/** * The `crypto` module provides cryptographic functionality that includes a * set of wrappers for OpenSSL's hash, HMAC. * * ```js * import { createHmac } from 'crypto'; * * const secret = 'abcdefg'; * const hash = createHmac('sha256', secret) * .update('I love cupcakes') * .digest('hex'); * console.log(hash); * // Prints: * // c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e * ``` */ declare module "crypto" { import { Buffer } from "buffer"; type BinaryLike = string | QuickJS.ArrayBufferView; type LlrtBinaryLike = BinaryLike | ArrayBuffer | ArrayLike; type BinaryToTextEncoding = "base64" | "hex"; type CharacterEncoding = "utf8" | "utf-8" | "utf16le" | "utf-16le" | "latin1"; type LegacyCharacterEncoding = "ascii"; type Encoding = | BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding; /** * Creates and returns a `Hash` object that can be used to generate hash digests * using the given `algorithm`. * * The `algorithm` is supported by `'sha1'`, `'sha256'`,`'sha384'` and `'sha512'`. */ export function createHash(algorithm: string): Hash; /** * Creates and returns an `Hmac` object that uses the given `algorithm` and `key`. * * The `algorithm` is supported by `'sha1'`, `'sha256'`,`'sha384'` and `'sha512'`. * * The `key` is the HMAC key used to generate the cryptographic HMAC hash. * If it is a string, please consider `caveats when using strings as inputs to cryptographic APIs`. * If it was obtained from a cryptographically secure source of entropy, such as {@link randomBytes} * or {@link generateKey}, its length should not exceed the block size of `algorithm` * (e.g., 512 bits for SHA-256). */ export function createHmac(algorithm: string, key: LlrtBinaryLike): Hmac; /** * The `Hash` class is a utility for creating hash digests of data. * * Using the `hash.update()` and `hash.digest()` methods to produce the * computed hash. * * The {@link createHash} method is used to create `Hash` instances. * `Hash`objects are not to be created directly using the `new` keyword. * * Example: Using the `hash.update()` and `hash.digest()` methods: * * ```js * import { createHash } from 'crypto'; * * const hash = createHash('sha256'); * * hash.update('some data to hash'); * console.log(hash.digest('hex')); * // Prints: * // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50 * ``` */ interface Hash { /** * Updates the hash content with the given `data`, the encoding of which * is given in `inputEncoding`. * If `encoding` is not provided, and the `data` is a string, an * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, * then `inputEncoding` is ignored. * * This can be called many times with new data as it is streamed. * @param inputEncoding The `encoding` of the `data` string. */ update(data: LlrtBinaryLike): Hash; update(data: string, inputEncoding: Encoding): Hash; /** * Calculates the digest of all of the data passed to be hashed (using the `hash.update()` method). * If `encoding` is provided a string will be returned; otherwise * a `Buffer` is returned. * * The `Hash` object can not be used again after `hash.digest()` method has been * called. Multiple calls will cause an error to be thrown. * @param encoding The `encoding` of the return value. */ digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * The `Hmac` class is a utility for creating cryptographic HMAC digests. * * Using the `hmac.update()` and `hmac.digest()` methods to produce the * computed HMAC digest. * * The {@link createHmac} method is used to create `Hmac` instances. * `Hmac`objects are not to be created directly using the `new` keyword. * * Example: Using the `hmac.update()` and `hmac.digest()` methods: * * ```js * import { createHmac } from 'crypto'; * * const hmac = createHmac('sha256', 'a secret'); * * hmac.update('some data to hash'); * console.log(hmac.digest('hex')); * // Prints: * // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e * ``` */ interface Hmac { /** * Updates the `Hmac` content with the given `data`, the encoding of which * is given in `inputEncoding`. * If `encoding` is not provided, and the `data` is a string, an * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, * then `inputEncoding` is ignored. * * This can be called many times with new data as it is streamed. * @param inputEncoding The `encoding` of the `data` string. */ update(data: LlrtBinaryLike): Hmac; update(data: string, inputEncoding: Encoding): Hmac; /** * Calculates the HMAC digest of all of the data passed using `hmac.update()`. * If `encoding` is * provided a string is returned; otherwise a `Buffer` is returned; * * The `Hmac` object can not be used again after `hmac.digest()` has been * called. Multiple calls to `hmac.digest()` will result in an error being thrown. * @param encoding The `encoding` of the return value. */ digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * LLRT-specific MD5 hash implementation. Passing a secret creates an HMAC-compatible instance. */ export class Md5 { constructor(secret?: LlrtBinaryLike); update(data: LlrtBinaryLike): Md5; update(data: string, inputEncoding: Encoding): Md5; digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * LLRT-specific SHA-1 hash implementation. Passing a secret creates an HMAC-compatible instance. */ export class Sha1 { constructor(secret?: LlrtBinaryLike); update(data: LlrtBinaryLike): Sha1; update(data: string, inputEncoding: Encoding): Sha1; digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * LLRT-specific SHA-256 hash implementation. Passing a secret creates an HMAC-compatible instance. */ export class Sha256 { constructor(secret?: LlrtBinaryLike); update(data: LlrtBinaryLike): Sha256; update(data: string, inputEncoding: Encoding): Sha256; digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * LLRT-specific SHA-384 hash implementation. Passing a secret creates an HMAC-compatible instance. */ export class Sha384 { constructor(secret?: LlrtBinaryLike); update(data: LlrtBinaryLike): Sha384; update(data: string, inputEncoding: Encoding): Sha384; digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * LLRT-specific SHA-512 hash implementation. Passing a secret creates an HMAC-compatible instance. */ export class Sha512 { constructor(secret?: LlrtBinaryLike); update(data: LlrtBinaryLike): Sha512; update(data: string, inputEncoding: Encoding): Sha512; digest(): Buffer; digest(encoding: BinaryToTextEncoding): string; } /** * LLRT-specific CRC32 implementation. */ export class Crc32 { constructor(); update(data: LlrtBinaryLike): Crc32; digest(): number; } /** * LLRT-specific CRC32C implementation. */ export class Crc32c { constructor(); update(data: LlrtBinaryLike): Crc32c; digest(): number; } /** * Generates cryptographically strong pseudorandom data. The `size` argument * is a number indicating the number of bytes to generate. * * the random bytes are generated synchronously and returned as a `Buffer`. * An error will be thrown if there is a problem generating the bytes. * * ```js * // Synchronous * import { randomBytes } from 'crypto'; * * const buf = randomBytes(256); * console.log( * `${buf.length} bytes of random data: ${buf.toString('hex')}`); * ``` * * The `crypto.randomBytes()` method will not complete until there is * sufficient entropy available. * This should normally never take longer than a few milliseconds. The only time * when generating the random bytes may conceivably block for a longer period of * time is right after boot, when the whole system is still low on entropy. * * @param size The number of bytes to generate. The `size` must not be larger than `2**31 - 1`. */ export function randomBytes(size: number): Buffer; /** * Return a random integer `n` such that `min <= n < max`. This * implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias). * * The range (`max - min`) must be less than 2**48. `min` and `max` must * be [safe integers](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger). * * ```js * // Synchronous * import { randomInt } from 'crypto'; * * const n = randomInt(3); * console.log(`Random number chosen from (0, 1, 2): ${n}`); * ``` * * ```js * // With `min` argument * import { randomInt } from 'crypto'; * * const n = randomInt(1, 7); * console.log(`The dice rolled: ${n}`); * ``` * @param [min=0] Start of random range (inclusive). * @param max End of random range (exclusive). */ export function randomInt(max: number): number; export function randomInt(min: number, max: number): number; /** * Synchronous version of {@link randomFill}. * * ```js * import { Buffer } from 'buffer'; * import { randomFillSync } from 'crypto'; * * const buf = Buffer.alloc(10); * console.log(randomFillSync(buf).toString('hex')); * * randomFillSync(buf, 5); * console.log(buf.toString('hex')); * * // The above is equivalent to the following: * randomFillSync(buf, 5, 5); * console.log(buf.toString('hex')); * ``` * * Any `ArrayBuffer`, `TypedArray` or `DataView` instance may be passed as`buffer`. * * ```js * import { Buffer } from 'buffer'; * import { randomFillSync } from 'crypto'; * * const a = new Uint32Array(10); * console.log(Buffer.from(randomFillSync(a).buffer, * a.byteOffset, a.byteLength).toString('hex')); * * const b = new DataView(new ArrayBuffer(10)); * console.log(Buffer.from(randomFillSync(b).buffer, * b.byteOffset, b.byteLength).toString('hex')); * * const c = new ArrayBuffer(10); * console.log(Buffer.from(randomFillSync(c)).toString('hex')); * ``` * @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`. * @param [offset=0] * @param [size=buffer.length - offset] * @return The object passed as `buffer` argument. */ export function randomFillSync( buffer: T, offset?: number, size?: number ): T; /** * This function is similar to {@link randomBytes} but requires the first * argument to be a `Buffer` that will be filled. It also * requires that a callback is passed in. * * If the `callback` function is not provided, an error will be thrown. * * ```js * import { Buffer } from 'buffer'; * import { randomFill } from 'crypto'; * * const buf = Buffer.alloc(10); * randomFill(buf, (err, buf) => { * if (err) throw err; * console.log(buf.toString('hex')); * }); * * randomFill(buf, 5, (err, buf) => { * if (err) throw err; * console.log(buf.toString('hex')); * }); * * // The above is equivalent to the following: * randomFill(buf, 5, 5, (err, buf) => { * if (err) throw err; * console.log(buf.toString('hex')); * }); * ``` * * Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as `buffer`. * * While this includes instances of `Float32Array` and `Float64Array`, this * function should not be used to generate random floating-point numbers. The * result may contain `+Infinity`, `-Infinity`, and `NaN`, and even if the array * contains finite numbers only, they are not drawn from a uniform random * distribution and have no meaningful lower or upper bounds. * * ```js * import { Buffer } from 'buffer'; * import { randomFill } from 'crypto'; * * const a = new Uint32Array(10); * randomFill(a, (err, buf) => { * if (err) throw err; * console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength) * .toString('hex')); * }); * * const b = new DataView(new ArrayBuffer(10)); * randomFill(b, (err, buf) => { * if (err) throw err; * console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength) * .toString('hex')); * }); * * const c = new ArrayBuffer(10); * randomFill(c, (err, buf) => { * if (err) throw err; * console.log(Buffer.from(buf).toString('hex')); * }); * ``` * @param buffer Must be supplied. The size of the provided `buffer` must not be larger than `2**31 - 1`. * @param [offset=0] * @param [size=buffer.length - offset] * @param callback `function(err, buf) {}`. */ export function randomFill( buffer: T, callback: (err: Error | null, buf: T) => void ): void; export function randomFill( buffer: T, offset: number, callback: (err: Error | null, buf: T) => void ): void; export function randomFill( buffer: T, offset: number, size: number, callback: (err: Error | null, buf: T) => void ): void; type UUID = `${string}-${string}-${string}-${string}-${string}`; /** * A convenient alias for {@link webcrypto.getRandomValues}. This * implementation is not compliant with the Web Crypto spec, to write * web-compatible code use {@link webcrypto.getRandomValues} instead. * @return Returns `typedArray`. */ export function getRandomValues(typedArray: T): T; /** * Generates a random {@link https://www.rfc-editor.org/rfc/rfc4122.txt RFC 4122} version 4 UUID. * The UUID is generated using a cryptographic pseudorandom number generator. */ export function randomUUID(): UUID; /** * An implementation of the Web Crypto API standard. * * See the {@link https://nodejs.org/docs/latest/api/webcrypto.html Web Crypto API documentation} for details. */ export namespace webcrypto { type BufferSource = ArrayBufferView | ArrayBuffer; type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki"; type KeyType = "private" | "public" | "secret"; type KeyUsage = | "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey"; type AlgorithmIdentifier = Algorithm | string; type HashAlgorithmIdentifier = AlgorithmIdentifier; type NamedCurve = string; type BigInteger = Uint8Array; interface AesCbcParams extends Algorithm { iv: BufferSource; } interface AesCtrParams extends Algorithm { counter: BufferSource; length: number; } interface AesDerivedKeyParams extends Algorithm { length: number; } interface AesGcmParams extends Algorithm { additionalData?: BufferSource; iv: BufferSource; tagLength?: number; } interface AesKeyAlgorithm extends KeyAlgorithm { length: number; } interface AesKeyGenParams extends Algorithm { length: number; } interface Algorithm { name: string; } interface EcKeyAlgorithm extends KeyAlgorithm { namedCurve: NamedCurve; } interface EcKeyGenParams extends Algorithm { namedCurve: NamedCurve; } interface EcKeyImportParams extends Algorithm { namedCurve: NamedCurve; } interface EcdhKeyDeriveParams extends Algorithm { public: CryptoKey; } interface EcdsaParams extends Algorithm { hash: HashAlgorithmIdentifier; } interface Ed448Params extends Algorithm { context?: BufferSource; } interface HkdfParams extends Algorithm { hash: HashAlgorithmIdentifier; info: BufferSource; salt: BufferSource; } interface HmacImportParams extends Algorithm { hash: HashAlgorithmIdentifier; length?: number; } interface HmacKeyAlgorithm extends KeyAlgorithm { hash: KeyAlgorithm; length: number; } interface HmacKeyGenParams extends Algorithm { hash: HashAlgorithmIdentifier; length?: number; } interface JsonWebKey { alg?: string; crv?: string; d?: string; dp?: string; dq?: string; e?: string; ext?: boolean; k?: string; key_ops?: string[]; kty?: string; n?: string; oth?: RsaOtherPrimesInfo[]; p?: string; q?: string; qi?: string; use?: string; x?: string; y?: string; } interface KeyAlgorithm { name: string; } interface Pbkdf2Params extends Algorithm { hash: HashAlgorithmIdentifier; iterations: number; salt: BufferSource; } interface RsaHashedImportParams extends Algorithm { hash: HashAlgorithmIdentifier; } interface RsaHashedKeyAlgorithm extends RsaKeyAlgorithm { hash: KeyAlgorithm; } interface RsaHashedKeyGenParams extends RsaKeyGenParams { hash: HashAlgorithmIdentifier; } interface RsaKeyAlgorithm extends KeyAlgorithm { modulusLength: number; publicExponent: BigInteger; } interface RsaKeyGenParams extends Algorithm { modulusLength: number; publicExponent: BigInteger; } interface RsaOaepParams extends Algorithm { label?: BufferSource; } interface RsaOtherPrimesInfo { d?: string; r?: string; t?: string; } interface RsaPssParams extends Algorithm { saltLength: number; } interface CryptoKey { /** * An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters. */ readonly algorithm: KeyAlgorithm; /** * When `true`, the {@link CryptoKey} can be extracted using either `subtleCrypto.exportKey()` or `subtleCrypto.wrapKey()`. */ readonly extractable: boolean; /** * A string identifying whether the key is a symmetric (`'secret'`) or asymmetric (`'private'` or `'public'`) key. */ readonly type: KeyType; /** * An array of strings identifying the operations for which the key may be used. * * The possible usages are: * - `'encrypt'` - The key may be used to encrypt data. * - `'decrypt'` - The key may be used to decrypt data. * - `'sign'` - The key may be used to generate digital signatures. * - `'verify'` - The key may be used to verify digital signatures. * - `'deriveKey'` - The key may be used to derive a new key. * - `'deriveBits'` - The key may be used to derive bits. * - `'wrapKey'` - The key may be used to wrap another key. * - `'unwrapKey'` - The key may be used to unwrap another key. * * Valid key usages depend on the key algorithm (identified by `cryptokey.algorithm.name`). * @since v15.0.0 */ readonly usages: KeyUsage[]; } /** * The `CryptoKeyPair` is a simple dictionary object with `publicKey` and `privateKey` properties, representing an asymmetric key pair. */ interface CryptoKeyPair { /** * A {@link CryptoKey} whose type will be `'private'`. */ privateKey: CryptoKey; /** * A {@link CryptoKey} whose type will be `'public'`. */ publicKey: CryptoKey; } interface SubtleCrypto { /** * Using the method and parameters specified in `algorithm` and the keying material provided by `key`, * `subtle.decrypt()` attempts to decipher the provided `data`. If successful, * the returned promise will be resolved with an `` containing the plaintext result. * * The algorithms currently supported include: * * - `'RSA-OAEP'` * - `'AES-CTR'` * - `'AES-CBC'` * - `'AES-GCM'` */ decrypt( algorithm: | AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams, key: CryptoKey, data: BufferSource ): Promise; /** * Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`, * `subtle.deriveBits()` attempts to generate `length` bits. * The LLRT implementation requires that when `length` is a number it must be multiple of `8`. * When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed * for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms. * If successful, the returned promise will be resolved with an `` containing the generated data. * * The algorithms currently supported include: * * - `'ECDH'` * - `'X25519'` * - `'X448'` * - `'HKDF'` * - `'PBKDF2'` */ deriveBits( algorithm: EcdhKeyDeriveParams, baseKey: CryptoKey, length: number | null ): Promise; deriveBits( algorithm: AlgorithmIdentifier | HkdfParams | Pbkdf2Params, baseKey: CryptoKey, length: number ): Promise; /** * Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`, * `subtle.deriveKey()` attempts to generate a new ` based on the method and parameters in `derivedKeyAlgorithm`. * * Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material, * then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input. * * The algorithms currently supported include: * * - `'ECDH'` * - `'X25519'` * - `'X448'` * - `'HKDF'` * - `'PBKDF2'` * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}. */ deriveKey( algorithm: | AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params, baseKey: CryptoKey, derivedKeyAlgorithm: | AlgorithmIdentifier | AesDerivedKeyParams | HmacImportParams | HkdfParams | Pbkdf2Params, extractable: boolean, keyUsages: readonly KeyUsage[] ): Promise; /** * Using the method identified by `algorithm`, `subtle.digest()` attempts to generate a digest of `data`. * If successful, the returned promise is resolved with an `` containing the computed digest. * * If `algorithm` is provided as a ``, it must be one of: * * - `'SHA-1'` * - `'SHA-256'` * - `'SHA-384'` * - `'SHA-512'` * * If `algorithm` is provided as an ``, it must have a `name` property whose value is one of the above. */ digest( algorithm: AlgorithmIdentifier, data: BufferSource ): Promise; /** * Using the method and parameters specified by `algorithm` and the keying material provided by `key`, * `subtle.encrypt()` attempts to encipher `data`. If successful, * the returned promise is resolved with an `` containing the encrypted result. * * The algorithms currently supported include: * * - `'RSA-OAEP'` * - `'AES-CTR'` * - `'AES-CBC'` * - `'AES-GCM'` */ encrypt( algorithm: | AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams, key: CryptoKey, data: BufferSource ): Promise; /** * Exports the given key into the specified format, if supported. * * If the `` is not extractable, the returned promise will reject. * * When `format` is either `'pkcs8'` or `'spki'` and the export is successful, * the returned promise will be resolved with an `` containing the exported key data. * * When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a * JavaScript object conforming to the {@link https://tools.ietf.org/html/rfc7517 JSON Web Key} specification. * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. * @returns `` containing ``. */ exportKey(format: "jwk", key: CryptoKey): Promise; exportKey( format: Exclude, key: CryptoKey ): Promise; /** * Using the method and parameters provided in `algorithm`, * `subtle.generateKey()` attempts to generate new keying material. * Depending the method used, the method may generate either a single `` or a ``. * * The `` (public and private key) generating algorithms supported include: * * - `'RSASSA-PKCS1-v1_5'` * - `'RSA-PSS'` * - `'RSA-OAEP'` * - `'ECDSA'` * - `'ECDH'` * - `'Ed25519'` * The `` (secret key) generating algorithms supported include: * * - `'HMAC'` * - `'AES-CTR'` * - `'AES-CBC'` * - `'AES-GCM'` * - `'AES-KW'` * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}. */ generateKey( algorithm: RsaHashedKeyGenParams | EcKeyGenParams, extractable: boolean, keyUsages: readonly KeyUsage[] ): Promise; generateKey( algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params, extractable: boolean, keyUsages: readonly KeyUsage[] ): Promise; generateKey( algorithm: AlgorithmIdentifier, extractable: boolean, keyUsages: KeyUsage[] ): Promise; /** * The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format` * to create a `` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments. * If the import is successful, the returned promise will be resolved with the created ``. * * If importing a `'PBKDF2'` key, `extractable` must be `false`. * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}. */ importKey( format: "jwk", keyData: JsonWebKey, algorithm: | AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm, extractable: boolean, keyUsages: readonly KeyUsage[] ): Promise; importKey( format: Exclude, keyData: BufferSource, algorithm: | AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm, extractable: boolean, keyUsages: KeyUsage[] ): Promise; /** * Using the method and parameters given by `algorithm` and the keying material provided by `key`, * `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful, * the returned promise is resolved with an `` containing the generated signature. * * The algorithms currently supported include: * * - `'RSASSA-PKCS1-v1_5'` * - `'RSA-PSS'` * - `'ECDSA'` * - `'Ed25519'` * - `'HMAC'` */ sign( algorithm: | AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params, key: CryptoKey, data: BufferSource ): Promise; /** * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. * The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `` instance. * It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input) * then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs. * If successful, the returned promise is resolved with a `` object. * * The wrapping algorithms currently supported include: * * - `'RSA-OAEP'` * - `'AES-CTR'` * - `'AES-CBC'` * - `'AES-GCM'` * - `'AES-KW'` * * The unwrapped key algorithms supported include: * * - `'RSASSA-PKCS1-v1_5'` * - `'RSA-PSS'` * - `'RSA-OAEP'` * - `'ECDSA'` * - `'ECDH'` * - `'HMAC'` * - `'AES-CTR'` * - `'AES-CBC'` * - `'AES-GCM'` * - `'AES-KW'` * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. * @param keyUsages See {@link https://nodejs.org/docs/latest/api/webcrypto.html#cryptokeyusages Key usages}. */ unwrapKey( format: KeyFormat, wrappedKey: BufferSource, unwrappingKey: CryptoKey, unwrapAlgorithm: | AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams, unwrappedKeyAlgorithm: | AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm, extractable: boolean, keyUsages: KeyUsage[] ): Promise; /** * Using the method and parameters given in `algorithm` and the keying material provided by `key`, * `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`. * The returned promise is resolved with either `true` or `false`. * * The algorithms currently supported include: * * - `'RSASSA-PKCS1-v1_5'` * - `'RSA-PSS'` * - `'ECDSA'` * - `'Ed25519'` * - `'HMAC'` */ verify( algorithm: | AlgorithmIdentifier | RsaPssParams | EcdsaParams | Ed448Params, key: CryptoKey, signature: BufferSource, data: BufferSource ): Promise; /** * In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. * The `subtle.wrapKey()` method exports the keying material into the format identified by `format`, * then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`. * It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments, * then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs. * If successful, the returned promise will be resolved with an `` containing the encrypted key data. * * The wrapping algorithms currently supported include: * * - `'RSA-OAEP'` * - `'AES-CTR'` * - `'AES-CBC'` * - `'AES-GCM'` * - `'AES-KW'` * @param format Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. */ wrapKey( format: KeyFormat, key: CryptoKey, wrappingKey: CryptoKey, wrapAlgorithm: | AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams ): Promise; } } export const crypto: typeof globalThis.crypto; export const webcrypto: typeof globalThis.crypto; const _default: { Md5: typeof Md5; Sha1: typeof Sha1; Sha256: typeof Sha256; Sha384: typeof Sha384; Sha512: typeof Sha512; Crc32: typeof Crc32; Crc32c: typeof Crc32c; createHash: typeof createHash; createHmac: typeof createHmac; randomBytes: typeof randomBytes; randomInt: typeof randomInt; randomUUID: typeof randomUUID; randomFillSync: typeof randomFillSync; randomFill: typeof randomFill; getRandomValues: typeof getRandomValues; crypto: typeof globalThis.crypto; webcrypto: typeof globalThis.crypto; }; export default _default; }