Usage in Deno
import * as mod from "node:crypto";
The node:crypto
module provides cryptographic functionality that includes a
set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify
functions.
const { createHmac } = await import('node:crypto');
const secret = 'abcdefg';
const hash = createHmac('sha256', secret)
.update('I love cupcakes')
.digest('hex');
console.log(hash);
// Prints:
// c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
Instances of the Cipher
class are used to encrypt data. The class can be
used in one of two ways:
Instances of the Decipher
class are used to decrypt data. The class can be
used in one of two ways:
The DiffieHellman
class is a utility for creating Diffie-Hellman key
exchanges.
Encapsulates an X509 certificate and provides read-only access to its information.
Checks the primality of the candidate
.
Checks the primality of the candidate
.
Creates and returns a Cipher
object, with the given algorithm
, key
and
initialization vector (iv
).
Creates and returns a Decipher
object that uses the given algorithm
, key
and initialization vector (iv
).
Creates a DiffieHellman
key exchange object using the supplied prime
and an
optional specific generator
.
An alias for getDiffieHellman
Creates an Elliptic Curve Diffie-Hellman (ECDH
) key exchange object using a
predefined curve specified by the curveName
string. Use getCurves to obtain a list of available curve names. On recent
OpenSSL releases, openssl ecparam -list_curves
will also display the name
and description of each available elliptic curve.
Creates and returns a Hash
object that can be used to generate hash digests
using the given algorithm
. Optional options
argument controls stream
behavior. For XOF hash functions such as 'shake256'
, the outputLength
option
can be used to specify the desired output length in bytes.
Creates and returns an Hmac
object that uses the given algorithm
and key
.
Optional options
argument controls stream behavior.
Creates and returns a new key object containing a private key. If key
is a
string or Buffer
, format
is assumed to be 'pem'
; otherwise, key
must be an object with the properties described above.
Creates and returns a new key object containing a public key. If key
is a
string or Buffer
, format
is assumed to be 'pem'
; if key
is a KeyObject
with type 'private'
, the public key is derived from the given private key;
otherwise, key
must be an object with the properties described above.
Creates and returns a new key object containing a secret key for symmetric
encryption or Hmac
.
Creates and returns a Sign
object that uses the given algorithm
. Use getHashes to obtain the names of the available digest algorithms.
Optional options
argument controls the stream.Writable
behavior.
Creates and returns a Verify
object that uses the given algorithm.
Use getHashes to obtain an array of names of the available
signing algorithms. Optional options
argument controls the stream.Writable
behavior.
Computes the Diffie-Hellman secret based on a privateKey
and a publicKey
.
Both keys must have the same asymmetricKeyType
, which must be one of 'dh'
(for Diffie-Hellman), 'ec'
(for ECDH), 'x448'
, or 'x25519'
(for ECDH-ES).
Asynchronously generates a new random secret key of the given length
. The type
will determine which validations will be performed on the length
.
Generates a new asymmetric key pair of the given type
. RSA, RSA-PSS, DSA, EC,
Ed25519, Ed448, X25519, X448, and DH are currently supported.
Synchronously generates a new random secret key of the given length
. The type
will determine which validations will be performed on the length
.
Generates a pseudorandom prime of size
bits.
Returns information about a given cipher.
Creates a predefined DiffieHellmanGroup
key exchange object. The
supported groups are listed in the documentation for DiffieHellmanGroup
.
A convenient alias for webcrypto.getRandomValues. This implementation is not compliant with the Web Crypto spec, to write web-compatible code use webcrypto.getRandomValues instead.
A utility for creating one-shot hash digests of data. It can be faster than the object-based crypto.createHash()
when hashing a smaller amount of data
(<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use crypto.createHash()
instead. The algorithm
is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256'
, 'sha512'
, etc. On recent releases
of OpenSSL, openssl list -digest-algorithms
will display the available digest algorithms.
HKDF is a simple key derivation function defined in RFC 5869. The given ikm
, salt
and info
are used with the digest
to derive a key of keylen
bytes.
Provides a synchronous HKDF key derivation function as defined in RFC 5869. The
given ikm
, salt
and info
are used with the digest
to derive a key of keylen
bytes.
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation. A selected HMAC digest algorithm specified by digest
is
applied to derive a key of the requested byte length (keylen
) from the password
, salt
and iterations
.
Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation. A selected HMAC digest algorithm specified by digest
is
applied to derive a key of the requested byte length (keylen
) from the password
, salt
and iterations
.
Decrypts buffer
with privateKey
. buffer
was previously encrypted using
the corresponding public key, for example using publicEncrypt.
Encrypts buffer
with privateKey
. The returned data can be decrypted using
the corresponding public key, for example using publicDecrypt.
Encrypts the content of buffer
with key
and returns a new Buffer
with encrypted content. The returned data can be decrypted using
the corresponding private key, for example using privateDecrypt.
Generates cryptographically strong pseudorandom data. The size
argument
is a number indicating the number of bytes to generate.
This function is similar to randomBytes but requires the first
argument to be a Buffer
that will be filled. It also
requires that a callback is passed in.
Synchronous version of randomFill.
Return a random integer n
such that min <= n < max
. This
implementation avoids modulo bias.
Generates a random RFC 4122 version 4 UUID. The UUID is generated using a cryptographic pseudorandom number generator.
Provides a synchronous scrypt implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.
Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. Throws an error if FIPS mode is not available.
Calculates and returns the signature for data
using the given private key and
algorithm. If algorithm
is null
or undefined
, then the algorithm is
dependent upon the key type (especially Ed25519 and Ed448).
This function compares the underlying bytes that represent the given ArrayBuffer
, TypedArray
, or DataView
instances using a constant-time
algorithm.
Verifies the given signature for data
using the given key and algorithm. If algorithm
is null
or undefined
, then the algorithm is dependent upon the
key type (especially Ed25519 and Ed448).
Importing the webcrypto
object (import { webcrypto } from 'node:crypto'
) gives an instance of the Crypto
class.
Crypto
is a singleton that provides access to the remainder of the crypto API.
The CryptoKeyPair
is a simple dictionary object with publicKey
and privateKey
properties, representing an asymmetric key pair.
Specifies the active default cipher list used by the current Node.js process (colon-separated values).
Specifies the built-in default cipher list used by Node.js (colon-separated values).
Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature.
Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying.
Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data.
Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.
Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3
Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
Instructs OpenSSL to use Cisco's version identifier of DTLS_BAD_VER.
Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.
Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.
Allows initial connection to servers that do not support RI.
Instructs OpenSSL to disable support for SSL/TLS compression.
Instructs OpenSSL to disable encrypt-then-MAC.
Instructs OpenSSL to disable renegotiation.
Instructs OpenSSL to always start a new session when performing renegotiation.
Instructs OpenSSL to turn off SSL v2
Instructs OpenSSL to turn off SSL v3
Instructs OpenSSL to disable use of RFC4507bis tickets.
Instructs OpenSSL to turn off TLS v1
Instructs OpenSSL to turn off TLS v1.1
Instructs OpenSSL to turn off TLS v1.2
Instructs OpenSSL to turn off TLS v1.3
Instructs OpenSSL server to prioritize ChaCha20-Poly1305 when the client does. This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE
is not enabled.
Instructs OpenSSL to disable version rollback attack detection.
A convenient alias for crypto.webcrypto.subtle
.