UNPKG

59.8 kBTypeScriptView Raw
1declare module 'crypto' {
2 import * as stream from 'stream';
3 import { PeerCertificate } from 'tls';
4
5 interface Certificate {
6 /**
7 * @deprecated
8 * @param spkac
9 * @returns The challenge component of the `spkac` data structure,
10 * which includes a public key and a challenge.
11 */
12 exportChallenge(spkac: BinaryLike): Buffer;
13 /**
14 * @deprecated
15 * @param spkac
16 * @param encoding The encoding of the spkac string.
17 * @returns The public key component of the `spkac` data structure,
18 * which includes a public key and a challenge.
19 */
20 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
21 /**
22 * @deprecated
23 * @param spkac
24 * @returns `true` if the given `spkac` data structure is valid,
25 * `false` otherwise.
26 */
27 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
28 }
29 const Certificate: Certificate & {
30 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
31 new(): Certificate;
32 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
33 (): Certificate;
34
35 /**
36 * @param spkac
37 * @returns The challenge component of the `spkac` data structure,
38 * which includes a public key and a challenge.
39 */
40 exportChallenge(spkac: BinaryLike): Buffer;
41 /**
42 * @param spkac
43 * @param encoding The encoding of the spkac string.
44 * @returns The public key component of the `spkac` data structure,
45 * which includes a public key and a challenge.
46 */
47 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
48 /**
49 * @param spkac
50 * @returns `true` if the given `spkac` data structure is valid,
51 * `false` otherwise.
52 */
53 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
54 };
55
56 namespace constants {
57 // https://nodejs.org/dist/latest-v10.x/docs/api/crypto.html#crypto_crypto_constants
58 const OPENSSL_VERSION_NUMBER: number;
59
60 /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
61 const SSL_OP_ALL: number;
62 /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
63 const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
64 /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
65 const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
66 /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
67 const SSL_OP_CISCO_ANYCONNECT: number;
68 /** Instructs OpenSSL to turn on cookie exchange. */
69 const SSL_OP_COOKIE_EXCHANGE: number;
70 /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
71 const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
72 /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
73 const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
74 /** Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations. */
75 const SSL_OP_EPHEMERAL_RSA: number;
76 /** Allows initial connection to servers that do not support RI. */
77 const SSL_OP_LEGACY_SERVER_CONNECT: number;
78 const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: number;
79 const SSL_OP_MICROSOFT_SESS_ID_BUG: number;
80 /** Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation. */
81 const SSL_OP_MSIE_SSLV2_RSA_PADDING: number;
82 const SSL_OP_NETSCAPE_CA_DN_BUG: number;
83 const SSL_OP_NETSCAPE_CHALLENGE_BUG: number;
84 const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: number;
85 const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: number;
86 /** Instructs OpenSSL to disable support for SSL/TLS compression. */
87 const SSL_OP_NO_COMPRESSION: number;
88 const SSL_OP_NO_QUERY_MTU: number;
89 /** Instructs OpenSSL to always start a new session when performing renegotiation. */
90 const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
91 const SSL_OP_NO_SSLv2: number;
92 const SSL_OP_NO_SSLv3: number;
93 const SSL_OP_NO_TICKET: number;
94 const SSL_OP_NO_TLSv1: number;
95 const SSL_OP_NO_TLSv1_1: number;
96 const SSL_OP_NO_TLSv1_2: number;
97 const SSL_OP_PKCS1_CHECK_1: number;
98 const SSL_OP_PKCS1_CHECK_2: number;
99 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters. */
100 const SSL_OP_SINGLE_DH_USE: number;
101 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters. */
102 const SSL_OP_SINGLE_ECDH_USE: number;
103 const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: number;
104 const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: number;
105 const SSL_OP_TLS_BLOCK_PADDING_BUG: number;
106 const SSL_OP_TLS_D5_BUG: number;
107 /** Instructs OpenSSL to disable version rollback attack detection. */
108 const SSL_OP_TLS_ROLLBACK_BUG: number;
109
110 const ENGINE_METHOD_RSA: number;
111 const ENGINE_METHOD_DSA: number;
112 const ENGINE_METHOD_DH: number;
113 const ENGINE_METHOD_RAND: number;
114 const ENGINE_METHOD_EC: number;
115 const ENGINE_METHOD_CIPHERS: number;
116 const ENGINE_METHOD_DIGESTS: number;
117 const ENGINE_METHOD_PKEY_METHS: number;
118 const ENGINE_METHOD_PKEY_ASN1_METHS: number;
119 const ENGINE_METHOD_ALL: number;
120 const ENGINE_METHOD_NONE: number;
121
122 const DH_CHECK_P_NOT_SAFE_PRIME: number;
123 const DH_CHECK_P_NOT_PRIME: number;
124 const DH_UNABLE_TO_CHECK_GENERATOR: number;
125 const DH_NOT_SUITABLE_GENERATOR: number;
126
127 const ALPN_ENABLED: number;
128
129 const RSA_PKCS1_PADDING: number;
130 const RSA_SSLV23_PADDING: number;
131 const RSA_NO_PADDING: number;
132 const RSA_PKCS1_OAEP_PADDING: number;
133 const RSA_X931_PADDING: number;
134 const RSA_PKCS1_PSS_PADDING: number;
135 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
136 const RSA_PSS_SALTLEN_DIGEST: number;
137 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
138 const RSA_PSS_SALTLEN_MAX_SIGN: number;
139 /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
140 const RSA_PSS_SALTLEN_AUTO: number;
141
142 const POINT_CONVERSION_COMPRESSED: number;
143 const POINT_CONVERSION_UNCOMPRESSED: number;
144 const POINT_CONVERSION_HYBRID: number;
145
146 /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
147 const defaultCoreCipherList: string;
148 /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
149 const defaultCipherList: string;
150 }
151
152 interface HashOptions extends stream.TransformOptions {
153 /**
154 * For XOF hash functions such as `shake256`, the
155 * outputLength option can be used to specify the desired output length in bytes.
156 */
157 outputLength?: number;
158 }
159
160 /** @deprecated since v10.0.0 */
161 const fips: boolean;
162
163 function createHash(algorithm: string, options?: HashOptions): Hash;
164 function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
165
166 // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
167 type BinaryToTextEncoding = 'base64' | 'hex';
168 type CharacterEncoding = 'utf8' | 'utf-8' | 'utf16le' | 'latin1';
169 type LegacyCharacterEncoding = 'ascii' | 'binary' | 'ucs2' | 'ucs-2';
170
171 type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
172
173 type ECDHKeyFormat = 'compressed' | 'uncompressed' | 'hybrid';
174
175 class Hash extends stream.Transform {
176 private constructor();
177 copy(): Hash;
178 update(data: BinaryLike): Hash;
179 update(data: string, input_encoding: Encoding): Hash;
180 digest(): Buffer;
181 digest(encoding: BinaryToTextEncoding): string;
182 }
183 class Hmac extends stream.Transform {
184 private constructor();
185 update(data: BinaryLike): Hmac;
186 update(data: string, input_encoding: Encoding): Hmac;
187 digest(): Buffer;
188 digest(encoding: BinaryToTextEncoding): string;
189 }
190
191 type KeyObjectType = 'secret' | 'public' | 'private';
192
193 interface KeyExportOptions<T extends KeyFormat> {
194 type: 'pkcs1' | 'spki' | 'pkcs8' | 'sec1';
195 format: T;
196 cipher?: string;
197 passphrase?: string | Buffer;
198 }
199
200 interface JwkKeyExportOptions {
201 format: 'jwk';
202 }
203
204 interface JsonWebKey {
205 crv?: string;
206 d?: string;
207 dp?: string;
208 dq?: string;
209 e?: string;
210 k?: string;
211 kty?: string;
212 n?: string;
213 p?: string;
214 q?: string;
215 qi?: string;
216 x?: string;
217 y?: string;
218 }
219
220 interface AsymmetricKeyDetails {
221 /**
222 * Key size in bits (RSA, DSA).
223 */
224 modulusLength?: number;
225 /**
226 * Public exponent (RSA).
227 */
228 publicExponent?: bigint;
229 /**
230 * Size of q in bits (DSA).
231 */
232 divisorLength?: number;
233 /**
234 * Name of the curve (EC).
235 */
236 namedCurve?: string;
237 }
238
239 class KeyObject {
240 private constructor();
241 asymmetricKeyType?: KeyType;
242 /**
243 * For asymmetric keys, this property represents the size of the embedded key in
244 * bytes. This property is `undefined` for symmetric keys.
245 */
246 asymmetricKeySize?: number;
247 /**
248 * This property exists only on asymmetric keys. Depending on the type of the key,
249 * this object contains information about the key. None of the information obtained
250 * through this property can be used to uniquely identify a key or to compromise the
251 * security of the key.
252 */
253 asymmetricKeyDetails?: AsymmetricKeyDetails;
254 export(options: KeyExportOptions<'pem'>): string | Buffer;
255 export(options?: KeyExportOptions<'der'>): Buffer;
256 symmetricKeySize?: number;
257 type: KeyObjectType;
258 }
259
260 type CipherCCMTypes = 'aes-128-ccm' | 'aes-192-ccm' | 'aes-256-ccm' | 'chacha20-poly1305';
261 type CipherGCMTypes = 'aes-128-gcm' | 'aes-192-gcm' | 'aes-256-gcm';
262
263 type BinaryLike = string | NodeJS.ArrayBufferView;
264
265 type CipherKey = BinaryLike | KeyObject;
266
267 interface CipherCCMOptions extends stream.TransformOptions {
268 authTagLength: number;
269 }
270 interface CipherGCMOptions extends stream.TransformOptions {
271 authTagLength?: number;
272 }
273 /** @deprecated since v10.0.0 use `createCipheriv()` */
274 function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
275 /** @deprecated since v10.0.0 use `createCipheriv()` */
276 function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
277 /** @deprecated since v10.0.0 use `createCipheriv()` */
278 function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
279
280 function createCipheriv(
281 algorithm: CipherCCMTypes,
282 key: CipherKey,
283 iv: BinaryLike | null,
284 options: CipherCCMOptions,
285 ): CipherCCM;
286 function createCipheriv(
287 algorithm: CipherGCMTypes,
288 key: CipherKey,
289 iv: BinaryLike | null,
290 options?: CipherGCMOptions,
291 ): CipherGCM;
292 function createCipheriv(
293 algorithm: string,
294 key: CipherKey,
295 iv: BinaryLike | null,
296 options?: stream.TransformOptions,
297 ): Cipher;
298
299 class Cipher extends stream.Transform {
300 private constructor();
301 update(data: BinaryLike): Buffer;
302 update(data: string, input_encoding: Encoding): Buffer;
303 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
304 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
305 final(): Buffer;
306 final(output_encoding: BufferEncoding): string;
307 setAutoPadding(auto_padding?: boolean): this;
308 // getAuthTag(): Buffer;
309 // setAAD(buffer: NodeJS.ArrayBufferView): this;
310 }
311 interface CipherCCM extends Cipher {
312 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
313 getAuthTag(): Buffer;
314 }
315 interface CipherGCM extends Cipher {
316 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
317 getAuthTag(): Buffer;
318 }
319 /** @deprecated since v10.0.0 use `createDecipheriv()` */
320 function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
321 /** @deprecated since v10.0.0 use `createDecipheriv()` */
322 function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
323 /** @deprecated since v10.0.0 use `createDecipheriv()` */
324 function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
325
326 function createDecipheriv(
327 algorithm: CipherCCMTypes,
328 key: CipherKey,
329 iv: BinaryLike | null,
330 options: CipherCCMOptions,
331 ): DecipherCCM;
332 function createDecipheriv(
333 algorithm: CipherGCMTypes,
334 key: CipherKey,
335 iv: BinaryLike | null,
336 options?: CipherGCMOptions,
337 ): DecipherGCM;
338 function createDecipheriv(
339 algorithm: string,
340 key: CipherKey,
341 iv: BinaryLike | null,
342 options?: stream.TransformOptions,
343 ): Decipher;
344
345 class Decipher extends stream.Transform {
346 private constructor();
347 update(data: NodeJS.ArrayBufferView): Buffer;
348 update(data: string, input_encoding: Encoding): Buffer;
349 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
350 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
351 final(): Buffer;
352 final(output_encoding: BufferEncoding): string;
353 setAutoPadding(auto_padding?: boolean): this;
354 // setAuthTag(tag: NodeJS.ArrayBufferView): this;
355 // setAAD(buffer: NodeJS.ArrayBufferView): this;
356 }
357 interface DecipherCCM extends Decipher {
358 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
359 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
360 }
361 interface DecipherGCM extends Decipher {
362 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
363 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
364 }
365
366 interface PrivateKeyInput {
367 key: string | Buffer;
368 format?: KeyFormat;
369 type?: 'pkcs1' | 'pkcs8' | 'sec1';
370 passphrase?: string | Buffer;
371 }
372
373 interface PublicKeyInput {
374 key: string | Buffer;
375 format?: KeyFormat;
376 type?: 'pkcs1' | 'spki';
377 }
378
379 function generateKey(type: 'hmac' | 'aes', options: {length: number}, callback: (err: Error | null, key: KeyObject) => void): KeyObject;
380
381 function createPrivateKey(key: PrivateKeyInput | string | Buffer): KeyObject;
382 function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject): KeyObject;
383 function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
384
385 function createSign(algorithm: string, options?: stream.WritableOptions): Signer;
386
387 type DSAEncoding = 'der' | 'ieee-p1363';
388
389 interface SigningOptions {
390 /**
391 * @See crypto.constants.RSA_PKCS1_PADDING
392 */
393 padding?: number;
394 saltLength?: number;
395 dsaEncoding?: DSAEncoding;
396 }
397
398 interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions { }
399 interface SignKeyObjectInput extends SigningOptions {
400 key: KeyObject;
401 }
402 interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions { }
403 interface VerifyKeyObjectInput extends SigningOptions {
404 key: KeyObject;
405 }
406
407 type KeyLike = string | Buffer | KeyObject;
408
409 class Signer extends stream.Writable {
410 private constructor();
411
412 update(data: BinaryLike): Signer;
413 update(data: string, input_encoding: Encoding): Signer;
414 sign(private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
415 sign(
416 private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
417 output_format: BinaryToTextEncoding,
418 ): string;
419 }
420
421 function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
422 class Verify extends stream.Writable {
423 private constructor();
424
425 update(data: BinaryLike): Verify;
426 update(data: string, input_encoding: Encoding): Verify;
427 verify(
428 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
429 signature: NodeJS.ArrayBufferView,
430 ): boolean;
431 verify(
432 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
433 signature: string,
434 signature_format?: BinaryToTextEncoding,
435 ): boolean;
436 // https://nodejs.org/api/crypto.html#crypto_verifier_verify_object_signature_signature_format
437 // The signature field accepts a TypedArray type, but it is only available starting ES2017
438 }
439 function createDiffieHellman(prime_length: number, generator?: number | NodeJS.ArrayBufferView): DiffieHellman;
440 function createDiffieHellman(prime: NodeJS.ArrayBufferView): DiffieHellman;
441 function createDiffieHellman(prime: string, prime_encoding: BinaryToTextEncoding): DiffieHellman;
442 function createDiffieHellman(
443 prime: string,
444 prime_encoding: BinaryToTextEncoding,
445 generator: number | NodeJS.ArrayBufferView,
446 ): DiffieHellman;
447 function createDiffieHellman(
448 prime: string,
449 prime_encoding: BinaryToTextEncoding,
450 generator: string,
451 generator_encoding: BinaryToTextEncoding,
452 ): DiffieHellman;
453 class DiffieHellman {
454 private constructor();
455 generateKeys(): Buffer;
456 generateKeys(encoding: BinaryToTextEncoding): string;
457 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
458 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
459 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
460 computeSecret(
461 other_public_key: string,
462 input_encoding: BinaryToTextEncoding,
463 output_encoding: BinaryToTextEncoding,
464 ): string;
465 getPrime(): Buffer;
466 getPrime(encoding: BinaryToTextEncoding): string;
467 getGenerator(): Buffer;
468 getGenerator(encoding: BinaryToTextEncoding): string;
469 getPublicKey(): Buffer;
470 getPublicKey(encoding: BinaryToTextEncoding): string;
471 getPrivateKey(): Buffer;
472 getPrivateKey(encoding: BinaryToTextEncoding): string;
473 setPublicKey(public_key: NodeJS.ArrayBufferView): void;
474 setPublicKey(public_key: string, encoding: BufferEncoding): void;
475 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
476 setPrivateKey(private_key: string, encoding: BufferEncoding): void;
477 verifyError: number;
478 }
479 function getDiffieHellman(group_name: string): DiffieHellman;
480 function pbkdf2(
481 password: BinaryLike,
482 salt: BinaryLike,
483 iterations: number,
484 keylen: number,
485 digest: string,
486 callback: (err: Error | null, derivedKey: Buffer) => any,
487 ): void;
488 function pbkdf2Sync(
489 password: BinaryLike,
490 salt: BinaryLike,
491 iterations: number,
492 keylen: number,
493 digest: string,
494 ): Buffer;
495
496 function randomBytes(size: number): Buffer;
497 function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
498 function pseudoRandomBytes(size: number): Buffer;
499 function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
500
501 function randomInt(max: number): number;
502 function randomInt(min: number, max: number): number;
503 function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
504 function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
505
506 function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
507 function randomFill<T extends NodeJS.ArrayBufferView>(
508 buffer: T,
509 callback: (err: Error | null, buf: T) => void,
510 ): void;
511 function randomFill<T extends NodeJS.ArrayBufferView>(
512 buffer: T,
513 offset: number,
514 callback: (err: Error | null, buf: T) => void,
515 ): void;
516 function randomFill<T extends NodeJS.ArrayBufferView>(
517 buffer: T,
518 offset: number,
519 size: number,
520 callback: (err: Error | null, buf: T) => void,
521 ): void;
522
523 interface ScryptOptions {
524 cost?: number;
525 blockSize?: number;
526 parallelization?: number;
527 N?: number;
528 r?: number;
529 p?: number;
530 maxmem?: number;
531 }
532 function scrypt(
533 password: BinaryLike,
534 salt: BinaryLike,
535 keylen: number,
536 callback: (err: Error | null, derivedKey: Buffer) => void,
537 ): void;
538 function scrypt(
539 password: BinaryLike,
540 salt: BinaryLike,
541 keylen: number,
542 options: ScryptOptions,
543 callback: (err: Error | null, derivedKey: Buffer) => void,
544 ): void;
545 function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
546
547 interface RsaPublicKey {
548 key: KeyLike;
549 padding?: number;
550 }
551 interface RsaPrivateKey {
552 key: KeyLike;
553 passphrase?: string;
554 /**
555 * @default 'sha1'
556 */
557 oaepHash?: string;
558 oaepLabel?: NodeJS.TypedArray;
559 padding?: number;
560 }
561 function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
562 function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
563 function privateDecrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
564 function privateEncrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
565 function getCiphers(): string[];
566 function getCurves(): string[];
567 function getFips(): 1 | 0;
568 function getHashes(): string[];
569 class ECDH {
570 private constructor();
571 static convertKey(
572 key: BinaryLike,
573 curve: string,
574 inputEncoding?: BinaryToTextEncoding,
575 outputEncoding?: 'latin1' | 'hex' | 'base64',
576 format?: 'uncompressed' | 'compressed' | 'hybrid',
577 ): Buffer | string;
578 generateKeys(): Buffer;
579 generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
580 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
581 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
582 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
583 computeSecret(
584 other_public_key: string,
585 input_encoding: BinaryToTextEncoding,
586 output_encoding: BinaryToTextEncoding,
587 ): string;
588 getPrivateKey(): Buffer;
589 getPrivateKey(encoding: BinaryToTextEncoding): string;
590 getPublicKey(): Buffer;
591 getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
592 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
593 setPrivateKey(private_key: string, encoding: BinaryToTextEncoding): void;
594 }
595 function createECDH(curve_name: string): ECDH;
596 function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
597 /** @deprecated since v10.0.0 */
598 const DEFAULT_ENCODING: BufferEncoding;
599
600 type KeyType = 'rsa' | 'dsa' | 'ec' | 'ed25519' | 'ed448' | 'x25519' | 'x448';
601 type KeyFormat = 'pem' | 'der';
602
603 interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
604 format: T;
605 cipher?: string;
606 passphrase?: string;
607 }
608
609 interface KeyPairKeyObjectResult {
610 publicKey: KeyObject;
611 privateKey: KeyObject;
612 }
613
614 interface ED25519KeyPairKeyObjectOptions {
615 /**
616 * No options.
617 */
618 }
619
620 interface ED448KeyPairKeyObjectOptions {
621 /**
622 * No options.
623 */
624 }
625
626 interface X25519KeyPairKeyObjectOptions {
627 /**
628 * No options.
629 */
630 }
631
632 interface X448KeyPairKeyObjectOptions {
633 /**
634 * No options.
635 */
636 }
637
638 interface ECKeyPairKeyObjectOptions {
639 /**
640 * Name of the curve to use.
641 */
642 namedCurve: string;
643 }
644
645 interface RSAKeyPairKeyObjectOptions {
646 /**
647 * Key size in bits
648 */
649 modulusLength: number;
650
651 /**
652 * @default 0x10001
653 */
654 publicExponent?: number;
655 }
656
657 interface DSAKeyPairKeyObjectOptions {
658 /**
659 * Key size in bits
660 */
661 modulusLength: number;
662
663 /**
664 * Size of q in bits
665 */
666 divisorLength: number;
667 }
668
669 interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
670 /**
671 * Key size in bits
672 */
673 modulusLength: number;
674 /**
675 * @default 0x10001
676 */
677 publicExponent?: number;
678
679 publicKeyEncoding: {
680 type: 'pkcs1' | 'spki';
681 format: PubF;
682 };
683 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
684 type: 'pkcs1' | 'pkcs8';
685 };
686 }
687
688 interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
689 /**
690 * Key size in bits
691 */
692 modulusLength: number;
693 /**
694 * Size of q in bits
695 */
696 divisorLength: number;
697
698 publicKeyEncoding: {
699 type: 'spki';
700 format: PubF;
701 };
702 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
703 type: 'pkcs8';
704 };
705 }
706
707 interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
708 /**
709 * Name of the curve to use.
710 */
711 namedCurve: string;
712
713 publicKeyEncoding: {
714 type: 'pkcs1' | 'spki';
715 format: PubF;
716 };
717 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
718 type: 'sec1' | 'pkcs8';
719 };
720 }
721
722 interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
723 publicKeyEncoding: {
724 type: 'spki';
725 format: PubF;
726 };
727 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
728 type: 'pkcs8';
729 };
730 }
731
732 interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
733 publicKeyEncoding: {
734 type: 'spki';
735 format: PubF;
736 };
737 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
738 type: 'pkcs8';
739 };
740 }
741
742 interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
743 publicKeyEncoding: {
744 type: 'spki';
745 format: PubF;
746 };
747 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
748 type: 'pkcs8';
749 };
750 }
751
752 interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
753 publicKeyEncoding: {
754 type: 'spki';
755 format: PubF;
756 };
757 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
758 type: 'pkcs8';
759 };
760 }
761
762 interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
763 publicKey: T1;
764 privateKey: T2;
765 }
766
767 function generateKeyPairSync(
768 type: 'rsa',
769 options: RSAKeyPairOptions<'pem', 'pem'>,
770 ): KeyPairSyncResult<string, string>;
771 function generateKeyPairSync(
772 type: 'rsa',
773 options: RSAKeyPairOptions<'pem', 'der'>,
774 ): KeyPairSyncResult<string, Buffer>;
775 function generateKeyPairSync(
776 type: 'rsa',
777 options: RSAKeyPairOptions<'der', 'pem'>,
778 ): KeyPairSyncResult<Buffer, string>;
779 function generateKeyPairSync(
780 type: 'rsa',
781 options: RSAKeyPairOptions<'der', 'der'>,
782 ): KeyPairSyncResult<Buffer, Buffer>;
783 function generateKeyPairSync(type: 'rsa', options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
784
785 function generateKeyPairSync(
786 type: 'dsa',
787 options: DSAKeyPairOptions<'pem', 'pem'>,
788 ): KeyPairSyncResult<string, string>;
789 function generateKeyPairSync(
790 type: 'dsa',
791 options: DSAKeyPairOptions<'pem', 'der'>,
792 ): KeyPairSyncResult<string, Buffer>;
793 function generateKeyPairSync(
794 type: 'dsa',
795 options: DSAKeyPairOptions<'der', 'pem'>,
796 ): KeyPairSyncResult<Buffer, string>;
797 function generateKeyPairSync(
798 type: 'dsa',
799 options: DSAKeyPairOptions<'der', 'der'>,
800 ): KeyPairSyncResult<Buffer, Buffer>;
801 function generateKeyPairSync(type: 'dsa', options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
802
803 function generateKeyPairSync(
804 type: 'ec',
805 options: ECKeyPairOptions<'pem', 'pem'>,
806 ): KeyPairSyncResult<string, string>;
807 function generateKeyPairSync(
808 type: 'ec',
809 options: ECKeyPairOptions<'pem', 'der'>,
810 ): KeyPairSyncResult<string, Buffer>;
811 function generateKeyPairSync(
812 type: 'ec',
813 options: ECKeyPairOptions<'der', 'pem'>,
814 ): KeyPairSyncResult<Buffer, string>;
815 function generateKeyPairSync(
816 type: 'ec',
817 options: ECKeyPairOptions<'der', 'der'>,
818 ): KeyPairSyncResult<Buffer, Buffer>;
819 function generateKeyPairSync(type: 'ec', options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
820
821 function generateKeyPairSync(
822 type: 'ed25519',
823 options: ED25519KeyPairOptions<'pem', 'pem'>,
824 ): KeyPairSyncResult<string, string>;
825 function generateKeyPairSync(
826 type: 'ed25519',
827 options: ED25519KeyPairOptions<'pem', 'der'>,
828 ): KeyPairSyncResult<string, Buffer>;
829 function generateKeyPairSync(
830 type: 'ed25519',
831 options: ED25519KeyPairOptions<'der', 'pem'>,
832 ): KeyPairSyncResult<Buffer, string>;
833 function generateKeyPairSync(
834 type: 'ed25519',
835 options: ED25519KeyPairOptions<'der', 'der'>,
836 ): KeyPairSyncResult<Buffer, Buffer>;
837 function generateKeyPairSync(type: 'ed25519', options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
838
839 function generateKeyPairSync(
840 type: 'ed448',
841 options: ED448KeyPairOptions<'pem', 'pem'>,
842 ): KeyPairSyncResult<string, string>;
843 function generateKeyPairSync(
844 type: 'ed448',
845 options: ED448KeyPairOptions<'pem', 'der'>,
846 ): KeyPairSyncResult<string, Buffer>;
847 function generateKeyPairSync(
848 type: 'ed448',
849 options: ED448KeyPairOptions<'der', 'pem'>,
850 ): KeyPairSyncResult<Buffer, string>;
851 function generateKeyPairSync(
852 type: 'ed448',
853 options: ED448KeyPairOptions<'der', 'der'>,
854 ): KeyPairSyncResult<Buffer, Buffer>;
855 function generateKeyPairSync(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
856
857 function generateKeyPairSync(
858 type: 'x25519',
859 options: X25519KeyPairOptions<'pem', 'pem'>,
860 ): KeyPairSyncResult<string, string>;
861 function generateKeyPairSync(
862 type: 'x25519',
863 options: X25519KeyPairOptions<'pem', 'der'>,
864 ): KeyPairSyncResult<string, Buffer>;
865 function generateKeyPairSync(
866 type: 'x25519',
867 options: X25519KeyPairOptions<'der', 'pem'>,
868 ): KeyPairSyncResult<Buffer, string>;
869 function generateKeyPairSync(
870 type: 'x25519',
871 options: X25519KeyPairOptions<'der', 'der'>,
872 ): KeyPairSyncResult<Buffer, Buffer>;
873 function generateKeyPairSync(type: 'x25519', options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
874
875 function generateKeyPairSync(
876 type: 'x448',
877 options: X448KeyPairOptions<'pem', 'pem'>,
878 ): KeyPairSyncResult<string, string>;
879 function generateKeyPairSync(
880 type: 'x448',
881 options: X448KeyPairOptions<'pem', 'der'>,
882 ): KeyPairSyncResult<string, Buffer>;
883 function generateKeyPairSync(
884 type: 'x448',
885 options: X448KeyPairOptions<'der', 'pem'>,
886 ): KeyPairSyncResult<Buffer, string>;
887 function generateKeyPairSync(
888 type: 'x448',
889 options: X448KeyPairOptions<'der', 'der'>,
890 ): KeyPairSyncResult<Buffer, Buffer>;
891 function generateKeyPairSync(type: 'x448', options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
892
893 function generateKeyPair(
894 type: 'rsa',
895 options: RSAKeyPairOptions<'pem', 'pem'>,
896 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
897 ): void;
898 function generateKeyPair(
899 type: 'rsa',
900 options: RSAKeyPairOptions<'pem', 'der'>,
901 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
902 ): void;
903 function generateKeyPair(
904 type: 'rsa',
905 options: RSAKeyPairOptions<'der', 'pem'>,
906 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
907 ): void;
908 function generateKeyPair(
909 type: 'rsa',
910 options: RSAKeyPairOptions<'der', 'der'>,
911 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
912 ): void;
913 function generateKeyPair(
914 type: 'rsa',
915 options: RSAKeyPairKeyObjectOptions,
916 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
917 ): void;
918
919 function generateKeyPair(
920 type: 'dsa',
921 options: DSAKeyPairOptions<'pem', 'pem'>,
922 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
923 ): void;
924 function generateKeyPair(
925 type: 'dsa',
926 options: DSAKeyPairOptions<'pem', 'der'>,
927 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
928 ): void;
929 function generateKeyPair(
930 type: 'dsa',
931 options: DSAKeyPairOptions<'der', 'pem'>,
932 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
933 ): void;
934 function generateKeyPair(
935 type: 'dsa',
936 options: DSAKeyPairOptions<'der', 'der'>,
937 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
938 ): void;
939 function generateKeyPair(
940 type: 'dsa',
941 options: DSAKeyPairKeyObjectOptions,
942 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
943 ): void;
944
945 function generateKeyPair(
946 type: 'ec',
947 options: ECKeyPairOptions<'pem', 'pem'>,
948 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
949 ): void;
950 function generateKeyPair(
951 type: 'ec',
952 options: ECKeyPairOptions<'pem', 'der'>,
953 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
954 ): void;
955 function generateKeyPair(
956 type: 'ec',
957 options: ECKeyPairOptions<'der', 'pem'>,
958 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
959 ): void;
960 function generateKeyPair(
961 type: 'ec',
962 options: ECKeyPairOptions<'der', 'der'>,
963 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
964 ): void;
965 function generateKeyPair(
966 type: 'ec',
967 options: ECKeyPairKeyObjectOptions,
968 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
969 ): void;
970
971 function generateKeyPair(
972 type: 'ed25519',
973 options: ED25519KeyPairOptions<'pem', 'pem'>,
974 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
975 ): void;
976 function generateKeyPair(
977 type: 'ed25519',
978 options: ED25519KeyPairOptions<'pem', 'der'>,
979 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
980 ): void;
981 function generateKeyPair(
982 type: 'ed25519',
983 options: ED25519KeyPairOptions<'der', 'pem'>,
984 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
985 ): void;
986 function generateKeyPair(
987 type: 'ed25519',
988 options: ED25519KeyPairOptions<'der', 'der'>,
989 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
990 ): void;
991 function generateKeyPair(
992 type: 'ed25519',
993 options: ED25519KeyPairKeyObjectOptions | undefined,
994 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
995 ): void;
996
997 function generateKeyPair(
998 type: 'ed448',
999 options: ED448KeyPairOptions<'pem', 'pem'>,
1000 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1001 ): void;
1002 function generateKeyPair(
1003 type: 'ed448',
1004 options: ED448KeyPairOptions<'pem', 'der'>,
1005 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1006 ): void;
1007 function generateKeyPair(
1008 type: 'ed448',
1009 options: ED448KeyPairOptions<'der', 'pem'>,
1010 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1011 ): void;
1012 function generateKeyPair(
1013 type: 'ed448',
1014 options: ED448KeyPairOptions<'der', 'der'>,
1015 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1016 ): void;
1017 function generateKeyPair(
1018 type: 'ed448',
1019 options: ED448KeyPairKeyObjectOptions | undefined,
1020 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1021 ): void;
1022
1023 function generateKeyPair(
1024 type: 'x25519',
1025 options: X25519KeyPairOptions<'pem', 'pem'>,
1026 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1027 ): void;
1028 function generateKeyPair(
1029 type: 'x25519',
1030 options: X25519KeyPairOptions<'pem', 'der'>,
1031 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1032 ): void;
1033 function generateKeyPair(
1034 type: 'x25519',
1035 options: X25519KeyPairOptions<'der', 'pem'>,
1036 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1037 ): void;
1038 function generateKeyPair(
1039 type: 'x25519',
1040 options: X25519KeyPairOptions<'der', 'der'>,
1041 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1042 ): void;
1043 function generateKeyPair(
1044 type: 'x25519',
1045 options: X25519KeyPairKeyObjectOptions | undefined,
1046 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1047 ): void;
1048
1049 function generateKeyPair(
1050 type: 'x448',
1051 options: X448KeyPairOptions<'pem', 'pem'>,
1052 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1053 ): void;
1054 function generateKeyPair(
1055 type: 'x448',
1056 options: X448KeyPairOptions<'pem', 'der'>,
1057 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1058 ): void;
1059 function generateKeyPair(
1060 type: 'x448',
1061 options: X448KeyPairOptions<'der', 'pem'>,
1062 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1063 ): void;
1064 function generateKeyPair(
1065 type: 'x448',
1066 options: X448KeyPairOptions<'der', 'der'>,
1067 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1068 ): void;
1069 function generateKeyPair(
1070 type: 'x448',
1071 options: X448KeyPairKeyObjectOptions | undefined,
1072 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1073 ): void;
1074
1075 namespace generateKeyPair {
1076 function __promisify__(
1077 type: 'rsa',
1078 options: RSAKeyPairOptions<'pem', 'pem'>,
1079 ): Promise<{ publicKey: string; privateKey: string }>;
1080 function __promisify__(
1081 type: 'rsa',
1082 options: RSAKeyPairOptions<'pem', 'der'>,
1083 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1084 function __promisify__(
1085 type: 'rsa',
1086 options: RSAKeyPairOptions<'der', 'pem'>,
1087 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1088 function __promisify__(
1089 type: 'rsa',
1090 options: RSAKeyPairOptions<'der', 'der'>,
1091 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1092 function __promisify__(type: 'rsa', options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1093
1094 function __promisify__(
1095 type: 'dsa',
1096 options: DSAKeyPairOptions<'pem', 'pem'>,
1097 ): Promise<{ publicKey: string; privateKey: string }>;
1098 function __promisify__(
1099 type: 'dsa',
1100 options: DSAKeyPairOptions<'pem', 'der'>,
1101 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1102 function __promisify__(
1103 type: 'dsa',
1104 options: DSAKeyPairOptions<'der', 'pem'>,
1105 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1106 function __promisify__(
1107 type: 'dsa',
1108 options: DSAKeyPairOptions<'der', 'der'>,
1109 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1110 function __promisify__(type: 'dsa', options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1111
1112 function __promisify__(
1113 type: 'ec',
1114 options: ECKeyPairOptions<'pem', 'pem'>,
1115 ): Promise<{ publicKey: string; privateKey: string }>;
1116 function __promisify__(
1117 type: 'ec',
1118 options: ECKeyPairOptions<'pem', 'der'>,
1119 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1120 function __promisify__(
1121 type: 'ec',
1122 options: ECKeyPairOptions<'der', 'pem'>,
1123 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1124 function __promisify__(
1125 type: 'ec',
1126 options: ECKeyPairOptions<'der', 'der'>,
1127 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1128 function __promisify__(type: 'ec', options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1129
1130 function __promisify__(
1131 type: 'ed25519',
1132 options: ED25519KeyPairOptions<'pem', 'pem'>,
1133 ): Promise<{ publicKey: string; privateKey: string }>;
1134 function __promisify__(
1135 type: 'ed25519',
1136 options: ED25519KeyPairOptions<'pem', 'der'>,
1137 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1138 function __promisify__(
1139 type: 'ed25519',
1140 options: ED25519KeyPairOptions<'der', 'pem'>,
1141 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1142 function __promisify__(
1143 type: 'ed25519',
1144 options: ED25519KeyPairOptions<'der', 'der'>,
1145 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1146 function __promisify__(
1147 type: 'ed25519',
1148 options?: ED25519KeyPairKeyObjectOptions,
1149 ): Promise<KeyPairKeyObjectResult>;
1150
1151 function __promisify__(
1152 type: 'ed448',
1153 options: ED448KeyPairOptions<'pem', 'pem'>,
1154 ): Promise<{ publicKey: string; privateKey: string }>;
1155 function __promisify__(
1156 type: 'ed448',
1157 options: ED448KeyPairOptions<'pem', 'der'>,
1158 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1159 function __promisify__(
1160 type: 'ed448',
1161 options: ED448KeyPairOptions<'der', 'pem'>,
1162 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1163 function __promisify__(
1164 type: 'ed448',
1165 options: ED448KeyPairOptions<'der', 'der'>,
1166 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1167 function __promisify__(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1168
1169 function __promisify__(
1170 type: 'x25519',
1171 options: X25519KeyPairOptions<'pem', 'pem'>,
1172 ): Promise<{ publicKey: string; privateKey: string }>;
1173 function __promisify__(
1174 type: 'x25519',
1175 options: X25519KeyPairOptions<'pem', 'der'>,
1176 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1177 function __promisify__(
1178 type: 'x25519',
1179 options: X25519KeyPairOptions<'der', 'pem'>,
1180 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1181 function __promisify__(
1182 type: 'x25519',
1183 options: X25519KeyPairOptions<'der', 'der'>,
1184 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1185 function __promisify__(
1186 type: 'x25519',
1187 options?: X25519KeyPairKeyObjectOptions,
1188 ): Promise<KeyPairKeyObjectResult>;
1189
1190 function __promisify__(
1191 type: 'x448',
1192 options: X448KeyPairOptions<'pem', 'pem'>,
1193 ): Promise<{ publicKey: string; privateKey: string }>;
1194 function __promisify__(
1195 type: 'x448',
1196 options: X448KeyPairOptions<'pem', 'der'>,
1197 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1198 function __promisify__(
1199 type: 'x448',
1200 options: X448KeyPairOptions<'der', 'pem'>,
1201 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1202 function __promisify__(
1203 type: 'x448',
1204 options: X448KeyPairOptions<'der', 'der'>,
1205 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1206 function __promisify__(type: 'x448', options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1207 }
1208
1209 /**
1210 * Calculates and returns the signature for `data` using the given private key and
1211 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1212 * dependent upon the key type (especially Ed25519 and Ed448).
1213 *
1214 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1215 * passed to `crypto.createPrivateKey().
1216 */
1217 function sign(
1218 algorithm: string | null | undefined,
1219 data: NodeJS.ArrayBufferView,
1220 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1221 ): Buffer;
1222 function sign(
1223 algorithm: string | null | undefined,
1224 data: NodeJS.ArrayBufferView,
1225 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1226 callback: (error: Error | null, data: Buffer) => void
1227 ): void;
1228
1229 /**
1230 * Calculates and returns the signature for `data` using the given private key and
1231 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1232 * dependent upon the key type (especially Ed25519 and Ed448).
1233 *
1234 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1235 * passed to `crypto.createPublicKey()`.
1236 */
1237 function verify(
1238 algorithm: string | null | undefined,
1239 data: NodeJS.ArrayBufferView,
1240 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1241 signature: NodeJS.ArrayBufferView,
1242 ): boolean;
1243 function verify(
1244 algorithm: string | null | undefined,
1245 data: NodeJS.ArrayBufferView,
1246 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1247 signature: NodeJS.ArrayBufferView,
1248 callback: (error: Error | null, result: boolean) => void
1249 ): void;
1250
1251 /**
1252 * Computes the Diffie-Hellman secret based on a privateKey and a publicKey.
1253 * Both keys must have the same asymmetricKeyType, which must be one of
1254 * 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).
1255 */
1256 function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
1257
1258 type CipherMode = 'cbc' | 'ccm' | 'cfb' | 'ctr' | 'ecb' | 'gcm' | 'ocb' | 'ofb' | 'stream' | 'wrap' | 'xts';
1259
1260 interface CipherInfoOptions {
1261 /**
1262 * A test key length.
1263 */
1264 keyLength?: number;
1265 /**
1266 * A test IV length.
1267 */
1268 ivLength?: number;
1269 }
1270
1271 interface CipherInfo {
1272 /**
1273 * The name of the cipher.
1274 */
1275 name: string;
1276 /**
1277 * The nid of the cipher.
1278 */
1279 nid: number;
1280 /**
1281 * The block size of the cipher in bytes.
1282 * This property is omitted when mode is 'stream'.
1283 */
1284 blockSize?: number;
1285 /**
1286 * The expected or default initialization vector length in bytes.
1287 * This property is omitted if the cipher does not use an initialization vector.
1288 */
1289 ivLength?: number;
1290 /**
1291 * The expected or default key length in bytes.
1292 */
1293 keyLength: number;
1294 /**
1295 * The cipher mode.
1296 */
1297 mode: CipherMode;
1298 }
1299
1300 /**
1301 * Returns information about a given cipher.
1302 *
1303 * Some ciphers accept variable length keys and initialization vectors.
1304 * By default, the `crypto.getCipherInfo()` method will return the default
1305 * values for these ciphers. To test if a given key length or iv length
1306 * is acceptable for given cipher, use the `keyLenth` and `ivLenth` options.
1307 * If the given values are unacceptable, `undefined` will be returned.
1308 * @param nameOrNid The name or nid of the cipher to query.
1309 */
1310 function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
1311
1312 /**
1313 * HKDF is a simple key derivation function defined in RFC 5869.
1314 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1315 *
1316 * The supplied `callback` function is called with two arguments: `err` and `derivedKey`.
1317 * If an errors occurs while deriving the key, `err` will be set; otherwise `err` will be `null`.
1318 * The successfully generated `derivedKey` will be passed to the callback as an `ArrayBuffer`.
1319 * An error will be thrown if any of the input aguments specify invalid values or types.
1320 */
1321 function hkdf(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: ArrayBuffer) => any): void;
1322
1323 /**
1324 * Provides a synchronous HKDF key derivation function as defined in RFC 5869.
1325 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1326 *
1327 * The successfully generated `derivedKey` will be returned as an `ArrayBuffer`.
1328 * An error will be thrown if any of the input aguments specify invalid values or types,
1329 * or if the derived key cannot be generated.
1330 */
1331 function hkdfSync(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number): ArrayBuffer;
1332
1333 interface SecureHeapUsage {
1334 /**
1335 * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
1336 */
1337 total: number;
1338
1339 /**
1340 * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
1341 */
1342 min: number;
1343
1344 /**
1345 * The total number of bytes currently allocated from the secure heap.
1346 */
1347 used: number;
1348
1349 /**
1350 * The calculated ratio of `used` to `total` allocated bytes.
1351 */
1352 utilization: number;
1353 }
1354
1355 function secureHeapUsed(): SecureHeapUsage;
1356
1357 // TODO: X509Certificate
1358
1359 interface RandomUUIDOptions {
1360 /**
1361 * By default, to improve performance,
1362 * Node.js will pre-emptively generate and persistently cache enough
1363 * random data to generate up to 128 random UUIDs. To generate a UUID
1364 * without using the cache, set `disableEntropyCache` to `true`.
1365 *
1366 * @default `false`
1367 */
1368 disableEntropyCache?: boolean;
1369 }
1370
1371 function randomUUID(options?: RandomUUIDOptions): string;
1372
1373 interface X509CheckOptions {
1374 /**
1375 * @default 'always'
1376 */
1377 subject: 'always' | 'never';
1378
1379 /**
1380 * @default true
1381 */
1382 wildcards: boolean;
1383
1384 /**
1385 * @default true
1386 */
1387 partialWildcards: boolean;
1388
1389 /**
1390 * @default false
1391 */
1392 multiLabelWildcards: boolean;
1393
1394 /**
1395 * @default false
1396 */
1397 singleLabelSubdomains: boolean;
1398 }
1399
1400 class X509Certificate {
1401 /**
1402 * Will be `true` if this is a Certificate Authority (ca) certificate.
1403 */
1404 readonly ca: boolean;
1405
1406 /**
1407 * The SHA-1 fingerprint of this certificate.
1408 */
1409 readonly fingerprint: string;
1410
1411 /**
1412 * The SHA-256 fingerprint of this certificate.
1413 */
1414 readonly fingerprint256: string;
1415
1416 /**
1417 * The complete subject of this certificate.
1418 */
1419 readonly subject: string;
1420
1421 /**
1422 * The subject alternative name specified for this certificate.
1423 */
1424 readonly subjectAltName: string;
1425
1426 /**
1427 * The information access content of this certificate.
1428 */
1429 readonly infoAccess: string;
1430
1431 /**
1432 * An array detailing the key usages for this certificate.
1433 */
1434 readonly keyUsage: string[];
1435
1436 /**
1437 * The issuer identification included in this certificate.
1438 */
1439 readonly issuer: string;
1440
1441 /**
1442 * The issuer certificate or `undefined` if the issuer certificate is not available.
1443 */
1444 readonly issuerCertificate?: X509Certificate;
1445
1446 /**
1447 * The public key for this certificate.
1448 */
1449 readonly publicKey: KeyObject;
1450
1451 /**
1452 * A `Buffer` containing the DER encoding of this certificate.
1453 */
1454 readonly raw: Buffer;
1455
1456 /**
1457 * The serial number of this certificate.
1458 */
1459 readonly serialNumber: string;
1460
1461 /**
1462 * Returns the PEM-encoded certificate.
1463 */
1464 readonly validFrom: string;
1465
1466 /**
1467 * The date/time from which this certificate is considered valid.
1468 */
1469 readonly validTo: string;
1470
1471 constructor(buffer: BinaryLike);
1472
1473 /**
1474 * Checks whether the certificate matches the given email address.
1475 *
1476 * Returns `email` if the certificate matches,`undefined` if it does not.
1477 */
1478 checkEmail(email: string, options?: X509CheckOptions): string | undefined;
1479
1480 /**
1481 * Checks whether the certificate matches the given host name.
1482 *
1483 * Returns `name` if the certificate matches, `undefined` if it does not.
1484 */
1485 checkHost(name: string, options?: X509CheckOptions): string | undefined;
1486
1487 /**
1488 * Checks whether the certificate matches the given IP address (IPv4 or IPv6).
1489 *
1490 * Returns `ip` if the certificate matches, `undefined` if it does not.
1491 */
1492 checkIP(ip: string, options?: X509CheckOptions): string | undefined;
1493
1494 /**
1495 * Checks whether this certificate was issued by the given `otherCert`.
1496 */
1497 checkIssued(otherCert: X509Certificate): boolean;
1498
1499 /**
1500 * Checks whether this certificate was issued by the given `otherCert`.
1501 */
1502 checkPrivateKey(privateKey: KeyObject): boolean;
1503
1504 /**
1505 * There is no standard JSON encoding for X509 certificates. The
1506 * `toJSON()` method returns a string containing the PEM encoded
1507 * certificate.
1508 */
1509 toJSON(): string;
1510
1511 /**
1512 * Returns information about this certificate using the legacy certificate object encoding.
1513 */
1514 toLegacyObject(): PeerCertificate;
1515
1516 /**
1517 * Returns the PEM-encoded certificate.
1518 */
1519 toString(): string;
1520
1521 /**
1522 * Verifies that this certificate was signed by the given public key.
1523 * Does not perform any other validation checks on the certificate.
1524 */
1525 verify(publicKey: KeyObject): boolean;
1526 }
1527
1528 type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
1529
1530 interface GeneratePrimeOptions {
1531 add?: LargeNumberLike;
1532 rem?: LargeNumberLike;
1533 /**
1534 * @default false
1535 */
1536 safe?: boolean;
1537 bigint?: boolean;
1538 }
1539
1540 interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
1541 bigint: true;
1542 }
1543
1544 interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
1545 bigint?: false;
1546 }
1547
1548 function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1549 function generatePrime(size: number, options: GeneratePrimeOptionsBigInt, callback: (err: Error | null, prime: bigint) => void): void;
1550 function generatePrime(size: number, options: GeneratePrimeOptionsArrayBuffer, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1551 function generatePrime(size: number, options: GeneratePrimeOptions, callback: (err: Error | null, prime: ArrayBuffer | bigint) => void): void;
1552
1553 function generatePrimeSync(size: number): ArrayBuffer;
1554 function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
1555 function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
1556 function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
1557
1558 interface CheckPrimeOptions {
1559 /**
1560 * The number of Miller-Rabin probabilistic primality iterations to perform.
1561 * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most 2-64 for random input.
1562 * Care must be used when selecting a number of checks.
1563 * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
1564 *
1565 * @default 0
1566 */
1567 checks?: number;
1568 }
1569
1570 /**
1571 * Checks the primality of the candidate.
1572 */
1573 function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
1574 function checkPrime(value: LargeNumberLike, options: CheckPrimeOptions, callback: (err: Error | null, result: boolean) => void): void;
1575
1576 /**
1577 * Checks the primality of the candidate.
1578 */
1579 function checkPrimeSync(value: LargeNumberLike, options?: CheckPrimeOptions): boolean;
1580}