SPKAC is a Certificate Signing Request mechanism originally implemented byNetscape and was specified formally as part of HTML5's keygen element.

Instances of the Cipher class are used to encrypt data. The class can beused in one of two ways:

Instances of the Decipher class are used to decrypt data. The class can beused in one of two ways:

The DiffieHellman class is a utility for creating Diffie-Hellman keyexchanges.

The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH)key exchanges.

The Hash class is a utility for creating hash digests of data. It can beused in one of two ways:

Node.js uses a KeyObject class to represent a symmetric or asymmetric key,and each kind of key exposes different functions. The createSecretKey, createPublicKey and createPrivateKey methods are used to create KeyObjectinstances. KeyObjectobjects are not to be created directly using the newkeyword.

The Sign class is a utility for generating signatures. It can be used in oneof two ways:

The Verify class is a utility for verifying signatures. It can be used in oneof two ways:

Encapsulates an X509 certificate and provides read-only access toits information.

The Hmac class is a utility for creating cryptographic HMAC digests. It canbe used in one of two ways:

Checks the primality of the candidate.

Checks the primality of the candidate.

Creates and returns a Cipher object, with the given algorithm, key andinitialization vector (iv).

Creates and returns a Decipher object that uses the given algorithm, key and initialization vector (iv).

Creates a DiffieHellman key exchange object using the supplied prime and anoptional specific generator.

An alias for getDiffieHellman

Creates an Elliptic Curve Diffie-Hellman (ECDH) key exchange object using apredefined curve specified by the curveName string. Use getCurves to obtain a list of available curve names. On recentOpenSSL releases, openssl ecparam -list_curves will also display the nameand description of each available elliptic curve.

Creates and returns a Hash object that can be used to generate hash digestsusing the given algorithm. Optional options argument controls streambehavior. For XOF hash functions such as 'shake256', the outputLength optioncan be used to specify the desired output length in bytes.

Creates and returns an Hmac object that uses the given algorithm and key.Optional options argument controls stream behavior.

Creates and returns a new key object containing a private key. If key is astring or Buffer, format is assumed to be 'pem'; otherwise, key must be an object with the properties described above.

Creates and returns a new key object containing a public key. If key is astring or Buffer, format is assumed to be 'pem'; if key is a KeyObject with type 'private', the public key is derived from the given private key;otherwise, key must be an object with the properties described above.

Creates and returns a new key object containing a secret key for symmetricencryption or Hmac.

Creates and returns a Sign object that uses the given algorithm. Use getHashes to obtain the names of the available digest algorithms.Optional options argument controls the stream.Writable behavior.

Creates and returns a Verify object that uses the given algorithm.Use getHashes to obtain an array of names of the availablesigning algorithms. Optional options argument controls the stream.Writable behavior.

Computes the Diffie-Hellman secret based on a privateKey and a publicKey.Both keys must have the same asymmetricKeyType, which must be one of 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).

Asynchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.

Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC,Ed25519, Ed448, X25519, X448, and DH are currently supported.

Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC,Ed25519, Ed448, X25519, X448, and DH are currently supported.

Synchronously generates a new random secret key of the given length. The type will determine which validations will be performed on the length.

Generates a pseudorandom prime of size bits.

Generates a pseudorandom prime of size bits.

Returns information about a given cipher.

Creates a predefined DiffieHellmanGroup key exchange object. Thesupported groups are listed in the documentation for DiffieHellmanGroup.

A convenient alias for webcrypto.getRandomValues. Thisimplementation is not compliant with the Web Crypto spec, to writeweb-compatible code use webcrypto.getRandomValues instead.

A utility for creating one-shot hash digests of data. It can be faster than the object-based crypto.createHash() when hashing a smaller amount of data(<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use crypto.createHash() instead. The algorithmis dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256', 'sha512', etc. On recent releasesof OpenSSL, openssl list -digest-algorithms will display the available digest algorithms.

HKDF is a simple key derivation function defined in RFC 5869. The given ikm, salt and info are used with the digest to derive a key of keylen bytes.

Provides a synchronous HKDF key derivation function as defined in RFC 5869. Thegiven ikm, salt and info are used with the digest to derive a key of keylen bytes.

Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)implementation. A selected HMAC digest algorithm specified by digest isapplied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)implementation. A selected HMAC digest algorithm specified by digest isapplied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

Decrypts buffer with privateKey. buffer was previously encrypted usingthe corresponding public key, for example using publicEncrypt.

Encrypts buffer with privateKey. The returned data can be decrypted usingthe corresponding public key, for example using publicDecrypt.

Decrypts buffer with key.buffer was previously encrypted usingthe corresponding private key, for example using privateEncrypt.

Encrypts the content of buffer with key and returns a new Buffer with encrypted content. The returned data can be decrypted usingthe corresponding private key, for example using privateDecrypt.

Generates cryptographically strong pseudorandom data. The size argumentis a number indicating the number of bytes to generate.

This function is similar to randomBytes but requires the firstargument to be a Buffer that will be filled. It alsorequires that a callback is passed in.

Synchronous version of randomFill.

Return a random integer n such that min <= n < max. Thisimplementation avoids modulo bias.

Generates a random RFC 4122 version 4 UUID. The UUID is generated using acryptographic pseudorandom number generator.

Provides an asynchronous scrypt implementation. Scrypt is a password-basedkey derivation function that is designed to be expensive computationally andmemory-wise in order to make brute-force attacks unrewarding.

Provides a synchronous scrypt implementation. Scrypt is a password-basedkey derivation function that is designed to be expensive computationally andmemory-wise in order to make brute-force attacks unrewarding.

Load and set the engine for some or all OpenSSL functions (selected by flags).

Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build.Throws an error if FIPS mode is not available.

Calculates and returns the signature for data using the given private key andalgorithm. If algorithm is null or undefined, then the algorithm isdependent upon the key type (especially Ed25519 and Ed448).

This function compares the underlying bytes that represent the given ArrayBuffer, TypedArray, or DataView instances using a constant-timealgorithm.

Verifies the given signature for data using the given key and algorithm. If algorithm is null or undefined, then the algorithm is dependent upon thekey type (especially Ed25519 and Ed448).

Importing the webcrypto object (import { webcrypto } from 'node:crypto') gives an instance of the Crypto class.Crypto is a singleton that provides access to the remainder of the crypto API.

The CryptoKeyPair is a simple dictionary object with publicKey and privateKey properties, representing an asymmetric key pair.

Specifies the active default cipher list used by the current Node.js process (colon-separated values).

Specifies the built-in default cipher list used by Node.js (colon-separated values).

Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature.

Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying.

Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data.

Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.

Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3

Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.

Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.

Instructs OpenSSL to use Cisco's version identifier of DTLS_BAD_VER.

Instructs OpenSSL to turn on cookie exchange.

Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.

Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.

Allows initial connection to servers that do not support RI.

Instructs OpenSSL to disable support for SSL/TLS compression.

Instructs OpenSSL to disable encrypt-then-MAC.

Instructs OpenSSL to disable renegotiation.

Instructs OpenSSL to always start a new session when performing renegotiation.

Instructs OpenSSL to turn off SSL v2

Instructs OpenSSL to turn off SSL v3

Instructs OpenSSL to disable use of RFC4507bis tickets.

Instructs OpenSSL to turn off TLS v1

Instructs OpenSSL to turn off TLS v1.1

Instructs OpenSSL to turn off TLS v1.2

Instructs OpenSSL to turn off TLS v1.3

Instructs OpenSSL server to prioritize ChaCha20-Poly1305 when the client does. This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

Instructs OpenSSL to disable version rollback attack detection.

A convenient alias for crypto.webcrypto.subtle.