Node.js Crypto Module

My Packs Schedule Daily Practices Profile Logout

The pack contained all methos of the crypto node js module, the cards with methods description and code examples. Start learning process to getting cards direct to your messenger in case to learn Node.js Crypto Module from scratch or fill up your technical gaps.

You can start studying this pack. You'll receive 580 messages to help you review each card multiple times, following the principles of the forgetting curve.

Learn more about the spaced repetition method.

Schedule daily card reviews to quickly memorize or solidify the knowledge until it becomes second nature.

Learn more about daily practices.

Create Practice

1/ 145

Crypto

The node:crypto module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions.

Crypto

The node:crypto module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions.

1/145

Determining if crypto support is unavailable

It is possible for Node.js to be built without including support for the node:crypto module. In such cases, attempting to import from crypto or calling require('node:crypto') will result in an error being thrown.

2/145

Class: Certificate

SPKAC is a Certificate Signing Request mechanism originally implemented by Netscape and was specified formally as part of HTML5's keygen element.

<keygen> is deprecated since HTML 5.2 and new projects should not use this element anymore.

3/145

exportChallenge

Exports a cryptographic challenge associated with a certificate, often used in secure communication protocols to verify ownership of a certificate or domain.

4/145

exportPublicKey

It allows to extract the public key material, which can then be used for cryptographic operations like encryption, signature verification, or sharing securely.

5/145

verifySpkac

It is used to verify and decode a SPKAC (Signed Public Key and Challenge) structure.

SPKAC is typically generated as part of the key generation and certificate signing request process in browsers.

6/145

Class: Cipher

Extends: <stream.Transform>

Instances of the Cipher class are used to encrypt data.

7/145

cipher.final()

It is used to finalize the encryption process.

After encrypting data in chunks using a Cipher object, you call cipher.final() to generate the final encrypted data block.

8/145

cipher.getAuthTag()

It is used with authenticated encryption modes, such as GCM (Galois/Counter Mode), to retrieve the authentication tag generated during the encryption process.

9/145

cipher.setAAD()

When using an authenticated encryption mode (GCM, CCM, OCB, and chacha20-poly1305 are currently supported), the method sets the value used for the additional authenticated data (AAD) input parameter.

10/145

setAutoPadding()

When using block encryption algorithms, the Cipher class will automatically add padding to the input data to the appropriate block size.

To disable the default padding call cipher.setAutoPadding(false).

11/145

update()

Updates the cipher with data.

If the inputEncoding argument is given, the data argument is a string using the specified encoding.

12/145

Class: Decipher

Extends: <stream.Transform>

Instances of the Decipher class are used to decrypt data.

13/145

final()

Once the decipher.final() method has been called, the Decipher object can no longer be used to decrypt data.

Attempts to call decipher.final() more than once will result in an error being thrown.

14/145

decipher.setAAD()

When using an authenticated encryption mode (GCM, CCM, OCB, and chacha20-poly1305 are currently supported), the decipher.setAAD() method sets the value used for the additional authenticated data (AAD) input parameter.

15/145

decipher.setAuthTag(buffer[, encoding])

buffer <string> | <Buffer> | <ArrayBuffer> | <TypedArray> | <DataView> encoding <string> String encoding to use when buffer is a string. Returns: <Decipher> The same Decipher for method chaining.

16/145

decipher.setAutoPadding([autoPadding])

autoPadding <boolean> Default: true Returns: <Decipher> The same Decipher for method chaining. Turning auto padding off will only work if the input data's length is a multiple of the ciphers block size.

17/145

decipher.update(data[, inputEncoding][, outputEncoding])

data <string> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of the data string. outputEncoding <string> The encoding of the return value. Returns: <Buffer> | <string>

18/145

Class: DiffieHellman

The DiffieHellman class is a utility for creating Diffie-Hellman key exchanges. Instances of the DiffieHellman class can be created using the crypto.createDiffieHellman() function.

19/145

diffieHellman.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])

otherPublicKey <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of an otherPublicKey string. outputEncoding <string> The encoding of the return value.

20/145

diffieHellman.generateKeys([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string>

21/145

diffieHellman.getGenerator([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> Returns the Diffie-Hellman generator in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

22/145

diffieHellman.getPrime([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> Returns the Diffie-Hellman prime in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

23/145

diffieHellman.getPrivateKey([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> Returns the Diffie-Hellman private key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

24/145

diffieHellman.getPublicKey([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> Returns the Diffie-Hellman public key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

25/145

diffieHellman.setPrivateKey(privateKey[, encoding])

privateKey <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> encoding <string> The encoding of the privateKey string.

26/145

diffieHellman.setPublicKey(publicKey[, encoding])

publicKey <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> encoding <string> The encoding of the publicKey string.

27/145

diffieHellman.verifyError

A bit field containing any warnings and/or errors resulting from a check performed during initialization of the DiffieHellman object. The following values are valid for this property (as defined in node:constants module): DH_CHECK_P_NOT_SAFE_PRIME DH_CHECK_P_NOT_PRIME DH_NOT_SUITABLE_GENERATOR

28/145

Class: DiffieHellmanGroup

The DiffieHellmanGroup class takes a well-known modp group as its argument. It works the same as DiffieHellman, except that it does not allow changing its keys after creation. In other words, it does not implement setPublicKey() or setPrivateKey() methods.

29/145

Class: ECDH

The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) key exchanges. Instances of the ECDH class can be created using the crypto.createECDH() function.

30/145

Static method: ECDH.convertKey(key, curve[, inputEncoding[, outputEncoding[, format]]])

key <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> curve <string> inputEncoding <string> The encoding of the key string. outputEncoding <string> The encoding of the return value.

31/145

ecdh.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])

otherPublicKey <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of the otherPublicKey string. outputEncoding <string> The encoding of the return value.

32/145

ecdh.generateKeys([encoding[, format]])

encoding <string> The encoding of the return value. format <string> Default: 'uncompressed' Returns: <Buffer> | <string> If encoding is provided a string is returned; otherwise a Buffer is returned.

33/145

ecdh.getPrivateKey([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> The EC Diffie-Hellman in the specified encoding. If encoding is specified, a string is returned; otherwise a Buffer is returned.

34/145

ecdh.getPublicKey([encoding][, format])

encoding <string> The encoding of the return value. format <string> Default: 'uncompressed' Returns: <Buffer> | <string> The EC Diffie-Hellman public key in the specified encoding and format.

35/145

ecdh.setPrivateKey(privateKey[, encoding])

privateKey <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> encoding <string> The encoding of the privateKey string.

36/145

Class: Hash

Extends: <stream.Transform> The Hash class is a utility for creating hash digests of data. It can be used in one of two ways: As a stream that is both readable and writable, where data is written to produce a computed hash digest on the readable side, or

37/145

hash.copy([options])

options <Object> stream.transform options Returns: <Hash> Creates a new Hash object that contains a deep copy of the internal state of the current Hash object.

38/145

hash.digest([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> Calculates the digest of all of the data passed to be hashed (using the hash.update() method). If encoding is provided a string will be returned; otherwise a Buffer is returned.

39/145

hash.update(data[, inputEncoding])

data <string> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of the data string. This can be called many times with new data as it is streamed.

40/145

Class: Hmac

Extends: <stream.Transform> The Hmac class is a utility for creating cryptographic HMAC digests. It can be used in one of two ways: As a stream that is both readable and writable, where data is written to produce a computed HMAC digest on the readable side, or

41/145

hmac.digest([encoding])

encoding <string> The encoding of the return value. Returns: <Buffer> | <string> Calculates the HMAC digest of all of the data passed using hmac.update(). If encoding is provided a string is returned; otherwise a Buffer is returned;

42/145

hmac.update(data[, inputEncoding])

data <string> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of the data string. This can be called many times with new data as it is streamed.

43/145

Class: KeyObject

Node.js uses a KeyObject class to represent a symmetric or asymmetric key, and each kind of key exposes different functions. The crypto.createSecretKey(), crypto.createPublicKey() and crypto.createPrivateKey() methods are used to create KeyObject instances. KeyObject objects are not to be created directly using the new keyword.

44/145

Static method: KeyObject.from(key)

key <CryptoKey> Returns: <KeyObject> Example: Converting a CryptoKey instance to a KeyObject:

45/145

keyObject.asymmetricKeyDetails

<Object> modulusLength: <number> Key size in bits (RSA, DSA). publicExponent: <bigint> Public exponent (RSA). hashAlgorithm: <string> Name of the message digest (RSA-PSS). mgf1HashAlgorithm: <string> Name of the message digest used by MGF1 (RSA-PSS). saltLength: <number> Minimal salt length in bytes (RSA-PSS). divisorLength: <number> Size of q in bits (DSA). namedCurve: <string> Name of the curve (EC).

46/145

keyObject.asymmetricKeyType

<string> For asymmetric keys, this property represents the type of the key. Supported key types are: 'rsa' (OID 1.2.840.113549.1.1.1) 'rsa-pss' (OID 1.2.840.113549.1.1.10) 'dsa' (OID 1.2.840.10040.4.1) 'ec' (OID 1.2.840.10045.2.1) 'x25519' (OID 1.3.101.110) 'x448' (OID 1.3.101.111)

47/145

keyObject.equals(otherKeyObject)

otherKeyObject: <KeyObject> A KeyObject with which to compare keyObject. Returns: <boolean> Returns true or false depending on whether the keys have exactly the same type, value, and parameters. This method is not constant time.

48/145

keyObject.export([options])

options: <Object> Returns: <string> | <Buffer> | <Object> For symmetric keys, the following encoding options can be used: format: <string> Must be 'buffer' (default) or 'jwk'. For public keys, the following encoding options can be used:

49/145

keyObject.symmetricKeySize

<number> For secret keys, this property represents the size of the key in bytes. This property is undefined for asymmetric keys.

50/145

keyObject.toCryptoKey(algorithm, extractable, keyUsages)

lint disable maximum-line-length remark-lint algorithm: <AlgorithmIdentifier> | <RsaHashedImportParams> | <EcKeyImportParams> | <HmacImportParams> lint enable maximum-line-length remark-lint extractable: <boolean> Returns: <CryptoKey>

51/145

keyObject.type

<string> Depending on the type of this KeyObject, this property is either 'secret' for secret (symmetric) keys, 'public' for public (asymmetric) keys or 'private' for private (asymmetric) keys.

52/145

Class: Sign

Extends: <stream.Writable> The Sign class is a utility for generating signatures. It can be used in one of two ways: As a writable stream, where data to be signed is written and the sign.sign() method is used to generate and return the signature, or

53/145

sign.sign(privateKey[, outputEncoding])

lint disable maximum-line-length remark-lint outputEncoding <string> The encoding of the return value. Returns: <Buffer> | <string> lint enable maximum-line-length remark-lint If outputEncoding is provided a string is returned; otherwise a Buffer is returned.

54/145

sign.update(data[, inputEncoding])

data <string> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of the data string. This can be called many times with new data as it is streamed.

55/145

Class: Verify

Extends: <stream.Writable> The Verify class is a utility for verifying signatures. It can be used in one of two ways: As a writable stream where written data is used to validate against the supplied signature, or See Sign for examples.

56/145

verify.update(data[, inputEncoding])

data <string> | <Buffer> | <TypedArray> | <DataView> inputEncoding <string> The encoding of the data string. This can be called many times with new data as it is streamed.

57/145

verify.verify(object, signature[, signatureEncoding])

lint disable maximum-line-length remark-lint signature <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> signatureEncoding <string> The encoding of the signature string. lint enable maximum-line-length remark-lint

58/145

Class: X509Certificate

Encapsulates an X509 certificate and provides read-only access to its information.

59/145

new X509Certificate(buffer)

buffer <string> | <TypedArray> | <Buffer> | <DataView> A PEM or DER encoded X509 Certificate.

60/145

x509.ca

Type: <boolean> Will be true if this is a Certificate Authority (CA) certificate.

61/145

x509.checkEmail(email[, options])

email <string> options <Object> subject <string> 'default', 'always', or 'never'. Default: 'default'. Returns: <string> | <undefined> Returns email if the certificate matches, undefined if it does not.

62/145

x509.checkHost(name[, options])

name <string> Returns: <string> | <undefined> Returns a subject name that matches name, or undefined if no subject name matches name. Checks whether the certificate matches the given host name.

63/145

x509.checkIP(ip)

ip <string> Returns: <string> | <undefined> Returns ip if the certificate matches, undefined if it does not. Checks whether the certificate matches the given IP address (IPv4 or IPv6).

64/145

x509.checkIssued(otherCert)

otherCert <X509Certificate> Returns: <boolean> Checks whether this certificate was issued by the given otherCert.

65/145

x509.checkPrivateKey(privateKey)

privateKey <KeyObject> A private key. Returns: <boolean> Checks whether the public key for this certificate is consistent with the given private key.

66/145

x509.extKeyUsage

Type: <string[]> An array detailing the key extended usages for this certificate.

67/145

x509.fingerprint

Type: <string> The SHA-1 fingerprint of this certificate. Because SHA-1 is cryptographically broken and because the security of SHA-1 is significantly worse than that of algorithms that are commonly used to sign certificates, consider using x509.fingerprint256 instead.

68/145

x509.fingerprint256

Type: <string> The SHA-256 fingerprint of this certificate.

69/145

x509.fingerprint512

Type: <string> The SHA-512 fingerprint of this certificate.

70/145

x509.infoAccess

Type: <string> A textual representation of the certificate's authority information access extension.

71/145

x509.issuer

Type: <string> The issuer identification included in this certificate.

72/145

x509.issuerCertificate

Type: <X509Certificate> The issuer certificate or undefined if the issuer certificate is not available.

73/145

x509.publicKey

Type: <KeyObject> The public key <KeyObject> for this certificate.

74/145

x509.raw

Type: <Buffer> A Buffer containing the DER encoding of this certificate.

75/145

x509.serialNumber

Type: <string> The serial number of this certificate. Serial numbers are assigned by certificate authorities and do not uniquely identify certificates. Consider using x509.fingerprint256 as a unique identifier instead.

76/145

x509.subject

Type: <string> The complete subject of this certificate.

77/145

x509.subjectAltName

Type: <string> The subject alternative name specified for this certificate. This is a comma-separated list of subject alternative names. Each entry begins with a string identifying the kind of the subject alternative name followed by a colon and the value associated with the entry.

78/145

x509.toJSON()

Type: <string> There is no standard JSON encoding for X509 certificates. The toJSON() method returns a string containing the PEM encoded certificate.

79/145

x509.toLegacyObject()

Type: <Object> Returns information about this certificate using the legacy certificate object encoding.

80/145

x509.toString()

Type: <string> Returns the PEM-encoded certificate.

81/145

x509.validFrom

Type: <string> The date/time from which this certificate is valid.

82/145

x509.validFromDate

Type: <Date> The date/time from which this certificate is valid, encapsulated in a Date object.

83/145

x509.validTo

Type: <string> The date/time until which this certificate is valid.

84/145

x509.validToDate

Type: <Date> The date/time until which this certificate is valid, encapsulated in a Date object.

85/145

x509.verify(publicKey)

publicKey <KeyObject> A public key. Returns: <boolean> Verifies that this certificate was signed by the given public key. Does not perform any other validation checks on the certificate.

86/145

crypto.checkPrime(candidate[, options], callback)

87/145

crypto.checkPrimeSync(candidate[, options])

88/145

crypto.constants

<Object> An object containing commonly used constants for crypto and security related operations. The specific constants currently defined are described in Crypto constants.

89/145

crypto.createCipheriv(algorithm, key, iv[, options])

90/145

crypto.createDecipheriv(algorithm, key, iv[, options])

91/145

crypto.createDiffieHellman(prime[, primeEncoding][, generator][, generatorEncoding])

prime <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> primeEncoding <string> The encoding of the prime string. generatorEncoding <string> The encoding of the generator string.

92/145

crypto.createDiffieHellman(primeLength[, generator])

primeLength <number> generator <number> Default: 2 Returns: <DiffieHellman> Creates a DiffieHellman key exchange object and generates a prime of primeLength bits using an optional specific numeric generator. If generator is not specified, the value 2 is used.

93/145

crypto.createDiffieHellmanGroup(name)

name <string> Returns: <DiffieHellmanGroup> An alias for crypto.getDiffieHellman()

94/145

crypto.createECDH(curveName)

curveName <string> Returns: <ECDH>

95/145

crypto.createHash(algorithm[, options])

algorithm <string> options <Object> stream.transform options Returns: <Hash> Example: generating the sha256 sum of a file

96/145

crypto.createHmac(algorithm, key[, options])

97/145

crypto.createPrivateKey(key)

lint disable maximum-line-length remark-lint Returns: <KeyObject> lint enable maximum-line-length remark-lint If the private key is encrypted, a passphrase must be specified. The length of the passphrase is limited to 1024 bytes.

98/145

crypto.createPublicKey(key)

lint disable maximum-line-length remark-lint Returns: <KeyObject> lint enable maximum-line-length remark-lint If the format is 'pem', the 'key' may also be an X.509 certificate.

99/145

crypto.createSecretKey(key[, encoding])

key <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> encoding <string> The string encoding when key is a string. Returns: <KeyObject>

100/145

crypto.createSign(algorithm[, options])

algorithm <string> options <Object> stream.Writable options Returns: <Sign>

101/145

crypto.createVerify(algorithm[, options])

algorithm <string> options <Object> stream.Writable options Returns: <Verify>

102/145

crypto.diffieHellman(options)

options: <Object> privateKey: <KeyObject> publicKey: <KeyObject> Returns: <Buffer>

103/145

crypto.generateKey(type, options, callback)

type: <string> The intended use of the generated secret key. Currently accepted values are 'hmac' and 'aes'. callback: <Function> err: <Error> key: <KeyObject>

104/145

crypto.generateKeyPair(type, options, callback)

type: <string> Must be 'rsa', 'rsa-pss', 'dsa', 'ec', 'ed25519', 'ed448', 'x25519', 'x448', or 'dh'. Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC, Ed25519, Ed448, X25519, X448, and DH are currently supported.

105/145

crypto.generateKeyPairSync(type, options)

106/145

crypto.generateKeySync(type, options)

type: <string> The intended use of the generated secret key. Currently accepted values are 'hmac' and 'aes'. Returns: <KeyObject>

107/145

crypto.generatePrime(size[, options[, callback]])

size <number> The size (in bits) of the prime to generate. callback <Function> err <Error> prime <ArrayBuffer> | <bigint> Generates a pseudorandom prime of size bits.

108/145

crypto.generatePrimeSync(size[, options])

size <number> The size (in bits) of the prime to generate. Returns: <ArrayBuffer> | <bigint> Generates a pseudorandom prime of size bits. If options.safe is true, the prime will be a safe prime -- that is, (prime - 1) / 2 will also be a prime.

109/145

crypto.getCipherInfo(nameOrNid[, options])

nameOrNid: <string> | <number> The name or nid of the cipher to query. options: <Object> keyLength: <number> A test key length. ivLength: <number> A test IV length.

110/145

crypto.getCiphers()

Returns: <string[]> An array with the names of the supported cipher algorithms.

111/145

crypto.getCurves()

Returns: <string[]> An array with the names of the supported elliptic curves.

112/145

crypto.getDiffieHellman(groupName)

groupName <string> Returns: <DiffieHellmanGroup> Creates a predefined DiffieHellmanGroup key exchange object. The supported groups are listed in the documentation for DiffieHellmanGroup. Example (obtaining a shared secret):

113/145

crypto.getFips()

Returns: <number> 1 if and only if a FIPS compliant crypto provider is currently in use, 0 otherwise. A future semver-major release may change the return type of this API to a <boolean>.

114/145

crypto.getHashes()

Returns: <string[]> An array of the names of the supported hash algorithms, such as 'RSA-SHA256'. Hash algorithms are also called "digest" algorithms.

115/145

crypto.getRandomValues(typedArray)

116/145

crypto.hash(algorithm, data[, outputEncoding])

algorithm <string> | <undefined> outputEncoding <string> | <undefined> Encoding used to encode the returned digest. Default: 'hex'. Returns: <string> | <Buffer> Example:

117/145

crypto.hkdf(digest, ikm, salt, info, keylen, callback)

118/145

crypto.hkdfSync(digest, ikm, salt, info, keylen)

119/145

crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)

120/145

crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)

121/145

crypto.privateDecrypt(privateKey, buffer)

lint disable maximum-line-length remark-lint buffer <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Returns: <Buffer> A new Buffer with the decrypted content. lint enable maximum-line-length remark-lint

122/145

crypto.privateEncrypt(privateKey, buffer)

lint disable maximum-line-length remark-lint buffer <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Returns: <Buffer> A new Buffer with the encrypted content. lint enable maximum-line-length remark-lint

123/145

crypto.publicDecrypt(key, buffer)

124/145

crypto.publicEncrypt(key, buffer)

125/145

crypto.randomBytes(size[, callback])

size <number> The number of bytes to generate. The size must not be larger than 2**31 - 1. callback <Function> err <Error> buf <Buffer> Returns: <Buffer> if the callback function is not provided.

126/145

crypto.randomFill(buffer[, offset][, size], callback)

buffer <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Must be supplied. The size of the provided buffer must not be larger than 2**31 - 1. offset <number> Default: 0 callback <Function> function(err, buf) {}.

127/145

crypto.randomFillSync(buffer[, offset][, size])

buffer <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Must be supplied. The size of the provided buffer must not be larger than 2**31 - 1. offset <number> Default: 0 Synchronous version of crypto.randomFill().

128/145

crypto.randomInt([min, ]max[, callback])

min <integer> Start of random range (inclusive). Default: 0. max <integer> End of random range (exclusive). callback <Function> function(err, n) {}. The range (max - min) must be less than 248. min and max must be safe integers.

129/145

crypto.randomUUID([options])

options <Object> disableEntropyCache <boolean> By default, to improve performance, Node.js generates and caches enough random data to generate up to 128 random UUIDs. To generate a UUID without using the cache, set disableEntropyCache to true. Default: false.

130/145

crypto.scrypt(password, salt, keylen[, options], callback)

131/145

crypto.scryptSync(password, salt, keylen[, options])

132/145

crypto.secureHeapUsed()

Returns: <Object> total <number> The total allocated secure heap size as specified using the --secure-heap=n command-line flag. min <number> The minimum allocation from the secure heap as specified using the --secure-heap-min command-line flag. used <number> The total number of bytes currently allocated from the secure heap. utilization <number> The calculated ratio of used to total allocated bytes.

133/145

crypto.setEngine(engine[, flags])

engine <string> flags <crypto.constants> Default: crypto.constants.ENGINE_METHOD_ALL Load and set the engine for some or all OpenSSL functions (selected by flags). Support for custom engines in OpenSSL is deprecated from OpenSSL 3. crypto.constants.ENGINE_METHOD_RSA

134/145

crypto.setFips(bool)

bool <boolean> true to enable FIPS mode. Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. Throws an error if FIPS mode is not available.

135/145

crypto.sign(algorithm, data, key[, callback])

136/145

crypto.subtle

Type: <SubtleCrypto> A convenient alias for crypto.webcrypto.subtle.

137/145

crypto.timingSafeEqual(a, b)

138/145

crypto.verify(algorithm, data, key, signature[, callback])

139/145

crypto.webcrypto

Type: <Crypto> An implementation of the Web Crypto API standard. See the Web Crypto API documentation for details.

140/145

Using strings as inputs to cryptographic APIs

For historical reasons, many cryptographic APIs provided by Node.js accept strings as inputs where the underlying cryptographic algorithm works on byte sequences. These instances include plaintexts, ciphertexts, symmetric keys, initialization vectors, passphrases, salts, authentication tags, and additional authenticated data.

141/145

Legacy streams API (prior to Node.js 0.10)

The Crypto module was added to Node.js before there was the concept of a unified Stream API, and before there were Buffer objects for handling binary data. As such, many crypto classes have methods not typically found on other Node.js classes that implement the streams API (e.g. update(), final(), or digest()). Also, many methods accepted and returned 'latin1' encoded strings by default rather than Buffers. This default was changed after Node.js v0.8 to use Buffer objects by default instead.

142/145

Support for weak or compromised algorithms

The node:crypto module still supports some algorithms which are already compromised and are not recommended for use. The API also allows the use of ciphers and hashes with a small key size that are too weak for safe use. Based on the recommendations of NIST SP 800-131A:

143/145

CCM mode

CCM is one of the supported AEAD algorithms. Applications which use this mode must adhere to certain restrictions when using the cipher API: The length of the initialization vector (nonce) N must be between 7 and 13 bytes (7 ≤ N ≤ 13).

144/145

FIPS mode

When using OpenSSL 3, Node.js supports FIPS 140-2 when used with an appropriate OpenSSL 3 provider, such as the FIPS provider from OpenSSL 3 which can be installed by following the instructions in OpenSSL's FIPS README file. For FIPS support in Node.js you will need:

145/145