Skip to main content
crypto - Node documentation

Usage in Deno

import * as mod from "node:crypto";

The node:crypto module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions.

const { createHmac } = await import('node:crypto');

const secret = 'abcdefg';
const hash = createHmac('sha256', secret)
               .update('I love cupcakes')
               .digest('hex');
console.log(hash);
// Prints:
//   c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e

Classes

c
Certificate

SPKAC is a Certificate Signing Request mechanism originally implemented byNetscape and was specified formally as part of HTML5's keygen element.

c
Cipher

Instances of the Cipher class are used to encrypt data. The class can beused in one of two ways:

c
Decipher

Instances of the Decipher class are used to decrypt data. The class can beused in one of two ways:

c
DiffieHellman

The DiffieHellman class is a utility for creating Diffie-Hellman keyexchanges.

c
ECDH

The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)key exchanges.

c
Hash

The Hash class is a utility for creating hash digests of data. It can beused in one of two ways:

c
KeyObject

Node.js uses a KeyObject class to represent a symmetric or asymmetric key,and each kind of key exposes different functions. The createSecretKey, createPublicKey and createPrivateKey methods are used to create KeyObjectinstances. KeyObjectobjects are not to be created directly using the newkeyword.

c
Sign

The Sign class is a utility for generating signatures. It can be used in oneof two ways:

c
Verify

The Verify class is a utility for verifying signatures. It can be used in oneof two ways:

c
Hmac

The Hmac class is a utility for creating cryptographic HMAC digests. It canbe used in one of two ways:

Functions

f
checkPrime

Checks the primality of the candidate.

f
checkPrimeSync

Checks the primality of the candidate.

f
createCipheriv

Creates and returns a Cipher object, with the given algorithm, key andinitialization vector (iv).

f
createDecipheriv

Creates and returns a Decipher object that uses the given algorithm, key and initialization vector (iv).

f
createDiffieHellman

Creates a DiffieHellman key exchange object using the supplied prime and anoptional specific generator.

f
createECDH

Creates an Elliptic Curve Diffie-Hellman (ECDH) key exchange object using apredefined curve specified by the curveName string. Use getCurves to obtain a list of available curve names. On recentOpenSSL releases, openssl ecparam -list_curves will also display the nameand description of each available elliptic curve.

f
createHash

Creates and returns a Hash object that can be used to generate hash digestsusing the given algorithm. Optional options argument controls streambehavior. For XOF hash functions such as 'shake256', the outputLength optioncan be used to specify the desired output length in bytes.

f
createHmac

Creates and returns an Hmac object that uses the given algorithm and key.Optional options argument controls stream behavior.

f
createPrivateKey

Creates and returns a new key object containing a private key. If key is astring or Buffer, format is assumed to be 'pem'; otherwise, key must be an object with the properties described above.

f
createPublicKey

Creates and returns a new key object containing a public key. If key is astring or Buffer, format is assumed to be 'pem'; if key is a KeyObject with type 'private', the public key is derived from the given private key;otherwise, key must be an object with the properties described above.

f
createSecretKey

Creates and returns a new key object containing a secret key for symmetricencryption or Hmac.

f
createSign

Creates and returns a Sign object that uses the given algorithm. Use getHashes to obtain the names of the available digest algorithms.Optional options argument controls the stream.Writable behavior.

f
createVerify

Creates and returns a Verify object that uses the given algorithm.Use getHashes to obtain an array of names of the availablesigning algorithms. Optional options argument controls the stream.Writable behavior.

f
diffieHellman

Computes the Diffie-Hellman secret based on a privateKey and a publicKey.Both keys must have the same asymmetricKeyType, which must be one of 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).

f
generateKey

Asynchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.

f
generateKeyPair

Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC,Ed25519, Ed448, X25519, X448, and DH are currently supported.

f
generateKeyPairSync

Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC,Ed25519, Ed448, X25519, X448, and DH are currently supported.

f
generateKeySync

Synchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.

f
generatePrime

Generates a pseudorandom prime of size bits.

f
generatePrimeSync

Generates a pseudorandom prime of size bits.

f
getCipherInfo

Returns information about a given cipher.

f
getCiphers
No documentation available
f
getCurves
No documentation available
f
getDiffieHellman

Creates a predefined DiffieHellmanGroup key exchange object. Thesupported groups are listed in the documentation for DiffieHellmanGroup.

f
getFips
No documentation available
f
getHashes
No documentation available
f
getRandomValues

A convenient alias for webcrypto.getRandomValues. Thisimplementation is not compliant with the Web Crypto spec, to writeweb-compatible code use webcrypto.getRandomValues instead.

f
hash

A utility for creating one-shot hash digests of data. It can be faster than the object-based crypto.createHash() when hashing a smaller amount of data(<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use crypto.createHash() instead. The algorithmis dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256', 'sha512', etc. On recent releasesof OpenSSL, openssl list -digest-algorithms will display the available digest algorithms.

f
hkdf

HKDF is a simple key derivation function defined in RFC 5869. The given ikm, salt and info are used with the digest to derive a key of keylen bytes.

f
hkdfSync

Provides a synchronous HKDF key derivation function as defined in RFC 5869. Thegiven ikm, salt and info are used with the digest to derive a key of keylen bytes.

f
pbkdf2

Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)implementation. A selected HMAC digest algorithm specified by digest isapplied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

f
pbkdf2Sync

Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)implementation. A selected HMAC digest algorithm specified by digest isapplied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

f
privateDecrypt

Decrypts buffer with privateKey. buffer was previously encrypted usingthe corresponding public key, for example using publicEncrypt.

f
privateEncrypt

Encrypts buffer with privateKey. The returned data can be decrypted usingthe corresponding public key, for example using publicDecrypt.

f
pseudoRandomBytes
No documentation available
f
publicDecrypt

Decrypts buffer with key.buffer was previously encrypted usingthe corresponding private key, for example using privateEncrypt.

f
publicEncrypt

Encrypts the content of buffer with key and returns a new Buffer with encrypted content. The returned data can be decrypted usingthe corresponding private key, for example using privateDecrypt.

f
randomBytes

Generates cryptographically strong pseudorandom data. The size argumentis a number indicating the number of bytes to generate.

f
randomFill

This function is similar to randomBytes but requires the firstargument to be a Buffer that will be filled. It alsorequires that a callback is passed in.

f
randomFillSync

Synchronous version of randomFill.

f
randomInt

Return a random integer n such that min <= n < max. Thisimplementation avoids modulo bias.

f
randomUUID

Generates a random RFC 4122 version 4 UUID. The UUID is generated using acryptographic pseudorandom number generator.

f
scrypt

Provides an asynchronous scrypt implementation. Scrypt is a password-basedkey derivation function that is designed to be expensive computationally andmemory-wise in order to make brute-force attacks unrewarding.

f
scryptSync

Provides a synchronous scrypt implementation. Scrypt is a password-basedkey derivation function that is designed to be expensive computationally andmemory-wise in order to make brute-force attacks unrewarding.

f
secureHeapUsed
No documentation available
f
setEngine

Load and set the engine for some or all OpenSSL functions (selected by flags).

f
setFips

Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.Throws an error if FIPS mode is not available.

f
sign

Calculates and returns the signature for data using the given private key andalgorithm. If algorithm is null or undefined, then the algorithm isdependent upon the key type (especially Ed25519 and Ed448).

f
timingSafeEqual

This function compares the underlying bytes that represent the given ArrayBuffer, TypedArray, or DataView instances using a constant-timealgorithm.

f
verify

Verifies the given signature for data using the given key and algorithm. If algorithm is null or undefined, then the algorithm is dependent upon thekey type (especially Ed25519 and Ed448).

Interfaces

I
CheckPrimeOptions
No documentation available
I
CipherCCM
No documentation available
I
CipherCCMOptions
No documentation available
I
CipherGCM
No documentation available
I
CipherGCMOptions
No documentation available
I
CipherInfoOptions
No documentation available
I
CipherOCB
No documentation available
I
CipherOCBOptions
No documentation available
I
DecipherCCM
No documentation available
I
DecipherGCM
No documentation available
I
DecipherOCB
No documentation available
I
DiffieHellmanGroupConstructor
No documentation available
I
ED25519KeyPairKeyObjectOptions
No documentation available
I
ED448KeyPairKeyObjectOptions
No documentation available
I
GeneratePrimeOptions
No documentation available
I
GeneratePrimeOptionsArrayBuffer
No documentation available
I
GeneratePrimeOptionsBigInt
No documentation available
I
HashOptions
No documentation available
I
JsonWebKey
No documentation available
I
JsonWebKeyInput
No documentation available
I
JwkKeyExportOptions
No documentation available
I
KeyExportOptions
No documentation available
I
KeyPairKeyObjectResult
No documentation available
I
KeyPairSyncResult
No documentation available
I
PublicKeyInput
No documentation available
I
RandomUUIDOptions
No documentation available
I
RsaPublicKey
No documentation available
I
SecureHeapUsage
No documentation available
I
SigningOptions
No documentation available
I
SignJsonWebKeyInput
No documentation available
I
SignKeyObjectInput
No documentation available
I
SignPrivateKeyInput
No documentation available
I
VerifyJsonWebKeyInput
No documentation available
I
VerifyKeyObjectInput
No documentation available
I
VerifyPublicKeyInput
No documentation available
I
webcrypto.AesCbcParams
No documentation available
I
webcrypto.AesCtrParams
No documentation available
I
webcrypto.AesDerivedKeyParams
No documentation available
I
webcrypto.AesKeyAlgorithm
No documentation available
I
webcrypto.AesKeyGenParams
No documentation available
I
webcrypto.Algorithm
No documentation available
I
webcrypto.Crypto

Importing the webcrypto object (import { webcrypto } from 'node:crypto') gives an instance of the Crypto class.Crypto is a singleton that provides access to the remainder of the crypto API.

I
webcrypto.CryptoKeyPair

The CryptoKeyPair is a simple dictionary object with publicKey and privateKey properties, representing an asymmetric key pair.

I
webcrypto.EcdhKeyDeriveParams
No documentation available
I
webcrypto.EcdsaParams
No documentation available
I
webcrypto.EcKeyAlgorithm
No documentation available
I
webcrypto.EcKeyGenParams
No documentation available
I
webcrypto.EcKeyImportParams
No documentation available
I
webcrypto.Ed448Params
No documentation available
I
webcrypto.HkdfParams
No documentation available
I
webcrypto.HmacImportParams
No documentation available
I
webcrypto.HmacKeyAlgorithm
No documentation available
I
webcrypto.HmacKeyGenParams
No documentation available
I
webcrypto.KeyAlgorithm
No documentation available
I
webcrypto.Pbkdf2Params
No documentation available
I
webcrypto.RsaHashedImportParams
No documentation available
I
webcrypto.RsaHashedKeyAlgorithm
No documentation available
I
webcrypto.RsaHashedKeyGenParams
No documentation available
I
webcrypto.RsaOaepParams
No documentation available
I
webcrypto.RsaOtherPrimesInfo
No documentation available
I
webcrypto.RsaPssParams
No documentation available
I
X25519KeyPairKeyObjectOptions
No documentation available
I
X448KeyPairKeyObjectOptions
No documentation available

Namespaces

N
constants
No documentation available

Type Aliases

T
BinaryLike
No documentation available
T
BinaryToTextEncoding
No documentation available
T
CharacterEncoding
No documentation available
T
CipherCCMTypes
No documentation available
T
CipherGCMTypes
No documentation available
T
CipherKey
No documentation available
T
CipherMode
No documentation available
T
CipherOCBTypes
No documentation available
T
DSAEncoding
No documentation available
T
ECDHKeyFormat
No documentation available
T
Encoding
No documentation available
T
KeyFormat
No documentation available
T
KeyLike
No documentation available
T
KeyObjectType
No documentation available
T
KeyType
No documentation available
T
LargeNumberLike
No documentation available
T
LegacyCharacterEncoding
No documentation available
T
UUID
No documentation available
T
webcrypto.AlgorithmIdentifier
No documentation available
T
webcrypto.BigInteger
No documentation available
T
webcrypto.BufferSource
No documentation available
T
webcrypto.HashAlgorithmIdentifier
No documentation available
T
webcrypto.KeyFormat
No documentation available
T
webcrypto.KeyType
No documentation available
T
webcrypto.KeyUsage
No documentation available
T
webcrypto.NamedCurve
No documentation available

Variables

v
constants.defaultCipherList

Specifies the active default cipher list used by the current Node.js process (colon-separated values).

v
constants.defaultCoreCipherList

Specifies the built-in default cipher list used by Node.js (colon-separated values).

v
constants.DH_CHECK_P_NOT_PRIME
No documentation available
v
constants.DH_CHECK_P_NOT_SAFE_PRIME
No documentation available
v
constants.DH_NOT_SUITABLE_GENERATOR
No documentation available
v
constants.DH_UNABLE_TO_CHECK_GENERATOR
No documentation available
v
constants.ENGINE_METHOD_ALL
No documentation available
v
constants.ENGINE_METHOD_CIPHERS
No documentation available
v
constants.ENGINE_METHOD_DH
No documentation available
v
constants.ENGINE_METHOD_DIGESTS
No documentation available
v
constants.ENGINE_METHOD_DSA
No documentation available
v
constants.ENGINE_METHOD_EC
No documentation available
v
constants.ENGINE_METHOD_NONE
No documentation available
v
constants.ENGINE_METHOD_PKEY_ASN1_METHS
No documentation available
v
constants.ENGINE_METHOD_PKEY_METHS
No documentation available
v
constants.ENGINE_METHOD_RAND
No documentation available
v
constants.ENGINE_METHOD_RSA
No documentation available
v
constants.OPENSSL_VERSION_NUMBER
No documentation available
v
constants.POINT_CONVERSION_COMPRESSED
No documentation available
v
constants.POINT_CONVERSION_HYBRID
No documentation available
v
constants.POINT_CONVERSION_UNCOMPRESSED
No documentation available
v
constants.RSA_NO_PADDING
No documentation available
v
constants.RSA_PKCS1_OAEP_PADDING
No documentation available
v
constants.RSA_PKCS1_PADDING
No documentation available
v
constants.RSA_PKCS1_PSS_PADDING
No documentation available
v
constants.RSA_PSS_SALTLEN_AUTO

Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature.

v
constants.RSA_PSS_SALTLEN_DIGEST

Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying.

v
constants.RSA_PSS_SALTLEN_MAX_SIGN

Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data.

v
constants.RSA_SSLV23_PADDING
No documentation available
v
constants.RSA_X931_PADDING
No documentation available
v
constants.SSL_OP_ALL

Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.

v
constants.SSL_OP_ALLOW_NO_DHE_KEX

Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3

v
constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.

v
constants.SSL_OP_CIPHER_SERVER_PREFERENCE

Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.

v
constants.SSL_OP_CISCO_ANYCONNECT

Instructs OpenSSL to use Cisco's version identifier of DTLS_BAD_VER.

v
constants.SSL_OP_CRYPTOPRO_TLSEXT_BUG

Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.

v
constants.SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.

v
constants.SSL_OP_LEGACY_SERVER_CONNECT

Allows initial connection to servers that do not support RI.

v
constants.SSL_OP_NO_COMPRESSION

Instructs OpenSSL to disable support for SSL/TLS compression.

v
constants.SSL_OP_NO_ENCRYPT_THEN_MAC

Instructs OpenSSL to disable encrypt-then-MAC.

v
constants.SSL_OP_NO_QUERY_MTU
No documentation available
v
constants.SSL_OP_NO_RENEGOTIATION

Instructs OpenSSL to disable renegotiation.

v
constants.SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

Instructs OpenSSL to always start a new session when performing renegotiation.

v
constants.SSL_OP_NO_SSLv2

Instructs OpenSSL to turn off SSL v2

v
constants.SSL_OP_NO_SSLv3

Instructs OpenSSL to turn off SSL v3

v
constants.SSL_OP_NO_TICKET

Instructs OpenSSL to disable use of RFC4507bis tickets.

v
constants.SSL_OP_NO_TLSv1

Instructs OpenSSL to turn off TLS v1

v
constants.SSL_OP_NO_TLSv1_1

Instructs OpenSSL to turn off TLS v1.1

v
constants.SSL_OP_NO_TLSv1_2

Instructs OpenSSL to turn off TLS v1.2

v
constants.SSL_OP_NO_TLSv1_3

Instructs OpenSSL to turn off TLS v1.3

v
constants.SSL_OP_PRIORITIZE_CHACHA

Instructs OpenSSL server to prioritize ChaCha20-Poly1305 when the client does. This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

v
constants.SSL_OP_TLS_ROLLBACK_BUG

Instructs OpenSSL to disable version rollback attack detection.

v
crypto
No documentation available
T
v
DiffieHellmanGroup
No documentation available
v
subtle

A convenient alias for crypto.webcrypto.subtle.

N
v
webcrypto
No documentation available
v
fips
No documentation available