.ts +0 -5
  209. package/.cache/typescript/5.3/node_modules/undici-types/mock-agent.d.ts +0 -50
  210. package/.cache/typescript/5.3/node_modules/undici-types/mock-client.d.ts +0 -25
  211. package/.cache/typescript/5.3/node_modules/undici-types/mock-errors.d.ts +0 -12
  212. package/.cache/typescript/5.3/node_modules/undici-types/mock-interceptor.d.ts +0 -93
  213. package/.cache/typescript/5.3/node_modules/undici-types/mock-pool.d.ts +0 -25
  214. package/.cache/typescript/5.3/node_modules/undici-types/package.json +0 -55
  215. package/.cache/typescript/5.3/node_modules/undici-types/patch.d.ts +0 -71
  216. package/.cache/typescript/5.3/node_modules/undici-types/pool-stats.d.ts +0 -19
  217. package/.cache/typescript/5.3/node_modules/undici-types/pool.d.ts +0 -28
  218. package/.cache/typescript/5.3/node_modules/undici-types/proxy-agent.d.ts +0 -30
  219. package/.cache/typescript/5.3/node_modules/undici-types/readable.d.ts +0 -61
  220. package/.cache/typescript/5.3/node_modules/undici-types/webidl.d.ts +0 -220
  221. package/.cache/typescript/5.3/node_modules/undici-types/websocket.d.ts +0 -131
  222. package/.cache/typescript/5.3/package-lock.json +0 -107
  223. package/.cache/typescript/5.3/package.json +0 -1
  224. package/.cache/typescript/5.4/node_modules/@types/body-parser/LICENSE +0 -21
  225. package/.cache/typescript/5.4/node_modules/@types/body-parser/README.md +0 -15
  226. package/.cache/typescript/5.4/node_modules/@types/body-parser/index.d.ts +0 -95
  227. package/.cache/typescript/5.4/node_modules/@types/body-parser/package.json +0 -58
  228. package/.cache/typescript/5.4/node_modules/@types/connect/LICENSE +0 -21
  229. package/.cache/typescript/5.4/node_modules/@types/connect/README.md +0 -15
  230. package/.cache/typescript/5.4/node_modules/@types/connect/index.d.ts +0 -91
  231. package/.cache/typescript/5.4/node_modules/@types/connect/package.json +0 -32
  232. package/.cache/typescript/5.4/node_modules/@types/express/LICENSE +0 -21
  233. package/.cache/typescript/5.4/node_modules/@types/express/README.md +0 -15
  234. package/.cache/typescript/5.4/node_modules/@types/express/index.d.ts +0 -128
  235. package/.cache/typescript/5.4/node_modules/@types/express/package.json +0 -45
  236. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/LICENSE +0 -21
  237. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/README.md +0 -15
  238. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/index.d.ts +0 -1295
  239. package/.cache/typescript/5.4/node_modules/@types/express-serve-static-core/package.json +0 -50
  240. package/.cache/typescript/5.4/node_modules/@types/http-errors/LICENSE +0 -21
  241. package/.cache/typescript/5.4/node_modules/@types/http-errors/README.md +0 -15
  242. package/.cache/typescript/5.4/node_modules/@types/http-errors/index.d.ts +0 -77
  243. package/.cache/typescript/5.4/node_modules/@types/http-errors/package.json +0 -30
  244. package/.cache/typescript/5.4/node_modules/@types/mime/LICENSE +0 -21
  245. package/.cache/typescript/5.4/node_modules/@types/mime/Mime.d.ts +0 -10
  246. package/.cache/typescript/5.4/node_modules/@types/mime/README.md +0 -15
  247. package/.cache/typescript/5.4/node_modules/@types/mime/index.d.ts +0 -31
  248. package/.cache/typescript/5.4/node_modules/@types/mime/lite.d.ts +0 -7
  249. package/.cache/typescript/5.4/node_modules/@types/mime/package.json +0 -30
  250. package/.cache/typescript/5.4/node_modules/@types/qs/LICENSE +0 -21
  251. package/.cache/typescript/5.4/node_modules/@types/qs/README.md +0 -15
  252. package/.cache/typescript/5.4/node_modules/@types/qs/index.d.ts +0 -79
  253. package/.cache/typescript/5.4/node_modules/@types/qs/package.json +0 -65
  254. package/.cache/typescript/5.4/node_modules/@types/range-parser/LICENSE +0 -21
  255. package/.cache/typescript/5.4/node_modules/@types/range-parser/README.md +0 -53
  256. package/.cache/typescript/5.4/node_modules/@types/range-parser/index.d.ts +0 -34
  257. package/.cache/typescript/5.4/node_modules/@types/range-parser/package.json +0 -25
  258. package/.cache/typescript/5.4/node_modules/@types/send/LICENSE +0 -21
  259. package/.cache/typescript/5.4/node_modules/@types/send/README.md +0 -15
  260. package/.cache/typescript/5.4/node_modules/@types/send/index.d.ts +0 -225
  261. package/.cache/typescript/5.4/node_modules/@types/send/package.json +0 -33
  262. package/.cache/typescript/5.4/node_modules/@types/serve-static/LICENSE +0 -21
  263. package/.cache/typescript/5.4/node_modules/@types/serve-static/README.md +0 -15
  264. package/.cache/typescript/5.4/node_modules/@types/serve-static/index.d.ts +0 -107
  265. package/.cache/typescript/5.4/node_modules/@types/serve-static/package.json +0 -39
  266. package/.upm/store.json +0 -1
@@ -1,4455 +0,0 @@
1
- /**
2
- * The `node:crypto` module provides cryptographic functionality that includes a
3
- * set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify
4
- * functions.
5
- *
6
- * ```js
7
- * const { createHmac } = await import('node:crypto');
8
- *
9
- * const secret = 'abcdefg';
10
- * const hash = createHmac('sha256', secret)
11
- * .update('I love cupcakes')
12
- * .digest('hex');
13
- * console.log(hash);
14
- * // Prints:
15
- * // c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
16
- * ```
17
- * @see [source](https://github.com/nodejs/node/blob/v20.2.0/lib/crypto.js)
18
- */
19
- declare module "crypto" {
20
- import * as stream from "node:stream";
21
- import { PeerCertificate } from "node:tls";
22
- /**
23
- * SPKAC is a Certificate Signing Request mechanism originally implemented by
24
- * Netscape and was specified formally as part of HTML5's `keygen` element.
25
- *
26
- * `<keygen>` is deprecated since [HTML 5.2](https://www.w3.org/TR/html52/changes.html#features-removed) and new projects
27
- * should not use this element anymore.
28
- *
29
- * The `node:crypto` module provides the `Certificate` class for working with SPKAC
30
- * data. The most common usage is handling output generated by the HTML5`<keygen>` element. Node.js uses [OpenSSL's SPKAC
31
- * implementation](https://www.openssl.org/docs/man3.0/man1/openssl-spkac.html) internally.
32
- * @since v0.11.8
33
- */
34
- class Certificate {
35
- /**
36
- * ```js
37
- * const { Certificate } = await import('node:crypto');
38
- * const spkac = getSpkacSomehow();
39
- * const challenge = Certificate.exportChallenge(spkac);
40
- * console.log(challenge.toString('utf8'));
41
- * // Prints: the challenge as a UTF8 string
42
- * ```
43
- * @since v9.0.0
44
- * @param encoding The `encoding` of the `spkac` string.
45
- * @return The challenge component of the `spkac` data structure, which includes a public key and a challenge.
46
- */
47
- static exportChallenge(spkac: BinaryLike): Buffer;
48
- /**
49
- * ```js
50
- * const { Certificate } = await import('node:crypto');
51
- * const spkac = getSpkacSomehow();
52
- * const publicKey = Certificate.exportPublicKey(spkac);
53
- * console.log(publicKey);
54
- * // Prints: the public key as <Buffer ...>
55
- * ```
56
- * @since v9.0.0
57
- * @param encoding The `encoding` of the `spkac` string.
58
- * @return The public key component of the `spkac` data structure, which includes a public key and a challenge.
59
- */
60
- static exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
61
- /**
62
- * ```js
63
- * import { Buffer } from 'node:buffer';
64
- * const { Certificate } = await import('node:crypto');
65
- *
66
- * const spkac = getSpkacSomehow();
67
- * console.log(Certificate.verifySpkac(Buffer.from(spkac)));
68
- * // Prints: true or false
69
- * ```
70
- * @since v9.0.0
71
- * @param encoding The `encoding` of the `spkac` string.
72
- * @return `true` if the given `spkac` data structure is valid, `false` otherwise.
73
- */
74
- static verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
75
- /**
76
- * @deprecated
77
- * @param spkac
78
- * @returns The challenge component of the `spkac` data structure,
79
- * which includes a public key and a challenge.
80
- */
81
- exportChallenge(spkac: BinaryLike): Buffer;
82
- /**
83
- * @deprecated
84
- * @param spkac
85
- * @param encoding The encoding of the spkac string.
86
- * @returns The public key component of the `spkac` data structure,
87
- * which includes a public key and a challenge.
88
- */
89
- exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
90
- /**
91
- * @deprecated
92
- * @param spkac
93
- * @returns `true` if the given `spkac` data structure is valid,
94
- * `false` otherwise.
95
- */
96
- verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
97
- }
98
- namespace constants {
99
- // https://nodejs.org/dist/latest-v20.x/docs/api/crypto.html#crypto-constants
100
- const OPENSSL_VERSION_NUMBER: number;
101
- /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
102
- const SSL_OP_ALL: number;
103
- /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
104
- const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
105
- /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
106
- const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
107
- /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
108
- const SSL_OP_CISCO_ANYCONNECT: number;
109
- /** Instructs OpenSSL to turn on cookie exchange. */
110
- const SSL_OP_COOKIE_EXCHANGE: number;
111
- /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
112
- const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
113
- /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
114
- const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
115
- /** Allows initial connection to servers that do not support RI. */
116
- const SSL_OP_LEGACY_SERVER_CONNECT: number;
117
- /** Instructs OpenSSL to disable support for SSL/TLS compression. */
118
- const SSL_OP_NO_COMPRESSION: number;
119
- const SSL_OP_NO_QUERY_MTU: number;
120
- /** Instructs OpenSSL to always start a new session when performing renegotiation. */
121
- const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
122
- const SSL_OP_NO_SSLv2: number;
123
- const SSL_OP_NO_SSLv3: number;
124
- const SSL_OP_NO_TICKET: number;
125
- const SSL_OP_NO_TLSv1: number;
126
- const SSL_OP_NO_TLSv1_1: number;
127
- const SSL_OP_NO_TLSv1_2: number;
128
- /** Instructs OpenSSL to disable version rollback attack detection. */
129
- const SSL_OP_TLS_ROLLBACK_BUG: number;
130
- const ENGINE_METHOD_RSA: number;
131
- const ENGINE_METHOD_DSA: number;
132
- const ENGINE_METHOD_DH: number;
133
- const ENGINE_METHOD_RAND: number;
134
- const ENGINE_METHOD_EC: number;
135
- const ENGINE_METHOD_CIPHERS: number;
136
- const ENGINE_METHOD_DIGESTS: number;
137
- const ENGINE_METHOD_PKEY_METHS: number;
138
- const ENGINE_METHOD_PKEY_ASN1_METHS: number;
139
- const ENGINE_METHOD_ALL: number;
140
- const ENGINE_METHOD_NONE: number;
141
- const DH_CHECK_P_NOT_SAFE_PRIME: number;
142
- const DH_CHECK_P_NOT_PRIME: number;
143
- const DH_UNABLE_TO_CHECK_GENERATOR: number;
144
- const DH_NOT_SUITABLE_GENERATOR: number;
145
- const RSA_PKCS1_PADDING: number;
146
- const RSA_SSLV23_PADDING: number;
147
- const RSA_NO_PADDING: number;
148
- const RSA_PKCS1_OAEP_PADDING: number;
149
- const RSA_X931_PADDING: number;
150
- const RSA_PKCS1_PSS_PADDING: number;
151
- /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
152
- const RSA_PSS_SALTLEN_DIGEST: number;
153
- /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
154
- const RSA_PSS_SALTLEN_MAX_SIGN: number;
155
- /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
156
- const RSA_PSS_SALTLEN_AUTO: number;
157
- const POINT_CONVERSION_COMPRESSED: number;
158
- const POINT_CONVERSION_UNCOMPRESSED: number;
159
- const POINT_CONVERSION_HYBRID: number;
160
- /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
161
- const defaultCoreCipherList: string;
162
- /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
163
- const defaultCipherList: string;
164
- }
165
- interface HashOptions extends stream.TransformOptions {
166
- /**
167
- * For XOF hash functions such as `shake256`, the
168
- * outputLength option can be used to specify the desired output length in bytes.
169
- */
170
- outputLength?: number | undefined;
171
- }
172
- /** @deprecated since v10.0.0 */
173
- const fips: boolean;
174
- /**
175
- * Creates and returns a `Hash` object that can be used to generate hash digests
176
- * using the given `algorithm`. Optional `options` argument controls stream
177
- * behavior. For XOF hash functions such as `'shake256'`, the `outputLength` option
178
- * can be used to specify the desired output length in bytes.
179
- *
180
- * The `algorithm` is dependent on the available algorithms supported by the
181
- * version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
182
- * On recent releases of OpenSSL, `openssl list -digest-algorithms` will
183
- * display the available digest algorithms.
184
- *
185
- * Example: generating the sha256 sum of a file
186
- *
187
- * ```js
188
- * import {
189
- * createReadStream,
190
- * } from 'node:fs';
191
- * import { argv } from 'node:process';
192
- * const {
193
- * createHash,
194
- * } = await import('node:crypto');
195
- *
196
- * const filename = argv[2];
197
- *
198
- * const hash = createHash('sha256');
199
- *
200
- * const input = createReadStream(filename);
201
- * input.on('readable', () => {
202
- * // Only one element is going to be produced by the
203
- * // hash stream.
204
- * const data = input.read();
205
- * if (data)
206
- * hash.update(data);
207
- * else {
208
- * console.log(`${hash.digest('hex')} ${filename}`);
209
- * }
210
- * });
211
- * ```
212
- * @since v0.1.92
213
- * @param options `stream.transform` options
214
- */
215
- function createHash(algorithm: string, options?: HashOptions): Hash;
216
- /**
217
- * Creates and returns an `Hmac` object that uses the given `algorithm` and `key`.
218
- * Optional `options` argument controls stream behavior.
219
- *
220
- * The `algorithm` is dependent on the available algorithms supported by the
221
- * version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc.
222
- * On recent releases of OpenSSL, `openssl list -digest-algorithms` will
223
- * display the available digest algorithms.
224
- *
225
- * The `key` is the HMAC key used to generate the cryptographic HMAC hash. If it is
226
- * a `KeyObject`, its type must be `secret`. If it is a string, please consider `caveats when using strings as inputs to cryptographic APIs`. If it was
227
- * obtained from a cryptographically secure source of entropy, such as {@link randomBytes} or {@link generateKey}, its length should not
228
- * exceed the block size of `algorithm` (e.g., 512 bits for SHA-256).
229
- *
230
- * Example: generating the sha256 HMAC of a file
231
- *
232
- * ```js
233
- * import {
234
- * createReadStream,
235
- * } from 'node:fs';
236
- * import { argv } from 'node:process';
237
- * const {
238
- * createHmac,
239
- * } = await import('node:crypto');
240
- *
241
- * const filename = argv[2];
242
- *
243
- * const hmac = createHmac('sha256', 'a secret');
244
- *
245
- * const input = createReadStream(filename);
246
- * input.on('readable', () => {
247
- * // Only one element is going to be produced by the
248
- * // hash stream.
249
- * const data = input.read();
250
- * if (data)
251
- * hmac.update(data);
252
- * else {
253
- * console.log(`${hmac.digest('hex')} ${filename}`);
254
- * }
255
- * });
256
- * ```
257
- * @since v0.1.94
258
- * @param options `stream.transform` options
259
- */
260
- function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
261
- // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
262
- type BinaryToTextEncoding = "base64" | "base64url" | "hex" | "binary";
263
- type CharacterEncoding = "utf8" | "utf-8" | "utf16le" | "utf-16le" | "latin1";
264
- type LegacyCharacterEncoding = "ascii" | "binary" | "ucs2" | "ucs-2";
265
- type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
266
- type ECDHKeyFormat = "compressed" | "uncompressed" | "hybrid";
267
- /**
268
- * The `Hash` class is a utility for creating hash digests of data. It can be
269
- * used in one of two ways:
270
- *
271
- * * As a `stream` that is both readable and writable, where data is written
272
- * to produce a computed hash digest on the readable side, or
273
- * * Using the `hash.update()` and `hash.digest()` methods to produce the
274
- * computed hash.
275
- *
276
- * The {@link createHash} method is used to create `Hash` instances. `Hash`objects are not to be created directly using the `new` keyword.
277
- *
278
- * Example: Using `Hash` objects as streams:
279
- *
280
- * ```js
281
- * const {
282
- * createHash,
283
- * } = await import('node:crypto');
284
- *
285
- * const hash = createHash('sha256');
286
- *
287
- * hash.on('readable', () => {
288
- * // Only one element is going to be produced by the
289
- * // hash stream.
290
- * const data = hash.read();
291
- * if (data) {
292
- * console.log(data.toString('hex'));
293
- * // Prints:
294
- * // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
295
- * }
296
- * });
297
- *
298
- * hash.write('some data to hash');
299
- * hash.end();
300
- * ```
301
- *
302
- * Example: Using `Hash` and piped streams:
303
- *
304
- * ```js
305
- * import { createReadStream } from 'node:fs';
306
- * import { stdout } from 'node:process';
307
- * const { createHash } = await import('node:crypto');
308
- *
309
- * const hash = createHash('sha256');
310
- *
311
- * const input = createReadStream('test.js');
312
- * input.pipe(hash).setEncoding('hex').pipe(stdout);
313
- * ```
314
- *
315
- * Example: Using the `hash.update()` and `hash.digest()` methods:
316
- *
317
- * ```js
318
- * const {
319
- * createHash,
320
- * } = await import('node:crypto');
321
- *
322
- * const hash = createHash('sha256');
323
- *
324
- * hash.update('some data to hash');
325
- * console.log(hash.digest('hex'));
326
- * // Prints:
327
- * // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
328
- * ```
329
- * @since v0.1.92
330
- */
331
- class Hash extends stream.Transform {
332
- private constructor();
333
- /**
334
- * Creates a new `Hash` object that contains a deep copy of the internal state
335
- * of the current `Hash` object.
336
- *
337
- * The optional `options` argument controls stream behavior. For XOF hash
338
- * functions such as `'shake256'`, the `outputLength` option can be used to
339
- * specify the desired output length in bytes.
340
- *
341
- * An error is thrown when an attempt is made to copy the `Hash` object after
342
- * its `hash.digest()` method has been called.
343
- *
344
- * ```js
345
- * // Calculate a rolling hash.
346
- * const {
347
- * createHash,
348
- * } = await import('node:crypto');
349
- *
350
- * const hash = createHash('sha256');
351
- *
352
- * hash.update('one');
353
- * console.log(hash.copy().digest('hex'));
354
- *
355
- * hash.update('two');
356
- * console.log(hash.copy().digest('hex'));
357
- *
358
- * hash.update('three');
359
- * console.log(hash.copy().digest('hex'));
360
- *
361
- * // Etc.
362
- * ```
363
- * @since v13.1.0
364
- * @param options `stream.transform` options
365
- */
366
- copy(options?: stream.TransformOptions): Hash;
367
- /**
368
- * Updates the hash content with the given `data`, the encoding of which
369
- * is given in `inputEncoding`.
370
- * If `encoding` is not provided, and the `data` is a string, an
371
- * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
372
- *
373
- * This can be called many times with new data as it is streamed.
374
- * @since v0.1.92
375
- * @param inputEncoding The `encoding` of the `data` string.
376
- */
377
- update(data: BinaryLike): Hash;
378
- update(data: string, inputEncoding: Encoding): Hash;
379
- /**
380
- * Calculates the digest of all of the data passed to be hashed (using the `hash.update()` method).
381
- * If `encoding` is provided a string will be returned; otherwise
382
- * a `Buffer` is returned.
383
- *
384
- * The `Hash` object can not be used again after `hash.digest()` method has been
385
- * called. Multiple calls will cause an error to be thrown.
386
- * @since v0.1.92
387
- * @param encoding The `encoding` of the return value.
388
- */
389
- digest(): Buffer;
390
- digest(encoding: BinaryToTextEncoding): string;
391
- }
392
- /**
393
- * The `Hmac` class is a utility for creating cryptographic HMAC digests. It can
394
- * be used in one of two ways:
395
- *
396
- * * As a `stream` that is both readable and writable, where data is written
397
- * to produce a computed HMAC digest on the readable side, or
398
- * * Using the `hmac.update()` and `hmac.digest()` methods to produce the
399
- * computed HMAC digest.
400
- *
401
- * The {@link createHmac} method is used to create `Hmac` instances. `Hmac`objects are not to be created directly using the `new` keyword.
402
- *
403
- * Example: Using `Hmac` objects as streams:
404
- *
405
- * ```js
406
- * const {
407
- * createHmac,
408
- * } = await import('node:crypto');
409
- *
410
- * const hmac = createHmac('sha256', 'a secret');
411
- *
412
- * hmac.on('readable', () => {
413
- * // Only one element is going to be produced by the
414
- * // hash stream.
415
- * const data = hmac.read();
416
- * if (data) {
417
- * console.log(data.toString('hex'));
418
- * // Prints:
419
- * // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
420
- * }
421
- * });
422
- *
423
- * hmac.write('some data to hash');
424
- * hmac.end();
425
- * ```
426
- *
427
- * Example: Using `Hmac` and piped streams:
428
- *
429
- * ```js
430
- * import { createReadStream } from 'node:fs';
431
- * import { stdout } from 'node:process';
432
- * const {
433
- * createHmac,
434
- * } = await import('node:crypto');
435
- *
436
- * const hmac = createHmac('sha256', 'a secret');
437
- *
438
- * const input = createReadStream('test.js');
439
- * input.pipe(hmac).pipe(stdout);
440
- * ```
441
- *
442
- * Example: Using the `hmac.update()` and `hmac.digest()` methods:
443
- *
444
- * ```js
445
- * const {
446
- * createHmac,
447
- * } = await import('node:crypto');
448
- *
449
- * const hmac = createHmac('sha256', 'a secret');
450
- *
451
- * hmac.update('some data to hash');
452
- * console.log(hmac.digest('hex'));
453
- * // Prints:
454
- * // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
455
- * ```
456
- * @since v0.1.94
457
- */
458
- class Hmac extends stream.Transform {
459
- private constructor();
460
- /**
461
- * Updates the `Hmac` content with the given `data`, the encoding of which
462
- * is given in `inputEncoding`.
463
- * If `encoding` is not provided, and the `data` is a string, an
464
- * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
465
- *
466
- * This can be called many times with new data as it is streamed.
467
- * @since v0.1.94
468
- * @param inputEncoding The `encoding` of the `data` string.
469
- */
470
- update(data: BinaryLike): Hmac;
471
- update(data: string, inputEncoding: Encoding): Hmac;
472
- /**
473
- * Calculates the HMAC digest of all of the data passed using `hmac.update()`.
474
- * If `encoding` is
475
- * provided a string is returned; otherwise a `Buffer` is returned;
476
- *
477
- * The `Hmac` object can not be used again after `hmac.digest()` has been
478
- * called. Multiple calls to `hmac.digest()` will result in an error being thrown.
479
- * @since v0.1.94
480
- * @param encoding The `encoding` of the return value.
481
- */
482
- digest(): Buffer;
483
- digest(encoding: BinaryToTextEncoding): string;
484
- }
485
- type KeyObjectType = "secret" | "public" | "private";
486
- interface KeyExportOptions<T extends KeyFormat> {
487
- type: "pkcs1" | "spki" | "pkcs8" | "sec1";
488
- format: T;
489
- cipher?: string | undefined;
490
- passphrase?: string | Buffer | undefined;
491
- }
492
- interface JwkKeyExportOptions {
493
- format: "jwk";
494
- }
495
- interface JsonWebKey {
496
- crv?: string | undefined;
497
- d?: string | undefined;
498
- dp?: string | undefined;
499
- dq?: string | undefined;
500
- e?: string | undefined;
501
- k?: string | undefined;
502
- kty?: string | undefined;
503
- n?: string | undefined;
504
- p?: string | undefined;
505
- q?: string | undefined;
506
- qi?: string | undefined;
507
- x?: string | undefined;
508
- y?: string | undefined;
509
- [key: string]: unknown;
510
- }
511
- interface AsymmetricKeyDetails {
512
- /**
513
- * Key size in bits (RSA, DSA).
514
- */
515
- modulusLength?: number | undefined;
516
- /**
517
- * Public exponent (RSA).
518
- */
519
- publicExponent?: bigint | undefined;
520
- /**
521
- * Name of the message digest (RSA-PSS).
522
- */
523
- hashAlgorithm?: string | undefined;
524
- /**
525
- * Name of the message digest used by MGF1 (RSA-PSS).
526
- */
527
- mgf1HashAlgorithm?: string | undefined;
528
- /**
529
- * Minimal salt length in bytes (RSA-PSS).
530
- */
531
- saltLength?: number | undefined;
532
- /**
533
- * Size of q in bits (DSA).
534
- */
535
- divisorLength?: number | undefined;
536
- /**
537
- * Name of the curve (EC).
538
- */
539
- namedCurve?: string | undefined;
540
- }
541
- /**
542
- * Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key,
543
- * and each kind of key exposes different functions. The {@link createSecretKey}, {@link createPublicKey} and {@link createPrivateKey} methods are used to create `KeyObject`instances. `KeyObject`
544
- * objects are not to be created directly using the `new`keyword.
545
- *
546
- * Most applications should consider using the new `KeyObject` API instead of
547
- * passing keys as strings or `Buffer`s due to improved security features.
548
- *
549
- * `KeyObject` instances can be passed to other threads via `postMessage()`.
550
- * The receiver obtains a cloned `KeyObject`, and the `KeyObject` does not need to
551
- * be listed in the `transferList` argument.
552
- * @since v11.6.0
553
- */
554
- class KeyObject {
555
- private constructor();
556
- /**
557
- * Example: Converting a `CryptoKey` instance to a `KeyObject`:
558
- *
559
- * ```js
560
- * const { KeyObject } = await import('node:crypto');
561
- * const { subtle } = globalThis.crypto;
562
- *
563
- * const key = await subtle.generateKey({
564
- * name: 'HMAC',
565
- * hash: 'SHA-256',
566
- * length: 256,
567
- * }, true, ['sign', 'verify']);
568
- *
569
- * const keyObject = KeyObject.from(key);
570
- * console.log(keyObject.symmetricKeySize);
571
- * // Prints: 32 (symmetric key size in bytes)
572
- * ```
573
- * @since v15.0.0
574
- */
575
- static from(key: webcrypto.CryptoKey): KeyObject;
576
- /**
577
- * For asymmetric keys, this property represents the type of the key. Supported key
578
- * types are:
579
- *
580
- * * `'rsa'` (OID 1.2.840.113549.1.1.1)
581
- * * `'rsa-pss'` (OID 1.2.840.113549.1.1.10)
582
- * * `'dsa'` (OID 1.2.840.10040.4.1)
583
- * * `'ec'` (OID 1.2.840.10045.2.1)
584
- * * `'x25519'` (OID 1.3.101.110)
585
- * * `'x448'` (OID 1.3.101.111)
586
- * * `'ed25519'` (OID 1.3.101.112)
587
- * * `'ed448'` (OID 1.3.101.113)
588
- * * `'dh'` (OID 1.2.840.113549.1.3.1)
589
- *
590
- * This property is `undefined` for unrecognized `KeyObject` types and symmetric
591
- * keys.
592
- * @since v11.6.0
593
- */
594
- asymmetricKeyType?: KeyType | undefined;
595
- /**
596
- * For asymmetric keys, this property represents the size of the embedded key in
597
- * bytes. This property is `undefined` for symmetric keys.
598
- */
599
- asymmetricKeySize?: number | undefined;
600
- /**
601
- * This property exists only on asymmetric keys. Depending on the type of the key,
602
- * this object contains information about the key. None of the information obtained
603
- * through this property can be used to uniquely identify a key or to compromise
604
- * the security of the key.
605
- *
606
- * For RSA-PSS keys, if the key material contains a `RSASSA-PSS-params` sequence,
607
- * the `hashAlgorithm`, `mgf1HashAlgorithm`, and `saltLength` properties will be
608
- * set.
609
- *
610
- * Other key details might be exposed via this API using additional attributes.
611
- * @since v15.7.0
612
- */
613
- asymmetricKeyDetails?: AsymmetricKeyDetails | undefined;
614
- /**
615
- * For symmetric keys, the following encoding options can be used:
616
- *
617
- * For public keys, the following encoding options can be used:
618
- *
619
- * For private keys, the following encoding options can be used:
620
- *
621
- * The result type depends on the selected encoding format, when PEM the
622
- * result is a string, when DER it will be a buffer containing the data
623
- * encoded as DER, when [JWK](https://tools.ietf.org/html/rfc7517) it will be an object.
624
- *
625
- * When [JWK](https://tools.ietf.org/html/rfc7517) encoding format was selected, all other encoding options are
626
- * ignored.
627
- *
628
- * PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of
629
- * the `cipher` and `format` options. The PKCS#8 `type` can be used with any`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a`cipher`. PKCS#1 and SEC1 can only be
630
- * encrypted by specifying a `cipher`when the PEM `format` is used. For maximum compatibility, use PKCS#8 for
631
- * encrypted private keys. Since PKCS#8 defines its own
632
- * encryption mechanism, PEM-level encryption is not supported when encrypting
633
- * a PKCS#8 key. See [RFC 5208](https://www.rfc-editor.org/rfc/rfc5208.txt) for PKCS#8 encryption and [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421.txt) for
634
- * PKCS#1 and SEC1 encryption.
635
- * @since v11.6.0
636
- */
637
- export(options: KeyExportOptions<"pem">): string | Buffer;
638
- export(options?: KeyExportOptions<"der">): Buffer;
639
- export(options?: JwkKeyExportOptions): JsonWebKey;
640
- /**
641
- * For secret keys, this property represents the size of the key in bytes. This
642
- * property is `undefined` for asymmetric keys.
643
- * @since v11.6.0
644
- */
645
- symmetricKeySize?: number | undefined;
646
- /**
647
- * Depending on the type of this `KeyObject`, this property is either`'secret'` for secret (symmetric) keys, `'public'` for public (asymmetric) keys
648
- * or `'private'` for private (asymmetric) keys.
649
- * @since v11.6.0
650
- */
651
- type: KeyObjectType;
652
- }
653
- type CipherCCMTypes = "aes-128-ccm" | "aes-192-ccm" | "aes-256-ccm" | "chacha20-poly1305";
654
- type CipherGCMTypes = "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm";
655
- type CipherOCBTypes = "aes-128-ocb" | "aes-192-ocb" | "aes-256-ocb";
656
- type BinaryLike = string | NodeJS.ArrayBufferView;
657
- type CipherKey = BinaryLike | KeyObject;
658
- interface CipherCCMOptions extends stream.TransformOptions {
659
- authTagLength: number;
660
- }
661
- interface CipherGCMOptions extends stream.TransformOptions {
662
- authTagLength?: number | undefined;
663
- }
664
- interface CipherOCBOptions extends stream.TransformOptions {
665
- authTagLength: number;
666
- }
667
- /**
668
- * Creates and returns a `Cipher` object that uses the given `algorithm` and`password`.
669
- *
670
- * The `options` argument controls stream behavior and is optional except when a
671
- * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
672
- * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
673
- * tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
674
- * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
675
- *
676
- * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
677
- * recent OpenSSL releases, `openssl list -cipher-algorithms` will
678
- * display the available cipher algorithms.
679
- *
680
- * The `password` is used to derive the cipher key and initialization vector (IV).
681
- * The value must be either a `'latin1'` encoded string, a `Buffer`, a`TypedArray`, or a `DataView`.
682
- *
683
- * **This function is semantically insecure for all**
684
- * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
685
- * **GCM, or CCM).**
686
- *
687
- * The implementation of `crypto.createCipher()` derives keys using the OpenSSL
688
- * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
689
- * iteration, and no salt. The lack of salt allows dictionary attacks as the same
690
- * password always creates the same key. The low iteration count and
691
- * non-cryptographically secure hash algorithm allow passwords to be tested very
692
- * rapidly.
693
- *
694
- * In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
695
- * developers derive a key and IV on
696
- * their own using {@link scrypt} and to use {@link createCipheriv} to create the `Cipher` object. Users should not use ciphers with counter mode
697
- * (e.g. CTR, GCM, or CCM) in `crypto.createCipher()`. A warning is emitted when
698
- * they are used in order to avoid the risk of IV reuse that causes
699
- * vulnerabilities. For the case when IV is reused in GCM, see [Nonce-Disrespecting Adversaries](https://github.com/nonce-disrespect/nonce-disrespect) for details.
700
- * @since v0.1.94
701
- * @deprecated Since v10.0.0 - Use {@link createCipheriv} instead.
702
- * @param options `stream.transform` options
703
- */
704
- function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
705
- /** @deprecated since v10.0.0 use `createCipheriv()` */
706
- function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
707
- /** @deprecated since v10.0.0 use `createCipheriv()` */
708
- function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
709
- /**
710
- * Creates and returns a `Cipher` object, with the given `algorithm`, `key` and
711
- * initialization vector (`iv`).
712
- *
713
- * The `options` argument controls stream behavior and is optional except when a
714
- * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
715
- * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
716
- * tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
717
- * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
718
- *
719
- * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
720
- * recent OpenSSL releases, `openssl list -cipher-algorithms` will
721
- * display the available cipher algorithms.
722
- *
723
- * The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded
724
- * strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be
725
- * a `KeyObject` of type `secret`. If the cipher does not need
726
- * an initialization vector, `iv` may be `null`.
727
- *
728
- * When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`.
729
- *
730
- * Initialization vectors should be unpredictable and unique; ideally, they will be
731
- * cryptographically random. They do not have to be secret: IVs are typically just
732
- * added to ciphertext messages unencrypted. It may sound contradictory that
733
- * something has to be unpredictable and unique, but does not have to be secret;
734
- * remember that an attacker must not be able to predict ahead of time what a
735
- * given IV will be.
736
- * @since v0.1.94
737
- * @param options `stream.transform` options
738
- */
739
- function createCipheriv(
740
- algorithm: CipherCCMTypes,
741
- key: CipherKey,
742
- iv: BinaryLike,
743
- options: CipherCCMOptions,
744
- ): CipherCCM;
745
- function createCipheriv(
746
- algorithm: CipherOCBTypes,
747
- key: CipherKey,
748
- iv: BinaryLike,
749
- options: CipherOCBOptions,
750
- ): CipherOCB;
751
- function createCipheriv(
752
- algorithm: CipherGCMTypes,
753
- key: CipherKey,
754
- iv: BinaryLike,
755
- options?: CipherGCMOptions,
756
- ): CipherGCM;
757
- function createCipheriv(
758
- algorithm: string,
759
- key: CipherKey,
760
- iv: BinaryLike | null,
761
- options?: stream.TransformOptions,
762
- ): Cipher;
763
- /**
764
- * Instances of the `Cipher` class are used to encrypt data. The class can be
765
- * used in one of two ways:
766
- *
767
- * * As a `stream` that is both readable and writable, where plain unencrypted
768
- * data is written to produce encrypted data on the readable side, or
769
- * * Using the `cipher.update()` and `cipher.final()` methods to produce
770
- * the encrypted data.
771
- *
772
- * The {@link createCipher} or {@link createCipheriv} methods are
773
- * used to create `Cipher` instances. `Cipher` objects are not to be created
774
- * directly using the `new` keyword.
775
- *
776
- * Example: Using `Cipher` objects as streams:
777
- *
778
- * ```js
779
- * const {
780
- * scrypt,
781
- * randomFill,
782
- * createCipheriv,
783
- * } = await import('node:crypto');
784
- *
785
- * const algorithm = 'aes-192-cbc';
786
- * const password = 'Password used to generate key';
787
- *
788
- * // First, we'll generate the key. The key length is dependent on the algorithm.
789
- * // In this case for aes192, it is 24 bytes (192 bits).
790
- * scrypt(password, 'salt', 24, (err, key) => {
791
- * if (err) throw err;
792
- * // Then, we'll generate a random initialization vector
793
- * randomFill(new Uint8Array(16), (err, iv) => {
794
- * if (err) throw err;
795
- *
796
- * // Once we have the key and iv, we can create and use the cipher...
797
- * const cipher = createCipheriv(algorithm, key, iv);
798
- *
799
- * let encrypted = '';
800
- * cipher.setEncoding('hex');
801
- *
802
- * cipher.on('data', (chunk) => encrypted += chunk);
803
- * cipher.on('end', () => console.log(encrypted));
804
- *
805
- * cipher.write('some clear text data');
806
- * cipher.end();
807
- * });
808
- * });
809
- * ```
810
- *
811
- * Example: Using `Cipher` and piped streams:
812
- *
813
- * ```js
814
- * import {
815
- * createReadStream,
816
- * createWriteStream,
817
- * } from 'node:fs';
818
- *
819
- * import {
820
- * pipeline,
821
- * } from 'node:stream';
822
- *
823
- * const {
824
- * scrypt,
825
- * randomFill,
826
- * createCipheriv,
827
- * } = await import('node:crypto');
828
- *
829
- * const algorithm = 'aes-192-cbc';
830
- * const password = 'Password used to generate key';
831
- *
832
- * // First, we'll generate the key. The key length is dependent on the algorithm.
833
- * // In this case for aes192, it is 24 bytes (192 bits).
834
- * scrypt(password, 'salt', 24, (err, key) => {
835
- * if (err) throw err;
836
- * // Then, we'll generate a random initialization vector
837
- * randomFill(new Uint8Array(16), (err, iv) => {
838
- * if (err) throw err;
839
- *
840
- * const cipher = createCipheriv(algorithm, key, iv);
841
- *
842
- * const input = createReadStream('test.js');
843
- * const output = createWriteStream('test.enc');
844
- *
845
- * pipeline(input, cipher, output, (err) => {
846
- * if (err) throw err;
847
- * });
848
- * });
849
- * });
850
- * ```
851
- *
852
- * Example: Using the `cipher.update()` and `cipher.final()` methods:
853
- *
854
- * ```js
855
- * const {
856
- * scrypt,
857
- * randomFill,
858
- * createCipheriv,
859
- * } = await import('node:crypto');
860
- *
861
- * const algorithm = 'aes-192-cbc';
862
- * const password = 'Password used to generate key';
863
- *
864
- * // First, we'll generate the key. The key length is dependent on the algorithm.
865
- * // In this case for aes192, it is 24 bytes (192 bits).
866
- * scrypt(password, 'salt', 24, (err, key) => {
867
- * if (err) throw err;
868
- * // Then, we'll generate a random initialization vector
869
- * randomFill(new Uint8Array(16), (err, iv) => {
870
- * if (err) throw err;
871
- *
872
- * const cipher = createCipheriv(algorithm, key, iv);
873
- *
874
- * let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
875
- * encrypted += cipher.final('hex');
876
- * console.log(encrypted);
877
- * });
878
- * });
879
- * ```
880
- * @since v0.1.94
881
- */
882
- class Cipher extends stream.Transform {
883
- private constructor();
884
- /**
885
- * Updates the cipher with `data`. If the `inputEncoding` argument is given,
886
- * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`, `TypedArray`, or`DataView`. If `data` is a `Buffer`,
887
- * `TypedArray`, or `DataView`, then`inputEncoding` is ignored.
888
- *
889
- * The `outputEncoding` specifies the output format of the enciphered
890
- * data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
891
- *
892
- * The `cipher.update()` method can be called multiple times with new data until `cipher.final()` is called. Calling `cipher.update()` after `cipher.final()` will result in an error being
893
- * thrown.
894
- * @since v0.1.94
895
- * @param inputEncoding The `encoding` of the data.
896
- * @param outputEncoding The `encoding` of the return value.
897
- */
898
- update(data: BinaryLike): Buffer;
899
- update(data: string, inputEncoding: Encoding): Buffer;
900
- update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
901
- update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
902
- /**
903
- * Once the `cipher.final()` method has been called, the `Cipher` object can no
904
- * longer be used to encrypt data. Attempts to call `cipher.final()` more than
905
- * once will result in an error being thrown.
906
- * @since v0.1.94
907
- * @param outputEncoding The `encoding` of the return value.
908
- * @return Any remaining enciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
909
- */
910
- final(): Buffer;
911
- final(outputEncoding: BufferEncoding): string;
912
- /**
913
- * When using block encryption algorithms, the `Cipher` class will automatically
914
- * add padding to the input data to the appropriate block size. To disable the
915
- * default padding call `cipher.setAutoPadding(false)`.
916
- *
917
- * When `autoPadding` is `false`, the length of the entire input data must be a
918
- * multiple of the cipher's block size or `cipher.final()` will throw an error.
919
- * Disabling automatic padding is useful for non-standard padding, for instance
920
- * using `0x0` instead of PKCS padding.
921
- *
922
- * The `cipher.setAutoPadding()` method must be called before `cipher.final()`.
923
- * @since v0.7.1
924
- * @param [autoPadding=true]
925
- * @return for method chaining.
926
- */
927
- setAutoPadding(autoPadding?: boolean): this;
928
- }
929
- interface CipherCCM extends Cipher {
930
- setAAD(
931
- buffer: NodeJS.ArrayBufferView,
932
- options: {
933
- plaintextLength: number;
934
- },
935
- ): this;
936
- getAuthTag(): Buffer;
937
- }
938
- interface CipherGCM extends Cipher {
939
- setAAD(
940
- buffer: NodeJS.ArrayBufferView,
941
- options?: {
942
- plaintextLength: number;
943
- },
944
- ): this;
945
- getAuthTag(): Buffer;
946
- }
947
- interface CipherOCB extends Cipher {
948
- setAAD(
949
- buffer: NodeJS.ArrayBufferView,
950
- options?: {
951
- plaintextLength: number;
952
- },
953
- ): this;
954
- getAuthTag(): Buffer;
955
- }
956
- /**
957
- * Creates and returns a `Decipher` object that uses the given `algorithm` and`password` (key).
958
- *
959
- * The `options` argument controls stream behavior and is optional except when a
960
- * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
961
- * authentication tag in bytes, see `CCM mode`.
962
- * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
963
- *
964
- * **This function is semantically insecure for all**
965
- * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
966
- * **GCM, or CCM).**
967
- *
968
- * The implementation of `crypto.createDecipher()` derives keys using the OpenSSL
969
- * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
970
- * iteration, and no salt. The lack of salt allows dictionary attacks as the same
971
- * password always creates the same key. The low iteration count and
972
- * non-cryptographically secure hash algorithm allow passwords to be tested very
973
- * rapidly.
974
- *
975
- * In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
976
- * developers derive a key and IV on
977
- * their own using {@link scrypt} and to use {@link createDecipheriv} to create the `Decipher` object.
978
- * @since v0.1.94
979
- * @deprecated Since v10.0.0 - Use {@link createDecipheriv} instead.
980
- * @param options `stream.transform` options
981
- */
982
- function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
983
- /** @deprecated since v10.0.0 use `createDecipheriv()` */
984
- function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
985
- /** @deprecated since v10.0.0 use `createDecipheriv()` */
986
- function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
987
- /**
988
- * Creates and returns a `Decipher` object that uses the given `algorithm`, `key`and initialization vector (`iv`).
989
- *
990
- * The `options` argument controls stream behavior and is optional except when a
991
- * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
992
- * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to restrict accepted authentication tags
993
- * to those with the specified length.
994
- * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
995
- *
996
- * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
997
- * recent OpenSSL releases, `openssl list -cipher-algorithms` will
998
- * display the available cipher algorithms.
999
- *
1000
- * The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded
1001
- * strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be
1002
- * a `KeyObject` of type `secret`. If the cipher does not need
1003
- * an initialization vector, `iv` may be `null`.
1004
- *
1005
- * When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`.
1006
- *
1007
- * Initialization vectors should be unpredictable and unique; ideally, they will be
1008
- * cryptographically random. They do not have to be secret: IVs are typically just
1009
- * added to ciphertext messages unencrypted. It may sound contradictory that
1010
- * something has to be unpredictable and unique, but does not have to be secret;
1011
- * remember that an attacker must not be able to predict ahead of time what a given
1012
- * IV will be.
1013
- * @since v0.1.94
1014
- * @param options `stream.transform` options
1015
- */
1016
- function createDecipheriv(
1017
- algorithm: CipherCCMTypes,
1018
- key: CipherKey,
1019
- iv: BinaryLike,
1020
- options: CipherCCMOptions,
1021
- ): DecipherCCM;
1022
- function createDecipheriv(
1023
- algorithm: CipherOCBTypes,
1024
- key: CipherKey,
1025
- iv: BinaryLike,
1026
- options: CipherOCBOptions,
1027
- ): DecipherOCB;
1028
- function createDecipheriv(
1029
- algorithm: CipherGCMTypes,
1030
- key: CipherKey,
1031
- iv: BinaryLike,
1032
- options?: CipherGCMOptions,
1033
- ): DecipherGCM;
1034
- function createDecipheriv(
1035
- algorithm: string,
1036
- key: CipherKey,
1037
- iv: BinaryLike | null,
1038
- options?: stream.TransformOptions,
1039
- ): Decipher;
1040
- /**
1041
- * Instances of the `Decipher` class are used to decrypt data. The class can be
1042
- * used in one of two ways:
1043
- *
1044
- * * As a `stream` that is both readable and writable, where plain encrypted
1045
- * data is written to produce unencrypted data on the readable side, or
1046
- * * Using the `decipher.update()` and `decipher.final()` methods to
1047
- * produce the unencrypted data.
1048
- *
1049
- * The {@link createDecipher} or {@link createDecipheriv} methods are
1050
- * used to create `Decipher` instances. `Decipher` objects are not to be created
1051
- * directly using the `new` keyword.
1052
- *
1053
- * Example: Using `Decipher` objects as streams:
1054
- *
1055
- * ```js
1056
- * import { Buffer } from 'node:buffer';
1057
- * const {
1058
- * scryptSync,
1059
- * createDecipheriv,
1060
- * } = await import('node:crypto');
1061
- *
1062
- * const algorithm = 'aes-192-cbc';
1063
- * const password = 'Password used to generate key';
1064
- * // Key length is dependent on the algorithm. In this case for aes192, it is
1065
- * // 24 bytes (192 bits).
1066
- * // Use the async `crypto.scrypt()` instead.
1067
- * const key = scryptSync(password, 'salt', 24);
1068
- * // The IV is usually passed along with the ciphertext.
1069
- * const iv = Buffer.alloc(16, 0); // Initialization vector.
1070
- *
1071
- * const decipher = createDecipheriv(algorithm, key, iv);
1072
- *
1073
- * let decrypted = '';
1074
- * decipher.on('readable', () => {
1075
- * let chunk;
1076
- * while (null !== (chunk = decipher.read())) {
1077
- * decrypted += chunk.toString('utf8');
1078
- * }
1079
- * });
1080
- * decipher.on('end', () => {
1081
- * console.log(decrypted);
1082
- * // Prints: some clear text data
1083
- * });
1084
- *
1085
- * // Encrypted with same algorithm, key and iv.
1086
- * const encrypted =
1087
- * 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
1088
- * decipher.write(encrypted, 'hex');
1089
- * decipher.end();
1090
- * ```
1091
- *
1092
- * Example: Using `Decipher` and piped streams:
1093
- *
1094
- * ```js
1095
- * import {
1096
- * createReadStream,
1097
- * createWriteStream,
1098
- * } from 'node:fs';
1099
- * import { Buffer } from 'node:buffer';
1100
- * const {
1101
- * scryptSync,
1102
- * createDecipheriv,
1103
- * } = await import('node:crypto');
1104
- *
1105
- * const algorithm = 'aes-192-cbc';
1106
- * const password = 'Password used to generate key';
1107
- * // Use the async `crypto.scrypt()` instead.
1108
- * const key = scryptSync(password, 'salt', 24);
1109
- * // The IV is usually passed along with the ciphertext.
1110
- * const iv = Buffer.alloc(16, 0); // Initialization vector.
1111
- *
1112
- * const decipher = createDecipheriv(algorithm, key, iv);
1113
- *
1114
- * const input = createReadStream('test.enc');
1115
- * const output = createWriteStream('test.js');
1116
- *
1117
- * input.pipe(decipher).pipe(output);
1118
- * ```
1119
- *
1120
- * Example: Using the `decipher.update()` and `decipher.final()` methods:
1121
- *
1122
- * ```js
1123
- * import { Buffer } from 'node:buffer';
1124
- * const {
1125
- * scryptSync,
1126
- * createDecipheriv,
1127
- * } = await import('node:crypto');
1128
- *
1129
- * const algorithm = 'aes-192-cbc';
1130
- * const password = 'Password used to generate key';
1131
- * // Use the async `crypto.scrypt()` instead.
1132
- * const key = scryptSync(password, 'salt', 24);
1133
- * // The IV is usually passed along with the ciphertext.
1134
- * const iv = Buffer.alloc(16, 0); // Initialization vector.
1135
- *
1136
- * const decipher = createDecipheriv(algorithm, key, iv);
1137
- *
1138
- * // Encrypted using same algorithm, key and iv.
1139
- * const encrypted =
1140
- * 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
1141
- * let decrypted = decipher.update(encrypted, 'hex', 'utf8');
1142
- * decrypted += decipher.final('utf8');
1143
- * console.log(decrypted);
1144
- * // Prints: some clear text data
1145
- * ```
1146
- * @since v0.1.94
1147
- */
1148
- class Decipher extends stream.Transform {
1149
- private constructor();
1150
- /**
1151
- * Updates the decipher with `data`. If the `inputEncoding` argument is given,
1152
- * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`. If `data` is a `Buffer` then `inputEncoding` is
1153
- * ignored.
1154
- *
1155
- * The `outputEncoding` specifies the output format of the enciphered
1156
- * data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
1157
- *
1158
- * The `decipher.update()` method can be called multiple times with new data until `decipher.final()` is called. Calling `decipher.update()` after `decipher.final()` will result in an error
1159
- * being thrown.
1160
- * @since v0.1.94
1161
- * @param inputEncoding The `encoding` of the `data` string.
1162
- * @param outputEncoding The `encoding` of the return value.
1163
- */
1164
- update(data: NodeJS.ArrayBufferView): Buffer;
1165
- update(data: string, inputEncoding: Encoding): Buffer;
1166
- update(data: NodeJS.ArrayBufferView, inputEncoding: undefined, outputEncoding: Encoding): string;
1167
- update(data: string, inputEncoding: Encoding | undefined, outputEncoding: Encoding): string;
1168
- /**
1169
- * Once the `decipher.final()` method has been called, the `Decipher` object can
1170
- * no longer be used to decrypt data. Attempts to call `decipher.final()` more
1171
- * than once will result in an error being thrown.
1172
- * @since v0.1.94
1173
- * @param outputEncoding The `encoding` of the return value.
1174
- * @return Any remaining deciphered contents. If `outputEncoding` is specified, a string is returned. If an `outputEncoding` is not provided, a {@link Buffer} is returned.
1175
- */
1176
- final(): Buffer;
1177
- final(outputEncoding: BufferEncoding): string;
1178
- /**
1179
- * When data has been encrypted without standard block padding, calling`decipher.setAutoPadding(false)` will disable automatic padding to prevent `decipher.final()` from checking for and
1180
- * removing padding.
1181
- *
1182
- * Turning auto padding off will only work if the input data's length is a
1183
- * multiple of the ciphers block size.
1184
- *
1185
- * The `decipher.setAutoPadding()` method must be called before `decipher.final()`.
1186
- * @since v0.7.1
1187
- * @param [autoPadding=true]
1188
- * @return for method chaining.
1189
- */
1190
- setAutoPadding(auto_padding?: boolean): this;
1191
- }
1192
- interface DecipherCCM extends Decipher {
1193
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1194
- setAAD(
1195
- buffer: NodeJS.ArrayBufferView,
1196
- options: {
1197
- plaintextLength: number;
1198
- },
1199
- ): this;
1200
- }
1201
- interface DecipherGCM extends Decipher {
1202
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1203
- setAAD(
1204
- buffer: NodeJS.ArrayBufferView,
1205
- options?: {
1206
- plaintextLength: number;
1207
- },
1208
- ): this;
1209
- }
1210
- interface DecipherOCB extends Decipher {
1211
- setAuthTag(buffer: NodeJS.ArrayBufferView): this;
1212
- setAAD(
1213
- buffer: NodeJS.ArrayBufferView,
1214
- options?: {
1215
- plaintextLength: number;
1216
- },
1217
- ): this;
1218
- }
1219
- interface PrivateKeyInput {
1220
- key: string | Buffer;
1221
- format?: KeyFormat | undefined;
1222
- type?: "pkcs1" | "pkcs8" | "sec1" | undefined;
1223
- passphrase?: string | Buffer | undefined;
1224
- encoding?: string | undefined;
1225
- }
1226
- interface PublicKeyInput {
1227
- key: string | Buffer;
1228
- format?: KeyFormat | undefined;
1229
- type?: "pkcs1" | "spki" | undefined;
1230
- encoding?: string | undefined;
1231
- }
1232
- /**
1233
- * Asynchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
1234
- *
1235
- * ```js
1236
- * const {
1237
- * generateKey,
1238
- * } = await import('node:crypto');
1239
- *
1240
- * generateKey('hmac', { length: 512 }, (err, key) => {
1241
- * if (err) throw err;
1242
- * console.log(key.export().toString('hex')); // 46e..........620
1243
- * });
1244
- * ```
1245
- *
1246
- * The size of a generated HMAC key should not exceed the block size of the
1247
- * underlying hash function. See {@link createHmac} for more information.
1248
- * @since v15.0.0
1249
- * @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
1250
- */
1251
- function generateKey(
1252
- type: "hmac" | "aes",
1253
- options: {
1254
- length: number;
1255
- },
1256
- callback: (err: Error | null, key: KeyObject) => void,
1257
- ): void;
1258
- /**
1259
- * Synchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
1260
- *
1261
- * ```js
1262
- * const {
1263
- * generateKeySync,
1264
- * } = await import('node:crypto');
1265
- *
1266
- * const key = generateKeySync('hmac', { length: 512 });
1267
- * console.log(key.export().toString('hex')); // e89..........41e
1268
- * ```
1269
- *
1270
- * The size of a generated HMAC key should not exceed the block size of the
1271
- * underlying hash function. See {@link createHmac} for more information.
1272
- * @since v15.0.0
1273
- * @param type The intended use of the generated secret key. Currently accepted values are `'hmac'` and `'aes'`.
1274
- */
1275
- function generateKeySync(
1276
- type: "hmac" | "aes",
1277
- options: {
1278
- length: number;
1279
- },
1280
- ): KeyObject;
1281
- interface JsonWebKeyInput {
1282
- key: JsonWebKey;
1283
- format: "jwk";
1284
- }
1285
- /**
1286
- * Creates and returns a new key object containing a private key. If `key` is a
1287
- * string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`must be an object with the properties described above.
1288
- *
1289
- * If the private key is encrypted, a `passphrase` must be specified. The length
1290
- * of the passphrase is limited to 1024 bytes.
1291
- * @since v11.6.0
1292
- */
1293
- function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
1294
- /**
1295
- * Creates and returns a new key object containing a public key. If `key` is a
1296
- * string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject`with type `'private'`, the public key is derived from the given private key;
1297
- * otherwise, `key` must be an object with the properties described above.
1298
- *
1299
- * If the format is `'pem'`, the `'key'` may also be an X.509 certificate.
1300
- *
1301
- * Because public keys can be derived from private keys, a private key may be
1302
- * passed instead of a public key. In that case, this function behaves as if {@link createPrivateKey} had been called, except that the type of the
1303
- * returned `KeyObject` will be `'public'` and that the private key cannot be
1304
- * extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type`'private'` is given, a new `KeyObject` with type `'public'` will be returned
1305
- * and it will be impossible to extract the private key from the returned object.
1306
- * @since v11.6.0
1307
- */
1308
- function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject | JsonWebKeyInput): KeyObject;
1309
- /**
1310
- * Creates and returns a new key object containing a secret key for symmetric
1311
- * encryption or `Hmac`.
1312
- * @since v11.6.0
1313
- * @param encoding The string encoding when `key` is a string.
1314
- */
1315
- function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
1316
- function createSecretKey(key: string, encoding: BufferEncoding): KeyObject;
1317
- /**
1318
- * Creates and returns a `Sign` object that uses the given `algorithm`. Use {@link getHashes} to obtain the names of the available digest algorithms.
1319
- * Optional `options` argument controls the `stream.Writable` behavior.
1320
- *
1321
- * In some cases, a `Sign` instance can be created using the name of a signature
1322
- * algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
1323
- * the corresponding digest algorithm. This does not work for all signature
1324
- * algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
1325
- * algorithm names.
1326
- * @since v0.1.92
1327
- * @param options `stream.Writable` options
1328
- */
1329
- function createSign(algorithm: string, options?: stream.WritableOptions): Sign;
1330
- type DSAEncoding = "der" | "ieee-p1363";
1331
- interface SigningOptions {
1332
- /**
1333
- * @see crypto.constants.RSA_PKCS1_PADDING
1334
- */
1335
- padding?: number | undefined;
1336
- saltLength?: number | undefined;
1337
- dsaEncoding?: DSAEncoding | undefined;
1338
- }
1339
- interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
1340
- interface SignKeyObjectInput extends SigningOptions {
1341
- key: KeyObject;
1342
- }
1343
- interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions {}
1344
- interface VerifyKeyObjectInput extends SigningOptions {
1345
- key: KeyObject;
1346
- }
1347
- interface VerifyJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
1348
- type KeyLike = string | Buffer | KeyObject;
1349
- /**
1350
- * The `Sign` class is a utility for generating signatures. It can be used in one
1351
- * of two ways:
1352
- *
1353
- * * As a writable `stream`, where data to be signed is written and the `sign.sign()` method is used to generate and return the signature, or
1354
- * * Using the `sign.update()` and `sign.sign()` methods to produce the
1355
- * signature.
1356
- *
1357
- * The {@link createSign} method is used to create `Sign` instances. The
1358
- * argument is the string name of the hash function to use. `Sign` objects are not
1359
- * to be created directly using the `new` keyword.
1360
- *
1361
- * Example: Using `Sign` and `Verify` objects as streams:
1362
- *
1363
- * ```js
1364
- * const {
1365
- * generateKeyPairSync,
1366
- * createSign,
1367
- * createVerify,
1368
- * } = await import('node:crypto');
1369
- *
1370
- * const { privateKey, publicKey } = generateKeyPairSync('ec', {
1371
- * namedCurve: 'sect239k1',
1372
- * });
1373
- *
1374
- * const sign = createSign('SHA256');
1375
- * sign.write('some data to sign');
1376
- * sign.end();
1377
- * const signature = sign.sign(privateKey, 'hex');
1378
- *
1379
- * const verify = createVerify('SHA256');
1380
- * verify.write('some data to sign');
1381
- * verify.end();
1382
- * console.log(verify.verify(publicKey, signature, 'hex'));
1383
- * // Prints: true
1384
- * ```
1385
- *
1386
- * Example: Using the `sign.update()` and `verify.update()` methods:
1387
- *
1388
- * ```js
1389
- * const {
1390
- * generateKeyPairSync,
1391
- * createSign,
1392
- * createVerify,
1393
- * } = await import('node:crypto');
1394
- *
1395
- * const { privateKey, publicKey } = generateKeyPairSync('rsa', {
1396
- * modulusLength: 2048,
1397
- * });
1398
- *
1399
- * const sign = createSign('SHA256');
1400
- * sign.update('some data to sign');
1401
- * sign.end();
1402
- * const signature = sign.sign(privateKey);
1403
- *
1404
- * const verify = createVerify('SHA256');
1405
- * verify.update('some data to sign');
1406
- * verify.end();
1407
- * console.log(verify.verify(publicKey, signature));
1408
- * // Prints: true
1409
- * ```
1410
- * @since v0.1.92
1411
- */
1412
- class Sign extends stream.Writable {
1413
- private constructor();
1414
- /**
1415
- * Updates the `Sign` content with the given `data`, the encoding of which
1416
- * is given in `inputEncoding`.
1417
- * If `encoding` is not provided, and the `data` is a string, an
1418
- * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
1419
- *
1420
- * This can be called many times with new data as it is streamed.
1421
- * @since v0.1.92
1422
- * @param inputEncoding The `encoding` of the `data` string.
1423
- */
1424
- update(data: BinaryLike): this;
1425
- update(data: string, inputEncoding: Encoding): this;
1426
- /**
1427
- * Calculates the signature on all the data passed through using either `sign.update()` or `sign.write()`.
1428
- *
1429
- * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
1430
- * object, the following additional properties can be passed:
1431
- *
1432
- * If `outputEncoding` is provided a string is returned; otherwise a `Buffer` is returned.
1433
- *
1434
- * The `Sign` object can not be again used after `sign.sign()` method has been
1435
- * called. Multiple calls to `sign.sign()` will result in an error being thrown.
1436
- * @since v0.1.92
1437
- */
1438
- sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
1439
- sign(
1440
- privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1441
- outputFormat: BinaryToTextEncoding,
1442
- ): string;
1443
- }
1444
- /**
1445
- * Creates and returns a `Verify` object that uses the given algorithm.
1446
- * Use {@link getHashes} to obtain an array of names of the available
1447
- * signing algorithms. Optional `options` argument controls the`stream.Writable` behavior.
1448
- *
1449
- * In some cases, a `Verify` instance can be created using the name of a signature
1450
- * algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
1451
- * the corresponding digest algorithm. This does not work for all signature
1452
- * algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest
1453
- * algorithm names.
1454
- * @since v0.1.92
1455
- * @param options `stream.Writable` options
1456
- */
1457
- function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
1458
- /**
1459
- * The `Verify` class is a utility for verifying signatures. It can be used in one
1460
- * of two ways:
1461
- *
1462
- * * As a writable `stream` where written data is used to validate against the
1463
- * supplied signature, or
1464
- * * Using the `verify.update()` and `verify.verify()` methods to verify
1465
- * the signature.
1466
- *
1467
- * The {@link createVerify} method is used to create `Verify` instances.`Verify` objects are not to be created directly using the `new` keyword.
1468
- *
1469
- * See `Sign` for examples.
1470
- * @since v0.1.92
1471
- */
1472
- class Verify extends stream.Writable {
1473
- private constructor();
1474
- /**
1475
- * Updates the `Verify` content with the given `data`, the encoding of which
1476
- * is given in `inputEncoding`.
1477
- * If `inputEncoding` is not provided, and the `data` is a string, an
1478
- * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
1479
- *
1480
- * This can be called many times with new data as it is streamed.
1481
- * @since v0.1.92
1482
- * @param inputEncoding The `encoding` of the `data` string.
1483
- */
1484
- update(data: BinaryLike): Verify;
1485
- update(data: string, inputEncoding: Encoding): Verify;
1486
- /**
1487
- * Verifies the provided data using the given `object` and `signature`.
1488
- *
1489
- * If `object` is not a `KeyObject`, this function behaves as if`object` had been passed to {@link createPublicKey}. If it is an
1490
- * object, the following additional properties can be passed:
1491
- *
1492
- * The `signature` argument is the previously calculated signature for the data, in
1493
- * the `signatureEncoding`.
1494
- * If a `signatureEncoding` is specified, the `signature` is expected to be a
1495
- * string; otherwise `signature` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
1496
- *
1497
- * The `verify` object can not be used again after `verify.verify()` has been
1498
- * called. Multiple calls to `verify.verify()` will result in an error being
1499
- * thrown.
1500
- *
1501
- * Because public keys can be derived from private keys, a private key may
1502
- * be passed instead of a public key.
1503
- * @since v0.1.92
1504
- */
1505
- verify(
1506
- object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
1507
- signature: NodeJS.ArrayBufferView,
1508
- ): boolean;
1509
- verify(
1510
- object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
1511
- signature: string,
1512
- signature_format?: BinaryToTextEncoding,
1513
- ): boolean;
1514
- }
1515
- /**
1516
- * Creates a `DiffieHellman` key exchange object using the supplied `prime` and an
1517
- * optional specific `generator`.
1518
- *
1519
- * The `generator` argument can be a number, string, or `Buffer`. If`generator` is not specified, the value `2` is used.
1520
- *
1521
- * If `primeEncoding` is specified, `prime` is expected to be a string; otherwise
1522
- * a `Buffer`, `TypedArray`, or `DataView` is expected.
1523
- *
1524
- * If `generatorEncoding` is specified, `generator` is expected to be a string;
1525
- * otherwise a number, `Buffer`, `TypedArray`, or `DataView` is expected.
1526
- * @since v0.11.12
1527
- * @param primeEncoding The `encoding` of the `prime` string.
1528
- * @param [generator=2]
1529
- * @param generatorEncoding The `encoding` of the `generator` string.
1530
- */
1531
- function createDiffieHellman(primeLength: number, generator?: number): DiffieHellman;
1532
- function createDiffieHellman(
1533
- prime: ArrayBuffer | NodeJS.ArrayBufferView,
1534
- generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
1535
- ): DiffieHellman;
1536
- function createDiffieHellman(
1537
- prime: ArrayBuffer | NodeJS.ArrayBufferView,
1538
- generator: string,
1539
- generatorEncoding: BinaryToTextEncoding,
1540
- ): DiffieHellman;
1541
- function createDiffieHellman(
1542
- prime: string,
1543
- primeEncoding: BinaryToTextEncoding,
1544
- generator?: number | ArrayBuffer | NodeJS.ArrayBufferView,
1545
- ): DiffieHellman;
1546
- function createDiffieHellman(
1547
- prime: string,
1548
- primeEncoding: BinaryToTextEncoding,
1549
- generator: string,
1550
- generatorEncoding: BinaryToTextEncoding,
1551
- ): DiffieHellman;
1552
- /**
1553
- * The `DiffieHellman` class is a utility for creating Diffie-Hellman key
1554
- * exchanges.
1555
- *
1556
- * Instances of the `DiffieHellman` class can be created using the {@link createDiffieHellman} function.
1557
- *
1558
- * ```js
1559
- * import assert from 'node:assert';
1560
- *
1561
- * const {
1562
- * createDiffieHellman,
1563
- * } = await import('node:crypto');
1564
- *
1565
- * // Generate Alice's keys...
1566
- * const alice = createDiffieHellman(2048);
1567
- * const aliceKey = alice.generateKeys();
1568
- *
1569
- * // Generate Bob's keys...
1570
- * const bob = createDiffieHellman(alice.getPrime(), alice.getGenerator());
1571
- * const bobKey = bob.generateKeys();
1572
- *
1573
- * // Exchange and generate the secret...
1574
- * const aliceSecret = alice.computeSecret(bobKey);
1575
- * const bobSecret = bob.computeSecret(aliceKey);
1576
- *
1577
- * // OK
1578
- * assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
1579
- * ```
1580
- * @since v0.5.0
1581
- */
1582
- class DiffieHellman {
1583
- private constructor();
1584
- /**
1585
- * Generates private and public Diffie-Hellman key values unless they have been
1586
- * generated or computed already, and returns
1587
- * the public key in the specified `encoding`. This key should be
1588
- * transferred to the other party.
1589
- * If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
1590
- *
1591
- * This function is a thin wrapper around [`DH_generate_key()`](https://www.openssl.org/docs/man3.0/man3/DH_generate_key.html). In particular,
1592
- * once a private key has been generated or set, calling this function only updates
1593
- * the public key but does not generate a new private key.
1594
- * @since v0.5.0
1595
- * @param encoding The `encoding` of the return value.
1596
- */
1597
- generateKeys(): Buffer;
1598
- generateKeys(encoding: BinaryToTextEncoding): string;
1599
- /**
1600
- * Computes the shared secret using `otherPublicKey` as the other
1601
- * party's public key and returns the computed shared secret. The supplied
1602
- * key is interpreted using the specified `inputEncoding`, and secret is
1603
- * encoded using specified `outputEncoding`.
1604
- * If the `inputEncoding` is not
1605
- * provided, `otherPublicKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
1606
- *
1607
- * If `outputEncoding` is given a string is returned; otherwise, a `Buffer` is returned.
1608
- * @since v0.5.0
1609
- * @param inputEncoding The `encoding` of an `otherPublicKey` string.
1610
- * @param outputEncoding The `encoding` of the return value.
1611
- */
1612
- computeSecret(otherPublicKey: NodeJS.ArrayBufferView, inputEncoding?: null, outputEncoding?: null): Buffer;
1613
- computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding, outputEncoding?: null): Buffer;
1614
- computeSecret(
1615
- otherPublicKey: NodeJS.ArrayBufferView,
1616
- inputEncoding: null,
1617
- outputEncoding: BinaryToTextEncoding,
1618
- ): string;
1619
- computeSecret(
1620
- otherPublicKey: string,
1621
- inputEncoding: BinaryToTextEncoding,
1622
- outputEncoding: BinaryToTextEncoding,
1623
- ): string;
1624
- /**
1625
- * Returns the Diffie-Hellman prime in the specified `encoding`.
1626
- * If `encoding` is provided a string is
1627
- * returned; otherwise a `Buffer` is returned.
1628
- * @since v0.5.0
1629
- * @param encoding The `encoding` of the return value.
1630
- */
1631
- getPrime(): Buffer;
1632
- getPrime(encoding: BinaryToTextEncoding): string;
1633
- /**
1634
- * Returns the Diffie-Hellman generator in the specified `encoding`.
1635
- * If `encoding` is provided a string is
1636
- * returned; otherwise a `Buffer` is returned.
1637
- * @since v0.5.0
1638
- * @param encoding The `encoding` of the return value.
1639
- */
1640
- getGenerator(): Buffer;
1641
- getGenerator(encoding: BinaryToTextEncoding): string;
1642
- /**
1643
- * Returns the Diffie-Hellman public key in the specified `encoding`.
1644
- * If `encoding` is provided a
1645
- * string is returned; otherwise a `Buffer` is returned.
1646
- * @since v0.5.0
1647
- * @param encoding The `encoding` of the return value.
1648
- */
1649
- getPublicKey(): Buffer;
1650
- getPublicKey(encoding: BinaryToTextEncoding): string;
1651
- /**
1652
- * Returns the Diffie-Hellman private key in the specified `encoding`.
1653
- * If `encoding` is provided a
1654
- * string is returned; otherwise a `Buffer` is returned.
1655
- * @since v0.5.0
1656
- * @param encoding The `encoding` of the return value.
1657
- */
1658
- getPrivateKey(): Buffer;
1659
- getPrivateKey(encoding: BinaryToTextEncoding): string;
1660
- /**
1661
- * Sets the Diffie-Hellman public key. If the `encoding` argument is provided,`publicKey` is expected
1662
- * to be a string. If no `encoding` is provided, `publicKey` is expected
1663
- * to be a `Buffer`, `TypedArray`, or `DataView`.
1664
- * @since v0.5.0
1665
- * @param encoding The `encoding` of the `publicKey` string.
1666
- */
1667
- setPublicKey(publicKey: NodeJS.ArrayBufferView): void;
1668
- setPublicKey(publicKey: string, encoding: BufferEncoding): void;
1669
- /**
1670
- * Sets the Diffie-Hellman private key. If the `encoding` argument is provided,`privateKey` is expected
1671
- * to be a string. If no `encoding` is provided, `privateKey` is expected
1672
- * to be a `Buffer`, `TypedArray`, or `DataView`.
1673
- *
1674
- * This function does not automatically compute the associated public key. Either `diffieHellman.setPublicKey()` or `diffieHellman.generateKeys()` can be
1675
- * used to manually provide the public key or to automatically derive it.
1676
- * @since v0.5.0
1677
- * @param encoding The `encoding` of the `privateKey` string.
1678
- */
1679
- setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
1680
- setPrivateKey(privateKey: string, encoding: BufferEncoding): void;
1681
- /**
1682
- * A bit field containing any warnings and/or errors resulting from a check
1683
- * performed during initialization of the `DiffieHellman` object.
1684
- *
1685
- * The following values are valid for this property (as defined in `node:constants` module):
1686
- *
1687
- * * `DH_CHECK_P_NOT_SAFE_PRIME`
1688
- * * `DH_CHECK_P_NOT_PRIME`
1689
- * * `DH_UNABLE_TO_CHECK_GENERATOR`
1690
- * * `DH_NOT_SUITABLE_GENERATOR`
1691
- * @since v0.11.12
1692
- */
1693
- verifyError: number;
1694
- }
1695
- /**
1696
- * The `DiffieHellmanGroup` class takes a well-known modp group as its argument.
1697
- * It works the same as `DiffieHellman`, except that it does not allow changing its keys after creation.
1698
- * In other words, it does not implement `setPublicKey()` or `setPrivateKey()` methods.
1699
- *
1700
- * ```js
1701
- * const { createDiffieHellmanGroup } = await import('node:crypto');
1702
- * const dh = createDiffieHellmanGroup('modp1');
1703
- * ```
1704
- * The name (e.g. `'modp1'`) is taken from [RFC 2412](https://www.rfc-editor.org/rfc/rfc2412.txt) (modp1 and 2) and [RFC 3526](https://www.rfc-editor.org/rfc/rfc3526.txt):
1705
- * ```bash
1706
- * $ perl -ne 'print "$1\n" if /"(modp\d+)"/' src/node_crypto_groups.h
1707
- * modp1 # 768 bits
1708
- * modp2 # 1024 bits
1709
- * modp5 # 1536 bits
1710
- * modp14 # 2048 bits
1711
- * modp15 # etc.
1712
- * modp16
1713
- * modp17
1714
- * modp18
1715
- * ```
1716
- * @since v0.7.5
1717
- */
1718
- const DiffieHellmanGroup: DiffieHellmanGroupConstructor;
1719
- interface DiffieHellmanGroupConstructor {
1720
- new(name: string): DiffieHellmanGroup;
1721
- (name: string): DiffieHellmanGroup;
1722
- readonly prototype: DiffieHellmanGroup;
1723
- }
1724
- type DiffieHellmanGroup = Omit<DiffieHellman, "setPublicKey" | "setPrivateKey">;
1725
- /**
1726
- * Creates a predefined `DiffieHellmanGroup` key exchange object. The
1727
- * supported groups are listed in the documentation for `DiffieHellmanGroup`.
1728
- *
1729
- * The returned object mimics the interface of objects created by {@link createDiffieHellman}, but will not allow changing
1730
- * the keys (with `diffieHellman.setPublicKey()`, for example). The
1731
- * advantage of using this method is that the parties do not have to
1732
- * generate nor exchange a group modulus beforehand, saving both processor
1733
- * and communication time.
1734
- *
1735
- * Example (obtaining a shared secret):
1736
- *
1737
- * ```js
1738
- * const {
1739
- * getDiffieHellman,
1740
- * } = await import('node:crypto');
1741
- * const alice = getDiffieHellman('modp14');
1742
- * const bob = getDiffieHellman('modp14');
1743
- *
1744
- * alice.generateKeys();
1745
- * bob.generateKeys();
1746
- *
1747
- * const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
1748
- * const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
1749
- *
1750
- * // aliceSecret and bobSecret should be the same
1751
- * console.log(aliceSecret === bobSecret);
1752
- * ```
1753
- * @since v0.7.5
1754
- */
1755
- function getDiffieHellman(groupName: string): DiffieHellmanGroup;
1756
- /**
1757
- * An alias for {@link getDiffieHellman}
1758
- * @since v0.9.3
1759
- */
1760
- function createDiffieHellmanGroup(name: string): DiffieHellmanGroup;
1761
- /**
1762
- * Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
1763
- * implementation. A selected HMAC digest algorithm specified by `digest` is
1764
- * applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
1765
- *
1766
- * The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an error occurs while deriving the key, `err` will be set;
1767
- * otherwise `err` will be `null`. By default, the successfully generated`derivedKey` will be passed to the callback as a `Buffer`. An error will be
1768
- * thrown if any of the input arguments specify invalid values or types.
1769
- *
1770
- * The `iterations` argument must be a number set as high as possible. The
1771
- * higher the number of iterations, the more secure the derived key will be,
1772
- * but will take a longer amount of time to complete.
1773
- *
1774
- * The `salt` should be as unique as possible. It is recommended that a salt is
1775
- * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
1776
- *
1777
- * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
1778
- *
1779
- * ```js
1780
- * const {
1781
- * pbkdf2,
1782
- * } = await import('node:crypto');
1783
- *
1784
- * pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
1785
- * if (err) throw err;
1786
- * console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
1787
- * });
1788
- * ```
1789
- *
1790
- * An array of supported digest functions can be retrieved using {@link getHashes}.
1791
- *
1792
- * This API uses libuv's threadpool, which can have surprising and
1793
- * negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
1794
- * @since v0.5.5
1795
- */
1796
- function pbkdf2(
1797
- password: BinaryLike,
1798
- salt: BinaryLike,
1799
- iterations: number,
1800
- keylen: number,
1801
- digest: string,
1802
- callback: (err: Error | null, derivedKey: Buffer) => void,
1803
- ): void;
1804
- /**
1805
- * Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
1806
- * implementation. A selected HMAC digest algorithm specified by `digest` is
1807
- * applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
1808
- *
1809
- * If an error occurs an `Error` will be thrown, otherwise the derived key will be
1810
- * returned as a `Buffer`.
1811
- *
1812
- * The `iterations` argument must be a number set as high as possible. The
1813
- * higher the number of iterations, the more secure the derived key will be,
1814
- * but will take a longer amount of time to complete.
1815
- *
1816
- * The `salt` should be as unique as possible. It is recommended that a salt is
1817
- * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
1818
- *
1819
- * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
1820
- *
1821
- * ```js
1822
- * const {
1823
- * pbkdf2Sync,
1824
- * } = await import('node:crypto');
1825
- *
1826
- * const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
1827
- * console.log(key.toString('hex')); // '3745e48...08d59ae'
1828
- * ```
1829
- *
1830
- * An array of supported digest functions can be retrieved using {@link getHashes}.
1831
- * @since v0.9.3
1832
- */
1833
- function pbkdf2Sync(
1834
- password: BinaryLike,
1835
- salt: BinaryLike,
1836
- iterations: number,
1837
- keylen: number,
1838
- digest: string,
1839
- ): Buffer;
1840
- /**
1841
- * Generates cryptographically strong pseudorandom data. The `size` argument
1842
- * is a number indicating the number of bytes to generate.
1843
- *
1844
- * If a `callback` function is provided, the bytes are generated asynchronously
1845
- * and the `callback` function is invoked with two arguments: `err` and `buf`.
1846
- * If an error occurs, `err` will be an `Error` object; otherwise it is `null`. The`buf` argument is a `Buffer` containing the generated bytes.
1847
- *
1848
- * ```js
1849
- * // Asynchronous
1850
- * const {
1851
- * randomBytes,
1852
- * } = await import('node:crypto');
1853
- *
1854
- * randomBytes(256, (err, buf) => {
1855
- * if (err) throw err;
1856
- * console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
1857
- * });
1858
- * ```
1859
- *
1860
- * If the `callback` function is not provided, the random bytes are generated
1861
- * synchronously and returned as a `Buffer`. An error will be thrown if
1862
- * there is a problem generating the bytes.
1863
- *
1864
- * ```js
1865
- * // Synchronous
1866
- * const {
1867
- * randomBytes,
1868
- * } = await import('node:crypto');
1869
- *
1870
- * const buf = randomBytes(256);
1871
- * console.log(
1872
- * `${buf.length} bytes of random data: ${buf.toString('hex')}`);
1873
- * ```
1874
- *
1875
- * The `crypto.randomBytes()` method will not complete until there is
1876
- * sufficient entropy available.
1877
- * This should normally never take longer than a few milliseconds. The only time
1878
- * when generating the random bytes may conceivably block for a longer period of
1879
- * time is right after boot, when the whole system is still low on entropy.
1880
- *
1881
- * This API uses libuv's threadpool, which can have surprising and
1882
- * negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
1883
- *
1884
- * The asynchronous version of `crypto.randomBytes()` is carried out in a single
1885
- * threadpool request. To minimize threadpool task length variation, partition
1886
- * large `randomBytes` requests when doing so as part of fulfilling a client
1887
- * request.
1888
- * @since v0.5.8
1889
- * @param size The number of bytes to generate. The `size` must not be larger than `2**31 - 1`.
1890
- * @return if the `callback` function is not provided.
1891
- */
1892
- function randomBytes(size: number): Buffer;
1893
- function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
1894
- function pseudoRandomBytes(size: number): Buffer;
1895
- function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
1896
- /**
1897
- * Return a random integer `n` such that `min <= n < max`. This
1898
- * implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias).
1899
- *
1900
- * The range (`max - min`) must be less than 248. `min` and `max` must
1901
- * be [safe integers](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger).
1902
- *
1903
- * If the `callback` function is not provided, the random integer is
1904
- * generated synchronously.
1905
- *
1906
- * ```js
1907
- * // Asynchronous
1908
- * const {
1909
- * randomInt,
1910
- * } = await import('node:crypto');
1911
- *
1912
- * randomInt(3, (err, n) => {
1913
- * if (err) throw err;
1914
- * console.log(`Random number chosen from (0, 1, 2): ${n}`);
1915
- * });
1916
- * ```
1917
- *
1918
- * ```js
1919
- * // Synchronous
1920
- * const {
1921
- * randomInt,
1922
- * } = await import('node:crypto');
1923
- *
1924
- * const n = randomInt(3);
1925
- * console.log(`Random number chosen from (0, 1, 2): ${n}`);
1926
- * ```
1927
- *
1928
- * ```js
1929
- * // With `min` argument
1930
- * const {
1931
- * randomInt,
1932
- * } = await import('node:crypto');
1933
- *
1934
- * const n = randomInt(1, 7);
1935
- * console.log(`The dice rolled: ${n}`);
1936
- * ```
1937
- * @since v14.10.0, v12.19.0
1938
- * @param [min=0] Start of random range (inclusive).
1939
- * @param max End of random range (exclusive).
1940
- * @param callback `function(err, n) {}`.
1941
- */
1942
- function randomInt(max: number): number;
1943
- function randomInt(min: number, max: number): number;
1944
- function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
1945
- function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
1946
- /**
1947
- * Synchronous version of {@link randomFill}.
1948
- *
1949
- * ```js
1950
- * import { Buffer } from 'node:buffer';
1951
- * const { randomFillSync } = await import('node:crypto');
1952
- *
1953
- * const buf = Buffer.alloc(10);
1954
- * console.log(randomFillSync(buf).toString('hex'));
1955
- *
1956
- * randomFillSync(buf, 5);
1957
- * console.log(buf.toString('hex'));
1958
- *
1959
- * // The above is equivalent to the following:
1960
- * randomFillSync(buf, 5, 5);
1961
- * console.log(buf.toString('hex'));
1962
- * ```
1963
- *
1964
- * Any `ArrayBuffer`, `TypedArray` or `DataView` instance may be passed as`buffer`.
1965
- *
1966
- * ```js
1967
- * import { Buffer } from 'node:buffer';
1968
- * const { randomFillSync } = await import('node:crypto');
1969
- *
1970
- * const a = new Uint32Array(10);
1971
- * console.log(Buffer.from(randomFillSync(a).buffer,
1972
- * a.byteOffset, a.byteLength).toString('hex'));
1973
- *
1974
- * const b = new DataView(new ArrayBuffer(10));
1975
- * console.log(Buffer.from(randomFillSync(b).buffer,
1976
- * b.byteOffset, b.byteLength).toString('hex'));
1977
- *
1978
- * const c = new ArrayBuffer(10);
1979
- * console.log(Buffer.from(randomFillSync(c)).toString('hex'));
1980
- * ```
1981
- * @since v7.10.0, v6.13.0
1982
- * @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`.
1983
- * @param [offset=0]
1984
- * @param [size=buffer.length - offset]
1985
- * @return The object passed as `buffer` argument.
1986
- */
1987
- function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
1988
- /**
1989
- * This function is similar to {@link randomBytes} but requires the first
1990
- * argument to be a `Buffer` that will be filled. It also
1991
- * requires that a callback is passed in.
1992
- *
1993
- * If the `callback` function is not provided, an error will be thrown.
1994
- *
1995
- * ```js
1996
- * import { Buffer } from 'node:buffer';
1997
- * const { randomFill } = await import('node:crypto');
1998
- *
1999
- * const buf = Buffer.alloc(10);
2000
- * randomFill(buf, (err, buf) => {
2001
- * if (err) throw err;
2002
- * console.log(buf.toString('hex'));
2003
- * });
2004
- *
2005
- * randomFill(buf, 5, (err, buf) => {
2006
- * if (err) throw err;
2007
- * console.log(buf.toString('hex'));
2008
- * });
2009
- *
2010
- * // The above is equivalent to the following:
2011
- * randomFill(buf, 5, 5, (err, buf) => {
2012
- * if (err) throw err;
2013
- * console.log(buf.toString('hex'));
2014
- * });
2015
- * ```
2016
- *
2017
- * Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as`buffer`.
2018
- *
2019
- * While this includes instances of `Float32Array` and `Float64Array`, this
2020
- * function should not be used to generate random floating-point numbers. The
2021
- * result may contain `+Infinity`, `-Infinity`, and `NaN`, and even if the array
2022
- * contains finite numbers only, they are not drawn from a uniform random
2023
- * distribution and have no meaningful lower or upper bounds.
2024
- *
2025
- * ```js
2026
- * import { Buffer } from 'node:buffer';
2027
- * const { randomFill } = await import('node:crypto');
2028
- *
2029
- * const a = new Uint32Array(10);
2030
- * randomFill(a, (err, buf) => {
2031
- * if (err) throw err;
2032
- * console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
2033
- * .toString('hex'));
2034
- * });
2035
- *
2036
- * const b = new DataView(new ArrayBuffer(10));
2037
- * randomFill(b, (err, buf) => {
2038
- * if (err) throw err;
2039
- * console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
2040
- * .toString('hex'));
2041
- * });
2042
- *
2043
- * const c = new ArrayBuffer(10);
2044
- * randomFill(c, (err, buf) => {
2045
- * if (err) throw err;
2046
- * console.log(Buffer.from(buf).toString('hex'));
2047
- * });
2048
- * ```
2049
- *
2050
- * This API uses libuv's threadpool, which can have surprising and
2051
- * negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.
2052
- *
2053
- * The asynchronous version of `crypto.randomFill()` is carried out in a single
2054
- * threadpool request. To minimize threadpool task length variation, partition
2055
- * large `randomFill` requests when doing so as part of fulfilling a client
2056
- * request.
2057
- * @since v7.10.0, v6.13.0
2058
- * @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`.
2059
- * @param [offset=0]
2060
- * @param [size=buffer.length - offset]
2061
- * @param callback `function(err, buf) {}`.
2062
- */
2063
- function randomFill<T extends NodeJS.ArrayBufferView>(
2064
- buffer: T,
2065
- callback: (err: Error | null, buf: T) => void,
2066
- ): void;
2067
- function randomFill<T extends NodeJS.ArrayBufferView>(
2068
- buffer: T,
2069
- offset: number,
2070
- callback: (err: Error | null, buf: T) => void,
2071
- ): void;
2072
- function randomFill<T extends NodeJS.ArrayBufferView>(
2073
- buffer: T,
2074
- offset: number,
2075
- size: number,
2076
- callback: (err: Error | null, buf: T) => void,
2077
- ): void;
2078
- interface ScryptOptions {
2079
- cost?: number | undefined;
2080
- blockSize?: number | undefined;
2081
- parallelization?: number | undefined;
2082
- N?: number | undefined;
2083
- r?: number | undefined;
2084
- p?: number | undefined;
2085
- maxmem?: number | undefined;
2086
- }
2087
- /**
2088
- * Provides an asynchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
2089
- * key derivation function that is designed to be expensive computationally and
2090
- * memory-wise in order to make brute-force attacks unrewarding.
2091
- *
2092
- * The `salt` should be as unique as possible. It is recommended that a salt is
2093
- * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
2094
- *
2095
- * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
2096
- *
2097
- * The `callback` function is called with two arguments: `err` and `derivedKey`.`err` is an exception object when key derivation fails, otherwise `err` is`null`. `derivedKey` is passed to the
2098
- * callback as a `Buffer`.
2099
- *
2100
- * An exception is thrown when any of the input arguments specify invalid values
2101
- * or types.
2102
- *
2103
- * ```js
2104
- * const {
2105
- * scrypt,
2106
- * } = await import('node:crypto');
2107
- *
2108
- * // Using the factory defaults.
2109
- * scrypt('password', 'salt', 64, (err, derivedKey) => {
2110
- * if (err) throw err;
2111
- * console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
2112
- * });
2113
- * // Using a custom N parameter. Must be a power of two.
2114
- * scrypt('password', 'salt', 64, { N: 1024 }, (err, derivedKey) => {
2115
- * if (err) throw err;
2116
- * console.log(derivedKey.toString('hex')); // '3745e48...aa39b34'
2117
- * });
2118
- * ```
2119
- * @since v10.5.0
2120
- */
2121
- function scrypt(
2122
- password: BinaryLike,
2123
- salt: BinaryLike,
2124
- keylen: number,
2125
- callback: (err: Error | null, derivedKey: Buffer) => void,
2126
- ): void;
2127
- function scrypt(
2128
- password: BinaryLike,
2129
- salt: BinaryLike,
2130
- keylen: number,
2131
- options: ScryptOptions,
2132
- callback: (err: Error | null, derivedKey: Buffer) => void,
2133
- ): void;
2134
- /**
2135
- * Provides a synchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based
2136
- * key derivation function that is designed to be expensive computationally and
2137
- * memory-wise in order to make brute-force attacks unrewarding.
2138
- *
2139
- * The `salt` should be as unique as possible. It is recommended that a salt is
2140
- * random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details.
2141
- *
2142
- * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
2143
- *
2144
- * An exception is thrown when key derivation fails, otherwise the derived key is
2145
- * returned as a `Buffer`.
2146
- *
2147
- * An exception is thrown when any of the input arguments specify invalid values
2148
- * or types.
2149
- *
2150
- * ```js
2151
- * const {
2152
- * scryptSync,
2153
- * } = await import('node:crypto');
2154
- * // Using the factory defaults.
2155
- *
2156
- * const key1 = scryptSync('password', 'salt', 64);
2157
- * console.log(key1.toString('hex')); // '3745e48...08d59ae'
2158
- * // Using a custom N parameter. Must be a power of two.
2159
- * const key2 = scryptSync('password', 'salt', 64, { N: 1024 });
2160
- * console.log(key2.toString('hex')); // '3745e48...aa39b34'
2161
- * ```
2162
- * @since v10.5.0
2163
- */
2164
- function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
2165
- interface RsaPublicKey {
2166
- key: KeyLike;
2167
- padding?: number | undefined;
2168
- }
2169
- interface RsaPrivateKey {
2170
- key: KeyLike;
2171
- passphrase?: string | undefined;
2172
- /**
2173
- * @default 'sha1'
2174
- */
2175
- oaepHash?: string | undefined;
2176
- oaepLabel?: NodeJS.TypedArray | undefined;
2177
- padding?: number | undefined;
2178
- }
2179
- /**
2180
- * Encrypts the content of `buffer` with `key` and returns a new `Buffer` with encrypted content. The returned data can be decrypted using
2181
- * the corresponding private key, for example using {@link privateDecrypt}.
2182
- *
2183
- * If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
2184
- * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
2185
- *
2186
- * Because RSA public keys can be derived from private keys, a private key may
2187
- * be passed instead of a public key.
2188
- * @since v0.11.14
2189
- */
2190
- function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2191
- /**
2192
- * Decrypts `buffer` with `key`.`buffer` was previously encrypted using
2193
- * the corresponding private key, for example using {@link privateEncrypt}.
2194
- *
2195
- * If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
2196
- * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
2197
- *
2198
- * Because RSA public keys can be derived from private keys, a private key may
2199
- * be passed instead of a public key.
2200
- * @since v1.1.0
2201
- */
2202
- function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2203
- /**
2204
- * Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using
2205
- * the corresponding public key, for example using {@link publicEncrypt}.
2206
- *
2207
- * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
2208
- * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
2209
- * @since v0.11.14
2210
- */
2211
- function privateDecrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2212
- /**
2213
- * Encrypts `buffer` with `privateKey`. The returned data can be decrypted using
2214
- * the corresponding public key, for example using {@link publicDecrypt}.
2215
- *
2216
- * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
2217
- * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
2218
- * @since v1.1.0
2219
- */
2220
- function privateEncrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
2221
- /**
2222
- * ```js
2223
- * const {
2224
- * getCiphers,
2225
- * } = await import('node:crypto');
2226
- *
2227
- * console.log(getCiphers()); // ['aes-128-cbc', 'aes-128-ccm', ...]
2228
- * ```
2229
- * @since v0.9.3
2230
- * @return An array with the names of the supported cipher algorithms.
2231
- */
2232
- function getCiphers(): string[];
2233
- /**
2234
- * ```js
2235
- * const {
2236
- * getCurves,
2237
- * } = await import('node:crypto');
2238
- *
2239
- * console.log(getCurves()); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]
2240
- * ```
2241
- * @since v2.3.0
2242
- * @return An array with the names of the supported elliptic curves.
2243
- */
2244
- function getCurves(): string[];
2245
- /**
2246
- * @since v10.0.0
2247
- * @return `1` if and only if a FIPS compliant crypto provider is currently in use, `0` otherwise. A future semver-major release may change the return type of this API to a {boolean}.
2248
- */
2249
- function getFips(): 1 | 0;
2250
- /**
2251
- * Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.
2252
- * Throws an error if FIPS mode is not available.
2253
- * @since v10.0.0
2254
- * @param bool `true` to enable FIPS mode.
2255
- */
2256
- function setFips(bool: boolean): void;
2257
- /**
2258
- * ```js
2259
- * const {
2260
- * getHashes,
2261
- * } = await import('node:crypto');
2262
- *
2263
- * console.log(getHashes()); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
2264
- * ```
2265
- * @since v0.9.3
2266
- * @return An array of the names of the supported hash algorithms, such as `'RSA-SHA256'`. Hash algorithms are also called "digest" algorithms.
2267
- */
2268
- function getHashes(): string[];
2269
- /**
2270
- * The `ECDH` class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)
2271
- * key exchanges.
2272
- *
2273
- * Instances of the `ECDH` class can be created using the {@link createECDH} function.
2274
- *
2275
- * ```js
2276
- * import assert from 'node:assert';
2277
- *
2278
- * const {
2279
- * createECDH,
2280
- * } = await import('node:crypto');
2281
- *
2282
- * // Generate Alice's keys...
2283
- * const alice = createECDH('secp521r1');
2284
- * const aliceKey = alice.generateKeys();
2285
- *
2286
- * // Generate Bob's keys...
2287
- * const bob = createECDH('secp521r1');
2288
- * const bobKey = bob.generateKeys();
2289
- *
2290
- * // Exchange and generate the secret...
2291
- * const aliceSecret = alice.computeSecret(bobKey);
2292
- * const bobSecret = bob.computeSecret(aliceKey);
2293
- *
2294
- * assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
2295
- * // OK
2296
- * ```
2297
- * @since v0.11.14
2298
- */
2299
- class ECDH {
2300
- private constructor();
2301
- /**
2302
- * Converts the EC Diffie-Hellman public key specified by `key` and `curve` to the
2303
- * format specified by `format`. The `format` argument specifies point encoding
2304
- * and can be `'compressed'`, `'uncompressed'` or `'hybrid'`. The supplied key is
2305
- * interpreted using the specified `inputEncoding`, and the returned key is encoded
2306
- * using the specified `outputEncoding`.
2307
- *
2308
- * Use {@link getCurves} to obtain a list of available curve names.
2309
- * On recent OpenSSL releases, `openssl ecparam -list_curves` will also display
2310
- * the name and description of each available elliptic curve.
2311
- *
2312
- * If `format` is not specified the point will be returned in `'uncompressed'`format.
2313
- *
2314
- * If the `inputEncoding` is not provided, `key` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
2315
- *
2316
- * Example (uncompressing a key):
2317
- *
2318
- * ```js
2319
- * const {
2320
- * createECDH,
2321
- * ECDH,
2322
- * } = await import('node:crypto');
2323
- *
2324
- * const ecdh = createECDH('secp256k1');
2325
- * ecdh.generateKeys();
2326
- *
2327
- * const compressedKey = ecdh.getPublicKey('hex', 'compressed');
2328
- *
2329
- * const uncompressedKey = ECDH.convertKey(compressedKey,
2330
- * 'secp256k1',
2331
- * 'hex',
2332
- * 'hex',
2333
- * 'uncompressed');
2334
- *
2335
- * // The converted key and the uncompressed public key should be the same
2336
- * console.log(uncompressedKey === ecdh.getPublicKey('hex'));
2337
- * ```
2338
- * @since v10.0.0
2339
- * @param inputEncoding The `encoding` of the `key` string.
2340
- * @param outputEncoding The `encoding` of the return value.
2341
- * @param [format='uncompressed']
2342
- */
2343
- static convertKey(
2344
- key: BinaryLike,
2345
- curve: string,
2346
- inputEncoding?: BinaryToTextEncoding,
2347
- outputEncoding?: "latin1" | "hex" | "base64" | "base64url",
2348
- format?: "uncompressed" | "compressed" | "hybrid",
2349
- ): Buffer | string;
2350
- /**
2351
- * Generates private and public EC Diffie-Hellman key values, and returns
2352
- * the public key in the specified `format` and `encoding`. This key should be
2353
- * transferred to the other party.
2354
- *
2355
- * The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified, the point will be returned in`'uncompressed'` format.
2356
- *
2357
- * If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
2358
- * @since v0.11.14
2359
- * @param encoding The `encoding` of the return value.
2360
- * @param [format='uncompressed']
2361
- */
2362
- generateKeys(): Buffer;
2363
- generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
2364
- /**
2365
- * Computes the shared secret using `otherPublicKey` as the other
2366
- * party's public key and returns the computed shared secret. The supplied
2367
- * key is interpreted using specified `inputEncoding`, and the returned secret
2368
- * is encoded using the specified `outputEncoding`.
2369
- * If the `inputEncoding` is not
2370
- * provided, `otherPublicKey` is expected to be a `Buffer`, `TypedArray`, or`DataView`.
2371
- *
2372
- * If `outputEncoding` is given a string will be returned; otherwise a `Buffer` is returned.
2373
- *
2374
- * `ecdh.computeSecret` will throw an`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when `otherPublicKey`lies outside of the elliptic curve. Since `otherPublicKey` is
2375
- * usually supplied from a remote user over an insecure network,
2376
- * be sure to handle this exception accordingly.
2377
- * @since v0.11.14
2378
- * @param inputEncoding The `encoding` of the `otherPublicKey` string.
2379
- * @param outputEncoding The `encoding` of the return value.
2380
- */
2381
- computeSecret(otherPublicKey: NodeJS.ArrayBufferView): Buffer;
2382
- computeSecret(otherPublicKey: string, inputEncoding: BinaryToTextEncoding): Buffer;
2383
- computeSecret(otherPublicKey: NodeJS.ArrayBufferView, outputEncoding: BinaryToTextEncoding): string;
2384
- computeSecret(
2385
- otherPublicKey: string,
2386
- inputEncoding: BinaryToTextEncoding,
2387
- outputEncoding: BinaryToTextEncoding,
2388
- ): string;
2389
- /**
2390
- * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
2391
- * returned.
2392
- * @since v0.11.14
2393
- * @param encoding The `encoding` of the return value.
2394
- * @return The EC Diffie-Hellman in the specified `encoding`.
2395
- */
2396
- getPrivateKey(): Buffer;
2397
- getPrivateKey(encoding: BinaryToTextEncoding): string;
2398
- /**
2399
- * The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
2400
- *
2401
- * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
2402
- * returned.
2403
- * @since v0.11.14
2404
- * @param encoding The `encoding` of the return value.
2405
- * @param [format='uncompressed']
2406
- * @return The EC Diffie-Hellman public key in the specified `encoding` and `format`.
2407
- */
2408
- getPublicKey(encoding?: null, format?: ECDHKeyFormat): Buffer;
2409
- getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
2410
- /**
2411
- * Sets the EC Diffie-Hellman private key.
2412
- * If `encoding` is provided, `privateKey` is expected
2413
- * to be a string; otherwise `privateKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
2414
- *
2415
- * If `privateKey` is not valid for the curve specified when the `ECDH` object was
2416
- * created, an error is thrown. Upon setting the private key, the associated
2417
- * public point (key) is also generated and set in the `ECDH` object.
2418
- * @since v0.11.14
2419
- * @param encoding The `encoding` of the `privateKey` string.
2420
- */
2421
- setPrivateKey(privateKey: NodeJS.ArrayBufferView): void;
2422
- setPrivateKey(privateKey: string, encoding: BinaryToTextEncoding): void;
2423
- }
2424
- /**
2425
- * Creates an Elliptic Curve Diffie-Hellman (`ECDH`) key exchange object using a
2426
- * predefined curve specified by the `curveName` string. Use {@link getCurves} to obtain a list of available curve names. On recent
2427
- * OpenSSL releases, `openssl ecparam -list_curves` will also display the name
2428
- * and description of each available elliptic curve.
2429
- * @since v0.11.14
2430
- */
2431
- function createECDH(curveName: string): ECDH;
2432
- /**
2433
- * This function compares the underlying bytes that represent the given`ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time
2434
- * algorithm.
2435
- *
2436
- * This function does not leak timing information that
2437
- * would allow an attacker to guess one of the values. This is suitable for
2438
- * comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/).
2439
- *
2440
- * `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they
2441
- * must have the same byte length. An error is thrown if `a` and `b` have
2442
- * different byte lengths.
2443
- *
2444
- * If at least one of `a` and `b` is a `TypedArray` with more than one byte per
2445
- * entry, such as `Uint16Array`, the result will be computed using the platform
2446
- * byte order.
2447
- *
2448
- * **When both of the inputs are `Float32Array`s or`Float64Array`s, this function might return unexpected results due to IEEE 754**
2449
- * **encoding of floating-point numbers. In particular, neither `x === y` nor`Object.is(x, y)` implies that the byte representations of two floating-point**
2450
- * **numbers `x` and `y` are equal.**
2451
- *
2452
- * Use of `crypto.timingSafeEqual` does not guarantee that the _surrounding_ code
2453
- * is timing-safe. Care should be taken to ensure that the surrounding code does
2454
- * not introduce timing vulnerabilities.
2455
- * @since v6.6.0
2456
- */
2457
- function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
2458
- type KeyType = "rsa" | "rsa-pss" | "dsa" | "ec" | "ed25519" | "ed448" | "x25519" | "x448";
2459
- type KeyFormat = "pem" | "der" | "jwk";
2460
- interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
2461
- format: T;
2462
- cipher?: string | undefined;
2463
- passphrase?: string | undefined;
2464
- }
2465
- interface KeyPairKeyObjectResult {
2466
- publicKey: KeyObject;
2467
- privateKey: KeyObject;
2468
- }
2469
- interface ED25519KeyPairKeyObjectOptions {}
2470
- interface ED448KeyPairKeyObjectOptions {}
2471
- interface X25519KeyPairKeyObjectOptions {}
2472
- interface X448KeyPairKeyObjectOptions {}
2473
- interface ECKeyPairKeyObjectOptions {
2474
- /**
2475
- * Name of the curve to use
2476
- */
2477
- namedCurve: string;
2478
- }
2479
- interface RSAKeyPairKeyObjectOptions {
2480
- /**
2481
- * Key size in bits
2482
- */
2483
- modulusLength: number;
2484
- /**
2485
- * Public exponent
2486
- * @default 0x10001
2487
- */
2488
- publicExponent?: number | undefined;
2489
- }
2490
- interface RSAPSSKeyPairKeyObjectOptions {
2491
- /**
2492
- * Key size in bits
2493
- */
2494
- modulusLength: number;
2495
- /**
2496
- * Public exponent
2497
- * @default 0x10001
2498
- */
2499
- publicExponent?: number | undefined;
2500
- /**
2501
- * Name of the message digest
2502
- */
2503
- hashAlgorithm?: string;
2504
- /**
2505
- * Name of the message digest used by MGF1
2506
- */
2507
- mgf1HashAlgorithm?: string;
2508
- /**
2509
- * Minimal salt length in bytes
2510
- */
2511
- saltLength?: string;
2512
- }
2513
- interface DSAKeyPairKeyObjectOptions {
2514
- /**
2515
- * Key size in bits
2516
- */
2517
- modulusLength: number;
2518
- /**
2519
- * Size of q in bits
2520
- */
2521
- divisorLength: number;
2522
- }
2523
- interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2524
- /**
2525
- * Key size in bits
2526
- */
2527
- modulusLength: number;
2528
- /**
2529
- * Public exponent
2530
- * @default 0x10001
2531
- */
2532
- publicExponent?: number | undefined;
2533
- publicKeyEncoding: {
2534
- type: "pkcs1" | "spki";
2535
- format: PubF;
2536
- };
2537
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2538
- type: "pkcs1" | "pkcs8";
2539
- };
2540
- }
2541
- interface RSAPSSKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2542
- /**
2543
- * Key size in bits
2544
- */
2545
- modulusLength: number;
2546
- /**
2547
- * Public exponent
2548
- * @default 0x10001
2549
- */
2550
- publicExponent?: number | undefined;
2551
- /**
2552
- * Name of the message digest
2553
- */
2554
- hashAlgorithm?: string;
2555
- /**
2556
- * Name of the message digest used by MGF1
2557
- */
2558
- mgf1HashAlgorithm?: string;
2559
- /**
2560
- * Minimal salt length in bytes
2561
- */
2562
- saltLength?: string;
2563
- publicKeyEncoding: {
2564
- type: "spki";
2565
- format: PubF;
2566
- };
2567
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2568
- type: "pkcs8";
2569
- };
2570
- }
2571
- interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2572
- /**
2573
- * Key size in bits
2574
- */
2575
- modulusLength: number;
2576
- /**
2577
- * Size of q in bits
2578
- */
2579
- divisorLength: number;
2580
- publicKeyEncoding: {
2581
- type: "spki";
2582
- format: PubF;
2583
- };
2584
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2585
- type: "pkcs8";
2586
- };
2587
- }
2588
- interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2589
- /**
2590
- * Name of the curve to use.
2591
- */
2592
- namedCurve: string;
2593
- publicKeyEncoding: {
2594
- type: "pkcs1" | "spki";
2595
- format: PubF;
2596
- };
2597
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2598
- type: "sec1" | "pkcs8";
2599
- };
2600
- }
2601
- interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2602
- publicKeyEncoding: {
2603
- type: "spki";
2604
- format: PubF;
2605
- };
2606
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2607
- type: "pkcs8";
2608
- };
2609
- }
2610
- interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2611
- publicKeyEncoding: {
2612
- type: "spki";
2613
- format: PubF;
2614
- };
2615
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2616
- type: "pkcs8";
2617
- };
2618
- }
2619
- interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2620
- publicKeyEncoding: {
2621
- type: "spki";
2622
- format: PubF;
2623
- };
2624
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2625
- type: "pkcs8";
2626
- };
2627
- }
2628
- interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
2629
- publicKeyEncoding: {
2630
- type: "spki";
2631
- format: PubF;
2632
- };
2633
- privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
2634
- type: "pkcs8";
2635
- };
2636
- }
2637
- interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
2638
- publicKey: T1;
2639
- privateKey: T2;
2640
- }
2641
- /**
2642
- * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
2643
- * Ed25519, Ed448, X25519, X448, and DH are currently supported.
2644
- *
2645
- * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
2646
- * behaves as if `keyObject.export()` had been called on its result. Otherwise,
2647
- * the respective part of the key is returned as a `KeyObject`.
2648
- *
2649
- * When encoding public keys, it is recommended to use `'spki'`. When encoding
2650
- * private keys, it is recommended to use `'pkcs8'` with a strong passphrase,
2651
- * and to keep the passphrase confidential.
2652
- *
2653
- * ```js
2654
- * const {
2655
- * generateKeyPairSync,
2656
- * } = await import('node:crypto');
2657
- *
2658
- * const {
2659
- * publicKey,
2660
- * privateKey,
2661
- * } = generateKeyPairSync('rsa', {
2662
- * modulusLength: 4096,
2663
- * publicKeyEncoding: {
2664
- * type: 'spki',
2665
- * format: 'pem',
2666
- * },
2667
- * privateKeyEncoding: {
2668
- * type: 'pkcs8',
2669
- * format: 'pem',
2670
- * cipher: 'aes-256-cbc',
2671
- * passphrase: 'top secret',
2672
- * },
2673
- * });
2674
- * ```
2675
- *
2676
- * The return value `{ publicKey, privateKey }` represents the generated key pair.
2677
- * When PEM encoding was selected, the respective key will be a string, otherwise
2678
- * it will be a buffer containing the data encoded as DER.
2679
- * @since v10.12.0
2680
- * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
2681
- */
2682
- function generateKeyPairSync(
2683
- type: "rsa",
2684
- options: RSAKeyPairOptions<"pem", "pem">,
2685
- ): KeyPairSyncResult<string, string>;
2686
- function generateKeyPairSync(
2687
- type: "rsa",
2688
- options: RSAKeyPairOptions<"pem", "der">,
2689
- ): KeyPairSyncResult<string, Buffer>;
2690
- function generateKeyPairSync(
2691
- type: "rsa",
2692
- options: RSAKeyPairOptions<"der", "pem">,
2693
- ): KeyPairSyncResult<Buffer, string>;
2694
- function generateKeyPairSync(
2695
- type: "rsa",
2696
- options: RSAKeyPairOptions<"der", "der">,
2697
- ): KeyPairSyncResult<Buffer, Buffer>;
2698
- function generateKeyPairSync(type: "rsa", options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2699
- function generateKeyPairSync(
2700
- type: "rsa-pss",
2701
- options: RSAPSSKeyPairOptions<"pem", "pem">,
2702
- ): KeyPairSyncResult<string, string>;
2703
- function generateKeyPairSync(
2704
- type: "rsa-pss",
2705
- options: RSAPSSKeyPairOptions<"pem", "der">,
2706
- ): KeyPairSyncResult<string, Buffer>;
2707
- function generateKeyPairSync(
2708
- type: "rsa-pss",
2709
- options: RSAPSSKeyPairOptions<"der", "pem">,
2710
- ): KeyPairSyncResult<Buffer, string>;
2711
- function generateKeyPairSync(
2712
- type: "rsa-pss",
2713
- options: RSAPSSKeyPairOptions<"der", "der">,
2714
- ): KeyPairSyncResult<Buffer, Buffer>;
2715
- function generateKeyPairSync(type: "rsa-pss", options: RSAPSSKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2716
- function generateKeyPairSync(
2717
- type: "dsa",
2718
- options: DSAKeyPairOptions<"pem", "pem">,
2719
- ): KeyPairSyncResult<string, string>;
2720
- function generateKeyPairSync(
2721
- type: "dsa",
2722
- options: DSAKeyPairOptions<"pem", "der">,
2723
- ): KeyPairSyncResult<string, Buffer>;
2724
- function generateKeyPairSync(
2725
- type: "dsa",
2726
- options: DSAKeyPairOptions<"der", "pem">,
2727
- ): KeyPairSyncResult<Buffer, string>;
2728
- function generateKeyPairSync(
2729
- type: "dsa",
2730
- options: DSAKeyPairOptions<"der", "der">,
2731
- ): KeyPairSyncResult<Buffer, Buffer>;
2732
- function generateKeyPairSync(type: "dsa", options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2733
- function generateKeyPairSync(
2734
- type: "ec",
2735
- options: ECKeyPairOptions<"pem", "pem">,
2736
- ): KeyPairSyncResult<string, string>;
2737
- function generateKeyPairSync(
2738
- type: "ec",
2739
- options: ECKeyPairOptions<"pem", "der">,
2740
- ): KeyPairSyncResult<string, Buffer>;
2741
- function generateKeyPairSync(
2742
- type: "ec",
2743
- options: ECKeyPairOptions<"der", "pem">,
2744
- ): KeyPairSyncResult<Buffer, string>;
2745
- function generateKeyPairSync(
2746
- type: "ec",
2747
- options: ECKeyPairOptions<"der", "der">,
2748
- ): KeyPairSyncResult<Buffer, Buffer>;
2749
- function generateKeyPairSync(type: "ec", options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2750
- function generateKeyPairSync(
2751
- type: "ed25519",
2752
- options: ED25519KeyPairOptions<"pem", "pem">,
2753
- ): KeyPairSyncResult<string, string>;
2754
- function generateKeyPairSync(
2755
- type: "ed25519",
2756
- options: ED25519KeyPairOptions<"pem", "der">,
2757
- ): KeyPairSyncResult<string, Buffer>;
2758
- function generateKeyPairSync(
2759
- type: "ed25519",
2760
- options: ED25519KeyPairOptions<"der", "pem">,
2761
- ): KeyPairSyncResult<Buffer, string>;
2762
- function generateKeyPairSync(
2763
- type: "ed25519",
2764
- options: ED25519KeyPairOptions<"der", "der">,
2765
- ): KeyPairSyncResult<Buffer, Buffer>;
2766
- function generateKeyPairSync(type: "ed25519", options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2767
- function generateKeyPairSync(
2768
- type: "ed448",
2769
- options: ED448KeyPairOptions<"pem", "pem">,
2770
- ): KeyPairSyncResult<string, string>;
2771
- function generateKeyPairSync(
2772
- type: "ed448",
2773
- options: ED448KeyPairOptions<"pem", "der">,
2774
- ): KeyPairSyncResult<string, Buffer>;
2775
- function generateKeyPairSync(
2776
- type: "ed448",
2777
- options: ED448KeyPairOptions<"der", "pem">,
2778
- ): KeyPairSyncResult<Buffer, string>;
2779
- function generateKeyPairSync(
2780
- type: "ed448",
2781
- options: ED448KeyPairOptions<"der", "der">,
2782
- ): KeyPairSyncResult<Buffer, Buffer>;
2783
- function generateKeyPairSync(type: "ed448", options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2784
- function generateKeyPairSync(
2785
- type: "x25519",
2786
- options: X25519KeyPairOptions<"pem", "pem">,
2787
- ): KeyPairSyncResult<string, string>;
2788
- function generateKeyPairSync(
2789
- type: "x25519",
2790
- options: X25519KeyPairOptions<"pem", "der">,
2791
- ): KeyPairSyncResult<string, Buffer>;
2792
- function generateKeyPairSync(
2793
- type: "x25519",
2794
- options: X25519KeyPairOptions<"der", "pem">,
2795
- ): KeyPairSyncResult<Buffer, string>;
2796
- function generateKeyPairSync(
2797
- type: "x25519",
2798
- options: X25519KeyPairOptions<"der", "der">,
2799
- ): KeyPairSyncResult<Buffer, Buffer>;
2800
- function generateKeyPairSync(type: "x25519", options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2801
- function generateKeyPairSync(
2802
- type: "x448",
2803
- options: X448KeyPairOptions<"pem", "pem">,
2804
- ): KeyPairSyncResult<string, string>;
2805
- function generateKeyPairSync(
2806
- type: "x448",
2807
- options: X448KeyPairOptions<"pem", "der">,
2808
- ): KeyPairSyncResult<string, Buffer>;
2809
- function generateKeyPairSync(
2810
- type: "x448",
2811
- options: X448KeyPairOptions<"der", "pem">,
2812
- ): KeyPairSyncResult<Buffer, string>;
2813
- function generateKeyPairSync(
2814
- type: "x448",
2815
- options: X448KeyPairOptions<"der", "der">,
2816
- ): KeyPairSyncResult<Buffer, Buffer>;
2817
- function generateKeyPairSync(type: "x448", options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
2818
- /**
2819
- * Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
2820
- * Ed25519, Ed448, X25519, X448, and DH are currently supported.
2821
- *
2822
- * If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
2823
- * behaves as if `keyObject.export()` had been called on its result. Otherwise,
2824
- * the respective part of the key is returned as a `KeyObject`.
2825
- *
2826
- * It is recommended to encode public keys as `'spki'` and private keys as`'pkcs8'` with encryption for long-term storage:
2827
- *
2828
- * ```js
2829
- * const {
2830
- * generateKeyPair,
2831
- * } = await import('node:crypto');
2832
- *
2833
- * generateKeyPair('rsa', {
2834
- * modulusLength: 4096,
2835
- * publicKeyEncoding: {
2836
- * type: 'spki',
2837
- * format: 'pem',
2838
- * },
2839
- * privateKeyEncoding: {
2840
- * type: 'pkcs8',
2841
- * format: 'pem',
2842
- * cipher: 'aes-256-cbc',
2843
- * passphrase: 'top secret',
2844
- * },
2845
- * }, (err, publicKey, privateKey) => {
2846
- * // Handle errors and use the generated key pair.
2847
- * });
2848
- * ```
2849
- *
2850
- * On completion, `callback` will be called with `err` set to `undefined` and`publicKey` / `privateKey` representing the generated key pair.
2851
- *
2852
- * If this method is invoked as its `util.promisify()` ed version, it returns
2853
- * a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
2854
- * @since v10.12.0
2855
- * @param type Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
2856
- */
2857
- function generateKeyPair(
2858
- type: "rsa",
2859
- options: RSAKeyPairOptions<"pem", "pem">,
2860
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2861
- ): void;
2862
- function generateKeyPair(
2863
- type: "rsa",
2864
- options: RSAKeyPairOptions<"pem", "der">,
2865
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2866
- ): void;
2867
- function generateKeyPair(
2868
- type: "rsa",
2869
- options: RSAKeyPairOptions<"der", "pem">,
2870
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2871
- ): void;
2872
- function generateKeyPair(
2873
- type: "rsa",
2874
- options: RSAKeyPairOptions<"der", "der">,
2875
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2876
- ): void;
2877
- function generateKeyPair(
2878
- type: "rsa",
2879
- options: RSAKeyPairKeyObjectOptions,
2880
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2881
- ): void;
2882
- function generateKeyPair(
2883
- type: "rsa-pss",
2884
- options: RSAPSSKeyPairOptions<"pem", "pem">,
2885
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2886
- ): void;
2887
- function generateKeyPair(
2888
- type: "rsa-pss",
2889
- options: RSAPSSKeyPairOptions<"pem", "der">,
2890
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2891
- ): void;
2892
- function generateKeyPair(
2893
- type: "rsa-pss",
2894
- options: RSAPSSKeyPairOptions<"der", "pem">,
2895
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2896
- ): void;
2897
- function generateKeyPair(
2898
- type: "rsa-pss",
2899
- options: RSAPSSKeyPairOptions<"der", "der">,
2900
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2901
- ): void;
2902
- function generateKeyPair(
2903
- type: "rsa-pss",
2904
- options: RSAPSSKeyPairKeyObjectOptions,
2905
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2906
- ): void;
2907
- function generateKeyPair(
2908
- type: "dsa",
2909
- options: DSAKeyPairOptions<"pem", "pem">,
2910
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2911
- ): void;
2912
- function generateKeyPair(
2913
- type: "dsa",
2914
- options: DSAKeyPairOptions<"pem", "der">,
2915
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2916
- ): void;
2917
- function generateKeyPair(
2918
- type: "dsa",
2919
- options: DSAKeyPairOptions<"der", "pem">,
2920
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2921
- ): void;
2922
- function generateKeyPair(
2923
- type: "dsa",
2924
- options: DSAKeyPairOptions<"der", "der">,
2925
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2926
- ): void;
2927
- function generateKeyPair(
2928
- type: "dsa",
2929
- options: DSAKeyPairKeyObjectOptions,
2930
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2931
- ): void;
2932
- function generateKeyPair(
2933
- type: "ec",
2934
- options: ECKeyPairOptions<"pem", "pem">,
2935
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2936
- ): void;
2937
- function generateKeyPair(
2938
- type: "ec",
2939
- options: ECKeyPairOptions<"pem", "der">,
2940
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2941
- ): void;
2942
- function generateKeyPair(
2943
- type: "ec",
2944
- options: ECKeyPairOptions<"der", "pem">,
2945
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2946
- ): void;
2947
- function generateKeyPair(
2948
- type: "ec",
2949
- options: ECKeyPairOptions<"der", "der">,
2950
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2951
- ): void;
2952
- function generateKeyPair(
2953
- type: "ec",
2954
- options: ECKeyPairKeyObjectOptions,
2955
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2956
- ): void;
2957
- function generateKeyPair(
2958
- type: "ed25519",
2959
- options: ED25519KeyPairOptions<"pem", "pem">,
2960
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2961
- ): void;
2962
- function generateKeyPair(
2963
- type: "ed25519",
2964
- options: ED25519KeyPairOptions<"pem", "der">,
2965
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2966
- ): void;
2967
- function generateKeyPair(
2968
- type: "ed25519",
2969
- options: ED25519KeyPairOptions<"der", "pem">,
2970
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2971
- ): void;
2972
- function generateKeyPair(
2973
- type: "ed25519",
2974
- options: ED25519KeyPairOptions<"der", "der">,
2975
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
2976
- ): void;
2977
- function generateKeyPair(
2978
- type: "ed25519",
2979
- options: ED25519KeyPairKeyObjectOptions | undefined,
2980
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
2981
- ): void;
2982
- function generateKeyPair(
2983
- type: "ed448",
2984
- options: ED448KeyPairOptions<"pem", "pem">,
2985
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
2986
- ): void;
2987
- function generateKeyPair(
2988
- type: "ed448",
2989
- options: ED448KeyPairOptions<"pem", "der">,
2990
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
2991
- ): void;
2992
- function generateKeyPair(
2993
- type: "ed448",
2994
- options: ED448KeyPairOptions<"der", "pem">,
2995
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
2996
- ): void;
2997
- function generateKeyPair(
2998
- type: "ed448",
2999
- options: ED448KeyPairOptions<"der", "der">,
3000
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
3001
- ): void;
3002
- function generateKeyPair(
3003
- type: "ed448",
3004
- options: ED448KeyPairKeyObjectOptions | undefined,
3005
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
3006
- ): void;
3007
- function generateKeyPair(
3008
- type: "x25519",
3009
- options: X25519KeyPairOptions<"pem", "pem">,
3010
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
3011
- ): void;
3012
- function generateKeyPair(
3013
- type: "x25519",
3014
- options: X25519KeyPairOptions<"pem", "der">,
3015
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
3016
- ): void;
3017
- function generateKeyPair(
3018
- type: "x25519",
3019
- options: X25519KeyPairOptions<"der", "pem">,
3020
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
3021
- ): void;
3022
- function generateKeyPair(
3023
- type: "x25519",
3024
- options: X25519KeyPairOptions<"der", "der">,
3025
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
3026
- ): void;
3027
- function generateKeyPair(
3028
- type: "x25519",
3029
- options: X25519KeyPairKeyObjectOptions | undefined,
3030
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
3031
- ): void;
3032
- function generateKeyPair(
3033
- type: "x448",
3034
- options: X448KeyPairOptions<"pem", "pem">,
3035
- callback: (err: Error | null, publicKey: string, privateKey: string) => void,
3036
- ): void;
3037
- function generateKeyPair(
3038
- type: "x448",
3039
- options: X448KeyPairOptions<"pem", "der">,
3040
- callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
3041
- ): void;
3042
- function generateKeyPair(
3043
- type: "x448",
3044
- options: X448KeyPairOptions<"der", "pem">,
3045
- callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
3046
- ): void;
3047
- function generateKeyPair(
3048
- type: "x448",
3049
- options: X448KeyPairOptions<"der", "der">,
3050
- callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
3051
- ): void;
3052
- function generateKeyPair(
3053
- type: "x448",
3054
- options: X448KeyPairKeyObjectOptions | undefined,
3055
- callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
3056
- ): void;
3057
- namespace generateKeyPair {
3058
- function __promisify__(
3059
- type: "rsa",
3060
- options: RSAKeyPairOptions<"pem", "pem">,
3061
- ): Promise<{
3062
- publicKey: string;
3063
- privateKey: string;
3064
- }>;
3065
- function __promisify__(
3066
- type: "rsa",
3067
- options: RSAKeyPairOptions<"pem", "der">,
3068
- ): Promise<{
3069
- publicKey: string;
3070
- privateKey: Buffer;
3071
- }>;
3072
- function __promisify__(
3073
- type: "rsa",
3074
- options: RSAKeyPairOptions<"der", "pem">,
3075
- ): Promise<{
3076
- publicKey: Buffer;
3077
- privateKey: string;
3078
- }>;
3079
- function __promisify__(
3080
- type: "rsa",
3081
- options: RSAKeyPairOptions<"der", "der">,
3082
- ): Promise<{
3083
- publicKey: Buffer;
3084
- privateKey: Buffer;
3085
- }>;
3086
- function __promisify__(type: "rsa", options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3087
- function __promisify__(
3088
- type: "rsa-pss",
3089
- options: RSAPSSKeyPairOptions<"pem", "pem">,
3090
- ): Promise<{
3091
- publicKey: string;
3092
- privateKey: string;
3093
- }>;
3094
- function __promisify__(
3095
- type: "rsa-pss",
3096
- options: RSAPSSKeyPairOptions<"pem", "der">,
3097
- ): Promise<{
3098
- publicKey: string;
3099
- privateKey: Buffer;
3100
- }>;
3101
- function __promisify__(
3102
- type: "rsa-pss",
3103
- options: RSAPSSKeyPairOptions<"der", "pem">,
3104
- ): Promise<{
3105
- publicKey: Buffer;
3106
- privateKey: string;
3107
- }>;
3108
- function __promisify__(
3109
- type: "rsa-pss",
3110
- options: RSAPSSKeyPairOptions<"der", "der">,
3111
- ): Promise<{
3112
- publicKey: Buffer;
3113
- privateKey: Buffer;
3114
- }>;
3115
- function __promisify__(
3116
- type: "rsa-pss",
3117
- options: RSAPSSKeyPairKeyObjectOptions,
3118
- ): Promise<KeyPairKeyObjectResult>;
3119
- function __promisify__(
3120
- type: "dsa",
3121
- options: DSAKeyPairOptions<"pem", "pem">,
3122
- ): Promise<{
3123
- publicKey: string;
3124
- privateKey: string;
3125
- }>;
3126
- function __promisify__(
3127
- type: "dsa",
3128
- options: DSAKeyPairOptions<"pem", "der">,
3129
- ): Promise<{
3130
- publicKey: string;
3131
- privateKey: Buffer;
3132
- }>;
3133
- function __promisify__(
3134
- type: "dsa",
3135
- options: DSAKeyPairOptions<"der", "pem">,
3136
- ): Promise<{
3137
- publicKey: Buffer;
3138
- privateKey: string;
3139
- }>;
3140
- function __promisify__(
3141
- type: "dsa",
3142
- options: DSAKeyPairOptions<"der", "der">,
3143
- ): Promise<{
3144
- publicKey: Buffer;
3145
- privateKey: Buffer;
3146
- }>;
3147
- function __promisify__(type: "dsa", options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3148
- function __promisify__(
3149
- type: "ec",
3150
- options: ECKeyPairOptions<"pem", "pem">,
3151
- ): Promise<{
3152
- publicKey: string;
3153
- privateKey: string;
3154
- }>;
3155
- function __promisify__(
3156
- type: "ec",
3157
- options: ECKeyPairOptions<"pem", "der">,
3158
- ): Promise<{
3159
- publicKey: string;
3160
- privateKey: Buffer;
3161
- }>;
3162
- function __promisify__(
3163
- type: "ec",
3164
- options: ECKeyPairOptions<"der", "pem">,
3165
- ): Promise<{
3166
- publicKey: Buffer;
3167
- privateKey: string;
3168
- }>;
3169
- function __promisify__(
3170
- type: "ec",
3171
- options: ECKeyPairOptions<"der", "der">,
3172
- ): Promise<{
3173
- publicKey: Buffer;
3174
- privateKey: Buffer;
3175
- }>;
3176
- function __promisify__(type: "ec", options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3177
- function __promisify__(
3178
- type: "ed25519",
3179
- options: ED25519KeyPairOptions<"pem", "pem">,
3180
- ): Promise<{
3181
- publicKey: string;
3182
- privateKey: string;
3183
- }>;
3184
- function __promisify__(
3185
- type: "ed25519",
3186
- options: ED25519KeyPairOptions<"pem", "der">,
3187
- ): Promise<{
3188
- publicKey: string;
3189
- privateKey: Buffer;
3190
- }>;
3191
- function __promisify__(
3192
- type: "ed25519",
3193
- options: ED25519KeyPairOptions<"der", "pem">,
3194
- ): Promise<{
3195
- publicKey: Buffer;
3196
- privateKey: string;
3197
- }>;
3198
- function __promisify__(
3199
- type: "ed25519",
3200
- options: ED25519KeyPairOptions<"der", "der">,
3201
- ): Promise<{
3202
- publicKey: Buffer;
3203
- privateKey: Buffer;
3204
- }>;
3205
- function __promisify__(
3206
- type: "ed25519",
3207
- options?: ED25519KeyPairKeyObjectOptions,
3208
- ): Promise<KeyPairKeyObjectResult>;
3209
- function __promisify__(
3210
- type: "ed448",
3211
- options: ED448KeyPairOptions<"pem", "pem">,
3212
- ): Promise<{
3213
- publicKey: string;
3214
- privateKey: string;
3215
- }>;
3216
- function __promisify__(
3217
- type: "ed448",
3218
- options: ED448KeyPairOptions<"pem", "der">,
3219
- ): Promise<{
3220
- publicKey: string;
3221
- privateKey: Buffer;
3222
- }>;
3223
- function __promisify__(
3224
- type: "ed448",
3225
- options: ED448KeyPairOptions<"der", "pem">,
3226
- ): Promise<{
3227
- publicKey: Buffer;
3228
- privateKey: string;
3229
- }>;
3230
- function __promisify__(
3231
- type: "ed448",
3232
- options: ED448KeyPairOptions<"der", "der">,
3233
- ): Promise<{
3234
- publicKey: Buffer;
3235
- privateKey: Buffer;
3236
- }>;
3237
- function __promisify__(type: "ed448", options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3238
- function __promisify__(
3239
- type: "x25519",
3240
- options: X25519KeyPairOptions<"pem", "pem">,
3241
- ): Promise<{
3242
- publicKey: string;
3243
- privateKey: string;
3244
- }>;
3245
- function __promisify__(
3246
- type: "x25519",
3247
- options: X25519KeyPairOptions<"pem", "der">,
3248
- ): Promise<{
3249
- publicKey: string;
3250
- privateKey: Buffer;
3251
- }>;
3252
- function __promisify__(
3253
- type: "x25519",
3254
- options: X25519KeyPairOptions<"der", "pem">,
3255
- ): Promise<{
3256
- publicKey: Buffer;
3257
- privateKey: string;
3258
- }>;
3259
- function __promisify__(
3260
- type: "x25519",
3261
- options: X25519KeyPairOptions<"der", "der">,
3262
- ): Promise<{
3263
- publicKey: Buffer;
3264
- privateKey: Buffer;
3265
- }>;
3266
- function __promisify__(
3267
- type: "x25519",
3268
- options?: X25519KeyPairKeyObjectOptions,
3269
- ): Promise<KeyPairKeyObjectResult>;
3270
- function __promisify__(
3271
- type: "x448",
3272
- options: X448KeyPairOptions<"pem", "pem">,
3273
- ): Promise<{
3274
- publicKey: string;
3275
- privateKey: string;
3276
- }>;
3277
- function __promisify__(
3278
- type: "x448",
3279
- options: X448KeyPairOptions<"pem", "der">,
3280
- ): Promise<{
3281
- publicKey: string;
3282
- privateKey: Buffer;
3283
- }>;
3284
- function __promisify__(
3285
- type: "x448",
3286
- options: X448KeyPairOptions<"der", "pem">,
3287
- ): Promise<{
3288
- publicKey: Buffer;
3289
- privateKey: string;
3290
- }>;
3291
- function __promisify__(
3292
- type: "x448",
3293
- options: X448KeyPairOptions<"der", "der">,
3294
- ): Promise<{
3295
- publicKey: Buffer;
3296
- privateKey: Buffer;
3297
- }>;
3298
- function __promisify__(type: "x448", options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
3299
- }
3300
- /**
3301
- * Calculates and returns the signature for `data` using the given private key and
3302
- * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
3303
- * dependent upon the key type (especially Ed25519 and Ed448).
3304
- *
3305
- * If `key` is not a `KeyObject`, this function behaves as if `key` had been
3306
- * passed to {@link createPrivateKey}. If it is an object, the following
3307
- * additional properties can be passed:
3308
- *
3309
- * If the `callback` function is provided this function uses libuv's threadpool.
3310
- * @since v12.0.0
3311
- */
3312
- function sign(
3313
- algorithm: string | null | undefined,
3314
- data: NodeJS.ArrayBufferView,
3315
- key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
3316
- ): Buffer;
3317
- function sign(
3318
- algorithm: string | null | undefined,
3319
- data: NodeJS.ArrayBufferView,
3320
- key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
3321
- callback: (error: Error | null, data: Buffer) => void,
3322
- ): void;
3323
- /**
3324
- * Verifies the given signature for `data` using the given key and algorithm. If`algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
3325
- * key type (especially Ed25519 and Ed448).
3326
- *
3327
- * If `key` is not a `KeyObject`, this function behaves as if `key` had been
3328
- * passed to {@link createPublicKey}. If it is an object, the following
3329
- * additional properties can be passed:
3330
- *
3331
- * The `signature` argument is the previously calculated signature for the `data`.
3332
- *
3333
- * Because public keys can be derived from private keys, a private key or a public
3334
- * key may be passed for `key`.
3335
- *
3336
- * If the `callback` function is provided this function uses libuv's threadpool.
3337
- * @since v12.0.0
3338
- */
3339
- function verify(
3340
- algorithm: string | null | undefined,
3341
- data: NodeJS.ArrayBufferView,
3342
- key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
3343
- signature: NodeJS.ArrayBufferView,
3344
- ): boolean;
3345
- function verify(
3346
- algorithm: string | null | undefined,
3347
- data: NodeJS.ArrayBufferView,
3348
- key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput | VerifyJsonWebKeyInput,
3349
- signature: NodeJS.ArrayBufferView,
3350
- callback: (error: Error | null, result: boolean) => void,
3351
- ): void;
3352
- /**
3353
- * Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
3354
- * Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'`(for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
3355
- * @since v13.9.0, v12.17.0
3356
- */
3357
- function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
3358
- type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
3359
- interface CipherInfoOptions {
3360
- /**
3361
- * A test key length.
3362
- */
3363
- keyLength?: number | undefined;
3364
- /**
3365
- * A test IV length.
3366
- */
3367
- ivLength?: number | undefined;
3368
- }
3369
- interface CipherInfo {
3370
- /**
3371
- * The name of the cipher.
3372
- */
3373
- name: string;
3374
- /**
3375
- * The nid of the cipher.
3376
- */
3377
- nid: number;
3378
- /**
3379
- * The block size of the cipher in bytes.
3380
- * This property is omitted when mode is 'stream'.
3381
- */
3382
- blockSize?: number | undefined;
3383
- /**
3384
- * The expected or default initialization vector length in bytes.
3385
- * This property is omitted if the cipher does not use an initialization vector.
3386
- */
3387
- ivLength?: number | undefined;
3388
- /**
3389
- * The expected or default key length in bytes.
3390
- */
3391
- keyLength: number;
3392
- /**
3393
- * The cipher mode.
3394
- */
3395
- mode: CipherMode;
3396
- }
3397
- /**
3398
- * Returns information about a given cipher.
3399
- *
3400
- * Some ciphers accept variable length keys and initialization vectors. By default,
3401
- * the `crypto.getCipherInfo()` method will return the default values for these
3402
- * ciphers. To test if a given key length or iv length is acceptable for given
3403
- * cipher, use the `keyLength` and `ivLength` options. If the given values are
3404
- * unacceptable, `undefined` will be returned.
3405
- * @since v15.0.0
3406
- * @param nameOrNid The name or nid of the cipher to query.
3407
- */
3408
- function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
3409
- /**
3410
- * HKDF is a simple key derivation function defined in RFC 5869\. The given `ikm`,`salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
3411
- *
3412
- * The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an errors occurs while deriving the key, `err` will be set;
3413
- * otherwise `err` will be `null`. The successfully generated `derivedKey` will
3414
- * be passed to the callback as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). An error will be thrown if any
3415
- * of the input arguments specify invalid values or types.
3416
- *
3417
- * ```js
3418
- * import { Buffer } from 'node:buffer';
3419
- * const {
3420
- * hkdf,
3421
- * } = await import('node:crypto');
3422
- *
3423
- * hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
3424
- * if (err) throw err;
3425
- * console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
3426
- * });
3427
- * ```
3428
- * @since v15.0.0
3429
- * @param digest The digest algorithm to use.
3430
- * @param ikm The input keying material. Must be provided but can be zero-length.
3431
- * @param salt The salt value. Must be provided but can be zero-length.
3432
- * @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
3433
- * @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
3434
- * generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
3435
- */
3436
- function hkdf(
3437
- digest: string,
3438
- irm: BinaryLike | KeyObject,
3439
- salt: BinaryLike,
3440
- info: BinaryLike,
3441
- keylen: number,
3442
- callback: (err: Error | null, derivedKey: ArrayBuffer) => void,
3443
- ): void;
3444
- /**
3445
- * Provides a synchronous HKDF key derivation function as defined in RFC 5869\. The
3446
- * given `ikm`, `salt` and `info` are used with the `digest` to derive a key of`keylen` bytes.
3447
- *
3448
- * The successfully generated `derivedKey` will be returned as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer).
3449
- *
3450
- * An error will be thrown if any of the input arguments specify invalid values or
3451
- * types, or if the derived key cannot be generated.
3452
- *
3453
- * ```js
3454
- * import { Buffer } from 'node:buffer';
3455
- * const {
3456
- * hkdfSync,
3457
- * } = await import('node:crypto');
3458
- *
3459
- * const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
3460
- * console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
3461
- * ```
3462
- * @since v15.0.0
3463
- * @param digest The digest algorithm to use.
3464
- * @param ikm The input keying material. Must be provided but can be zero-length.
3465
- * @param salt The salt value. Must be provided but can be zero-length.
3466
- * @param info Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
3467
- * @param keylen The length of the key to generate. Must be greater than 0. The maximum allowable value is `255` times the number of bytes produced by the selected digest function (e.g. `sha512`
3468
- * generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
3469
- */
3470
- function hkdfSync(
3471
- digest: string,
3472
- ikm: BinaryLike | KeyObject,
3473
- salt: BinaryLike,
3474
- info: BinaryLike,
3475
- keylen: number,
3476
- ): ArrayBuffer;
3477
- interface SecureHeapUsage {
3478
- /**
3479
- * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
3480
- */
3481
- total: number;
3482
- /**
3483
- * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
3484
- */
3485
- min: number;
3486
- /**
3487
- * The total number of bytes currently allocated from the secure heap.
3488
- */
3489
- used: number;
3490
- /**
3491
- * The calculated ratio of `used` to `total` allocated bytes.
3492
- */
3493
- utilization: number;
3494
- }
3495
- /**
3496
- * @since v15.6.0
3497
- */
3498
- function secureHeapUsed(): SecureHeapUsage;
3499
- interface RandomUUIDOptions {
3500
- /**
3501
- * By default, to improve performance,
3502
- * Node.js will pre-emptively generate and persistently cache enough
3503
- * random data to generate up to 128 random UUIDs. To generate a UUID
3504
- * without using the cache, set `disableEntropyCache` to `true`.
3505
- *
3506
- * @default `false`
3507
- */
3508
- disableEntropyCache?: boolean | undefined;
3509
- }
3510
- /**
3511
- * Generates a random [RFC 4122](https://www.rfc-editor.org/rfc/rfc4122.txt) version 4 UUID. The UUID is generated using a
3512
- * cryptographic pseudorandom number generator.
3513
- * @since v15.6.0, v14.17.0
3514
- */
3515
- function randomUUID(options?: RandomUUIDOptions): string;
3516
- interface X509CheckOptions {
3517
- /**
3518
- * @default 'always'
3519
- */
3520
- subject?: "always" | "default" | "never";
3521
- /**
3522
- * @default true
3523
- */
3524
- wildcards?: boolean;
3525
- /**
3526
- * @default true
3527
- */
3528
- partialWildcards?: boolean;
3529
- /**
3530
- * @default false
3531
- */
3532
- multiLabelWildcards?: boolean;
3533
- /**
3534
- * @default false
3535
- */
3536
- singleLabelSubdomains?: boolean;
3537
- }
3538
- /**
3539
- * Encapsulates an X509 certificate and provides read-only access to
3540
- * its information.
3541
- *
3542
- * ```js
3543
- * const { X509Certificate } = await import('node:crypto');
3544
- *
3545
- * const x509 = new X509Certificate('{... pem encoded cert ...}');
3546
- *
3547
- * console.log(x509.subject);
3548
- * ```
3549
- * @since v15.6.0
3550
- */
3551
- class X509Certificate {
3552
- /**
3553
- * Will be \`true\` if this is a Certificate Authority (CA) certificate.
3554
- * @since v15.6.0
3555
- */
3556
- readonly ca: boolean;
3557
- /**
3558
- * The SHA-1 fingerprint of this certificate.
3559
- *
3560
- * Because SHA-1 is cryptographically broken and because the security of SHA-1 is
3561
- * significantly worse than that of algorithms that are commonly used to sign
3562
- * certificates, consider using `x509.fingerprint256` instead.
3563
- * @since v15.6.0
3564
- */
3565
- readonly fingerprint: string;
3566
- /**
3567
- * The SHA-256 fingerprint of this certificate.
3568
- * @since v15.6.0
3569
- */
3570
- readonly fingerprint256: string;
3571
- /**
3572
- * The SHA-512 fingerprint of this certificate.
3573
- *
3574
- * Because computing the SHA-256 fingerprint is usually faster and because it is
3575
- * only half the size of the SHA-512 fingerprint, `x509.fingerprint256` may be
3576
- * a better choice. While SHA-512 presumably provides a higher level of security in
3577
- * general, the security of SHA-256 matches that of most algorithms that are
3578
- * commonly used to sign certificates.
3579
- * @since v17.2.0, v16.14.0
3580
- */
3581
- readonly fingerprint512: string;
3582
- /**
3583
- * The complete subject of this certificate.
3584
- * @since v15.6.0
3585
- */
3586
- readonly subject: string;
3587
- /**
3588
- * The subject alternative name specified for this certificate.
3589
- *
3590
- * This is a comma-separated list of subject alternative names. Each entry begins
3591
- * with a string identifying the kind of the subject alternative name followed by
3592
- * a colon and the value associated with the entry.
3593
- *
3594
- * Earlier versions of Node.js incorrectly assumed that it is safe to split this
3595
- * property at the two-character sequence `', '` (see [CVE-2021-44532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532)). However,
3596
- * both malicious and legitimate certificates can contain subject alternative names
3597
- * that include this sequence when represented as a string.
3598
- *
3599
- * After the prefix denoting the type of the entry, the remainder of each entry
3600
- * might be enclosed in quotes to indicate that the value is a JSON string literal.
3601
- * For backward compatibility, Node.js only uses JSON string literals within this
3602
- * property when necessary to avoid ambiguity. Third-party code should be prepared
3603
- * to handle both possible entry formats.
3604
- * @since v15.6.0
3605
- */
3606
- readonly subjectAltName: string | undefined;
3607
- /**
3608
- * A textual representation of the certificate's authority information access
3609
- * extension.
3610
- *
3611
- * This is a line feed separated list of access descriptions. Each line begins with
3612
- * the access method and the kind of the access location, followed by a colon and
3613
- * the value associated with the access location.
3614
- *
3615
- * After the prefix denoting the access method and the kind of the access location,
3616
- * the remainder of each line might be enclosed in quotes to indicate that the
3617
- * value is a JSON string literal. For backward compatibility, Node.js only uses
3618
- * JSON string literals within this property when necessary to avoid ambiguity.
3619
- * Third-party code should be prepared to handle both possible entry formats.
3620
- * @since v15.6.0
3621
- */
3622
- readonly infoAccess: string | undefined;
3623
- /**
3624
- * An array detailing the key usages for this certificate.
3625
- * @since v15.6.0
3626
- */
3627
- readonly keyUsage: string[];
3628
- /**
3629
- * The issuer identification included in this certificate.
3630
- * @since v15.6.0
3631
- */
3632
- readonly issuer: string;
3633
- /**
3634
- * The issuer certificate or `undefined` if the issuer certificate is not
3635
- * available.
3636
- * @since v15.9.0
3637
- */
3638
- readonly issuerCertificate?: X509Certificate | undefined;
3639
- /**
3640
- * The public key `KeyObject` for this certificate.
3641
- * @since v15.6.0
3642
- */
3643
- readonly publicKey: KeyObject;
3644
- /**
3645
- * A `Buffer` containing the DER encoding of this certificate.
3646
- * @since v15.6.0
3647
- */
3648
- readonly raw: Buffer;
3649
- /**
3650
- * The serial number of this certificate.
3651
- *
3652
- * Serial numbers are assigned by certificate authorities and do not uniquely
3653
- * identify certificates. Consider using `x509.fingerprint256` as a unique
3654
- * identifier instead.
3655
- * @since v15.6.0
3656
- */
3657
- readonly serialNumber: string;
3658
- /**
3659
- * The date/time from which this certificate is considered valid.
3660
- * @since v15.6.0
3661
- */
3662
- readonly validFrom: string;
3663
- /**
3664
- * The date/time until which this certificate is considered valid.
3665
- * @since v15.6.0
3666
- */
3667
- readonly validTo: string;
3668
- constructor(buffer: BinaryLike);
3669
- /**
3670
- * Checks whether the certificate matches the given email address.
3671
- *
3672
- * If the `'subject'` option is undefined or set to `'default'`, the certificate
3673
- * subject is only considered if the subject alternative name extension either does
3674
- * not exist or does not contain any email addresses.
3675
- *
3676
- * If the `'subject'` option is set to `'always'` and if the subject alternative
3677
- * name extension either does not exist or does not contain a matching email
3678
- * address, the certificate subject is considered.
3679
- *
3680
- * If the `'subject'` option is set to `'never'`, the certificate subject is never
3681
- * considered, even if the certificate contains no subject alternative names.
3682
- * @since v15.6.0
3683
- * @return Returns `email` if the certificate matches, `undefined` if it does not.
3684
- */
3685
- checkEmail(email: string, options?: Pick<X509CheckOptions, "subject">): string | undefined;
3686
- /**
3687
- * Checks whether the certificate matches the given host name.
3688
- *
3689
- * If the certificate matches the given host name, the matching subject name is
3690
- * returned. The returned name might be an exact match (e.g., `foo.example.com`)
3691
- * or it might contain wildcards (e.g., `*.example.com`). Because host name
3692
- * comparisons are case-insensitive, the returned subject name might also differ
3693
- * from the given `name` in capitalization.
3694
- *
3695
- * If the `'subject'` option is undefined or set to `'default'`, the certificate
3696
- * subject is only considered if the subject alternative name extension either does
3697
- * not exist or does not contain any DNS names. This behavior is consistent with [RFC 2818](https://www.rfc-editor.org/rfc/rfc2818.txt) ("HTTP Over TLS").
3698
- *
3699
- * If the `'subject'` option is set to `'always'` and if the subject alternative
3700
- * name extension either does not exist or does not contain a matching DNS name,
3701
- * the certificate subject is considered.
3702
- *
3703
- * If the `'subject'` option is set to `'never'`, the certificate subject is never
3704
- * considered, even if the certificate contains no subject alternative names.
3705
- * @since v15.6.0
3706
- * @return Returns a subject name that matches `name`, or `undefined` if no subject name matches `name`.
3707
- */
3708
- checkHost(name: string, options?: X509CheckOptions): string | undefined;
3709
- /**
3710
- * Checks whether the certificate matches the given IP address (IPv4 or IPv6).
3711
- *
3712
- * Only [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.txt) `iPAddress` subject alternative names are considered, and they
3713
- * must match the given `ip` address exactly. Other subject alternative names as
3714
- * well as the subject field of the certificate are ignored.
3715
- * @since v15.6.0
3716
- * @return Returns `ip` if the certificate matches, `undefined` if it does not.
3717
- */
3718
- checkIP(ip: string): string | undefined;
3719
- /**
3720
- * Checks whether this certificate was issued by the given `otherCert`.
3721
- * @since v15.6.0
3722
- */
3723
- checkIssued(otherCert: X509Certificate): boolean;
3724
- /**
3725
- * Checks whether the public key for this certificate is consistent with
3726
- * the given private key.
3727
- * @since v15.6.0
3728
- * @param privateKey A private key.
3729
- */
3730
- checkPrivateKey(privateKey: KeyObject): boolean;
3731
- /**
3732
- * There is no standard JSON encoding for X509 certificates. The`toJSON()` method returns a string containing the PEM encoded
3733
- * certificate.
3734
- * @since v15.6.0
3735
- */
3736
- toJSON(): string;
3737
- /**
3738
- * Returns information about this certificate using the legacy `certificate object` encoding.
3739
- * @since v15.6.0
3740
- */
3741
- toLegacyObject(): PeerCertificate;
3742
- /**
3743
- * Returns the PEM-encoded certificate.
3744
- * @since v15.6.0
3745
- */
3746
- toString(): string;
3747
- /**
3748
- * Verifies that this certificate was signed by the given public key.
3749
- * Does not perform any other validation checks on the certificate.
3750
- * @since v15.6.0
3751
- * @param publicKey A public key.
3752
- */
3753
- verify(publicKey: KeyObject): boolean;
3754
- }
3755
- type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
3756
- interface GeneratePrimeOptions {
3757
- add?: LargeNumberLike | undefined;
3758
- rem?: LargeNumberLike | undefined;
3759
- /**
3760
- * @default false
3761
- */
3762
- safe?: boolean | undefined;
3763
- bigint?: boolean | undefined;
3764
- }
3765
- interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
3766
- bigint: true;
3767
- }
3768
- interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
3769
- bigint?: false | undefined;
3770
- }
3771
- /**
3772
- * Generates a pseudorandom prime of `size` bits.
3773
- *
3774
- * If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
3775
- *
3776
- * The `options.add` and `options.rem` parameters can be used to enforce additional
3777
- * requirements, e.g., for Diffie-Hellman:
3778
- *
3779
- * * If `options.add` and `options.rem` are both set, the prime will satisfy the
3780
- * condition that `prime % add = rem`.
3781
- * * If only `options.add` is set and `options.safe` is not `true`, the prime will
3782
- * satisfy the condition that `prime % add = 1`.
3783
- * * If only `options.add` is set and `options.safe` is set to `true`, the prime
3784
- * will instead satisfy the condition that `prime % add = 3`. This is necessary
3785
- * because `prime % add = 1` for `options.add > 2` would contradict the condition
3786
- * enforced by `options.safe`.
3787
- * * `options.rem` is ignored if `options.add` is not given.
3788
- *
3789
- * Both `options.add` and `options.rem` must be encoded as big-endian sequences
3790
- * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
3791
- *
3792
- * By default, the prime is encoded as a big-endian sequence of octets
3793
- * in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
3794
- * [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.
3795
- * @since v15.8.0
3796
- * @param size The size (in bits) of the prime to generate.
3797
- */
3798
- function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
3799
- function generatePrime(
3800
- size: number,
3801
- options: GeneratePrimeOptionsBigInt,
3802
- callback: (err: Error | null, prime: bigint) => void,
3803
- ): void;
3804
- function generatePrime(
3805
- size: number,
3806
- options: GeneratePrimeOptionsArrayBuffer,
3807
- callback: (err: Error | null, prime: ArrayBuffer) => void,
3808
- ): void;
3809
- function generatePrime(
3810
- size: number,
3811
- options: GeneratePrimeOptions,
3812
- callback: (err: Error | null, prime: ArrayBuffer | bigint) => void,
3813
- ): void;
3814
- /**
3815
- * Generates a pseudorandom prime of `size` bits.
3816
- *
3817
- * If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
3818
- *
3819
- * The `options.add` and `options.rem` parameters can be used to enforce additional
3820
- * requirements, e.g., for Diffie-Hellman:
3821
- *
3822
- * * If `options.add` and `options.rem` are both set, the prime will satisfy the
3823
- * condition that `prime % add = rem`.
3824
- * * If only `options.add` is set and `options.safe` is not `true`, the prime will
3825
- * satisfy the condition that `prime % add = 1`.
3826
- * * If only `options.add` is set and `options.safe` is set to `true`, the prime
3827
- * will instead satisfy the condition that `prime % add = 3`. This is necessary
3828
- * because `prime % add = 1` for `options.add > 2` would contradict the condition
3829
- * enforced by `options.safe`.
3830
- * * `options.rem` is ignored if `options.add` is not given.
3831
- *
3832
- * Both `options.add` and `options.rem` must be encoded as big-endian sequences
3833
- * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
3834
- *
3835
- * By default, the prime is encoded as a big-endian sequence of octets
3836
- * in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
3837
- * [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.
3838
- * @since v15.8.0
3839
- * @param size The size (in bits) of the prime to generate.
3840
- */
3841
- function generatePrimeSync(size: number): ArrayBuffer;
3842
- function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
3843
- function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
3844
- function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
3845
- interface CheckPrimeOptions {
3846
- /**
3847
- * The number of Miller-Rabin probabilistic primality iterations to perform.
3848
- * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most `2**-64` for random input.
3849
- * Care must be used when selecting a number of checks.
3850
- * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
3851
- *
3852
- * @default 0
3853
- */
3854
- checks?: number | undefined;
3855
- }
3856
- /**
3857
- * Checks the primality of the `candidate`.
3858
- * @since v15.8.0
3859
- * @param candidate A possible prime encoded as a sequence of big endian octets of arbitrary length.
3860
- */
3861
- function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
3862
- function checkPrime(
3863
- value: LargeNumberLike,
3864
- options: CheckPrimeOptions,
3865
- callback: (err: Error | null, result: boolean) => void,
3866
- ): void;
3867
- /**
3868
- * Checks the primality of the `candidate`.
3869
- * @since v15.8.0
3870
- * @param candidate A possible prime encoded as a sequence of big endian octets of arbitrary length.
3871
- * @return `true` if the candidate is a prime with an error probability less than `0.25 ** options.checks`.
3872
- */
3873
- function checkPrimeSync(candidate: LargeNumberLike, options?: CheckPrimeOptions): boolean;
3874
- /**
3875
- * Load and set the `engine` for some or all OpenSSL functions (selected by flags).
3876
- *
3877
- * `engine` could be either an id or a path to the engine's shared library.
3878
- *
3879
- * The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`is a bit field taking one of or a mix of the following flags (defined in`crypto.constants`):
3880
- *
3881
- * * `crypto.constants.ENGINE_METHOD_RSA`
3882
- * * `crypto.constants.ENGINE_METHOD_DSA`
3883
- * * `crypto.constants.ENGINE_METHOD_DH`
3884
- * * `crypto.constants.ENGINE_METHOD_RAND`
3885
- * * `crypto.constants.ENGINE_METHOD_EC`
3886
- * * `crypto.constants.ENGINE_METHOD_CIPHERS`
3887
- * * `crypto.constants.ENGINE_METHOD_DIGESTS`
3888
- * * `crypto.constants.ENGINE_METHOD_PKEY_METHS`
3889
- * * `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS`
3890
- * * `crypto.constants.ENGINE_METHOD_ALL`
3891
- * * `crypto.constants.ENGINE_METHOD_NONE`
3892
- * @since v0.11.11
3893
- * @param flags
3894
- */
3895
- function setEngine(engine: string, flags?: number): void;
3896
- /**
3897
- * A convenient alias for {@link webcrypto.getRandomValues}. This
3898
- * implementation is not compliant with the Web Crypto spec, to write
3899
- * web-compatible code use {@link webcrypto.getRandomValues} instead.
3900
- * @since v17.4.0
3901
- * @return Returns `typedArray`.
3902
- */
3903
- function getRandomValues<T extends webcrypto.BufferSource>(typedArray: T): T;
3904
- /**
3905
- * A convenient alias for `crypto.webcrypto.subtle`.
3906
- * @since v17.4.0
3907
- */
3908
- const subtle: webcrypto.SubtleCrypto;
3909
- /**
3910
- * An implementation of the Web Crypto API standard.
3911
- *
3912
- * See the {@link https://nodejs.org/docs/latest/api/webcrypto.html Web Crypto API documentation} for details.
3913
- * @since v15.0.0
3914
- */
3915
- const webcrypto: webcrypto.Crypto;
3916
- namespace webcrypto {
3917
- type BufferSource = ArrayBufferView | ArrayBuffer;
3918
- type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
3919
- type KeyType = "private" | "public" | "secret";
3920
- type KeyUsage =
3921
- | "decrypt"
3922
- | "deriveBits"
3923
- | "deriveKey"
3924
- | "encrypt"
3925
- | "sign"
3926
- | "unwrapKey"
3927
- | "verify"
3928
- | "wrapKey";
3929
- type AlgorithmIdentifier = Algorithm | string;
3930
- type HashAlgorithmIdentifier = AlgorithmIdentifier;
3931
- type NamedCurve = string;
3932
- type BigInteger = Uint8Array;
3933
- interface AesCbcParams extends Algorithm {
3934
- iv: BufferSource;
3935
- }
3936
- interface AesCtrParams extends Algorithm {
3937
- counter: BufferSource;
3938
- length: number;
3939
- }
3940
- interface AesDerivedKeyParams extends Algorithm {
3941
- length: number;
3942
- }
3943
- interface AesGcmParams extends Algorithm {
3944
- additionalData?: BufferSource;
3945
- iv: BufferSource;
3946
- tagLength?: number;
3947
- }
3948
- interface AesKeyAlgorithm extends KeyAlgorithm {
3949
- length: number;
3950
- }
3951
- interface AesKeyGenParams extends Algorithm {
3952
- length: number;
3953
- }
3954
- interface Algorithm {
3955
- name: string;
3956
- }
3957
- interface EcKeyAlgorithm extends KeyAlgorithm {
3958
- namedCurve: NamedCurve;
3959
- }
3960
- interface EcKeyGenParams extends Algorithm {
3961
- namedCurve: NamedCurve;
3962
- }
3963
- interface EcKeyImportParams extends Algorithm {
3964
- namedCurve: NamedCurve;
3965
- }
3966
- interface EcdhKeyDeriveParams extends Algorithm {
3967
- public: CryptoKey;
3968
- }
3969
- interface EcdsaParams extends Algorithm {
3970
- hash: HashAlgorithmIdentifier;
3971
- }
3972
- interface Ed448Params extends Algorithm {
3973
- context?: BufferSource;
3974
- }
3975
- interface HkdfParams extends Algorithm {
3976
- hash: HashAlgorithmIdentifier;
3977
- info: BufferSource;
3978
- salt: BufferSource;
3979
- }
3980
- interface HmacImportParams extends Algorithm {
3981
- hash: HashAlgorithmIdentifier;
3982
- length?: number;
3983
- }
3984
- interface HmacKeyAlgorithm extends KeyAlgorithm {
3985
- hash: KeyAlgorithm;
3986
- length: number;
3987
- }
3988
- interface HmacKeyGenParams extends Algorithm {
3989
- hash: HashAlgorithmIdentifier;
3990
- length?: number;
3991
- }
3992
- interface JsonWebKey {
3993
- alg?: string;
3994
- crv?: string;
3995
- d?: string;
3996
- dp?: string;
3997
- dq?: string;
3998
- e?: string;
3999
- ext?: boolean;
4000
- k?: string;
4001
- key_ops?: string[];
4002
- kty?: string;
4003
- n?: string;
4004
- oth?: RsaOtherPrimesInfo[];
4005
- p?: string;
4006
- q?: string;
4007
- qi?: string;
4008
- use?: string;
4009
- x?: string;
4010
- y?: string;
4011
- }
4012
- interface KeyAlgorithm {
4013
- name: string;
4014
- }
4015
- interface Pbkdf2Params extends Algorithm {
4016
- hash: HashAlgorithmIdentifier;
4017
- iterations: number;
4018
- salt: BufferSource;
4019
- }
4020
- interface RsaHashedImportParams extends Algorithm {
4021
- hash: HashAlgorithmIdentifier;
4022
- }
4023
- interface RsaHashedKeyAlgorithm extends RsaKeyAlgorithm {
4024
- hash: KeyAlgorithm;
4025
- }
4026
- interface RsaHashedKeyGenParams extends RsaKeyGenParams {
4027
- hash: HashAlgorithmIdentifier;
4028
- }
4029
- interface RsaKeyAlgorithm extends KeyAlgorithm {
4030
- modulusLength: number;
4031
- publicExponent: BigInteger;
4032
- }
4033
- interface RsaKeyGenParams extends Algorithm {
4034
- modulusLength: number;
4035
- publicExponent: BigInteger;
4036
- }
4037
- interface RsaOaepParams extends Algorithm {
4038
- label?: BufferSource;
4039
- }
4040
- interface RsaOtherPrimesInfo {
4041
- d?: string;
4042
- r?: string;
4043
- t?: string;
4044
- }
4045
- interface RsaPssParams extends Algorithm {
4046
- saltLength: number;
4047
- }
4048
- /**
4049
- * Calling `require('node:crypto').webcrypto` returns an instance of the `Crypto` class.
4050
- * `Crypto` is a singleton that provides access to the remainder of the crypto API.
4051
- * @since v15.0.0
4052
- */
4053
- interface Crypto {
4054
- /**
4055
- * Provides access to the `SubtleCrypto` API.
4056
- * @since v15.0.0
4057
- */
4058
- readonly subtle: SubtleCrypto;
4059
- /**
4060
- * Generates cryptographically strong random values.
4061
- * The given `typedArray` is filled with random values, and a reference to `typedArray` is returned.
4062
- *
4063
- * The given `typedArray` must be an integer-based instance of {@link NodeJS.TypedArray}, i.e. `Float32Array` and `Float64Array` are not accepted.
4064
- *
4065
- * An error will be thrown if the given `typedArray` is larger than 65,536 bytes.
4066
- * @since v15.0.0
4067
- */
4068
- getRandomValues<T extends Exclude<NodeJS.TypedArray, Float32Array | Float64Array>>(typedArray: T): T;
4069
- /**
4070
- * Generates a random {@link https://www.rfc-editor.org/rfc/rfc4122.txt RFC 4122} version 4 UUID.
4071
- * The UUID is generated using a cryptographic pseudorandom number generator.
4072
- * @since v16.7.0
4073
- */
4074
- randomUUID(): string;
4075
- CryptoKey: CryptoKeyConstructor;
4076
- }
4077
- // This constructor throws ILLEGAL_CONSTRUCTOR so it should not be newable.
4078
- interface CryptoKeyConstructor {
4079
- /** Illegal constructor */
4080
- (_: { readonly _: unique symbol }): never; // Allows instanceof to work but not be callable by the user.
4081
- readonly length: 0;
4082
- readonly name: "CryptoKey";
4083
- readonly prototype: CryptoKey;
4084
- }
4085
- /**
4086
- * @since v15.0.0
4087
- */
4088
- interface CryptoKey {
4089
- /**
4090
- * An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters.
4091
- * @since v15.0.0
4092
- */
4093
- readonly algorithm: KeyAlgorithm;
4094
- /**
4095
- * When `true`, the {@link CryptoKey} can be extracted using either `subtleCrypto.exportKey()` or `subtleCrypto.wrapKey()`.
4096
- * @since v15.0.0
4097
- */
4098
- readonly extractable: boolean;
4099
- /**
4100
- * A string identifying whether the key is a symmetric (`'secret'`) or asymmetric (`'private'` or `'public'`) key.
4101
- * @since v15.0.0
4102
- */
4103
- readonly type: KeyType;
4104
- /**
4105
- * An array of strings identifying the operations for which the key may be used.
4106
- *
4107
- * The possible usages are:
4108
- * - `'encrypt'` - The key may be used to encrypt data.
4109
- * - `'decrypt'` - The key may be used to decrypt data.
4110
- * - `'sign'` - The key may be used to generate digital signatures.
4111
- * - `'verify'` - The key may be used to verify digital signatures.
4112
- * - `'deriveKey'` - The key may be used to derive a new key.
4113
- * - `'deriveBits'` - The key may be used to derive bits.
4114
- * - `'wrapKey'` - The key may be used to wrap another key.
4115
- * - `'unwrapKey'` - The key may be used to unwrap another key.
4116
- *
4117
- * Valid key usages depend on the key algorithm (identified by `cryptokey.algorithm.name`).
4118
- * @since v15.0.0
4119
- */
4120
- readonly usages: KeyUsage[];
4121
- }
4122
- /**
4123
- * The `CryptoKeyPair` is a simple dictionary object with `publicKey` and `privateKey` properties, representing an asymmetric key pair.
4124
- * @since v15.0.0
4125
- */
4126
- interface CryptoKeyPair {
4127
- /**
4128
- * A {@link CryptoKey} whose type will be `'private'`.
4129
- * @since v15.0.0
4130
- */
4131
- privateKey: CryptoKey;
4132
- /**
4133
- * A {@link CryptoKey} whose type will be `'public'`.
4134
- * @since v15.0.0
4135
- */
4136
- publicKey: CryptoKey;
4137
- }
4138
- /**
4139
- * @since v15.0.0
4140
- */
4141
- interface SubtleCrypto {
4142
- /**
4143
- * Using the method and parameters specified in `algorithm` and the keying material provided by `key`,
4144
- * `subtle.decrypt()` attempts to decipher the provided `data`. If successful,
4145
- * the returned promise will be resolved with an `<ArrayBuffer>` containing the plaintext result.
4146
- *
4147
- * The algorithms currently supported include:
4148
- *
4149
- * - `'RSA-OAEP'`
4150
- * - `'AES-CTR'`
4151
- * - `'AES-CBC'`
4152
- * - `'AES-GCM'`
4153
- * @since v15.0.0
4154
- */
4155
- decrypt(
4156
- algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4157
- key: CryptoKey,
4158
- data: BufferSource,
4159
- ): Promise<ArrayBuffer>;
4160
- /**
4161
- * Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`,
4162
- * `subtle.deriveBits()` attempts to generate `length` bits.
4163
- * The Node.js implementation requires that when `length` is a number it must be multiple of `8`.
4164
- * When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed
4165
- * for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms.
4166
- * If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the generated data.
4167
- *
4168
- * The algorithms currently supported include:
4169
- *
4170
- * - `'ECDH'`
4171
- * - `'X25519'`
4172
- * - `'X448'`
4173
- * - `'HKDF'`
4174
- * - `'PBKDF2'`
4175
- * @since v15.0.0
4176
- */
4177
- deriveBits(algorithm: EcdhKeyDeriveParams, baseKey: CryptoKey, length: number | null): Promise<ArrayBuffer>;
4178
- deriveBits(
4179
- algorithm: AlgorithmIdentifier | HkdfParams | Pbkdf2Params,
4180
- baseKey: CryptoKey,
4181
- length: number,
4182
- ): Promise<ArrayBuffer>;
4183
- /**
4184
- * Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`,
4185
- * `subtle.deriveKey()` attempts to generate a new <CryptoKey>` based on the method and parameters in `derivedKeyAlgorithm`.
4186
- *
4187
- * Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material,
4188
- * then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input.
4189
- *
4190
- * The algorithms currently supported include:
4191
- *
4192
- * - `'ECDH'`
4193
- * - `'X25519'`
4194
- * - `'X448'`
4195
- * - `'HKDF'`
4196
- * - `'PBKDF2'`
4197
- * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4198
- * @since v15.0.0
4199
- */
4200
- deriveKey(
4201
- algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
4202
- baseKey: CryptoKey,
4203
- derivedKeyAlgorithm:
4204
- | AlgorithmIdentifier
4205
- | AesDerivedKeyParams
4206
- | HmacImportParams
4207
- | HkdfParams
4208
- | Pbkdf2Params,
4209
- extractable: boolean,
4210
- keyUsages: readonly KeyUsage[],
4211
- ): Promise<CryptoKey>;
4212
- /**
4213
- * Using the method identified by `algorithm`, `subtle.digest()` attempts to generate a digest of `data`.
4214
- * If successful, the returned promise is resolved with an `<ArrayBuffer>` containing the computed digest.
4215
- *
4216
- * If `algorithm` is provided as a `<string>`, it must be one of:
4217
- *
4218
- * - `'SHA-1'`
4219
- * - `'SHA-256'`
4220
- * - `'SHA-384'`
4221
- * - `'SHA-512'`
4222
- *
4223
- * If `algorithm` is provided as an `<Object>`, it must have a `name` property whose value is one of the above.
4224
- * @since v15.0.0
4225
- */
4226
- digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
4227
- /**
4228
- * Using the method and parameters specified by `algorithm` and the keying material provided by `key`,
4229
- * `subtle.encrypt()` attempts to encipher `data`. If successful,
4230
- * the returned promise is resolved with an `<ArrayBuffer>` containing the encrypted result.
4231
- *
4232
- * The algorithms currently supported include:
4233
- *
4234
- * - `'RSA-OAEP'`
4235
- * - `'AES-CTR'`
4236
- * - `'AES-CBC'`
4237
- * - `'AES-GCM'`
4238
- * @since v15.0.0
4239
- */
4240
- encrypt(
4241
- algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4242
- key: CryptoKey,
4243
- data: BufferSource,
4244
- ): Promise<ArrayBuffer>;
4245
- /**
4246
- * Exports the given key into the specified format, if supported.
4247
- *
4248
- * If the `<CryptoKey>` is not extractable, the returned promise will reject.
4249
- *
4250
- * When `format` is either `'pkcs8'` or `'spki'` and the export is successful,
4251
- * the returned promise will be resolved with an `<ArrayBuffer>` containing the exported key data.
4252
- *
4253
- * When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a
4254
- * JavaScript object conforming to the {@link https://tools.ietf.org/html/rfc7517 JSON Web Key} specification.
4255
- * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4256
- * @returns `<Promise>` containing `<ArrayBuffer>`.
4257
- * @since v15.0.0
4258
- */
4259
- exportKey(format: "jwk", key: CryptoKey): Promise<JsonWebKey>;
4260
- exportKey(format: Exclude<KeyFormat, "jwk">, key: CryptoKey): Promise<ArrayBuffer>;
4261
- /**
4262
- * Using the method and parameters provided in `algorithm`,
4263
- * `subtle.generateKey()` attempts to generate new keying material.
4264
- * Depending the method used, the method may generate either a single `<CryptoKey>` or a `<CryptoKeyPair>`.
4265
- *
4266
- * The `<CryptoKeyPair>` (public and private key) generating algorithms supported include:
4267
- *
4268
- * - `'RSASSA-PKCS1-v1_5'`
4269
- * - `'RSA-PSS'`
4270
- * - `'RSA-OAEP'`
4271
- * - `'ECDSA'`
4272
- * - `'Ed25519'`
4273
- * - `'Ed448'`
4274
- * - `'ECDH'`
4275
- * - `'X25519'`
4276
- * - `'X448'`
4277
- * The `<CryptoKey>` (secret key) generating algorithms supported include:
4278
- *
4279
- * - `'HMAC'`
4280
- * - `'AES-CTR'`
4281
- * - `'AES-CBC'`
4282
- * - `'AES-GCM'`
4283
- * - `'AES-KW'`
4284
- * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4285
- * @since v15.0.0
4286
- */
4287
- generateKey(
4288
- algorithm: RsaHashedKeyGenParams | EcKeyGenParams,
4289
- extractable: boolean,
4290
- keyUsages: readonly KeyUsage[],
4291
- ): Promise<CryptoKeyPair>;
4292
- generateKey(
4293
- algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params,
4294
- extractable: boolean,
4295
- keyUsages: readonly KeyUsage[],
4296
- ): Promise<CryptoKey>;
4297
- generateKey(
4298
- algorithm: AlgorithmIdentifier,
4299
- extractable: boolean,
4300
- keyUsages: KeyUsage[],
4301
- ): Promise<CryptoKeyPair | CryptoKey>;
4302
- /**
4303
- * The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format`
4304
- * to create a `<CryptoKey>` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments.
4305
- * If the import is successful, the returned promise will be resolved with the created `<CryptoKey>`.
4306
- *
4307
- * If importing a `'PBKDF2'` key, `extractable` must be `false`.
4308
- * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4309
- * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4310
- * @since v15.0.0
4311
- */
4312
- importKey(
4313
- format: "jwk",
4314
- keyData: JsonWebKey,
4315
- algorithm:
4316
- | AlgorithmIdentifier
4317
- | RsaHashedImportParams
4318
- | EcKeyImportParams
4319
- | HmacImportParams
4320
- | AesKeyAlgorithm,
4321
- extractable: boolean,
4322
- keyUsages: readonly KeyUsage[],
4323
- ): Promise<CryptoKey>;
4324
- importKey(
4325
- format: Exclude<KeyFormat, "jwk">,
4326
- keyData: BufferSource,
4327
- algorithm:
4328
- | AlgorithmIdentifier
4329
- | RsaHashedImportParams
4330
- | EcKeyImportParams
4331
- | HmacImportParams
4332
- | AesKeyAlgorithm,
4333
- extractable: boolean,
4334
- keyUsages: KeyUsage[],
4335
- ): Promise<CryptoKey>;
4336
- /**
4337
- * Using the method and parameters given by `algorithm` and the keying material provided by `key`,
4338
- * `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful,
4339
- * the returned promise is resolved with an `<ArrayBuffer>` containing the generated signature.
4340
- *
4341
- * The algorithms currently supported include:
4342
- *
4343
- * - `'RSASSA-PKCS1-v1_5'`
4344
- * - `'RSA-PSS'`
4345
- * - `'ECDSA'`
4346
- * - `'Ed25519'`
4347
- * - `'Ed448'`
4348
- * - `'HMAC'`
4349
- * @since v15.0.0
4350
- */
4351
- sign(
4352
- algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
4353
- key: CryptoKey,
4354
- data: BufferSource,
4355
- ): Promise<ArrayBuffer>;
4356
- /**
4357
- * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
4358
- * The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `<CryptoKey>` instance.
4359
- * It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input)
4360
- * then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs.
4361
- * If successful, the returned promise is resolved with a `<CryptoKey>` object.
4362
- *
4363
- * The wrapping algorithms currently supported include:
4364
- *
4365
- * - `'RSA-OAEP'`
4366
- * - `'AES-CTR'`
4367
- * - `'AES-CBC'`
4368
- * - `'AES-GCM'`
4369
- * - `'AES-KW'`
4370
- *
4371
- * The unwrapped key algorithms supported include:
4372
- *
4373
- * - `'RSASSA-PKCS1-v1_5'`
4374
- * - `'RSA-PSS'`
4375
- * - `'RSA-OAEP'`
4376
- * - `'ECDSA'`
4377
- * - `'Ed25519'`
4378
- * - `'Ed448'`
4379
- * - `'ECDH'`
4380
- * - `'X25519'`
4381
- * - `'X448'`
4382
- * - `'HMAC'`
4383
- * - `'AES-CTR'`
4384
- * - `'AES-CBC'`
4385
- * - `'AES-GCM'`
4386
- * - `'AES-KW'`
4387
- * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4388
- * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}.
4389
- * @since v15.0.0
4390
- */
4391
- unwrapKey(
4392
- format: KeyFormat,
4393
- wrappedKey: BufferSource,
4394
- unwrappingKey: CryptoKey,
4395
- unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4396
- unwrappedKeyAlgorithm:
4397
- | AlgorithmIdentifier
4398
- | RsaHashedImportParams
4399
- | EcKeyImportParams
4400
- | HmacImportParams
4401
- | AesKeyAlgorithm,
4402
- extractable: boolean,
4403
- keyUsages: KeyUsage[],
4404
- ): Promise<CryptoKey>;
4405
- /**
4406
- * Using the method and parameters given in `algorithm` and the keying material provided by `key`,
4407
- * `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`.
4408
- * The returned promise is resolved with either `true` or `false`.
4409
- *
4410
- * The algorithms currently supported include:
4411
- *
4412
- * - `'RSASSA-PKCS1-v1_5'`
4413
- * - `'RSA-PSS'`
4414
- * - `'ECDSA'`
4415
- * - `'Ed25519'`
4416
- * - `'Ed448'`
4417
- * - `'HMAC'`
4418
- * @since v15.0.0
4419
- */
4420
- verify(
4421
- algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params,
4422
- key: CryptoKey,
4423
- signature: BufferSource,
4424
- data: BufferSource,
4425
- ): Promise<boolean>;
4426
- /**
4427
- * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
4428
- * The `subtle.wrapKey()` method exports the keying material into the format identified by `format`,
4429
- * then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`.
4430
- * It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments,
4431
- * then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs.
4432
- * If successful, the returned promise will be resolved with an `<ArrayBuffer>` containing the encrypted key data.
4433
- *
4434
- * The wrapping algorithms currently supported include:
4435
- *
4436
- * - `'RSA-OAEP'`
4437
- * - `'AES-CTR'`
4438
- * - `'AES-CBC'`
4439
- * - `'AES-GCM'`
4440
- * - `'AES-KW'`
4441
- * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`.
4442
- * @since v15.0.0
4443
- */
4444
- wrapKey(
4445
- format: KeyFormat,
4446
- key: CryptoKey,
4447
- wrappingKey: CryptoKey,
4448
- wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
4449
- ): Promise<ArrayBuffer>;
4450
- }
4451
- }
4452
- }
4453
- declare module "node:crypto" {
4454
- export * from "crypto";
4455
- }