UNPKG

60 kBTypeScriptView Raw
1declare module 'crypto' {
2 import * as stream from 'stream';
3 import { PeerCertificate } from 'tls';
4
5 interface Certificate {
6 /**
7 * @deprecated
8 * @param spkac
9 * @returns The challenge component of the `spkac` data structure,
10 * which includes a public key and a challenge.
11 */
12 exportChallenge(spkac: BinaryLike): Buffer;
13 /**
14 * @deprecated
15 * @param spkac
16 * @param encoding The encoding of the spkac string.
17 * @returns The public key component of the `spkac` data structure,
18 * which includes a public key and a challenge.
19 */
20 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
21 /**
22 * @deprecated
23 * @param spkac
24 * @returns `true` if the given `spkac` data structure is valid,
25 * `false` otherwise.
26 */
27 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
28 }
29 const Certificate: Certificate & {
30 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
31 new(): Certificate;
32 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
33 (): Certificate;
34
35 /**
36 * @param spkac
37 * @returns The challenge component of the `spkac` data structure,
38 * which includes a public key and a challenge.
39 */
40 exportChallenge(spkac: BinaryLike): Buffer;
41 /**
42 * @param spkac
43 * @param encoding The encoding of the spkac string.
44 * @returns The public key component of the `spkac` data structure,
45 * which includes a public key and a challenge.
46 */
47 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
48 /**
49 * @param spkac
50 * @returns `true` if the given `spkac` data structure is valid,
51 * `false` otherwise.
52 */
53 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
54 };
55
56 namespace constants {
57 // https://nodejs.org/dist/latest-v10.x/docs/api/crypto.html#crypto_crypto_constants
58 const OPENSSL_VERSION_NUMBER: number;
59
60 /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
61 const SSL_OP_ALL: number;
62 /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
63 const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
64 /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
65 const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
66 /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
67 const SSL_OP_CISCO_ANYCONNECT: number;
68 /** Instructs OpenSSL to turn on cookie exchange. */
69 const SSL_OP_COOKIE_EXCHANGE: number;
70 /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
71 const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
72 /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
73 const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
74 /** Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations. */
75 const SSL_OP_EPHEMERAL_RSA: number;
76 /** Allows initial connection to servers that do not support RI. */
77 const SSL_OP_LEGACY_SERVER_CONNECT: number;
78 const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: number;
79 const SSL_OP_MICROSOFT_SESS_ID_BUG: number;
80 /** Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation. */
81 const SSL_OP_MSIE_SSLV2_RSA_PADDING: number;
82 const SSL_OP_NETSCAPE_CA_DN_BUG: number;
83 const SSL_OP_NETSCAPE_CHALLENGE_BUG: number;
84 const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: number;
85 const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: number;
86 /** Instructs OpenSSL to disable support for SSL/TLS compression. */
87 const SSL_OP_NO_COMPRESSION: number;
88 const SSL_OP_NO_QUERY_MTU: number;
89 /** Instructs OpenSSL to always start a new session when performing renegotiation. */
90 const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
91 const SSL_OP_NO_SSLv2: number;
92 const SSL_OP_NO_SSLv3: number;
93 const SSL_OP_NO_TICKET: number;
94 const SSL_OP_NO_TLSv1: number;
95 const SSL_OP_NO_TLSv1_1: number;
96 const SSL_OP_NO_TLSv1_2: number;
97 const SSL_OP_PKCS1_CHECK_1: number;
98 const SSL_OP_PKCS1_CHECK_2: number;
99 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters. */
100 const SSL_OP_SINGLE_DH_USE: number;
101 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters. */
102 const SSL_OP_SINGLE_ECDH_USE: number;
103 const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: number;
104 const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: number;
105 const SSL_OP_TLS_BLOCK_PADDING_BUG: number;
106 const SSL_OP_TLS_D5_BUG: number;
107 /** Instructs OpenSSL to disable version rollback attack detection. */
108 const SSL_OP_TLS_ROLLBACK_BUG: number;
109
110 const ENGINE_METHOD_RSA: number;
111 const ENGINE_METHOD_DSA: number;
112 const ENGINE_METHOD_DH: number;
113 const ENGINE_METHOD_RAND: number;
114 const ENGINE_METHOD_EC: number;
115 const ENGINE_METHOD_CIPHERS: number;
116 const ENGINE_METHOD_DIGESTS: number;
117 const ENGINE_METHOD_PKEY_METHS: number;
118 const ENGINE_METHOD_PKEY_ASN1_METHS: number;
119 const ENGINE_METHOD_ALL: number;
120 const ENGINE_METHOD_NONE: number;
121
122 const DH_CHECK_P_NOT_SAFE_PRIME: number;
123 const DH_CHECK_P_NOT_PRIME: number;
124 const DH_UNABLE_TO_CHECK_GENERATOR: number;
125 const DH_NOT_SUITABLE_GENERATOR: number;
126
127 const ALPN_ENABLED: number;
128
129 const RSA_PKCS1_PADDING: number;
130 const RSA_SSLV23_PADDING: number;
131 const RSA_NO_PADDING: number;
132 const RSA_PKCS1_OAEP_PADDING: number;
133 const RSA_X931_PADDING: number;
134 const RSA_PKCS1_PSS_PADDING: number;
135 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
136 const RSA_PSS_SALTLEN_DIGEST: number;
137 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
138 const RSA_PSS_SALTLEN_MAX_SIGN: number;
139 /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
140 const RSA_PSS_SALTLEN_AUTO: number;
141
142 const POINT_CONVERSION_COMPRESSED: number;
143 const POINT_CONVERSION_UNCOMPRESSED: number;
144 const POINT_CONVERSION_HYBRID: number;
145
146 /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
147 const defaultCoreCipherList: string;
148 /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
149 const defaultCipherList: string;
150 }
151
152 interface HashOptions extends stream.TransformOptions {
153 /**
154 * For XOF hash functions such as `shake256`, the
155 * outputLength option can be used to specify the desired output length in bytes.
156 */
157 outputLength?: number;
158 }
159
160 /** @deprecated since v10.0.0 */
161 const fips: boolean;
162
163 function createHash(algorithm: string, options?: HashOptions): Hash;
164 function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
165
166 // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
167 type BinaryToTextEncoding = 'base64' | 'hex';
168 type CharacterEncoding = 'utf8' | 'utf-8' | 'utf16le' | 'latin1';
169 type LegacyCharacterEncoding = 'ascii' | 'binary' | 'ucs2' | 'ucs-2';
170
171 type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
172
173 type ECDHKeyFormat = 'compressed' | 'uncompressed' | 'hybrid';
174
175 class Hash extends stream.Transform {
176 private constructor();
177 copy(): Hash;
178 update(data: BinaryLike): Hash;
179 update(data: string, input_encoding: Encoding): Hash;
180 digest(): Buffer;
181 digest(encoding: BinaryToTextEncoding): string;
182 }
183 class Hmac extends stream.Transform {
184 private constructor();
185 update(data: BinaryLike): Hmac;
186 update(data: string, input_encoding: Encoding): Hmac;
187 digest(): Buffer;
188 digest(encoding: BinaryToTextEncoding): string;
189 }
190
191 type KeyObjectType = 'secret' | 'public' | 'private';
192
193 interface KeyExportOptions<T extends KeyFormat> {
194 type: 'pkcs1' | 'spki' | 'pkcs8' | 'sec1';
195 format: T;
196 cipher?: string;
197 passphrase?: string | Buffer;
198 }
199 interface JwkKeyExportOptions {
200 format: 'jwk';
201 }
202 interface JsonWebKey {
203 crv?: string;
204 d?: string;
205 dp?: string;
206 dq?: string;
207 e?: string;
208 k?: string;
209 kty?: string;
210 n?: string;
211 p?: string;
212 q?: string;
213 qi?: string;
214 x?: string;
215 y?: string;
216 [key: string]: unknown;
217 }
218
219 interface AsymmetricKeyDetails {
220 /**
221 * Key size in bits (RSA, DSA).
222 */
223 modulusLength?: number;
224 /**
225 * Public exponent (RSA).
226 */
227 publicExponent?: bigint;
228 /**
229 * Size of q in bits (DSA).
230 */
231 divisorLength?: number;
232 /**
233 * Name of the curve (EC).
234 */
235 namedCurve?: string;
236 }
237
238 interface JwkKeyExportOptions {
239 format: 'jwk';
240 }
241
242 class KeyObject {
243 private constructor();
244 asymmetricKeyType?: KeyType;
245 /**
246 * For asymmetric keys, this property represents the size of the embedded key in
247 * bytes. This property is `undefined` for symmetric keys.
248 */
249 asymmetricKeySize?: number;
250 /**
251 * This property exists only on asymmetric keys. Depending on the type of the key,
252 * this object contains information about the key. None of the information obtained
253 * through this property can be used to uniquely identify a key or to compromise the
254 * security of the key.
255 */
256 asymmetricKeyDetails?: AsymmetricKeyDetails;
257 export(options: KeyExportOptions<'pem'>): string | Buffer;
258 export(options?: KeyExportOptions<'der'>): Buffer;
259 export(options?: JwkKeyExportOptions): JsonWebKey;
260 symmetricKeySize?: number;
261 type: KeyObjectType;
262 }
263
264 type CipherCCMTypes = 'aes-128-ccm' | 'aes-192-ccm' | 'aes-256-ccm' | 'chacha20-poly1305';
265 type CipherGCMTypes = 'aes-128-gcm' | 'aes-192-gcm' | 'aes-256-gcm';
266
267 type BinaryLike = string | NodeJS.ArrayBufferView;
268
269 type CipherKey = BinaryLike | KeyObject;
270
271 interface CipherCCMOptions extends stream.TransformOptions {
272 authTagLength: number;
273 }
274 interface CipherGCMOptions extends stream.TransformOptions {
275 authTagLength?: number;
276 }
277 /** @deprecated since v10.0.0 use `createCipheriv()` */
278 function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
279 /** @deprecated since v10.0.0 use `createCipheriv()` */
280 function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
281 /** @deprecated since v10.0.0 use `createCipheriv()` */
282 function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
283
284 function createCipheriv(
285 algorithm: CipherCCMTypes,
286 key: CipherKey,
287 iv: BinaryLike | null,
288 options: CipherCCMOptions,
289 ): CipherCCM;
290 function createCipheriv(
291 algorithm: CipherGCMTypes,
292 key: CipherKey,
293 iv: BinaryLike | null,
294 options?: CipherGCMOptions,
295 ): CipherGCM;
296 function createCipheriv(
297 algorithm: string,
298 key: CipherKey,
299 iv: BinaryLike | null,
300 options?: stream.TransformOptions,
301 ): Cipher;
302
303 class Cipher extends stream.Transform {
304 private constructor();
305 update(data: BinaryLike): Buffer;
306 update(data: string, input_encoding: Encoding): Buffer;
307 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
308 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
309 final(): Buffer;
310 final(output_encoding: BufferEncoding): string;
311 setAutoPadding(auto_padding?: boolean): this;
312 // getAuthTag(): Buffer;
313 // setAAD(buffer: NodeJS.ArrayBufferView): this;
314 }
315 interface CipherCCM extends Cipher {
316 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
317 getAuthTag(): Buffer;
318 }
319 interface CipherGCM extends Cipher {
320 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
321 getAuthTag(): Buffer;
322 }
323 /** @deprecated since v10.0.0 use `createDecipheriv()` */
324 function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
325 /** @deprecated since v10.0.0 use `createDecipheriv()` */
326 function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
327 /** @deprecated since v10.0.0 use `createDecipheriv()` */
328 function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
329
330 function createDecipheriv(
331 algorithm: CipherCCMTypes,
332 key: CipherKey,
333 iv: BinaryLike | null,
334 options: CipherCCMOptions,
335 ): DecipherCCM;
336 function createDecipheriv(
337 algorithm: CipherGCMTypes,
338 key: CipherKey,
339 iv: BinaryLike | null,
340 options?: CipherGCMOptions,
341 ): DecipherGCM;
342 function createDecipheriv(
343 algorithm: string,
344 key: CipherKey,
345 iv: BinaryLike | null,
346 options?: stream.TransformOptions,
347 ): Decipher;
348
349 class Decipher extends stream.Transform {
350 private constructor();
351 update(data: NodeJS.ArrayBufferView): Buffer;
352 update(data: string, input_encoding: Encoding): Buffer;
353 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
354 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
355 final(): Buffer;
356 final(output_encoding: BufferEncoding): string;
357 setAutoPadding(auto_padding?: boolean): this;
358 // setAuthTag(tag: NodeJS.ArrayBufferView): this;
359 // setAAD(buffer: NodeJS.ArrayBufferView): this;
360 }
361 interface DecipherCCM extends Decipher {
362 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
363 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
364 }
365 interface DecipherGCM extends Decipher {
366 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
367 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
368 }
369
370 interface PrivateKeyInput {
371 key: string | Buffer;
372 format?: KeyFormat;
373 type?: 'pkcs1' | 'pkcs8' | 'sec1';
374 passphrase?: string | Buffer;
375 }
376
377 interface PublicKeyInput {
378 key: string | Buffer;
379 format?: KeyFormat;
380 type?: 'pkcs1' | 'spki';
381 }
382
383 function generateKey(type: 'hmac' | 'aes', options: {length: number}, callback: (err: Error | null, key: KeyObject) => void): void;
384
385 interface JsonWebKeyInput {
386 key: JsonWebKey;
387 format: 'jwk';
388 }
389
390 function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
391 function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject | JsonWebKeyInput): KeyObject;
392 function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
393
394 function createSign(algorithm: string, options?: stream.WritableOptions): Signer;
395
396 type DSAEncoding = 'der' | 'ieee-p1363';
397
398 interface SigningOptions {
399 /**
400 * @See crypto.constants.RSA_PKCS1_PADDING
401 */
402 padding?: number;
403 saltLength?: number;
404 dsaEncoding?: DSAEncoding;
405 }
406
407 interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions { }
408 interface SignKeyObjectInput extends SigningOptions {
409 key: KeyObject;
410 }
411 interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions { }
412 interface VerifyKeyObjectInput extends SigningOptions {
413 key: KeyObject;
414 }
415
416 type KeyLike = string | Buffer | KeyObject;
417
418 class Signer extends stream.Writable {
419 private constructor();
420
421 update(data: BinaryLike): Signer;
422 update(data: string, input_encoding: Encoding): Signer;
423 sign(private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
424 sign(
425 private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
426 output_format: BinaryToTextEncoding,
427 ): string;
428 }
429
430 function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
431 class Verify extends stream.Writable {
432 private constructor();
433
434 update(data: BinaryLike): Verify;
435 update(data: string, input_encoding: Encoding): Verify;
436 verify(
437 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
438 signature: NodeJS.ArrayBufferView,
439 ): boolean;
440 verify(
441 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
442 signature: string,
443 signature_format?: BinaryToTextEncoding,
444 ): boolean;
445 // https://nodejs.org/api/crypto.html#crypto_verifier_verify_object_signature_signature_format
446 // The signature field accepts a TypedArray type, but it is only available starting ES2017
447 }
448 function createDiffieHellman(prime_length: number, generator?: number | NodeJS.ArrayBufferView): DiffieHellman;
449 function createDiffieHellman(prime: NodeJS.ArrayBufferView): DiffieHellman;
450 function createDiffieHellman(prime: string, prime_encoding: BinaryToTextEncoding): DiffieHellman;
451 function createDiffieHellman(
452 prime: string,
453 prime_encoding: BinaryToTextEncoding,
454 generator: number | NodeJS.ArrayBufferView,
455 ): DiffieHellman;
456 function createDiffieHellman(
457 prime: string,
458 prime_encoding: BinaryToTextEncoding,
459 generator: string,
460 generator_encoding: BinaryToTextEncoding,
461 ): DiffieHellman;
462 class DiffieHellman {
463 private constructor();
464 generateKeys(): Buffer;
465 generateKeys(encoding: BinaryToTextEncoding): string;
466 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
467 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
468 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
469 computeSecret(
470 other_public_key: string,
471 input_encoding: BinaryToTextEncoding,
472 output_encoding: BinaryToTextEncoding,
473 ): string;
474 getPrime(): Buffer;
475 getPrime(encoding: BinaryToTextEncoding): string;
476 getGenerator(): Buffer;
477 getGenerator(encoding: BinaryToTextEncoding): string;
478 getPublicKey(): Buffer;
479 getPublicKey(encoding: BinaryToTextEncoding): string;
480 getPrivateKey(): Buffer;
481 getPrivateKey(encoding: BinaryToTextEncoding): string;
482 setPublicKey(public_key: NodeJS.ArrayBufferView): void;
483 setPublicKey(public_key: string, encoding: BufferEncoding): void;
484 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
485 setPrivateKey(private_key: string, encoding: BufferEncoding): void;
486 verifyError: number;
487 }
488 function getDiffieHellman(group_name: string): DiffieHellman;
489 function pbkdf2(
490 password: BinaryLike,
491 salt: BinaryLike,
492 iterations: number,
493 keylen: number,
494 digest: string,
495 callback: (err: Error | null, derivedKey: Buffer) => any,
496 ): void;
497 function pbkdf2Sync(
498 password: BinaryLike,
499 salt: BinaryLike,
500 iterations: number,
501 keylen: number,
502 digest: string,
503 ): Buffer;
504
505 function randomBytes(size: number): Buffer;
506 function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
507 function pseudoRandomBytes(size: number): Buffer;
508 function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
509
510 function randomInt(max: number): number;
511 function randomInt(min: number, max: number): number;
512 function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
513 function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
514
515 function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
516 function randomFill<T extends NodeJS.ArrayBufferView>(
517 buffer: T,
518 callback: (err: Error | null, buf: T) => void,
519 ): void;
520 function randomFill<T extends NodeJS.ArrayBufferView>(
521 buffer: T,
522 offset: number,
523 callback: (err: Error | null, buf: T) => void,
524 ): void;
525 function randomFill<T extends NodeJS.ArrayBufferView>(
526 buffer: T,
527 offset: number,
528 size: number,
529 callback: (err: Error | null, buf: T) => void,
530 ): void;
531
532 interface ScryptOptions {
533 cost?: number;
534 blockSize?: number;
535 parallelization?: number;
536 N?: number;
537 r?: number;
538 p?: number;
539 maxmem?: number;
540 }
541 function scrypt(
542 password: BinaryLike,
543 salt: BinaryLike,
544 keylen: number,
545 callback: (err: Error | null, derivedKey: Buffer) => void,
546 ): void;
547 function scrypt(
548 password: BinaryLike,
549 salt: BinaryLike,
550 keylen: number,
551 options: ScryptOptions,
552 callback: (err: Error | null, derivedKey: Buffer) => void,
553 ): void;
554 function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
555
556 interface RsaPublicKey {
557 key: KeyLike;
558 padding?: number;
559 }
560 interface RsaPrivateKey {
561 key: KeyLike;
562 passphrase?: string;
563 /**
564 * @default 'sha1'
565 */
566 oaepHash?: string;
567 oaepLabel?: NodeJS.TypedArray;
568 padding?: number;
569 }
570 function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
571 function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
572 function privateDecrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
573 function privateEncrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
574 function getCiphers(): string[];
575 function getCurves(): string[];
576 function getFips(): 1 | 0;
577 function getHashes(): string[];
578 class ECDH {
579 private constructor();
580 static convertKey(
581 key: BinaryLike,
582 curve: string,
583 inputEncoding?: BinaryToTextEncoding,
584 outputEncoding?: 'latin1' | 'hex' | 'base64',
585 format?: 'uncompressed' | 'compressed' | 'hybrid',
586 ): Buffer | string;
587 generateKeys(): Buffer;
588 generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
589 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
590 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
591 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
592 computeSecret(
593 other_public_key: string,
594 input_encoding: BinaryToTextEncoding,
595 output_encoding: BinaryToTextEncoding,
596 ): string;
597 getPrivateKey(): Buffer;
598 getPrivateKey(encoding: BinaryToTextEncoding): string;
599 getPublicKey(): Buffer;
600 getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
601 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
602 setPrivateKey(private_key: string, encoding: BinaryToTextEncoding): void;
603 }
604 function createECDH(curve_name: string): ECDH;
605 function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
606 /** @deprecated since v10.0.0 */
607 const DEFAULT_ENCODING: BufferEncoding;
608
609 type KeyType = 'rsa' | 'dsa' | 'ec' | 'ed25519' | 'ed448' | 'x25519' | 'x448';
610 type KeyFormat = 'pem' | 'der';
611
612 interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
613 format: T;
614 cipher?: string;
615 passphrase?: string;
616 }
617
618 interface KeyPairKeyObjectResult {
619 publicKey: KeyObject;
620 privateKey: KeyObject;
621 }
622
623 interface ED25519KeyPairKeyObjectOptions {
624 /**
625 * No options.
626 */
627 }
628
629 interface ED448KeyPairKeyObjectOptions {
630 /**
631 * No options.
632 */
633 }
634
635 interface X25519KeyPairKeyObjectOptions {
636 /**
637 * No options.
638 */
639 }
640
641 interface X448KeyPairKeyObjectOptions {
642 /**
643 * No options.
644 */
645 }
646
647 interface ECKeyPairKeyObjectOptions {
648 /**
649 * Name of the curve to use.
650 */
651 namedCurve: string;
652 }
653
654 interface RSAKeyPairKeyObjectOptions {
655 /**
656 * Key size in bits
657 */
658 modulusLength: number;
659
660 /**
661 * @default 0x10001
662 */
663 publicExponent?: number;
664 }
665
666 interface DSAKeyPairKeyObjectOptions {
667 /**
668 * Key size in bits
669 */
670 modulusLength: number;
671
672 /**
673 * Size of q in bits
674 */
675 divisorLength: number;
676 }
677
678 interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
679 /**
680 * Key size in bits
681 */
682 modulusLength: number;
683 /**
684 * @default 0x10001
685 */
686 publicExponent?: number;
687
688 publicKeyEncoding: {
689 type: 'pkcs1' | 'spki';
690 format: PubF;
691 };
692 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
693 type: 'pkcs1' | 'pkcs8';
694 };
695 }
696
697 interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
698 /**
699 * Key size in bits
700 */
701 modulusLength: number;
702 /**
703 * Size of q in bits
704 */
705 divisorLength: number;
706
707 publicKeyEncoding: {
708 type: 'spki';
709 format: PubF;
710 };
711 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
712 type: 'pkcs8';
713 };
714 }
715
716 interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
717 /**
718 * Name of the curve to use.
719 */
720 namedCurve: string;
721
722 publicKeyEncoding: {
723 type: 'pkcs1' | 'spki';
724 format: PubF;
725 };
726 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
727 type: 'sec1' | 'pkcs8';
728 };
729 }
730
731 interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
732 publicKeyEncoding: {
733 type: 'spki';
734 format: PubF;
735 };
736 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
737 type: 'pkcs8';
738 };
739 }
740
741 interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
742 publicKeyEncoding: {
743 type: 'spki';
744 format: PubF;
745 };
746 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
747 type: 'pkcs8';
748 };
749 }
750
751 interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
752 publicKeyEncoding: {
753 type: 'spki';
754 format: PubF;
755 };
756 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
757 type: 'pkcs8';
758 };
759 }
760
761 interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
762 publicKeyEncoding: {
763 type: 'spki';
764 format: PubF;
765 };
766 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
767 type: 'pkcs8';
768 };
769 }
770
771 interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
772 publicKey: T1;
773 privateKey: T2;
774 }
775
776 function generateKeyPairSync(
777 type: 'rsa',
778 options: RSAKeyPairOptions<'pem', 'pem'>,
779 ): KeyPairSyncResult<string, string>;
780 function generateKeyPairSync(
781 type: 'rsa',
782 options: RSAKeyPairOptions<'pem', 'der'>,
783 ): KeyPairSyncResult<string, Buffer>;
784 function generateKeyPairSync(
785 type: 'rsa',
786 options: RSAKeyPairOptions<'der', 'pem'>,
787 ): KeyPairSyncResult<Buffer, string>;
788 function generateKeyPairSync(
789 type: 'rsa',
790 options: RSAKeyPairOptions<'der', 'der'>,
791 ): KeyPairSyncResult<Buffer, Buffer>;
792 function generateKeyPairSync(type: 'rsa', options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
793
794 function generateKeyPairSync(
795 type: 'dsa',
796 options: DSAKeyPairOptions<'pem', 'pem'>,
797 ): KeyPairSyncResult<string, string>;
798 function generateKeyPairSync(
799 type: 'dsa',
800 options: DSAKeyPairOptions<'pem', 'der'>,
801 ): KeyPairSyncResult<string, Buffer>;
802 function generateKeyPairSync(
803 type: 'dsa',
804 options: DSAKeyPairOptions<'der', 'pem'>,
805 ): KeyPairSyncResult<Buffer, string>;
806 function generateKeyPairSync(
807 type: 'dsa',
808 options: DSAKeyPairOptions<'der', 'der'>,
809 ): KeyPairSyncResult<Buffer, Buffer>;
810 function generateKeyPairSync(type: 'dsa', options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
811
812 function generateKeyPairSync(
813 type: 'ec',
814 options: ECKeyPairOptions<'pem', 'pem'>,
815 ): KeyPairSyncResult<string, string>;
816 function generateKeyPairSync(
817 type: 'ec',
818 options: ECKeyPairOptions<'pem', 'der'>,
819 ): KeyPairSyncResult<string, Buffer>;
820 function generateKeyPairSync(
821 type: 'ec',
822 options: ECKeyPairOptions<'der', 'pem'>,
823 ): KeyPairSyncResult<Buffer, string>;
824 function generateKeyPairSync(
825 type: 'ec',
826 options: ECKeyPairOptions<'der', 'der'>,
827 ): KeyPairSyncResult<Buffer, Buffer>;
828 function generateKeyPairSync(type: 'ec', options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
829
830 function generateKeyPairSync(
831 type: 'ed25519',
832 options: ED25519KeyPairOptions<'pem', 'pem'>,
833 ): KeyPairSyncResult<string, string>;
834 function generateKeyPairSync(
835 type: 'ed25519',
836 options: ED25519KeyPairOptions<'pem', 'der'>,
837 ): KeyPairSyncResult<string, Buffer>;
838 function generateKeyPairSync(
839 type: 'ed25519',
840 options: ED25519KeyPairOptions<'der', 'pem'>,
841 ): KeyPairSyncResult<Buffer, string>;
842 function generateKeyPairSync(
843 type: 'ed25519',
844 options: ED25519KeyPairOptions<'der', 'der'>,
845 ): KeyPairSyncResult<Buffer, Buffer>;
846 function generateKeyPairSync(type: 'ed25519', options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
847
848 function generateKeyPairSync(
849 type: 'ed448',
850 options: ED448KeyPairOptions<'pem', 'pem'>,
851 ): KeyPairSyncResult<string, string>;
852 function generateKeyPairSync(
853 type: 'ed448',
854 options: ED448KeyPairOptions<'pem', 'der'>,
855 ): KeyPairSyncResult<string, Buffer>;
856 function generateKeyPairSync(
857 type: 'ed448',
858 options: ED448KeyPairOptions<'der', 'pem'>,
859 ): KeyPairSyncResult<Buffer, string>;
860 function generateKeyPairSync(
861 type: 'ed448',
862 options: ED448KeyPairOptions<'der', 'der'>,
863 ): KeyPairSyncResult<Buffer, Buffer>;
864 function generateKeyPairSync(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
865
866 function generateKeyPairSync(
867 type: 'x25519',
868 options: X25519KeyPairOptions<'pem', 'pem'>,
869 ): KeyPairSyncResult<string, string>;
870 function generateKeyPairSync(
871 type: 'x25519',
872 options: X25519KeyPairOptions<'pem', 'der'>,
873 ): KeyPairSyncResult<string, Buffer>;
874 function generateKeyPairSync(
875 type: 'x25519',
876 options: X25519KeyPairOptions<'der', 'pem'>,
877 ): KeyPairSyncResult<Buffer, string>;
878 function generateKeyPairSync(
879 type: 'x25519',
880 options: X25519KeyPairOptions<'der', 'der'>,
881 ): KeyPairSyncResult<Buffer, Buffer>;
882 function generateKeyPairSync(type: 'x25519', options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
883
884 function generateKeyPairSync(
885 type: 'x448',
886 options: X448KeyPairOptions<'pem', 'pem'>,
887 ): KeyPairSyncResult<string, string>;
888 function generateKeyPairSync(
889 type: 'x448',
890 options: X448KeyPairOptions<'pem', 'der'>,
891 ): KeyPairSyncResult<string, Buffer>;
892 function generateKeyPairSync(
893 type: 'x448',
894 options: X448KeyPairOptions<'der', 'pem'>,
895 ): KeyPairSyncResult<Buffer, string>;
896 function generateKeyPairSync(
897 type: 'x448',
898 options: X448KeyPairOptions<'der', 'der'>,
899 ): KeyPairSyncResult<Buffer, Buffer>;
900 function generateKeyPairSync(type: 'x448', options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
901
902 function generateKeyPair(
903 type: 'rsa',
904 options: RSAKeyPairOptions<'pem', 'pem'>,
905 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
906 ): void;
907 function generateKeyPair(
908 type: 'rsa',
909 options: RSAKeyPairOptions<'pem', 'der'>,
910 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
911 ): void;
912 function generateKeyPair(
913 type: 'rsa',
914 options: RSAKeyPairOptions<'der', 'pem'>,
915 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
916 ): void;
917 function generateKeyPair(
918 type: 'rsa',
919 options: RSAKeyPairOptions<'der', 'der'>,
920 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
921 ): void;
922 function generateKeyPair(
923 type: 'rsa',
924 options: RSAKeyPairKeyObjectOptions,
925 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
926 ): void;
927
928 function generateKeyPair(
929 type: 'dsa',
930 options: DSAKeyPairOptions<'pem', 'pem'>,
931 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
932 ): void;
933 function generateKeyPair(
934 type: 'dsa',
935 options: DSAKeyPairOptions<'pem', 'der'>,
936 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
937 ): void;
938 function generateKeyPair(
939 type: 'dsa',
940 options: DSAKeyPairOptions<'der', 'pem'>,
941 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
942 ): void;
943 function generateKeyPair(
944 type: 'dsa',
945 options: DSAKeyPairOptions<'der', 'der'>,
946 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
947 ): void;
948 function generateKeyPair(
949 type: 'dsa',
950 options: DSAKeyPairKeyObjectOptions,
951 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
952 ): void;
953
954 function generateKeyPair(
955 type: 'ec',
956 options: ECKeyPairOptions<'pem', 'pem'>,
957 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
958 ): void;
959 function generateKeyPair(
960 type: 'ec',
961 options: ECKeyPairOptions<'pem', 'der'>,
962 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
963 ): void;
964 function generateKeyPair(
965 type: 'ec',
966 options: ECKeyPairOptions<'der', 'pem'>,
967 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
968 ): void;
969 function generateKeyPair(
970 type: 'ec',
971 options: ECKeyPairOptions<'der', 'der'>,
972 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
973 ): void;
974 function generateKeyPair(
975 type: 'ec',
976 options: ECKeyPairKeyObjectOptions,
977 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
978 ): void;
979
980 function generateKeyPair(
981 type: 'ed25519',
982 options: ED25519KeyPairOptions<'pem', 'pem'>,
983 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
984 ): void;
985 function generateKeyPair(
986 type: 'ed25519',
987 options: ED25519KeyPairOptions<'pem', 'der'>,
988 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
989 ): void;
990 function generateKeyPair(
991 type: 'ed25519',
992 options: ED25519KeyPairOptions<'der', 'pem'>,
993 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
994 ): void;
995 function generateKeyPair(
996 type: 'ed25519',
997 options: ED25519KeyPairOptions<'der', 'der'>,
998 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
999 ): void;
1000 function generateKeyPair(
1001 type: 'ed25519',
1002 options: ED25519KeyPairKeyObjectOptions | undefined,
1003 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1004 ): void;
1005
1006 function generateKeyPair(
1007 type: 'ed448',
1008 options: ED448KeyPairOptions<'pem', 'pem'>,
1009 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1010 ): void;
1011 function generateKeyPair(
1012 type: 'ed448',
1013 options: ED448KeyPairOptions<'pem', 'der'>,
1014 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1015 ): void;
1016 function generateKeyPair(
1017 type: 'ed448',
1018 options: ED448KeyPairOptions<'der', 'pem'>,
1019 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1020 ): void;
1021 function generateKeyPair(
1022 type: 'ed448',
1023 options: ED448KeyPairOptions<'der', 'der'>,
1024 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1025 ): void;
1026 function generateKeyPair(
1027 type: 'ed448',
1028 options: ED448KeyPairKeyObjectOptions | undefined,
1029 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1030 ): void;
1031
1032 function generateKeyPair(
1033 type: 'x25519',
1034 options: X25519KeyPairOptions<'pem', 'pem'>,
1035 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1036 ): void;
1037 function generateKeyPair(
1038 type: 'x25519',
1039 options: X25519KeyPairOptions<'pem', 'der'>,
1040 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1041 ): void;
1042 function generateKeyPair(
1043 type: 'x25519',
1044 options: X25519KeyPairOptions<'der', 'pem'>,
1045 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1046 ): void;
1047 function generateKeyPair(
1048 type: 'x25519',
1049 options: X25519KeyPairOptions<'der', 'der'>,
1050 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1051 ): void;
1052 function generateKeyPair(
1053 type: 'x25519',
1054 options: X25519KeyPairKeyObjectOptions | undefined,
1055 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1056 ): void;
1057
1058 function generateKeyPair(
1059 type: 'x448',
1060 options: X448KeyPairOptions<'pem', 'pem'>,
1061 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1062 ): void;
1063 function generateKeyPair(
1064 type: 'x448',
1065 options: X448KeyPairOptions<'pem', 'der'>,
1066 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1067 ): void;
1068 function generateKeyPair(
1069 type: 'x448',
1070 options: X448KeyPairOptions<'der', 'pem'>,
1071 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1072 ): void;
1073 function generateKeyPair(
1074 type: 'x448',
1075 options: X448KeyPairOptions<'der', 'der'>,
1076 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1077 ): void;
1078 function generateKeyPair(
1079 type: 'x448',
1080 options: X448KeyPairKeyObjectOptions | undefined,
1081 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1082 ): void;
1083
1084 namespace generateKeyPair {
1085 function __promisify__(
1086 type: 'rsa',
1087 options: RSAKeyPairOptions<'pem', 'pem'>,
1088 ): Promise<{ publicKey: string; privateKey: string }>;
1089 function __promisify__(
1090 type: 'rsa',
1091 options: RSAKeyPairOptions<'pem', 'der'>,
1092 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1093 function __promisify__(
1094 type: 'rsa',
1095 options: RSAKeyPairOptions<'der', 'pem'>,
1096 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1097 function __promisify__(
1098 type: 'rsa',
1099 options: RSAKeyPairOptions<'der', 'der'>,
1100 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1101 function __promisify__(type: 'rsa', options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1102
1103 function __promisify__(
1104 type: 'dsa',
1105 options: DSAKeyPairOptions<'pem', 'pem'>,
1106 ): Promise<{ publicKey: string; privateKey: string }>;
1107 function __promisify__(
1108 type: 'dsa',
1109 options: DSAKeyPairOptions<'pem', 'der'>,
1110 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1111 function __promisify__(
1112 type: 'dsa',
1113 options: DSAKeyPairOptions<'der', 'pem'>,
1114 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1115 function __promisify__(
1116 type: 'dsa',
1117 options: DSAKeyPairOptions<'der', 'der'>,
1118 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1119 function __promisify__(type: 'dsa', options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1120
1121 function __promisify__(
1122 type: 'ec',
1123 options: ECKeyPairOptions<'pem', 'pem'>,
1124 ): Promise<{ publicKey: string; privateKey: string }>;
1125 function __promisify__(
1126 type: 'ec',
1127 options: ECKeyPairOptions<'pem', 'der'>,
1128 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1129 function __promisify__(
1130 type: 'ec',
1131 options: ECKeyPairOptions<'der', 'pem'>,
1132 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1133 function __promisify__(
1134 type: 'ec',
1135 options: ECKeyPairOptions<'der', 'der'>,
1136 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1137 function __promisify__(type: 'ec', options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1138
1139 function __promisify__(
1140 type: 'ed25519',
1141 options: ED25519KeyPairOptions<'pem', 'pem'>,
1142 ): Promise<{ publicKey: string; privateKey: string }>;
1143 function __promisify__(
1144 type: 'ed25519',
1145 options: ED25519KeyPairOptions<'pem', 'der'>,
1146 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1147 function __promisify__(
1148 type: 'ed25519',
1149 options: ED25519KeyPairOptions<'der', 'pem'>,
1150 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1151 function __promisify__(
1152 type: 'ed25519',
1153 options: ED25519KeyPairOptions<'der', 'der'>,
1154 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1155 function __promisify__(
1156 type: 'ed25519',
1157 options?: ED25519KeyPairKeyObjectOptions,
1158 ): Promise<KeyPairKeyObjectResult>;
1159
1160 function __promisify__(
1161 type: 'ed448',
1162 options: ED448KeyPairOptions<'pem', 'pem'>,
1163 ): Promise<{ publicKey: string; privateKey: string }>;
1164 function __promisify__(
1165 type: 'ed448',
1166 options: ED448KeyPairOptions<'pem', 'der'>,
1167 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1168 function __promisify__(
1169 type: 'ed448',
1170 options: ED448KeyPairOptions<'der', 'pem'>,
1171 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1172 function __promisify__(
1173 type: 'ed448',
1174 options: ED448KeyPairOptions<'der', 'der'>,
1175 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1176 function __promisify__(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1177
1178 function __promisify__(
1179 type: 'x25519',
1180 options: X25519KeyPairOptions<'pem', 'pem'>,
1181 ): Promise<{ publicKey: string; privateKey: string }>;
1182 function __promisify__(
1183 type: 'x25519',
1184 options: X25519KeyPairOptions<'pem', 'der'>,
1185 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1186 function __promisify__(
1187 type: 'x25519',
1188 options: X25519KeyPairOptions<'der', 'pem'>,
1189 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1190 function __promisify__(
1191 type: 'x25519',
1192 options: X25519KeyPairOptions<'der', 'der'>,
1193 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1194 function __promisify__(
1195 type: 'x25519',
1196 options?: X25519KeyPairKeyObjectOptions,
1197 ): Promise<KeyPairKeyObjectResult>;
1198
1199 function __promisify__(
1200 type: 'x448',
1201 options: X448KeyPairOptions<'pem', 'pem'>,
1202 ): Promise<{ publicKey: string; privateKey: string }>;
1203 function __promisify__(
1204 type: 'x448',
1205 options: X448KeyPairOptions<'pem', 'der'>,
1206 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1207 function __promisify__(
1208 type: 'x448',
1209 options: X448KeyPairOptions<'der', 'pem'>,
1210 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1211 function __promisify__(
1212 type: 'x448',
1213 options: X448KeyPairOptions<'der', 'der'>,
1214 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1215 function __promisify__(type: 'x448', options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1216 }
1217
1218 /**
1219 * Calculates and returns the signature for `data` using the given private key and
1220 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1221 * dependent upon the key type (especially Ed25519 and Ed448).
1222 *
1223 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1224 * passed to `crypto.createPrivateKey().
1225 */
1226 function sign(
1227 algorithm: string | null | undefined,
1228 data: NodeJS.ArrayBufferView,
1229 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1230 ): Buffer;
1231 function sign(
1232 algorithm: string | null | undefined,
1233 data: NodeJS.ArrayBufferView,
1234 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1235 callback: (error: Error | null, data: Buffer) => void
1236 ): void;
1237
1238 /**
1239 * Calculates and returns the signature for `data` using the given private key and
1240 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1241 * dependent upon the key type (especially Ed25519 and Ed448).
1242 *
1243 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1244 * passed to `crypto.createPublicKey()`.
1245 */
1246 function verify(
1247 algorithm: string | null | undefined,
1248 data: NodeJS.ArrayBufferView,
1249 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1250 signature: NodeJS.ArrayBufferView,
1251 ): boolean;
1252 function verify(
1253 algorithm: string | null | undefined,
1254 data: NodeJS.ArrayBufferView,
1255 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1256 signature: NodeJS.ArrayBufferView,
1257 callback: (error: Error | null, result: boolean) => void
1258 ): void;
1259
1260 /**
1261 * Computes the Diffie-Hellman secret based on a privateKey and a publicKey.
1262 * Both keys must have the same asymmetricKeyType, which must be one of
1263 * 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).
1264 */
1265 function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
1266
1267 type CipherMode = 'cbc' | 'ccm' | 'cfb' | 'ctr' | 'ecb' | 'gcm' | 'ocb' | 'ofb' | 'stream' | 'wrap' | 'xts';
1268
1269 interface CipherInfoOptions {
1270 /**
1271 * A test key length.
1272 */
1273 keyLength?: number;
1274 /**
1275 * A test IV length.
1276 */
1277 ivLength?: number;
1278 }
1279
1280 interface CipherInfo {
1281 /**
1282 * The name of the cipher.
1283 */
1284 name: string;
1285 /**
1286 * The nid of the cipher.
1287 */
1288 nid: number;
1289 /**
1290 * The block size of the cipher in bytes.
1291 * This property is omitted when mode is 'stream'.
1292 */
1293 blockSize?: number;
1294 /**
1295 * The expected or default initialization vector length in bytes.
1296 * This property is omitted if the cipher does not use an initialization vector.
1297 */
1298 ivLength?: number;
1299 /**
1300 * The expected or default key length in bytes.
1301 */
1302 keyLength: number;
1303 /**
1304 * The cipher mode.
1305 */
1306 mode: CipherMode;
1307 }
1308
1309 /**
1310 * Returns information about a given cipher.
1311 *
1312 * Some ciphers accept variable length keys and initialization vectors.
1313 * By default, the `crypto.getCipherInfo()` method will return the default
1314 * values for these ciphers. To test if a given key length or iv length
1315 * is acceptable for given cipher, use the `keyLenth` and `ivLenth` options.
1316 * If the given values are unacceptable, `undefined` will be returned.
1317 * @param nameOrNid The name or nid of the cipher to query.
1318 */
1319 function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
1320
1321 /**
1322 * HKDF is a simple key derivation function defined in RFC 5869.
1323 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1324 *
1325 * The supplied `callback` function is called with two arguments: `err` and `derivedKey`.
1326 * If an errors occurs while deriving the key, `err` will be set; otherwise `err` will be `null`.
1327 * The successfully generated `derivedKey` will be passed to the callback as an `ArrayBuffer`.
1328 * An error will be thrown if any of the input aguments specify invalid values or types.
1329 */
1330 function hkdf(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: ArrayBuffer) => any): void;
1331
1332 /**
1333 * Provides a synchronous HKDF key derivation function as defined in RFC 5869.
1334 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1335 *
1336 * The successfully generated `derivedKey` will be returned as an `ArrayBuffer`.
1337 * An error will be thrown if any of the input aguments specify invalid values or types,
1338 * or if the derived key cannot be generated.
1339 */
1340 function hkdfSync(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number): ArrayBuffer;
1341
1342 interface SecureHeapUsage {
1343 /**
1344 * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
1345 */
1346 total: number;
1347
1348 /**
1349 * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
1350 */
1351 min: number;
1352
1353 /**
1354 * The total number of bytes currently allocated from the secure heap.
1355 */
1356 used: number;
1357
1358 /**
1359 * The calculated ratio of `used` to `total` allocated bytes.
1360 */
1361 utilization: number;
1362 }
1363
1364 function secureHeapUsed(): SecureHeapUsage;
1365
1366 // TODO: X509Certificate
1367
1368 interface RandomUUIDOptions {
1369 /**
1370 * By default, to improve performance,
1371 * Node.js will pre-emptively generate and persistently cache enough
1372 * random data to generate up to 128 random UUIDs. To generate a UUID
1373 * without using the cache, set `disableEntropyCache` to `true`.
1374 *
1375 * @default `false`
1376 */
1377 disableEntropyCache?: boolean;
1378 }
1379
1380 function randomUUID(options?: RandomUUIDOptions): string;
1381
1382 interface X509CheckOptions {
1383 /**
1384 * @default 'always'
1385 */
1386 subject: 'always' | 'never';
1387
1388 /**
1389 * @default true
1390 */
1391 wildcards: boolean;
1392
1393 /**
1394 * @default true
1395 */
1396 partialWildcards: boolean;
1397
1398 /**
1399 * @default false
1400 */
1401 multiLabelWildcards: boolean;
1402
1403 /**
1404 * @default false
1405 */
1406 singleLabelSubdomains: boolean;
1407 }
1408
1409 class X509Certificate {
1410 /**
1411 * Will be `true` if this is a Certificate Authority (ca) certificate.
1412 */
1413 readonly ca: boolean;
1414
1415 /**
1416 * The SHA-1 fingerprint of this certificate.
1417 */
1418 readonly fingerprint: string;
1419
1420 /**
1421 * The SHA-256 fingerprint of this certificate.
1422 */
1423 readonly fingerprint256: string;
1424
1425 /**
1426 * The complete subject of this certificate.
1427 */
1428 readonly subject: string;
1429
1430 /**
1431 * The subject alternative name specified for this certificate.
1432 */
1433 readonly subjectAltName: string;
1434
1435 /**
1436 * The information access content of this certificate.
1437 */
1438 readonly infoAccess: string;
1439
1440 /**
1441 * An array detailing the key usages for this certificate.
1442 */
1443 readonly keyUsage: string[];
1444
1445 /**
1446 * The issuer identification included in this certificate.
1447 */
1448 readonly issuer: string;
1449
1450 /**
1451 * The issuer certificate or `undefined` if the issuer certificate is not available.
1452 */
1453 readonly issuerCertificate?: X509Certificate;
1454
1455 /**
1456 * The public key for this certificate.
1457 */
1458 readonly publicKey: KeyObject;
1459
1460 /**
1461 * A `Buffer` containing the DER encoding of this certificate.
1462 */
1463 readonly raw: Buffer;
1464
1465 /**
1466 * The serial number of this certificate.
1467 */
1468 readonly serialNumber: string;
1469
1470 /**
1471 * Returns the PEM-encoded certificate.
1472 */
1473 readonly validFrom: string;
1474
1475 /**
1476 * The date/time from which this certificate is considered valid.
1477 */
1478 readonly validTo: string;
1479
1480 constructor(buffer: BinaryLike);
1481
1482 /**
1483 * Checks whether the certificate matches the given email address.
1484 *
1485 * Returns `email` if the certificate matches,`undefined` if it does not.
1486 */
1487 checkEmail(email: string, options?: X509CheckOptions): string | undefined;
1488
1489 /**
1490 * Checks whether the certificate matches the given host name.
1491 *
1492 * Returns `name` if the certificate matches, `undefined` if it does not.
1493 */
1494 checkHost(name: string, options?: X509CheckOptions): string | undefined;
1495
1496 /**
1497 * Checks whether the certificate matches the given IP address (IPv4 or IPv6).
1498 *
1499 * Returns `ip` if the certificate matches, `undefined` if it does not.
1500 */
1501 checkIP(ip: string, options?: X509CheckOptions): string | undefined;
1502
1503 /**
1504 * Checks whether this certificate was issued by the given `otherCert`.
1505 */
1506 checkIssued(otherCert: X509Certificate): boolean;
1507
1508 /**
1509 * Checks whether this certificate was issued by the given `otherCert`.
1510 */
1511 checkPrivateKey(privateKey: KeyObject): boolean;
1512
1513 /**
1514 * There is no standard JSON encoding for X509 certificates. The
1515 * `toJSON()` method returns a string containing the PEM encoded
1516 * certificate.
1517 */
1518 toJSON(): string;
1519
1520 /**
1521 * Returns information about this certificate using the legacy certificate object encoding.
1522 */
1523 toLegacyObject(): PeerCertificate;
1524
1525 /**
1526 * Returns the PEM-encoded certificate.
1527 */
1528 toString(): string;
1529
1530 /**
1531 * Verifies that this certificate was signed by the given public key.
1532 * Does not perform any other validation checks on the certificate.
1533 */
1534 verify(publicKey: KeyObject): boolean;
1535 }
1536
1537 type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
1538
1539 interface GeneratePrimeOptions {
1540 add?: LargeNumberLike;
1541 rem?: LargeNumberLike;
1542 /**
1543 * @default false
1544 */
1545 safe?: boolean;
1546 bigint?: boolean;
1547 }
1548
1549 interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
1550 bigint: true;
1551 }
1552
1553 interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
1554 bigint?: false;
1555 }
1556
1557 function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1558 function generatePrime(size: number, options: GeneratePrimeOptionsBigInt, callback: (err: Error | null, prime: bigint) => void): void;
1559 function generatePrime(size: number, options: GeneratePrimeOptionsArrayBuffer, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1560 function generatePrime(size: number, options: GeneratePrimeOptions, callback: (err: Error | null, prime: ArrayBuffer | bigint) => void): void;
1561
1562 function generatePrimeSync(size: number): ArrayBuffer;
1563 function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
1564 function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
1565 function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
1566
1567 interface CheckPrimeOptions {
1568 /**
1569 * The number of Miller-Rabin probabilistic primality iterations to perform.
1570 * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most 2-64 for random input.
1571 * Care must be used when selecting a number of checks.
1572 * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
1573 *
1574 * @default 0
1575 */
1576 checks?: number;
1577 }
1578
1579 /**
1580 * Checks the primality of the candidate.
1581 */
1582 function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
1583 function checkPrime(value: LargeNumberLike, options: CheckPrimeOptions, callback: (err: Error | null, result: boolean) => void): void;
1584
1585 /**
1586 * Checks the primality of the candidate.
1587 */
1588 function checkPrimeSync(value: LargeNumberLike, options?: CheckPrimeOptions): boolean;
1589}