The class is a utility for verifying signatures.
As a writable where written data is used to validate against the supplied signature, or
depending on the validity of the signature for the data and public key.
Verifies the provided data using the given and
The argument can be either a string containing a PEM encoded object, which can be an RSA public key, a DSA public key, or an X.509 certificate, or an object with one or more of the following properties:
The argument is the previously calculated signature for the data, in the which can be or
module methods and properties
An object containing commonly used constants for crypto and security related operations.
The specific constants currently defined are described in Crypto Constants
The default encoding to use for functions that can take either strings or
The default value is, which makes methods default to objects.
The mechanism is provided for backwards compatibility with legacy programs that expect to be the default encoding.
New applications should expect the default to be
This property is deprecated.
Property for checking and controlling whether a FIPS compliant crypto provider is currently in use. Setting to true requires a FIPS build of Node.js.
Please use and instead.
Creates and returns a object that uses the given and
The argument controls stream behavior and is optional except when a cipher in CCM mode is used
In that case, the option is required and specifies the length of the authentication tag in bytes, see CCM mode.
The is dependent on OpenSSL, examples are, etc.
On recent OpenSSL releases, ( for older versions of OpenSSL) will display the available cipher algorithms.
The is used to derive the cipher key and initialization vector (IV).
The value must be either a encoded string
The implementation of derives keys using the OpenSSL function with the digest algorithm set to MD5, one iteration, and no salt.
The lack of salt allows dictionary attacks as the same password always creates the same key.
The low iteration count and non-cryptographically secure hash algorithm allow passwords to be tested very rapidly.
In line with OpenSSL's recommendation to use instead of it is recommended that developers derive a key and IV on their own using and to use to create the object.
Users should not use ciphers with counter mode in
A warning is emitted when they are used in order to avoid the risk of IV reuse that causes vulnerabilities.
For the case when IV is reused in GCM, see Nonce-Disrespecting Adversaries for details.
The is the raw key used by the and is an initialization vector
Both arguments must be encoded strings, or
If the cipher does not need an initialization vector, may be
Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; it is important to remember that an attacker must not be able to predict ahead of time what a given IV will be.
The method is a deprecated function for creating and returning a
It should not be used.
Replace it with which has the exact same arguments and return value.
Returns a, as-if had been called.
Creates a key exchange object using the supplied and an optional specific
The argument can be a number, string, or
If is not specified, the value is used.
The and arguments can be or
Creates a key exchange object and generates a prime of bits using an optional specific numeric
Creates an Elliptic Curve Diffie-Hellman key exchange object using a predefined curve specified by the string.
Creates and returns a object that can be used to generate hash digests using the given
Optional argument controls stream behavior.
Example: generating the sum of a file
Use to obtain an array of names of the available signing algorithms.
An array with the names of the supported cipher algorithms.
An array with the names of the supported elliptic curves.
The supported groups are: (defined in but see Caveats) and (defined in).
The returned object mimics the interface of objects created by but will not allow changing the keys (with for example).
The advantage of using this method is that the parties do not have to generate nor exchange a group modulus beforehand, saving both processor and communication time.
if and only if a FIPS compliant crypto provider is currently in use.
An array of the names of the supported hash algorithms, such as
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation.
A selected HMAC digest algorithm specified by is applied to derive a key of the requested byte length from the and
The supplied function is called with two arguments: and
If an error occurs while deriving the key, will be set; otherwise will be
By default, the successfully generated will be passed to the callback as a
An error will be thrown if any of the input arguments specify invalid values or types.
The argument must be a number set as high as possible.
The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.
The should also be as unique as possible.
It is recommended that the salts are random and their lengths are at least 16 bytes.
See for details.
The property can be used to change the way the is passed to the callback.
This property, however, has been deprecated and use should be avoided.
An array of supported digest functions can be retrieved using
Note that this API uses libuv's threadpool, which can have surprising and negative performance implications for some applications, see the documentation for more information.
If is a string, it is treated as the key with no passphrase and will use
Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.
Encrypts the content of with and returns a new with encrypted content.
Generates cryptographically strong pseudo-random data.
The argument is a number indicating the number of bytes to generate.
If a function is provided, the bytes are generated asynchronously and the function is invoked with two arguments: and
The argument is a containing the generated bytes.
If the function is not provided, the random bytes are generated synchronously and returned as a
An error will be thrown if there is a problem generating the bytes.
The method will not complete until there is sufficient entropy available.
This should normally never take longer than a few milliseconds.
The only time when generating the random bytes may conceivably block for a longer period of time is right after boot, when the whole system is still low on entropy
The asynchronous version of is carried out in a single threadpool request.
To minimize threadpool task length variation, partition large requests when doing so as part of fulfilling a client request.
Must be supplied.
Synchronous version of
The above is equivalent to the following:
Any or instance may be passed as
This function is similar to but requires the first argument to be a that will be filled.
It also requires that a callback is passed in.
Load and set the for some or all OpenSSL functions (selected by flags).
could be either an id or a path to the engine's shared library.
The optional argument uses by default.
The is a bit field taking one of or a mix of the following flags (defined in
The flags below are deprecated in
to enable FIPS mode
Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. Throws an error if FIPS mode is not available.
This function is based on a constant-time algorithm.
Returns true if is equal to, without leaking timing information that would allow an attacker to guess one of the values.
This is suitable for comparing HMAC digests or secret values like authentication cookies or capability urls.
must both be or and they must have the same length.
Use of does not guarantee that the surrounding code is timing-safe.
Care should be taken to ensure that the surrounding code does not introduce timing vulnerabilities.