crypto.html 80.4 KB
Newer Older
1 2
<!doctype html>
<html lang="en">
3
<head>
4
  <meta charset="utf-8">
5
  <title>Crypto Node.js v5.5.0 Manual &amp; Documentation</title>
6
  <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic">
7 8
  <link rel="stylesheet" href="assets/style.css">
  <link rel="stylesheet" href="assets/sh.css">
9
  <link rel="canonical" href="https://nodejs.org/api/crypto.html">
10
</head>
11 12 13 14 15 16 17 18
<body class="alt apidoc" id="api-section-crypto">
  <div id="content" class="clearfix">
    <div id="column2" class="interior">
      <div id="intro" class="interior">
        <a href="/" title="Go back to the home page">
          Node.js (1)
        </a>
      </div>
19
      <ul>
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
<li><a class="nav-documentation" href="documentation.html">About these Docs</a></li>
<li><a class="nav-synopsis" href="synopsis.html">Synopsis</a></li>
<li><a class="nav-assert" href="assert.html">Assertion Testing</a></li>
<li><a class="nav-buffer" href="buffer.html">Buffer</a></li>
<li><a class="nav-addons" href="addons.html">C/C++ Addons</a></li>
<li><a class="nav-child_process" href="child_process.html">Child Processes</a></li>
<li><a class="nav-cluster" href="cluster.html">Cluster</a></li>
<li><a class="nav-console" href="console.html">Console</a></li>
<li><a class="nav-crypto active" href="crypto.html">Crypto</a></li>
<li><a class="nav-debugger" href="debugger.html">Debugger</a></li>
<li><a class="nav-dns" href="dns.html">DNS</a></li>
<li><a class="nav-domain" href="domain.html">Domain</a></li>
<li><a class="nav-errors" href="errors.html">Errors</a></li>
<li><a class="nav-events" href="events.html">Events</a></li>
<li><a class="nav-fs" href="fs.html">File System</a></li>
<li><a class="nav-globals" href="globals.html">Globals</a></li>
<li><a class="nav-http" href="http.html">HTTP</a></li>
<li><a class="nav-https" href="https.html">HTTPS</a></li>
<li><a class="nav-modules" href="modules.html">Modules</a></li>
<li><a class="nav-net" href="net.html">Net</a></li>
<li><a class="nav-os" href="os.html">OS</a></li>
<li><a class="nav-path" href="path.html">Path</a></li>
<li><a class="nav-process" href="process.html">Process</a></li>
<li><a class="nav-punycode" href="punycode.html">Punycode</a></li>
<li><a class="nav-querystring" href="querystring.html">Query Strings</a></li>
<li><a class="nav-readline" href="readline.html">Readline</a></li>
<li><a class="nav-repl" href="repl.html">REPL</a></li>
<li><a class="nav-stream" href="stream.html">Stream</a></li>
<li><a class="nav-string_decoder" href="string_decoder.html">String Decoder</a></li>
<li><a class="nav-timers" href="timers.html">Timers</a></li>
<li><a class="nav-tls" href="tls.html">TLS/SSL</a></li>
<li><a class="nav-tty" href="tty.html">TTY</a></li>
<li><a class="nav-dgram" href="dgram.html">UDP/Datagram</a></li>
<li><a class="nav-url" href="url.html">URL</a></li>
<li><a class="nav-util" href="util.html">Utilities</a></li>
<li><a class="nav-v8" href="v8.html">V8</a></li>
<li><a class="nav-vm" href="vm.html">VM</a></li>
<li><a class="nav-zlib" href="zlib.html">ZLIB</a></li>
</ul>

60
    </div>
61 62 63

    <div id="column1" data-id="crypto" class="interior">
      <header>
64
        <h1>Node.js v5.5.0 Documentation</h1>
65 66 67 68 69 70 71 72 73 74 75 76 77
        <div id="gtoc">
          <p>
            <a href="index.html" name="toc">Index</a> |
            <a href="all.html">View on single page</a> |
            <a href="crypto.json">View as JSON</a>
          </p>
        </div>
        <hr>
      </header>

      <div id="toc">
        <h2>Table of Contents</h2>
        <ul>
78
<li><a href="#crypto_crypto">Crypto</a><ul>
79
<li><a href="#crypto_class_certificate">Class: Certificate</a><ul>
80 81
<li><a href="#crypto_new_crypto_certificate">new crypto.Certificate()</a></li>
<li><a href="#crypto_certificate_exportchallenge_spkac">certificate.exportChallenge(spkac)</a></li>
82 83
<li><a href="#crypto_certificate_exportpublickey_spkac">Certificate.exportPublicKey(spkac)</a></li>
<li><a href="#crypto_certificate_verifyspkac_spkac">Certificate.verifySpkac(spkac)</a></li>
84 85 86 87
</ul>
</li>
<li><a href="#crypto_class_cipher">Class: Cipher</a><ul>
<li><a href="#crypto_cipher_final_output_encoding">cipher.final([output_encoding])</a></li>
88
<li><a href="#crypto_cipher_setaad_buffer">cipher.setAAD(buffer)</a></li>
89
<li><a href="#crypto_cipher_getauthtag">cipher.getAuthTag()</a></li>
90 91
<li><a href="#crypto_cipher_setautopadding_auto_padding_true">cipher.setAutoPadding(auto_padding=true)</a></li>
<li><a href="#crypto_cipher_update_data_input_encoding_output_encoding">cipher.update(data[, input_encoding][, output_encoding])</a></li>
92 93 94 95
</ul>
</li>
<li><a href="#crypto_class_decipher">Class: Decipher</a><ul>
<li><a href="#crypto_decipher_final_output_encoding">decipher.final([output_encoding])</a></li>
96
<li><a href="#crypto_decipher_setaad_buffer">decipher.setAAD(buffer)</a></li>
97 98 99
<li><a href="#crypto_decipher_setauthtag_buffer">decipher.setAuthTag(buffer)</a></li>
<li><a href="#crypto_decipher_setautopadding_auto_padding_true">decipher.setAutoPadding(auto_padding=true)</a></li>
<li><a href="#crypto_decipher_update_data_input_encoding_output_encoding">decipher.update(data[, input_encoding][, output_encoding])</a></li>
100 101 102
</ul>
</li>
<li><a href="#crypto_class_diffiehellman">Class: DiffieHellman</a><ul>
103
<li><a href="#crypto_diffiehellman_computesecret_other_public_key_input_encoding_output_encoding">diffieHellman.computeSecret(other_public_key[, input_encoding][, output_encoding])</a></li>
104
<li><a href="#crypto_diffiehellman_generatekeys_encoding">diffieHellman.generateKeys([encoding])</a></li>
105
<li><a href="#crypto_diffiehellman_getgenerator_encoding">diffieHellman.getGenerator([encoding])</a></li>
106
<li><a href="#crypto_diffiehellman_getprime_encoding">diffieHellman.getPrime([encoding])</a></li>
107
<li><a href="#crypto_diffiehellman_getprivatekey_encoding">diffieHellman.getPrivateKey([encoding])</a></li>
108
<li><a href="#crypto_diffiehellman_getpublickey_encoding">diffieHellman.getPublicKey([encoding])</a></li>
109
<li><a href="#crypto_diffiehellman_setprivatekey_private_key_encoding">diffieHellman.setPrivateKey(private_key[, encoding])</a></li>
110 111
<li><a href="#crypto_diffiehellman_setpublickey_public_key_encoding">diffieHellman.setPublicKey(public_key[, encoding])</a></li>
<li><a href="#crypto_diffiehellman_verifyerror">diffieHellman.verifyError</a></li>
112 113
</ul>
</li>
114 115
<li><a href="#crypto_class_ecdh">Class: ECDH</a><ul>
<li><a href="#crypto_ecdh_computesecret_other_public_key_input_encoding_output_encoding">ECDH.computeSecret(other_public_key[, input_encoding][, output_encoding])</a></li>
116
<li><a href="#crypto_ecdh_generatekeys_encoding_format">ECDH.generateKeys([encoding[, format]])</a></li>
117
<li><a href="#crypto_ecdh_getprivatekey_encoding">ECDH.getPrivateKey([encoding])</a></li>
118
<li><a href="#crypto_ecdh_getpublickey_encoding_format">ECDH.getPublicKey([encoding[, format]])</a></li>
119
<li><a href="#crypto_ecdh_setprivatekey_private_key_encoding">ECDH.setPrivateKey(private_key[, encoding])</a></li>
120
<li><a href="#crypto_ecdh_setpublickey_public_key_encoding">ECDH.setPublicKey(public_key[, encoding])</a></li>
121 122
</ul>
</li>
123 124 125
<li><a href="#crypto_class_hash">Class: Hash</a><ul>
<li><a href="#crypto_hash_digest_encoding">hash.digest([encoding])</a></li>
<li><a href="#crypto_hash_update_data_input_encoding">hash.update(data[, input_encoding])</a></li>
126 127
</ul>
</li>
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
<li><a href="#crypto_class_hmac">Class: Hmac</a><ul>
<li><a href="#crypto_hmac_digest_encoding">hmac.digest([encoding])</a></li>
<li><a href="#crypto_hmac_update_data">hmac.update(data)</a></li>
</ul>
</li>
<li><a href="#crypto_class_sign">Class: Sign</a><ul>
<li><a href="#crypto_sign_sign_private_key_output_format">sign.sign(private_key[, output_format])</a></li>
<li><a href="#crypto_sign_update_data">sign.update(data)</a></li>
</ul>
</li>
<li><a href="#crypto_class_verify">Class: Verify</a><ul>
<li><a href="#crypto_verifier_update_data">verifier.update(data)</a></li>
<li><a href="#crypto_verifier_verify_object_signature_signature_format">verifier.verify(object, signature[, signature_format])</a></li>
</ul>
</li>
143
<li><a href="#crypto_crypto_module_methods_and_properties"><code>crypto</code> module methods and properties</a><ul>
144 145 146 147 148 149
<li><a href="#crypto_crypto_default_encoding">crypto.DEFAULT_ENCODING</a></li>
<li><a href="#crypto_crypto_createcipher_algorithm_password">crypto.createCipher(algorithm, password)</a></li>
<li><a href="#crypto_crypto_createcipheriv_algorithm_key_iv">crypto.createCipheriv(algorithm, key, iv)</a></li>
<li><a href="#crypto_crypto_createcredentials_details">crypto.createCredentials(details)</a></li>
<li><a href="#crypto_crypto_createdecipher_algorithm_password">crypto.createDecipher(algorithm, password)</a></li>
<li><a href="#crypto_crypto_createdecipheriv_algorithm_key_iv">crypto.createDecipheriv(algorithm, key, iv)</a></li>
150 151 152
</ul>
</li>
<li><a href="#crypto_crypto_creatediffiehellman_prime_prime_encoding_generator_generator_encoding">crypto.createDiffieHellman(prime[, prime_encoding][, generator][, generator_encoding])</a><ul>
153 154 155 156 157 158 159 160 161 162 163 164
<li><a href="#crypto_crypto_creatediffiehellman_prime_length_generator">crypto.createDiffieHellman(prime_length[, generator])</a></li>
<li><a href="#crypto_crypto_createecdh_curve_name">crypto.createECDH(curve_name)</a></li>
<li><a href="#crypto_crypto_createhash_algorithm">crypto.createHash(algorithm)</a></li>
<li><a href="#crypto_crypto_createhmac_algorithm_key">crypto.createHmac(algorithm, key)</a></li>
<li><a href="#crypto_crypto_createsign_algorithm">crypto.createSign(algorithm)</a></li>
<li><a href="#crypto_crypto_createverify_algorithm">crypto.createVerify(algorithm)</a></li>
<li><a href="#crypto_crypto_getciphers">crypto.getCiphers()</a></li>
<li><a href="#crypto_crypto_getcurves">crypto.getCurves()</a></li>
<li><a href="#crypto_crypto_getdiffiehellman_group_name">crypto.getDiffieHellman(group_name)</a></li>
<li><a href="#crypto_crypto_gethashes">crypto.getHashes()</a></li>
<li><a href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback">crypto.pbkdf2(password, salt, iterations, keylen[, digest], callback)</a></li>
<li><a href="#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest">crypto.pbkdf2Sync(password, salt, iterations, keylen[, digest])</a></li>
165 166
<li><a href="#crypto_crypto_privatedecrypt_private_key_buffer">crypto.privateDecrypt(private_key, buffer)</a></li>
<li><a href="#crypto_crypto_privateencrypt_private_key_buffer">crypto.privateEncrypt(private_key, buffer)</a></li>
167 168 169 170
<li><a href="#crypto_crypto_publicdecrypt_public_key_buffer">crypto.publicDecrypt(public_key, buffer)</a></li>
<li><a href="#crypto_crypto_publicencrypt_public_key_buffer">crypto.publicEncrypt(public_key, buffer)</a></li>
<li><a href="#crypto_crypto_randombytes_size_callback">crypto.randomBytes(size[, callback])</a></li>
<li><a href="#crypto_crypto_setengine_engine_flags">crypto.setEngine(engine[, flags])</a></li>
171 172 173 174 175 176 177 178
</ul>
</li>
<li><a href="#crypto_notes">Notes</a><ul>
<li><a href="#crypto_legacy_streams_api_pre_node_js_v0_10">Legacy Streams API (pre Node.js v0.10)</a></li>
<li><a href="#crypto_recent_ecdh_changes">Recent ECDH Changes</a></li>
<li><a href="#crypto_support_for_weak_or_compromised_algorithms">Support for weak or compromised algorithms</a></li>
</ul>
</li>
179 180 181 182
</ul>
</li>
</ul>

183
      </div>
184

185 186
      <div id="apicontent">
        <h1>Crypto<span><a class="mark" href="#crypto_crypto" id="crypto_crypto">#</a></span></h1>
187 188
<pre class="api_stability_2">Stability: 2 - Stable</pre><p>The <code>crypto</code> module provides cryptographic functionality that includes a set of
wrappers for OpenSSL&#39;s hash, HMAC, cipher, decipher, sign and verify functions.
189

190
</p>
191
<p>Use <code>require(&#39;crypto&#39;)</code> to access this module.
192

193
</p>
194
<pre><code>const crypto = require(&#39;crypto&#39;);
195

196 197 198 199 200 201 202
const secret = &#39;abcdefg&#39;;
const hash = crypto.createHmac(&#39;sha256&#39;, secret)
                   .update(&#39;I love cupcakes&#39;)
                   .digest(&#39;hex&#39;);
console.log(hash);
  // Prints:
  //   c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e</code></pre>
203
<h2>Class: Certificate<span><a class="mark" href="#crypto_class_certificate" id="crypto_class_certificate">#</a></span></h2>
204 205
<p>SPKAC is a Certificate Signing Request mechanism originally implemented by
Netscape and now specified formally as part of <a href="http://www.w3.org/TR/html5/forms.html#the-keygen-element">HTML5&#39;s <code>keygen</code> element</a>.
206 207

</p>
208 209 210
<p>The <code>crypto</code> module provides the <code>Certificate</code> class for working with SPKAC
data. The most common usage is handling output generated by the HTML5
<code>&lt;keygen&gt;</code> element. Node.js uses <a href="https://www.openssl.org/docs/apps/spkac.html">OpenSSL&#39;s SPKAC implementation</a> internally.
211 212

</p>
213 214 215
<h3>new crypto.Certificate()<span><a class="mark" href="#crypto_new_crypto_certificate" id="crypto_new_crypto_certificate">#</a></span></h3>
<p>Instances of the <code>Certificate</code> class can be created using the <code>new</code> keyword
or by calling <code>crypto.Certificate()</code> as a function:
216 217

</p>
218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
<pre><code>const crypto = require(&#39;crypto&#39;);

const cert1 = new crypto.Certificate();
const cert2 = crypto.Certificate();</code></pre>
<h3>certificate.exportChallenge(spkac)<span><a class="mark" href="#crypto_certificate_exportchallenge_spkac" id="crypto_certificate_exportchallenge_spkac">#</a></span></h3>
<p>The <code>spkac</code> data structure includes a public key and a challenge. The
<code>certificate.exportChallenge()</code> returns the challenge component in the
form of a Node.js <a href="buffer.html"><code>Buffer</code></a>. The <code>spkac</code> argument can be either a string
or a <a href="buffer.html"><code>Buffer</code></a>.

</p>
<pre><code>const cert = require(&#39;crypto&#39;).Certificate();
const spkac = getSpkacSomehow();
const challenge = cert.exportChallenge(spkac);
console.log(challenge.toString(&#39;utf8&#39;));
  // Prints the challenge as a UTF8 string</code></pre>
234
<h3>Certificate.exportPublicKey(spkac)<span><a class="mark" href="#crypto_certificate_exportpublickey_spkac" id="crypto_certificate_exportpublickey_spkac">#</a></span></h3>
235 236 237 238
<p>The <code>spkac</code> data structure includes a public key and a challenge. The
<code>certificate.exportPublicKey()</code> returns the public key component in the
form of a Node.js <a href="buffer.html"><code>Buffer</code></a>. The <code>spkac</code> argument can be either a string
or a <a href="buffer.html"><code>Buffer</code></a>.
239 240

</p>
241 242 243 244 245
<pre><code>const cert = require(&#39;crypto&#39;).Certificate();
const spkac = getSpkacSomehow();
const publicKey = cert.exportPublicKey(spkac);
console.log(publicKey);
  // Prints the public key as &lt;Buffer ...&gt;</code></pre>
246
<h3>Certificate.verifySpkac(spkac)<span><a class="mark" href="#crypto_certificate_verifyspkac_spkac" id="crypto_certificate_verifyspkac_spkac">#</a></span></h3>
247 248
<p>Returns <code>true</code> if the given <code>spkac</code> data structure is valid, <code>false</code> otherwise.
The <code>spkac</code> argument must be a Node.js <a href="buffer.html"><code>Buffer</code></a>.
249

250
</p>
251 252 253 254
<pre><code>const cert = require(&#39;crypto&#39;).Certificate();
const spkac = getSpkacSomehow();
console.log(cert.verifySpkac(new Buffer(spkac)));
  // Prints true or false</code></pre>
255
<h2>Class: Cipher<span><a class="mark" href="#crypto_class_cipher" id="crypto_class_cipher">#</a></span></h2>
256 257
<p>Instances of the <code>Cipher</code> class are used to encrypt data. The class can be
used in one of two ways:
258 259

</p>
260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286
<ul>
<li>As a <a href="stream.html">stream</a> that is both readable and writable, where plain unencrypted
data is written to produce encrypted data on the readable side, or</li>
<li>Using the <code>cipher.update()</code> and <code>cipher.final()</code> methods to produce the
encrypted data.</li>
</ul>
<p>The <code>crypto.createCipher()</code> or <code>crypto.createCipheriv()</code> methods are used to
create <code>Cipher</code> instances. <code>Cipher</code> objects are not to be created directly
using the <code>new</code> keyword.

</p>
<p>Example: Using <code>Cipher</code> objects as streams:

</p>
<pre><code>const crypto = require(&#39;crypto&#39;);
const cipher = crypto.createCipher(&#39;aes192&#39;, &#39;a password&#39;);

cipher.on(&#39;readable&#39;, () =&gt; {
  var data = cipher.read();
  if (data)
    console.log(data.toString(&#39;hex&#39;));
    // Prints: b919f20fc5ac2f9c1d2cce94cb1d9c2d
});

cipher.write(&#39;clear text data&#39;);
cipher.end();</code></pre>
<p>Example: Using <code>Cipher</code> and piped streams:
287 288

</p>
289 290 291 292 293 294 295 296 297
<pre><code>const crypto = require(&#39;crypto&#39;);
const fs = require(&#39;fs&#39;);
const cipher = crypto.createCipher(&#39;aes192&#39;, &#39;a password&#39;);

const input = fs.createReadStream(&#39;test.js&#39;);
const output = fs.createWriteStream(&#39;test.enc&#39;);

input.pipe(cipher).pipe(output);</code></pre>
<p>Example: Using the <code>cipher.update()</code> and <code>cipher.final()</code> methods:
298 299

</p>
300 301 302 303 304 305
<pre><code>const crypto = require(&#39;crypto&#39;);
const cipher = crypto.createCipher(&#39;aes192&#39;, &#39;a password&#39;);

cipher.update(&#39;clear text data&#39;);
console.log(cipher.final(&#39;hex&#39;));
  // Prints: b919f20fc5ac2f9c1d2cce94cb1d9c2d</code></pre>
306
<h3>cipher.final([output_encoding])<span><a class="mark" href="#crypto_cipher_final_output_encoding" id="crypto_cipher_final_output_encoding">#</a></span></h3>
307 308 309 310 311 312 313 314
<p>Returns any remaining enciphered contents. If <code>output_encoding</code>
parameter is one of <code>&#39;binary&#39;</code>, <code>&#39;base64&#39;</code> or <code>&#39;hex&#39;</code>, a string is returned.
If an <code>output_encoding</code> is not provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.

</p>
<p>Once the <code>cipher.final()</code> method has been called, the <code>Cipher</code> object can no
longer be used to encrypt data. Attempts to call <code>cipher.final()</code> more than
once will result in an error being thrown.
315 316

</p>
317 318 319 320
<h3>cipher.setAAD(buffer)<span><a class="mark" href="#crypto_cipher_setaad_buffer" id="crypto_cipher_setaad_buffer">#</a></span></h3>
<p>When using an authenticated encryption mode (only <code>GCM</code> is currently
supported), the <code>cipher.getAAD()</code> method sets the value used for the
<em>additional authenticated data</em> (AAD) input parameter.
321

322
</p>
323
<h3>cipher.getAuthTag()<span><a class="mark" href="#crypto_cipher_getauthtag" id="crypto_cipher_getauthtag">#</a></span></h3>
324 325 326
<p>When using an authenticated encryption mode (only <code>GCM</code> is currently
supported), the <code>cipher.getAuthTag()</code> method returns a <a href="buffer.html"><code>Buffer</code></a> containing
the <em>authentication tag</em> that has been computed from the given data.
327

328
</p>
329 330
<p>The <code>cipher.getAuthTag()</code> method should only be called after encryption has
been completed using the <code>cipher.final()</code> method.
331

332
</p>
333
<h3>cipher.setAutoPadding(auto_padding=true)<span><a class="mark" href="#crypto_cipher_setautopadding_auto_padding_true" id="crypto_cipher_setautopadding_auto_padding_true">#</a></span></h3>
334 335 336 337 338 339 340 341 342 343 344 345
<p>When using block encryption algorithms, the <code>Cipher</code> class will automatically
add padding to the input data to the appropriate block size. To disable the
default padding call <code>cipher.setAutoPadding(false)</code>.

</p>
<p>When <code>auto_padding</code> is <code>false</code>, the length of the entire input data must be a
multiple of the cipher&#39;s block size or <code>cipher.final()</code> will throw an Error.
Disabling automatic padding is useful for non-standard padding, for instance
using <code>0x0</code> instead of PKCS padding.

</p>
<p>The <code>cipher.setAutoPadding()</code> method must be called before <code>cipher.final()</code>.
346

347
</p>
348
<h3>cipher.update(data[, input_encoding][, output_encoding])<span><a class="mark" href="#crypto_cipher_update_data_input_encoding_output_encoding" id="crypto_cipher_update_data_input_encoding_output_encoding">#</a></span></h3>
349 350 351 352 353
<p>Updates the cipher with <code>data</code>. If the <code>input_encoding</code> argument is given,
it&#39;s value must be one of <code>&#39;utf8&#39;</code>, <code>&#39;ascii&#39;</code>, or <code>&#39;binary&#39;</code> and the <code>data</code>
argument is a string using the specified encoding. If the <code>input_encoding</code>
argument is not given, <code>data</code> must be a <a href="buffer.html"><code>Buffer</code></a>. If <code>data</code> is a
<a href="buffer.html"><code>Buffer</code></a> then <code>input_encoding</code> is ignored.
354

355
</p>
356
<p>The <code>output_encoding</code> specifies the output format of the enciphered
357 358 359
data, and can be <code>&#39;binary&#39;</code>, <code>&#39;base64&#39;</code> or <code>&#39;hex&#39;</code>. If the <code>output_encoding</code>
is specified, a string using the specified encoding is returned. If no
<code>output_encoding</code> is provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.
360

361
</p>
362 363 364
<p>The <code>cipher.update()</code> method can be called multiple times with new data until
<code>cipher.final()</code> is called. Calling <code>cipher.update()</code> after <code>cipher.final()</code>
will result in an error being thrown.
365

366 367
</p>
<h2>Class: Decipher<span><a class="mark" href="#crypto_class_decipher" id="crypto_class_decipher">#</a></span></h2>
368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383
<p>Instances of the <code>Decipher</code> class are used to decrypt data. The class can be
used in one of two ways:

</p>
<ul>
<li>As a <a href="stream.html">stream</a> that is both readable and writable, where plain encrypted
data is written to produce unencrypted data on the readable side, or</li>
<li>Using the <code>decipher.update()</code> and <code>decipher.final()</code> methods to produce the
unencrypted data.</li>
</ul>
<p>The <code>crypto.createDecipher()</code> or <code>crypto.createDecipheriv()</code> methods are used
to create <code>Decipher</code> instances. <code>Decipher</code> objects are not to be created
directly using the <code>new</code> keyword.

</p>
<p>Example: Using <code>Decipher</code> objects as streams:
384

385
</p>
386 387 388 389 390 391 392 393 394 395 396 397 398
<pre><code>const crypto = require(&#39;crypto&#39;);
const decipher = crypto.createDecipher(&#39;aes192&#39;, &#39;a password&#39;);

decipher.on(&#39;readable&#39;, () =&gt; {
  var data = decipher.read();
  if (data)
    console.log(data.toString());
    // Prints: clear text data
});

decipher.write(&#39;b919f20fc5ac2f9c1d2cce94cb1d9c2d&#39;, &#39;hex&#39;);
decipher.end();</code></pre>
<p>Example: Using <code>Decipher</code> and piped streams:
399

400
</p>
401 402 403 404 405 406 407 408 409
<pre><code>const crypto = require(&#39;crypto&#39;);
const fs = require(&#39;fs&#39;);
const decipher = crypto.createDecipher(&#39;aes192&#39;, &#39;a password&#39;);

const input = fs.createReadStream(&#39;test.enc&#39;);
const output = fs.createWriteStream(&#39;test.js&#39;);

input.pipe(decipher).pipe(output);</code></pre>
<p>Example: Using the <code>decipher.update()</code> and <code>decipher.final()</code> methods:
410

411
</p>
412 413 414 415 416 417
<pre><code>const crypto = require(&#39;crypto&#39;);
const decipher = crypto.createDecipher(&#39;aes192&#39;, &#39;a password&#39;);

decipher.update(&#39;b919f20fc5ac2f9c1d2cce94cb1d9c2d&#39;, &#39;hex&#39;);
console.log(decipher.final(&#39;utf8&#39;));
  // Prints: clear text data</code></pre>
418
<h3>decipher.final([output_encoding])<span><a class="mark" href="#crypto_decipher_final_output_encoding" id="crypto_decipher_final_output_encoding">#</a></span></h3>
419 420 421
<p>Returns any remaining deciphered contents. If <code>output_encoding</code>
parameter is one of <code>&#39;binary&#39;</code>, <code>&#39;base64&#39;</code> or <code>&#39;hex&#39;</code>, a string is returned.
If an <code>output_encoding</code> is not provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.
422 423

</p>
424 425 426
<p>Once the <code>decipher.final()</code> method has been called, the <code>Decipher</code> object can
no longer be used to decrypt data. Attempts to call <code>decipher.final()</code> more
than once will result in an error being thrown.
427

428
</p>
429
<h3>decipher.setAAD(buffer)<span><a class="mark" href="#crypto_decipher_setaad_buffer" id="crypto_decipher_setaad_buffer">#</a></span></h3>
430 431 432
<p>When using an authenticated encryption mode (only <code>GCM</code> is currently
supported), the <code>cipher.getAAD()</code> method sets the value used for the
<em>additional authenticated data</em> (AAD) input parameter.
433

434
</p>
435
<h3>decipher.setAuthTag(buffer)<span><a class="mark" href="#crypto_decipher_setauthtag_buffer" id="crypto_decipher_setauthtag_buffer">#</a></span></h3>
436 437 438 439 440
<p>When using an authenticated encryption mode (only <code>GCM</code> is currently
supported), the <code>decipher.setAuthTag()</code> method is used to pass in the
received <em>authentication tag</em>. If no tag is provided, or if the ciphertext
has been tampered with, <code>decipher.final()</code> with throw, indicating that the
ciphertext should be discarded due to failed authentication.
441

442 443
</p>
<h3>decipher.setAutoPadding(auto_padding=true)<span><a class="mark" href="#crypto_decipher_setautopadding_auto_padding_true" id="crypto_decipher_setautopadding_auto_padding_true">#</a></span></h3>
444 445 446 447 448 449 450 451 452 453 454
<p>When data has been encrypted without standard block padding, calling
<code>decipher.setAuthPadding(false)</code> will disable automatic padding to prevent
<code>decipher.final()</code> from checking for and removing padding.

</p>
<p>Turning auto padding off will only work if the input data&#39;s length is a
multiple of the ciphers block size.

</p>
<p>The <code>decipher.setAutoPadding()</code> method must be called before
<code>decipher.update()</code>.
455

456
</p>
457
<h3>decipher.update(data[, input_encoding][, output_encoding])<span><a class="mark" href="#crypto_decipher_update_data_input_encoding_output_encoding" id="crypto_decipher_update_data_input_encoding_output_encoding">#</a></span></h3>
458 459 460 461 462 463 464 465 466 467 468
<p>Updates the decipher with <code>data</code>. If the <code>input_encoding</code> argument is given,
it&#39;s value must be one of <code>&#39;binary&#39;</code>, <code>&#39;base64&#39;</code>, or <code>&#39;hex&#39;</code> and the <code>data</code>
argument is a string using the specified encoding. If the <code>input_encoding</code>
argument is not given, <code>data</code> must be a <a href="buffer.html"><code>Buffer</code></a>. If <code>data</code> is a
<a href="buffer.html"><code>Buffer</code></a> then <code>input_encoding</code> is ignored.

</p>
<p>The <code>output_encoding</code> specifies the output format of the enciphered
data, and can be <code>&#39;binary&#39;</code>, <code>&#39;ascii&#39;</code> or <code>&#39;utf8&#39;</code>. If the <code>output_encoding</code>
is specified, a string using the specified encoding is returned. If no
<code>output_encoding</code> is provided, a <a href="buffer.html"><code>Buffer</code></a> is returned.
469 470

</p>
471 472 473
<p>The <code>decipher.update()</code> method can be called multiple times with new data until
<code>decipher.final()</code> is called. Calling <code>decipher.update()</code> after
<code>decipher.final()</code> will result in an error being thrown.
474

475
</p>
476
<h2>Class: DiffieHellman<span><a class="mark" href="#crypto_class_diffiehellman" id="crypto_class_diffiehellman">#</a></span></h2>
477 478
<p>The <code>DiffieHellman</code> class is a utility for creating Diffie-Hellman key
exchanges.
479

480
</p>
481 482
<p>Instances of the <code>DiffieHellman</code> class can be created using the
<code>crypto.createDiffieHellman()</code> function.
483

484
</p>
485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501
<pre><code>const crypto = require(&#39;crypto&#39;);
const assert = require(&#39;assert&#39;);

// Generate Alice&#39;s keys...
const alice = crypto.createDiffieHellman(11);
const alice_key = alice.generateKeys();

// Generate Bob&#39;s keys...
const bob = crypto.createDiffieHellman(11);
const bob_key = bob.generateKeys();

// Exchange and generate the secret...
const alice_secret = alice.computeSecret(bob_key);
const bob_secret = bob.computeSecret(alice_key);

assert(alice_secret, bob_secret);
  // OK</code></pre>
502 503
<h3>diffieHellman.computeSecret(other_public_key[, input_encoding][, output_encoding])<span><a class="mark" href="#crypto_diffiehellman_computesecret_other_public_key_input_encoding_output_encoding" id="crypto_diffiehellman_computesecret_other_public_key_input_encoding_output_encoding">#</a></span></h3>
<p>Computes the shared secret using <code>other_public_key</code> as the other
504 505
party&#39;s public key and returns the computed shared secret. The supplied
key is interpreted using the specified <code>input_encoding</code>, and secret is
506
encoded using specified <code>output_encoding</code>. Encodings can be
507 508
<code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If the <code>input_encoding</code> is not
provided, <code>other_public_key</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>.
509

510
</p>
511 512
<p>If <code>output_encoding</code> is given a string is returned; otherwise, a
<a href="buffer.html"><code>Buffer</code></a> is returned.
513

514
</p>
515 516
<h3>diffieHellman.generateKeys([encoding])<span><a class="mark" href="#crypto_diffiehellman_generatekeys_encoding" id="crypto_diffiehellman_generatekeys_encoding">#</a></span></h3>
<p>Generates private and public Diffie-Hellman key values, and returns
517
the public key in the specified <code>encoding</code>. This key should be
518
transferred to the other party. Encoding can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>,
519 520
or <code>&#39;base64&#39;</code>.  If <code>encoding</code> is provided a string is returned; otherwise a
<a href="buffer.html"><code>Buffer</code></a> is returned.
521

522
</p>
523
<h3>diffieHellman.getGenerator([encoding])<span><a class="mark" href="#crypto_diffiehellman_getgenerator_encoding" id="crypto_diffiehellman_getgenerator_encoding">#</a></span></h3>
524 525 526
<p>Returns the Diffie-Hellman generator in the specified <code>encoding</code>, which can
be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If  <code>encoding</code> is provided a string is
returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.
527

528 529
</p>
<h3>diffieHellman.getPrime([encoding])<span><a class="mark" href="#crypto_diffiehellman_getprime_encoding" id="crypto_diffiehellman_getprime_encoding">#</a></span></h3>
530 531 532
<p>Returns the Diffie-Hellman prime in the specified <code>encoding</code>, which can
be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If <code>encoding</code> is provided a string is
returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.
533

534
</p>
535
<h3>diffieHellman.getPrivateKey([encoding])<span><a class="mark" href="#crypto_diffiehellman_getprivatekey_encoding" id="crypto_diffiehellman_getprivatekey_encoding">#</a></span></h3>
536 537 538
<p>Returns the Diffie-Hellman private key in the specified <code>encoding</code>,
which can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If <code>encoding</code> is provided a
string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.
539

540
</p>
541
<h3>diffieHellman.getPublicKey([encoding])<span><a class="mark" href="#crypto_diffiehellman_getpublickey_encoding" id="crypto_diffiehellman_getpublickey_encoding">#</a></span></h3>
542 543 544
<p>Returns the Diffie-Hellman public key in the specified <code>encoding</code>, which
can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If <code>encoding</code> is provided a
string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.
545 546

</p>
547
<h3>diffieHellman.setPrivateKey(private_key[, encoding])<span><a class="mark" href="#crypto_diffiehellman_setprivatekey_private_key_encoding" id="crypto_diffiehellman_setprivatekey_private_key_encoding">#</a></span></h3>
548 549 550 551
<p>Sets the Diffie-Hellman private key. If the <code>encoding</code> argument is provided
and is either <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>, <code>private_key</code> is expected
to be a string. If no <code>encoding</code> is provided, <code>private_key</code> is expected
to be a <a href="buffer.html"><code>Buffer</code></a>.
552

553
</p>
554
<h3>diffieHellman.setPublicKey(public_key[, encoding])<span><a class="mark" href="#crypto_diffiehellman_setpublickey_public_key_encoding" id="crypto_diffiehellman_setpublickey_public_key_encoding">#</a></span></h3>
555 556 557 558
<p>Sets the Diffie-Hellman public key. If the <code>encoding</code> argument is provided
and is either <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code> or <code>&#39;base64&#39;</code>, <code>public_key</code> is expected
to be a string. If no <code>encoding</code> is provided, <code>public_key</code> is expected
to be a <a href="buffer.html"><code>Buffer</code></a>.
559 560

</p>
561
<h3>diffieHellman.verifyError<span><a class="mark" href="#crypto_diffiehellman_verifyerror" id="crypto_diffiehellman_verifyerror">#</a></span></h3>
562 563 564 565 566 567
<p>A bit field containing any warnings and/or errors resulting from a check
performed during initialization of the <code>DiffieHellman</code> object.

</p>
<p>The following values are valid for this property (as defined in <code>constants</code>
module):
568

569
</p>
570 571 572 573 574 575 576
<ul>
<li><code>DH_CHECK_P_NOT_SAFE_PRIME</code></li>
<li><code>DH_CHECK_P_NOT_PRIME</code></li>
<li><code>DH_UNABLE_TO_CHECK_GENERATOR</code></li>
<li><code>DH_NOT_SUITABLE_GENERATOR</code></li>
</ul>
<h2>Class: ECDH<span><a class="mark" href="#crypto_class_ecdh" id="crypto_class_ecdh">#</a></span></h2>
577 578
<p>The <code>ECDH</code> class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)
key exchanges.
579

580
</p>
581 582
<p>Instances of the <code>ECDH</code> class can be created using the
<code>crypto.createECDH()</code> function.
583 584

</p>
585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601
<pre><code>const crypto = require(&#39;crypto&#39;);
const assert = require(&#39;assert&#39;);

// Generate Alice&#39;s keys...
const alice = crypto.createECDH(&#39;secp521r1&#39;);
const alice_key = alice.generateKeys();

// Generate Bob&#39;s keys...
const bob = crypto.createECDH(&#39;secp521r1&#39;);
const bob_key = bob.generateKeys();

// Exchange and generate the secret...
const alice_secret = alice.computeSecret(bob_key);
const bob_secret = bob.computeSecret(alice_key);

assert(alice_secret, bob_secret);
  // OK</code></pre>
602 603
<h3>ECDH.computeSecret(other_public_key[, input_encoding][, output_encoding])<span><a class="mark" href="#crypto_ecdh_computesecret_other_public_key_input_encoding_output_encoding" id="crypto_ecdh_computesecret_other_public_key_input_encoding_output_encoding">#</a></span></h3>
<p>Computes the shared secret using <code>other_public_key</code> as the other
604 605 606 607 608
party&#39;s public key and returns the computed shared secret. The supplied
key is interpreted using specified <code>input_encoding</code>, and the returned secret
is encoded using the specified <code>output_encoding</code>. Encodings can be
<code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If the <code>input_encoding</code> is not
provided, <code>other_public_key</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>.
609 610

</p>
611 612
<p>If <code>output_encoding</code> is given a string will be returned; otherwise a
<a href="buffer.html"><code>Buffer</code></a> is returned.
613

614
</p>
615 616
<h3>ECDH.generateKeys([encoding[, format]])<span><a class="mark" href="#crypto_ecdh_generatekeys_encoding_format" id="crypto_ecdh_generatekeys_encoding_format">#</a></span></h3>
<p>Generates private and public EC Diffie-Hellman key values, and returns
617
the public key in the specified <code>format</code> and <code>encoding</code>. This key should be
618
transferred to the other party.
619

620
</p>
621 622 623
<p>The <code>format</code> arguments specifies point encoding and can be <code>&#39;compressed&#39;</code>,
<code>&#39;uncompressed&#39;</code>, or <code>&#39;hybrid&#39;</code>. If <code>format</code> is not specified, the point will
be returned in <code>&#39;uncompressed&#39;</code> format.
624

625
</p>
626 627 628
<p>The <code>encoding</code> argument can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If
<code>encoding</code> is provided a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a>
is returned.
629

630
</p>
631
<h3>ECDH.getPrivateKey([encoding])<span><a class="mark" href="#crypto_ecdh_getprivatekey_encoding" id="crypto_ecdh_getprivatekey_encoding">#</a></span></h3>
632 633 634
<p>Returns the EC Diffie-Hellman private key in the specified <code>encoding</code>,
which can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If <code>encoding</code> is provided
a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned.
635

636
</p>
637
<h3>ECDH.getPublicKey([encoding[, format]])<span><a class="mark" href="#crypto_ecdh_getpublickey_encoding_format" id="crypto_ecdh_getpublickey_encoding_format">#</a></span></h3>
638 639
<p>Returns the EC Diffie-Hellman public key in the specified <code>encoding</code> and
<code>format</code>.
640

641
</p>
642 643 644
<p>The <code>format</code> argument specifies point encoding and can be <code>&#39;compressed&#39;</code>,
<code>&#39;uncompressed&#39;</code>, or <code>&#39;hybrid&#39;</code>. If <code>format</code> is not specified the point will be
returned in <code>&#39;uncompressed&#39;</code> format.
645

646
</p>
647 648 649
<p>The <code>encoding</code> argument can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>. If
<code>encoding</code> is specified, a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is
returned.
650

651
</p>
652
<h3>ECDH.setPrivateKey(private_key[, encoding])<span><a class="mark" href="#crypto_ecdh_setprivatekey_private_key_encoding" id="crypto_ecdh_setprivatekey_private_key_encoding">#</a></span></h3>
653 654 655 656 657 658
<p>Sets the EC Diffie-Hellman private key. The <code>encoding</code> can be <code>&#39;binary&#39;</code>,
<code>&#39;hex&#39;</code> or <code>&#39;base64&#39;</code>. If <code>encoding</code> is provided, <code>private_key</code> is expected
to be a string; otherwise <code>private_key</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>. If
<code>private_key</code> is not valid for the curve specified when the <code>ECDH</code> object was
created, an error is thrown. Upon setting the private key, the associated
public point (key) is also generated and set in the ECDH object.
659 660 661 662

</p>
<h3>ECDH.setPublicKey(public_key[, encoding])<span><a class="mark" href="#crypto_ecdh_setpublickey_public_key_encoding" id="crypto_ecdh_setpublickey_public_key_encoding">#</a></span></h3>
<pre class="api_stability_0">Stability: 0 - Deprecated</pre><p>Sets the EC Diffie-Hellman public key. Key encoding can be <code>&#39;binary&#39;</code>,
663 664 665 666 667 668 669 670 671
<code>&#39;hex&#39;</code> or <code>&#39;base64&#39;</code>. If <code>encoding</code> is provided <code>public_key</code> is expected to
be a string; otherwise a <a href="buffer.html"><code>Buffer</code></a> is expected.

</p>
<p>Note that there is not normally a reason to call this method because <code>ECDH</code>
only requires a private key and the other party&#39;s public key to compute the
shared secret. Typically either <code>ecdh.generateKeys()</code> or <code>ecdh.setPrivateKey()</code>
will be called. The <code>ecdh.setPrivateKey()</code> method attempts to generate the
public point/key associated with the private key being set.
672

673
</p>
674
<p>Example (obtaining a shared secret):
675 676

</p>
677 678 679
<pre><code>const crypto = require(&#39;crypto&#39;);
const alice = crypto.createECDH(&#39;secp256k1&#39;);
const bob = crypto.createECDH(&#39;secp256k1&#39;);
680

681 682 683 684 685 686 687
// Note: This is a shortcut way to specify one of Alice&#39;s previous private
// keys. It would be unwise to use such a predictable private key in a real
// application.
alice.setPrivateKey(
  crypto.createHash(&#39;sha256&#39;).update(&#39;alice&#39;, &#39;utf8&#39;).digest()
);

688 689
// Bob uses a newly generated cryptographically strong
// pseudorandom key pair bob.generateKeys();
690

691 692
const alice_secret = alice.computeSecret(bob.getPublicKey(), null, &#39;hex&#39;);
const bob_secret = bob.computeSecret(alice.getPublicKey(), null, &#39;hex&#39;);
693

694 695
// alice_secret and bob_secret should be the same shared secret value
console.log(alice_secret === bob_secret);</code></pre>
696
<h2>Class: Hash<span><a class="mark" href="#crypto_class_hash" id="crypto_class_hash">#</a></span></h2>
697 698
<p>The <code>Hash</code> class is a utility for creating hash digests of data. It can be
used in one of two ways:
699

700
</p>
701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727
<ul>
<li>As a <a href="stream.html">stream</a> that is both readable and writable, where data is written
to produce a computed hash digest on the readable side, or</li>
<li>Using the <code>hash.update()</code> and <code>hash.final()</code> methods to produce the
computed hash.</li>
</ul>
<p>The <code>crypto.createHash()</code> method is used to create <code>Hash</code> instances. <code>Hash</code>
objects are not to be created directly using the <code>new</code> keyword.

</p>
<p>Example: Using <code>Hash</code> objects as streams:

</p>
<pre><code>const crypto = require(&#39;crypto&#39;);
const hash = crypto.createHash(&#39;sha256&#39;);

hash.on(&#39;readable&#39;, () =&gt; {
  var data = hash.read();
  if (data)
    console.log(data.toString(&#39;hex&#39;));
    // Prints:
    //   6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
});

hash.write(&#39;some data to hash&#39;);
hash.end();</code></pre>
<p>Example: Using <code>Hash</code> and piped streams:
728

729
</p>
730 731 732 733 734 735 736
<pre><code>const crypto = require(&#39;crypto&#39;);
const fs = require(&#39;fs&#39;);
const hash = crypto.createHash(&#39;sha256&#39;);

const input = fs.createReadStream(&#39;test.js&#39;);
input.pipe(hash).pipe(process.stdout);</code></pre>
<p>Example: Using the <code>hash.update()</code> and <code>hash.digest()</code> methods:
737

738
</p>
739 740 741 742 743 744 745
<pre><code>const crypto = require(&#39;crypto&#39;);
const hash = crypto.createHash(&#39;sha256&#39;);

hash.update(&#39;some data to hash&#39;);
console.log(hash.digest(&#39;hex&#39;));
  // Prints:
  //   6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50</code></pre>
746
<h3>hash.digest([encoding])<span><a class="mark" href="#crypto_hash_digest_encoding" id="crypto_hash_digest_encoding">#</a></span></h3>
747 748 749 750
<p>Calculates the digest of all of the data passed to be hashed (using the
<code>hash.update()</code> method). The <code>encoding</code> can be <code>&#39;hex&#39;</code>, <code>&#39;binary&#39;</code> or
<code>&#39;base64&#39;</code>.  If <code>encoding</code> is provided a string will be returned; otherwise
a <a href="buffer.html"><code>Buffer</code></a> is returned.
751

752
</p>
753 754
<p>The <code>Hash</code> object can not be used again after <code>hash.digest()</code> method has been
called. Multiple calls will cause an error to be thrown.
755

756
</p>
757 758 759
<h3>hash.update(data[, input_encoding])<span><a class="mark" href="#crypto_hash_update_data_input_encoding" id="crypto_hash_update_data_input_encoding">#</a></span></h3>
<p>Updates the hash content with the given <code>data</code>, the encoding of which
is given in <code>input_encoding</code> and can be <code>&#39;utf8&#39;</code>, <code>&#39;ascii&#39;</code> or
760 761
<code>&#39;binary&#39;</code>.  If <code>encoding</code> is not provided, and the <code>data</code> is a string, an
encoding of <code>&#39;binary&#39;</code> is enforced. If <code>data</code> is a <a href="buffer.html"><code>Buffer</code></a> then
762
<code>input_encoding</code> is ignored.
763

764
</p>
765
<p>This can be called many times with new data as it is streamed.
766

767
</p>
768
<h2>Class: Hmac<span><a class="mark" href="#crypto_class_hmac" id="crypto_class_hmac">#</a></span></h2>
769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799
<p>The <code>Hmac</code> Class is a utility for creating cryptographic HMAC digests. It can
be used in one of two ways:

</p>
<ul>
<li>As a <a href="stream.html">stream</a> that is both readable and writable, where data is written
to produce a computed HMAC digest on the readable side, or</li>
<li>Using the <code>hmac.update()</code> and <code>hmac.final()</code> methods to produce the
computed HMAC digest.</li>
</ul>
<p>The <code>crypto.createHmac()</code> method is used to create <code>Hmac</code> instances. <code>Hmac</code>
objects are not to be created directly using the <code>new</code> keyword.

</p>
<p>Example: Using <code>Hmac</code> objects as streams:

</p>
<pre><code>const crypto = require(&#39;crypto&#39;);
const hmac = crypto.createHmac(&#39;sha256&#39;, &#39;a secret&#39;);

hmac.on(&#39;readable&#39;, () =&gt; {
  var data = hmac.read();
  if (data)
    console.log(data.toString(&#39;hex&#39;));
    // Prints:
    //   7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
});

hmac.write(&#39;some data to hash&#39;);
hmac.end();</code></pre>
<p>Example: Using <code>Hmac</code> and piped streams:
800

801
</p>
802 803 804 805 806 807 808
<pre><code>const crypto = require(&#39;crypto&#39;);
const fs = require(&#39;fs&#39;);
const hmac = crypto.createHmac(&#39;sha256&#39;, &#39;a secret&#39;);

const input = fs.createReadStream(&#39;test.js&#39;);
input.pipe(hmac).pipe(process.stdout);</code></pre>
<p>Example: Using the <code>hmac.update()</code> and <code>hmac.digest()</code> methods:
809 810

</p>
811 812 813 814 815 816 817
<pre><code>const crypto = require(&#39;crypto&#39;);
const hmac = crypto.createHmac(&#39;sha256&#39;, &#39;a secret&#39;);

hmac.update(&#39;some data to hash&#39;);
console.log(hmac.digest(&#39;hex&#39;));
  // Prints:
  //   7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e</code></pre>
818
<h3>hmac.digest([encoding])<span><a class="mark" href="#crypto_hmac_digest_encoding" id="crypto_hmac_digest_encoding">#</a></span></h3>
819 820 821
<p>Calculates the HMAC digest of all of the data passed using <code>hmac.update()</code>. The
<code>encoding</code> can be <code>&#39;hex&#39;</code>, <code>&#39;binary&#39;</code> or <code>&#39;base64&#39;</code>.  If <code>encoding</code> is provided
a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is returned;
822

823
</p>
824 825
<p>The <code>Hmac</code> object can not be used again after <code>hmac.digest()</code> has been
called. Multiple calls to <code>hmac.digest()</code> will result in an error being thrown.
826

827
</p>
828
<h3>hmac.update(data)<span><a class="mark" href="#crypto_hmac_update_data" id="crypto_hmac_update_data">#</a></span></h3>
829
<p>Update the <code>Hmac</code> content with the given <code>data</code>.  This can be called
830
many times with new data as it is streamed.
831

832
</p>
833
<h2>Class: Sign<span><a class="mark" href="#crypto_class_sign" id="crypto_class_sign">#</a></span></h2>
834 835
<p>The <code>Sign</code> Class is a utility for generating signatures. It can be used in one
of two ways:
836

837
</p>
838 839 840 841 842 843 844 845
<ul>
<li>As a writable <a href="stream.html">stream</a>, where data to be signed is written and the
<code>sign.sign()</code> method is used to generate and return the signature, or</li>
<li>Using the <code>sign.update()</code> and <code>sign.sign()</code> methods to produce the
signature.</li>
</ul>
<p>The <code>crypto.createSign()</code> method is used to create <code>Sign</code> instances. <code>Sign</code>
objects are not to be created directly using the <code>new</code> keyword.
846

847
</p>
848
<p>Example: Using <code>Sign</code> objects as streams:
849

850
</p>
851 852 853 854 855 856 857 858 859 860
<pre><code>const crypto = require(&#39;crypto&#39;);
const sign = crypto.createSign(&#39;rsa-sha256&#39;);

sign.write(&#39;some data to sign&#39;);
sign.end();

const private_key = getPrivateKeySomehow();
console.log(sign.sign(private_key, &#39;hex&#39;));
  // Prints the calculated signature</code></pre>
<p>Example: Using the <code>sign.update()</code> and <code>sign.sign()</code> methods:
861 862

</p>
863 864 865 866 867 868 869 870 871 872 873
<pre><code>const crypto = require(&#39;crypto&#39;);
const sign = crypto.createSign(&#39;rsa-sha256&#39;);

sign.update(&#39;some data to sign&#39;);

const private_key = getPrivateKeySomehow();
console.log(sign.sign(private_key, &#39;hex&#39;));
  // Prints the calculated signature</code></pre>
<h3>sign.sign(private_key[, output_format])<span><a class="mark" href="#crypto_sign_sign_private_key_output_format" id="crypto_sign_sign_private_key_output_format">#</a></span></h3>
<p>Calculates the signature on all the data passed through using either
<code>sign.update()</code> or <code>sign.write()</code>.
874 875

</p>
876 877 878
<p>The <code>private_key</code> argument can be an object or a string. If <code>private_key</code> is a
string, it is treated as a raw key with no passphrase. If <code>private_key</code> is an
object, it is interpreted as a hash containing two properties:
879

880
</p>
881 882 883 884
<ul>
<li><code>key</code> : A string holding the PEM encoded private key</li>
<li><code>passphrase</code> : A string of passphrase for the private key</li>
</ul>
885 886
<p>The <code>output_format</code> can specify one of <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code> or <code>&#39;base64&#39;</code>. If
<code>output_format</code> is provided a string is returned; otherwise a <a href="buffer.html"><code>Buffer</code></a> is
887
returned.
888

889
</p>
890 891
<p>The <code>Sign</code> object can not be again used after <code>sign.sign()</code> method has been
called. Multiple calls to <code>sign.sign()</code> will result in an error being thrown.
892

893
</p>
894
<h3>sign.update(data)<span><a class="mark" href="#crypto_sign_update_data" id="crypto_sign_update_data">#</a></span></h3>
895
<p>Updates the sign object with the given <code>data</code>.  This can be called many times
896
with new data as it is streamed.
897

898 899
</p>
<h2>Class: Verify<span><a class="mark" href="#crypto_class_verify" id="crypto_class_verify">#</a></span></h2>
900 901
<p>The <code>Verify</code> class is a utility for verifying signatures. It can be used in one
of two ways:
902

903
</p>
904 905 906 907 908 909 910 911 912 913
<ul>
<li>As a writable <a href="stream.html">stream</a> where written data is used to validate against the
supplied signature, or</li>
<li><p>Using the <code>verify.update()</code> and <code>verify.verify()</code> methods to verify the
signature.</p>
<p>The <code>crypto.createSign()</code> method is used to create <code>Sign</code> instances. <code>Sign</code>
objects are not to be created directly using the <code>new</code> keyword.</p>
</li>
</ul>
<p>Example: Using <code>Verify</code> objects as streams:
914

915
</p>
916 917 918 919 920 921 922 923 924 925 926
<pre><code>const crypto = require(&#39;crypto&#39;);
const verify = crypto.createVerify(&#39;rsa-sha256&#39;);

verify.write(&#39;some data to sign&#39;);
verify.end();

const public_key = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(sign.verify(public_key, signature));
  // Prints true or false</code></pre>
<p>Example: Using the <code>verify.update()</code> and <code>verify.verify()</code> methods:
927

928
</p>
929 930 931 932 933 934 935 936 937
<pre><code>const crypto = require(&#39;crypto&#39;);
const verify = crypto.createVerify(&#39;rsa-sha256&#39;);

verify.update(&#39;some data to sign&#39;);

const public_key = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(verify.verify(public_key, signature));
  // Prints true or false</code></pre>
938
<h3>verifier.update(data)<span><a class="mark" href="#crypto_verifier_update_data" id="crypto_verifier_update_data">#</a></span></h3>
939 940
<p>Updates the verifier object with the given <code>data</code>.  This can be called many
times with new data as it is streamed.
941

942
</p>
943
<h3>verifier.verify(object, signature[, signature_format])<span><a class="mark" href="#crypto_verifier_verify_object_signature_signature_format" id="crypto_verifier_verify_object_signature_signature_format">#</a></span></h3>
944 945 946 947
<p>Verifies the provided data using the given <code>object</code> and <code>signature</code>.
The <code>object</code> argument is a string containing a PEM encoded object, which can be
one an RSA public key, a DSA public key, or an X.509 certificate.
The <code>signature</code> argument is the previously calculated signature for the data, in
948
the <code>signature_format</code> which can be <code>&#39;binary&#39;</code>, <code>&#39;hex&#39;</code> or <code>&#39;base64&#39;</code>.
949 950
If a <code>signature_format</code> is specified, the <code>signature</code> is expected to be a
string; otherwise <code>signature</code> is expected to be a <a href="buffer.html"><code>Buffer</code></a>.
951

952
</p>
953
<p>Returns <code>true</code> or <code>false</code> depending on the validity of the signature for
954
the data and public key.
955

956
</p>
957 958 959
<p>The <code>verifier</code> object can not be used again after <code>verify.verify()</code> has been
called. Multiple calls to <code>verify.verify()</code> will result in an error being
thrown.
960

961
</p>
962 963
<h2><code>crypto</code> module methods and properties<span><a class="mark" href="#crypto_crypto_module_methods_and_properties" id="crypto_crypto_module_methods_and_properties">#</a></span></h2>
<h3>crypto.DEFAULT_ENCODING<span><a class="mark" href="#crypto_crypto_default_encoding" id="crypto_crypto_default_encoding">#</a></span></h3>
964
<p>The default encoding to use for functions that can take either strings
965 966 967 968 969 970
or <a href="buffer.html">buffers</a>.  The default value is <code>&#39;buffer&#39;</code>, which makes methods default
to <a href="buffer.html"><code>Buffer</code></a> objects.

</p>
<p>The <code>crypto.DEFAULT_ENCODING</code> mechanism is provided for backwards compatibility
with legacy programs that expect <code>&#39;binary&#39;</code> to be the default encoding.
971

972
</p>
973 974
<p>New applications should expect the default to be <code>&#39;buffer&#39;</code>. This property may
become deprecated in a future Node.js release.
975

976
</p>
977 978 979
<h3>crypto.createCipher(algorithm, password)<span><a class="mark" href="#crypto_crypto_createcipher_algorithm_password" id="crypto_crypto_createcipher_algorithm_password">#</a></span></h3>
<p>Creates and returns a <code>Cipher</code> object that uses the given <code>algorithm</code> and
<code>password</code>.
980 981

</p>
982 983 984
<p>The <code>algorithm</code> is dependent on OpenSSL, examples are <code>&#39;aes192&#39;</code>, etc.  On
recent OpenSSL releases, <code>openssl list-cipher-algorithms</code> will display the
available cipher algorithms.
985 986

</p>
987 988
<p>The <code>password</code> is used to derive the cipher key and initialization vector (IV).
The value must be either a <code>&#39;binary&#39;</code> encoded string or a [<code>Buffer</code>[].
989

990
</p>
991 992 993 994 995 996
<p>The implementation of <code>crypto.createCipher()</code> derives keys using the OpenSSL
function <a href="https://www.openssl.org/docs/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> with the digest algorithm set to MD5, one
iteration, and no salt. The lack of salt allows dictionary attacks as the same
password always creates the same key. The low iteration count and
non-cryptographically secure hash algorithm allow passwords to be tested very
rapidly.
997 998

</p>
999 1000 1001 1002
<p>In line with OpenSSL&#39;s recommendation to use pbkdf2 instead of
<a href="https://www.openssl.org/docs/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> it is recommended that developers derive a key and IV on
their own using <a href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback"><code>crypto.pbkdf2</code></a> and to use [<code>crypto.createCipheriv()</code>][]
to create the <code>Cipher</code> object.
1003

1004
</p>
1005 1006 1007
<h3>crypto.createCipheriv(algorithm, key, iv)<span><a class="mark" href="#crypto_crypto_createcipheriv_algorithm_key_iv" id="crypto_crypto_createcipheriv_algorithm_key_iv">#</a></span></h3>
<p>Creates and returns a <code>Cipher</code> object, with the given <code>algorithm</code>, <code>key</code> and
initialization vector (<code>iv</code>).
1008

1009
</p>
1010 1011 1012
<p>The <code>algorithm</code> is dependent on OpenSSL, examples are <code>&#39;aes192&#39;</code>, etc.  On
recent OpenSSL releases, <code>openssl list-cipher-algorithms</code> will display the
available cipher algorithms.
1013

1014
</p>
1015 1016 1017
<p>The <code>key</code> is the raw key used by the <code>algorithm</code> and <code>iv</code> is an
<a href="https://en.wikipedia.org/wiki/Initialization_vector">initialization vector</a>. Both arguments must be <code>&#39;binary&#39;</code> encoded strings or
<a href="buffer.html">buffers</a>.
1018

1019
</p>
1020 1021 1022 1023 1024 1025 1026
<h3>crypto.createCredentials(details)<span><a class="mark" href="#crypto_crypto_createcredentials_details" id="crypto_crypto_createcredentials_details">#</a></span></h3>
<pre class="api_stability_0">Stability: 0 - Deprecated: Use <a href="tls.html#tls_tls_createsecurecontext_details"><code>tls.createSecureContext</code></a> instead.</pre><p>The <code>crypto.createCredentials()</code> method is a deprecated alias for creating
and returning a <code>tls.SecureContext</code> object. The <code>crypto.createCredentials()</code>
method should not be used.

</p>
<p>The optional <code>details</code> argument is a hash object with keys:
1027

1028
</p>
1029
<ul>
1030
<li><code>pfx</code> : A string or <a href="buffer.html"><code>Buffer</code></a> holding the PFX or PKCS12 encoded private
1031 1032
key, certificate and CA certificates</li>
<li><code>key</code> : A string holding the PEM encoded private key</li>
1033
<li><code>passphrase</code> : The string passphrase for the private key or PFX</li>
1034
<li><code>cert</code> : A string holding the PEM encoded certificate</li>
1035
<li><code>ca</code> : Either a string or array of strings of PEM encoded CA
1036
certificates to trust.</li>
1037
<li><code>crl</code> : Either a string or array of strings of PEM encoded CRLs
1038
(Certificate Revocation List)</li>
1039 1040
<li><code>ciphers</code>: A string using the <a href="https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT">OpenSSL cipher list format</a> describing the
cipher algorithms to use or exclude.</li>
1041
</ul>
1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057
<p>If no &#39;ca&#39; details are given, Node.js will use Mozilla&#39;s default
<a href="https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt">publicly trusted list of CAs</a>.

</p>
<h3>crypto.createDecipher(algorithm, password)<span><a class="mark" href="#crypto_crypto_createdecipher_algorithm_password" id="crypto_crypto_createdecipher_algorithm_password">#</a></span></h3>
<p>Creates and returns a <code>Decipher</code> object that uses the given <code>algorithm</code> and
<code>password</code> (key).

</p>
<p>The implementation of <code>crypto.createDecipher()</code> derives keys using the OpenSSL
function <a href="https://www.openssl.org/docs/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> with the digest algorithm set to MD5, one
iteration, and no salt. The lack of salt allows dictionary attacks as the same
password always creates the same key. The low iteration count and
non-cryptographically secure hash algorithm allow passwords to be tested very
rapidly.

1058
</p>
1059 1060 1061 1062
<p>In line with OpenSSL&#39;s recommendation to use pbkdf2 instead of
<a href="https://www.openssl.org/docs/crypto/EVP_BytesToKey.html"><code>EVP_BytesToKey</code></a> it is recommended that developers derive a key and IV on
their own using <a href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback"><code>crypto.pbkdf2</code></a> and to use [<code>crypto.createDecipheriv()</code>][]
to create the <code>Decipher</code> object.
1063 1064

</p>
1065 1066 1067
<h3>crypto.createDecipheriv(algorithm, key, iv)<span><a class="mark" href="#crypto_crypto_createdecipheriv_algorithm_key_iv" id="crypto_crypto_createdecipheriv_algorithm_key_iv">#</a></span></h3>
<p>Creates and returns a <code>Decipher</code> object that uses the given <code>algorithm</code>, <code>key</code>
and initialization vector (<code>iv</code>).
1068

1069
</p>
1070 1071 1072 1073 1074 1075 1076 1077
<p>The <code>algorithm</code> is dependent on OpenSSL, examples are <code>&#39;aes192&#39;</code>, etc.  On
recent OpenSSL releases, <code>openssl list-cipher-algorithms</code> will display the
available cipher algorithms.

</p>
<p>The <code>key</code> is the raw key used by the <code>algorithm</code> and <code>iv</code> is an
<a href="https://en.wikipedia.org/wiki/Initialization_vector">initialization vector</a>. Both arguments must be <code>&#39;binary&#39;</code> encoded strings or
<a href="buffer.html">buffers</a>.
1078 1079

</p>
1080
<h2>crypto.createDiffieHellman(prime[, prime_encoding][, generator][, generator_encoding])<span><a class="mark" href="#crypto_crypto_creatediffiehellman_prime_prime_encoding_generator_generator_encoding" id="crypto_crypto_creatediffiehellman_prime_prime_encoding_generator_generator_encoding">#</a></span></h2>
1081
<p>Creates a <code>DiffieHellman</code> key exchange object using the supplied <code>prime</code> and an
1082
optional specific <code>generator</code>.
1083

1084
</p>
1085 1086 1087 1088 1089 1090
<p>The <code>generator</code> argument can be a number, string, or <a href="buffer.html"><code>Buffer</code></a>. If
<code>generator</code> is not specified, the value <code>2</code> is used.

</p>
<p>The <code>prime_encoding</code> and <code>generator_encoding</code> arguments can be <code>&#39;binary&#39;</code>,
<code>&#39;hex&#39;</code>, or <code>&#39;base64&#39;</code>.
1091

1092
</p>
1093 1094
<p>If <code>prime_encoding</code> is specified, <code>prime</code> is expected to be a string; otherwise
a <a href="buffer.html"><code>Buffer</code></a> is expected.
1095 1096

</p>
1097 1098
<p>If <code>generator_encoding</code> is specified, <code>generator</code> is expected to be a string;
otherwise either a number or <a href="buffer.html"><code>Buffer</code></a> is expected.
1099 1100

</p>
1101 1102 1103 1104
<h3>crypto.createDiffieHellman(prime_length[, generator])<span><a class="mark" href="#crypto_crypto_creatediffiehellman_prime_length_generator" id="crypto_crypto_creatediffiehellman_prime_length_generator">#</a></span></h3>
<p>Creates a <code>DiffieHellman</code> key exchange object and generates a prime of
<code>prime_length</code> bits using an optional specific numeric <code>generator</code>.
If <code>generator</code> is not specified, the value <code>2</code> is used.
1105 1106

</p>
1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126
<h3>crypto.createECDH(curve_name)<span><a class="mark" href="#crypto_crypto_createecdh_curve_name" id="crypto_crypto_createecdh_curve_name">#</a></span></h3>
<p>Creates an Elliptic Curve Diffie-Hellman (<code>ECDH</code>) key exchange object using a
predefined curve specified by the <code>curve_name</code> string. Use
[<code>crypto.getCurves()</code>][] to obtain a list of available curve names. On recent
OpenSSL releases, <code>openssl ecparam -list_curves</code> will also display the name
and description of each available elliptic curve.

</p>
<h3>crypto.createHash(algorithm)<span><a class="mark" href="#crypto_crypto_createhash_algorithm" id="crypto_crypto_createhash_algorithm">#</a></span></h3>
<p>Creates and returns a <code>Hash</code> object that can be used to generate hash digests
using the given <code>algorithm</code>.

</p>
<p>The <code>algorithm</code> is dependent on the available algorithms supported by the
version of OpenSSL on the platform. Examples are <code>&#39;sha256&#39;</code>, <code>&#39;sha512&#39;</code>, etc.
On recent releases of OpenSSL, <code>openssl list-message-digest-algorithms</code> will
display the available digest algorithms.

</p>
<p>Example: generating the sha256 sum of a file
1127 1128

</p>
1129 1130 1131
<pre><code>const filename = process.argv[2];
const crypto = require(&#39;crypto&#39;);
const fs = require(&#39;fs&#39;);
1132

1133
const hash = crypto.createHash(&#39;sha256&#39;);
1134

1135 1136 1137 1138 1139 1140 1141 1142
const input = fs.createReadStream(filename);
input.on(&#39;readable&#39;, () =&gt; {
  var data = input.read();
  if (data)
    hash.update(data);
  else {
    console.log(`${hash.digest(&#39;hex&#39;)} ${filename}`);
  }
1143
});</code></pre>
1144 1145 1146 1147 1148 1149 1150 1151
<h3>crypto.createHmac(algorithm, key)<span><a class="mark" href="#crypto_crypto_createhmac_algorithm_key" id="crypto_crypto_createhmac_algorithm_key">#</a></span></h3>
<p>Creates and returns an <code>Hmac</code> object that uses the given <code>algorithm</code> and <code>key</code>.

</p>
<p>The <code>algorithm</code> is dependent on the available algorithms supported by the
version of OpenSSL on the platform. Examples are <code>&#39;sha256&#39;</code>, <code>&#39;sha512&#39;</code>, etc.
On recent releases of OpenSSL, <code>openssl list-message-digest-algorithms</code> will
display the available digest algorithms.
1152 1153

</p>
1154
<p>The <code>key</code> is the HMAC key used to generate the cryptographic HMAC hash.
1155 1156

</p>
1157
<p>Example: generating the sha256 HMAC of a file
1158 1159

</p>
1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176
<pre><code>const filename = process.argv[2];
const crypto = require(&#39;crypto&#39;);
const fs = require(&#39;fs&#39;);

const hmac = crypto.createHmac(&#39;sha256&#39;, &#39;a secret&#39;);

const input = fs.createReadStream(filename);
input.on(&#39;readable&#39;, () =&gt; {
  var data = input.read();
  if (data)
    hmac.update(data);
  else {
    console.log(`${hmac.digest(&#39;hex&#39;)} ${filename}`);
  }
});</code></pre>
<h3>crypto.createSign(algorithm)<span><a class="mark" href="#crypto_crypto_createsign_algorithm" id="crypto_crypto_createsign_algorithm">#</a></span></h3>
<p>Creates and returns a <code>Sign</code> object that uses the given <code>algorithm</code>. On
1177
recent OpenSSL releases, <code>openssl list-public-key-algorithms</code> will
1178
display the available signing algorithms. One example is <code>&#39;RSA-SHA256&#39;</code>.
1179 1180

</p>
1181 1182 1183 1184
<h3>crypto.createVerify(algorithm)<span><a class="mark" href="#crypto_crypto_createverify_algorithm" id="crypto_crypto_createverify_algorithm">#</a></span></h3>
<p>Creates and returns a <code>Verify</code> object that uses the given algorithm. On
recent OpenSSL releases, <code>openssl list-public-key-algorithms</code> will
display the available signing algorithms. One example is <code>&#39;RSA-SHA256&#39;</code>.
1185 1186

</p>
1187 1188
<h3>crypto.getCiphers()<span><a class="mark" href="#crypto_crypto_getciphers" id="crypto_crypto_getciphers">#</a></span></h3>
<p>Returns an array with the names of the supported cipher algorithms.
1189 1190

</p>
1191
<p>Example:
1192 1193

</p>
1194
<pre><code>const ciphers = crypto.getCiphers();
1195
console.log(ciphers); // [&#39;aes-128-cbc&#39;, &#39;aes-128-ccm&#39;, ...]</code></pre>
1196
<h3>crypto.getCurves()<span><a class="mark" href="#crypto_crypto_getcurves" id="crypto_crypto_getcurves">#</a></span></h3>
1197
<p>Returns an array with the names of the supported elliptic curves.
1198 1199

</p>
1200
<p>Example:
1201 1202

</p>
1203
<pre><code>const curves = crypto.getCurves();
1204
console.log(curves); // [&#39;secp256k1&#39;, &#39;secp384r1&#39;, ...]</code></pre>
1205 1206
<h3>crypto.getDiffieHellman(group_name)<span><a class="mark" href="#crypto_crypto_getdiffiehellman_group_name" id="crypto_crypto_getdiffiehellman_group_name">#</a></span></h3>
<p>Creates a predefined <code>DiffieHellman</code> key exchange object.  The
1207
supported groups are: <code>&#39;modp1&#39;</code>, <code>&#39;modp2&#39;</code>, <code>&#39;modp5&#39;</code> (defined in
1208 1209
<a href="https://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>, but see <a href="#crypto_support_for_weak_or_compromised_algorithms">Caveats</a>) and <code>&#39;modp14&#39;</code>, <code>&#39;modp15&#39;</code>,
<code>&#39;modp16&#39;</code>, <code>&#39;modp17&#39;</code>, <code>&#39;modp18&#39;</code> (defined in <a href="https://www.rfc-editor.org/rfc/rfc3526.txt">RFC 3526</a>). The
1210
returned object mimics the interface of objects created by
1211
<a href="#crypto_crypto_creatediffiehellman_prime_prime_encoding_generator_generator_encoding"><code>crypto.createDiffieHellman()</code></a>, but will not allow changing
1212
the keys (with <a href="#crypto_diffiehellman_setpublickey_public_key_encoding"><code>diffieHellman.setPublicKey()</code></a> for example). The
1213 1214
advantage of using this method is that the parties do not have to
generate nor exchange a group modulus beforehand, saving both processor
1215
and communication time.
1216 1217 1218 1219 1220

</p>
<p>Example (obtaining a shared secret):

</p>
1221 1222 1223
<pre><code>const crypto = require(&#39;crypto&#39;);
const alice = crypto.getDiffieHellman(&#39;modp14&#39;);
const bob = crypto.getDiffieHellman(&#39;modp14&#39;);
1224 1225 1226 1227

alice.generateKeys();
bob.generateKeys();

1228 1229
const alice_secret = alice.computeSecret(bob.getPublicKey(), null, &#39;hex&#39;);
const bob_secret = bob.computeSecret(alice.getPublicKey(), null, &#39;hex&#39;);
1230 1231 1232

/* alice_secret and bob_secret should be the same */
console.log(alice_secret == bob_secret);</code></pre>
1233
<h3>crypto.getHashes()<span><a class="mark" href="#crypto_crypto_gethashes" id="crypto_crypto_gethashes">#</a></span></h3>
1234 1235 1236 1237 1238 1239
<p>Returns an array with the names of the supported hash algorithms.

</p>
<p>Example:

</p>
1240
<pre><code>const hashes = crypto.getHashes();
1241
console.log(hashes); // [&#39;sha&#39;, &#39;sha1&#39;, &#39;sha1WithRSAEncryption&#39;, ...]</code></pre>
1242 1243 1244 1245 1246 1247
<h3>crypto.pbkdf2(password, salt, iterations, keylen[, digest], callback)<span><a class="mark" href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback" id="crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback">#</a></span></h3>
<p>Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation.  A selected HMAC digest algorithm specified by <code>digest</code> is
applied to derive a key of the requested byte length (<code>keylen</code>) from the
<code>password</code>, <code>salt</code> and <code>iterations</code>. If the <code>digest</code> algorithm is not specified,
a default of <code>&#39;sha1&#39;</code> is used.
1248

1249
</p>
1250 1251 1252
<p>The supplied <code>callback</code> function is called with two arguments: <code>err</code> and
<code>derivedKey</code>. If an error occurs, <code>err</code> will be set; otherwise <code>err</code> will be
null. The successfully generated <code>derivedKey</code> will be passed as a <a href="buffer.html"><code>Buffer</code></a>.
1253 1254

</p>
1255 1256 1257 1258 1259 1260 1261 1262
<p>The <code>iterations</code> argument must be a number set as high as possible. The
higher the number of iterations, the more secure the derived key will be,
but will take a longer amount of time to complete.

</p>
<p>The <code>salt</code> should also be as unique as possible. It is recommended that the
salts are random and their lengths are greater than 16 bytes. See
<a href="http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf">NIST SP 800-132</a> for details.
1263

1264 1265 1266 1267
</p>
<p>Example:

</p>
1268 1269 1270
<pre><code>const crypto = require(&#39;crypto&#39;);
crypto.pbkdf2(&#39;secret&#39;, &#39;salt&#39;, 100000, 512, &#39;sha512&#39;, (err, key) =&gt; {
  if (err) throw err;
1271 1272
  console.log(key.toString(&#39;hex&#39;));  // &#39;c5e478d...1469e50&#39;
});</code></pre>
1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286
<p>An array of supported digest functions can be retrieved using
<a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a>.

</p>
<h3>crypto.pbkdf2Sync(password, salt, iterations, keylen[, digest])<span><a class="mark" href="#crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest" id="crypto_crypto_pbkdf2sync_password_salt_iterations_keylen_digest">#</a></span></h3>
<p>Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation.  A selected HMAC digest algorithm specified by <code>digest</code> is
applied to derive a key of the requested byte length (<code>keylen</code>) from the
<code>password</code>, <code>salt</code> and <code>iterations</code>. If the <code>digest</code> algorithm is not specified,
a default of <code>&#39;sha1&#39;</code> is used.

</p>
<p>If an error occurs an Error will be thrown, otherwise the derived key will be
returned as a <a href="buffer.html"><code>Buffer</code></a>.
1287

1288
</p>
1289 1290 1291
<p>The <code>iterations</code> argument must be a number set as high as possible. The
higher the number of iterations, the more secure the derived key will be,
but will take a longer amount of time to complete.
1292

1293
</p>
1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309
<p>The <code>salt</code> should also be as unique as possible. It is recommended that the
salts are random and their lengths are greater than 16 bytes. See
<a href="http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf">NIST SP 800-132</a> for details.

</p>
<p>Example:

</p>
<pre><code>const crypto = require(&#39;crypto&#39;);
const key = crypto.pbkdf2sync(&#39;secret&#39;, &#39;salt&#39;, 100000, 512, &#39;sha512&#39;);
console.log(key.toString(&#39;hex&#39;));  // &#39;c5e478d...1469e50&#39;</code></pre>
<p>An array of supported digest functions can be retrieved using
<a href="#crypto_crypto_gethashes"><code>crypto.getHashes()</code></a>.

</p>
<h3>crypto.privateDecrypt(private_key, buffer)<span><a class="mark" href="#crypto_crypto_privatedecrypt_private_key_buffer" id="crypto_crypto_privatedecrypt_private_key_buffer">#</a></span></h3>
1310
<p>Decrypts <code>buffer</code> with <code>private_key</code>.
1311 1312

</p>
1313
<p><code>private_key</code> can be an object or a string. If <code>private_key</code> is a string, it is
1314
treated as the key with no passphrase and will use <code>RSA_PKCS1_OAEP_PADDING</code>.
1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329
If <code>private_key</code> is an object, it is interpreted as a hash object with the
keys:

</p>
<ul>
<li><code>key</code> : A string holding the PEM encoded private key</li>
<li><code>passphrase</code> : An optional string of passphrase for the private key</li>
<li><code>padding</code> : An optional padding value, one of the following:<ul>
<li><code>constants.RSA_NO_PADDING</code></li>
<li><code>constants.RSA_PKCS1_PADDING</code></li>
<li><code>constants.RSA_PKCS1_OAEP_PADDING</code></li>
</ul>
</li>
</ul>
<p>All paddings are defined in the <code>constants</code> module.
1330 1331

</p>
1332 1333 1334 1335 1336 1337 1338 1339
<h3>crypto.privateEncrypt(private_key, buffer)<span><a class="mark" href="#crypto_crypto_privateencrypt_private_key_buffer" id="crypto_crypto_privateencrypt_private_key_buffer">#</a></span></h3>
<p>Encrypts <code>buffer</code> with <code>private_key</code>.

</p>
<p><code>private_key</code> can be an object or a string. If <code>private_key</code> is a string, it is
treated as the key with no passphrase and will use <code>RSA_PKCS1_PADDING</code>.
If <code>private_key</code> is an object, it is interpreted as a hash object with the
keys:
1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351

</p>
<ul>
<li><code>key</code> : A string holding the PEM encoded private key</li>
<li><code>passphrase</code> : An optional string of passphrase for the private key</li>
<li><code>padding</code> : An optional padding value, one of the following:<ul>
<li><code>constants.RSA_NO_PADDING</code></li>
<li><code>constants.RSA_PKCS1_PADDING</code></li>
<li><code>constants.RSA_PKCS1_OAEP_PADDING</code></li>
</ul>
</li>
</ul>
1352 1353 1354 1355 1356
<p>All paddings are defined in the <code>constants</code> module.

</p>
<h3>crypto.publicDecrypt(public_key, buffer)<span><a class="mark" href="#crypto_crypto_publicdecrypt_public_key_buffer" id="crypto_crypto_publicdecrypt_public_key_buffer">#</a></span></h3>
<p>Decrypts <code>buffer</code> with <code>public_key</code>.
1357

1358
</p>
1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376
<p><code>public_key</code> can be an object or a string. If <code>public_key</code> is a string, it is
treated as the key with no passphrase and will use <code>RSA_PKCS1_PADDING</code>.
If <code>public_key</code> is an object, it is interpreted as a hash object with the
keys:

</p>
<ul>
<li><code>key</code> : A string holding the PEM encoded public key</li>
<li><code>passphrase</code> : An optional string of passphrase for the private key</li>
<li><code>padding</code> : An optional padding value, one of the following:<ul>
<li><code>constants.RSA_NO_PADDING</code></li>
<li><code>constants.RSA_PKCS1_PADDING</code></li>
<li><code>constants.RSA_PKCS1_OAEP_PADDING</code></li>
</ul>
</li>
</ul>
<p>Because RSA public keys can be derived from private keys, a private key may
be passed instead of a public key.
1377

1378
</p>
1379
<p>All paddings are defined in the <code>constants</code> module.
1380 1381

</p>
1382 1383
<h3>crypto.publicEncrypt(public_key, buffer)<span><a class="mark" href="#crypto_crypto_publicencrypt_public_key_buffer" id="crypto_crypto_publicencrypt_public_key_buffer">#</a></span></h3>
<p>Encrypts <code>buffer</code> with <code>public_key</code>.
1384 1385

</p>
1386
<p><code>public_key</code> can be an object or a string. If <code>public_key</code> is a string, it is
1387
treated as the key with no passphrase and will use <code>RSA_PKCS1_OAEP_PADDING</code>.
1388