UNPKG

59.6 kBTypeScriptView Raw
1declare module 'crypto' {
2 import * as stream from 'stream';
3 import { PeerCertificate } from 'tls';
4
5 interface Certificate {
6 /**
7 * @deprecated
8 * @param spkac
9 * @returns The challenge component of the `spkac` data structure,
10 * which includes a public key and a challenge.
11 */
12 exportChallenge(spkac: BinaryLike): Buffer;
13 /**
14 * @deprecated
15 * @param spkac
16 * @param encoding The encoding of the spkac string.
17 * @returns The public key component of the `spkac` data structure,
18 * which includes a public key and a challenge.
19 */
20 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
21 /**
22 * @deprecated
23 * @param spkac
24 * @returns `true` if the given `spkac` data structure is valid,
25 * `false` otherwise.
26 */
27 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
28 }
29 const Certificate: Certificate & {
30 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
31 new(): Certificate;
32 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
33 (): Certificate;
34
35 /**
36 * @param spkac
37 * @returns The challenge component of the `spkac` data structure,
38 * which includes a public key and a challenge.
39 */
40 exportChallenge(spkac: BinaryLike): Buffer;
41 /**
42 * @param spkac
43 * @param encoding The encoding of the spkac string.
44 * @returns The public key component of the `spkac` data structure,
45 * which includes a public key and a challenge.
46 */
47 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
48 /**
49 * @param spkac
50 * @returns `true` if the given `spkac` data structure is valid,
51 * `false` otherwise.
52 */
53 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
54 };
55
56 namespace constants {
57 // https://nodejs.org/dist/latest-v10.x/docs/api/crypto.html#crypto_crypto_constants
58 const OPENSSL_VERSION_NUMBER: number;
59
60 /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
61 const SSL_OP_ALL: number;
62 /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
63 const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
64 /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
65 const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
66 /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
67 const SSL_OP_CISCO_ANYCONNECT: number;
68 /** Instructs OpenSSL to turn on cookie exchange. */
69 const SSL_OP_COOKIE_EXCHANGE: number;
70 /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
71 const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
72 /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
73 const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
74 /** Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations. */
75 const SSL_OP_EPHEMERAL_RSA: number;
76 /** Allows initial connection to servers that do not support RI. */
77 const SSL_OP_LEGACY_SERVER_CONNECT: number;
78 const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: number;
79 const SSL_OP_MICROSOFT_SESS_ID_BUG: number;
80 /** Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation. */
81 const SSL_OP_MSIE_SSLV2_RSA_PADDING: number;
82 const SSL_OP_NETSCAPE_CA_DN_BUG: number;
83 const SSL_OP_NETSCAPE_CHALLENGE_BUG: number;
84 const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: number;
85 const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: number;
86 /** Instructs OpenSSL to disable support for SSL/TLS compression. */
87 const SSL_OP_NO_COMPRESSION: number;
88 const SSL_OP_NO_QUERY_MTU: number;
89 /** Instructs OpenSSL to always start a new session when performing renegotiation. */
90 const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
91 const SSL_OP_NO_SSLv2: number;
92 const SSL_OP_NO_SSLv3: number;
93 const SSL_OP_NO_TICKET: number;
94 const SSL_OP_NO_TLSv1: number;
95 const SSL_OP_NO_TLSv1_1: number;
96 const SSL_OP_NO_TLSv1_2: number;
97 const SSL_OP_PKCS1_CHECK_1: number;
98 const SSL_OP_PKCS1_CHECK_2: number;
99 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters. */
100 const SSL_OP_SINGLE_DH_USE: number;
101 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters. */
102 const SSL_OP_SINGLE_ECDH_USE: number;
103 const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: number;
104 const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: number;
105 const SSL_OP_TLS_BLOCK_PADDING_BUG: number;
106 const SSL_OP_TLS_D5_BUG: number;
107 /** Instructs OpenSSL to disable version rollback attack detection. */
108 const SSL_OP_TLS_ROLLBACK_BUG: number;
109
110 const ENGINE_METHOD_RSA: number;
111 const ENGINE_METHOD_DSA: number;
112 const ENGINE_METHOD_DH: number;
113 const ENGINE_METHOD_RAND: number;
114 const ENGINE_METHOD_EC: number;
115 const ENGINE_METHOD_CIPHERS: number;
116 const ENGINE_METHOD_DIGESTS: number;
117 const ENGINE_METHOD_PKEY_METHS: number;
118 const ENGINE_METHOD_PKEY_ASN1_METHS: number;
119 const ENGINE_METHOD_ALL: number;
120 const ENGINE_METHOD_NONE: number;
121
122 const DH_CHECK_P_NOT_SAFE_PRIME: number;
123 const DH_CHECK_P_NOT_PRIME: number;
124 const DH_UNABLE_TO_CHECK_GENERATOR: number;
125 const DH_NOT_SUITABLE_GENERATOR: number;
126
127 const ALPN_ENABLED: number;
128
129 const RSA_PKCS1_PADDING: number;
130 const RSA_SSLV23_PADDING: number;
131 const RSA_NO_PADDING: number;
132 const RSA_PKCS1_OAEP_PADDING: number;
133 const RSA_X931_PADDING: number;
134 const RSA_PKCS1_PSS_PADDING: number;
135 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
136 const RSA_PSS_SALTLEN_DIGEST: number;
137 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
138 const RSA_PSS_SALTLEN_MAX_SIGN: number;
139 /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
140 const RSA_PSS_SALTLEN_AUTO: number;
141
142 const POINT_CONVERSION_COMPRESSED: number;
143 const POINT_CONVERSION_UNCOMPRESSED: number;
144 const POINT_CONVERSION_HYBRID: number;
145
146 /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
147 const defaultCoreCipherList: string;
148 /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
149 const defaultCipherList: string;
150 }
151
152 interface HashOptions extends stream.TransformOptions {
153 /**
154 * For XOF hash functions such as `shake256`, the
155 * outputLength option can be used to specify the desired output length in bytes.
156 */
157 outputLength?: number;
158 }
159
160 /** @deprecated since v10.0.0 */
161 const fips: boolean;
162
163 function createHash(algorithm: string, options?: HashOptions): Hash;
164 function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
165
166 // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
167 type BinaryToTextEncoding = 'base64' | 'hex';
168 type CharacterEncoding = 'utf8' | 'utf-8' | 'utf16le' | 'latin1';
169 type LegacyCharacterEncoding = 'ascii' | 'binary' | 'ucs2' | 'ucs-2';
170
171 type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
172
173 type ECDHKeyFormat = 'compressed' | 'uncompressed' | 'hybrid';
174
175 class Hash extends stream.Transform {
176 private constructor();
177 copy(): Hash;
178 update(data: BinaryLike): Hash;
179 update(data: string, input_encoding: Encoding): Hash;
180 digest(): Buffer;
181 digest(encoding: BinaryToTextEncoding): string;
182 }
183 class Hmac extends stream.Transform {
184 private constructor();
185 update(data: BinaryLike): Hmac;
186 update(data: string, input_encoding: Encoding): Hmac;
187 digest(): Buffer;
188 digest(encoding: BinaryToTextEncoding): string;
189 }
190
191 type KeyObjectType = 'secret' | 'public' | 'private';
192
193 interface KeyExportOptions<T extends KeyFormat> {
194 type: 'pkcs1' | 'spki' | 'pkcs8' | 'sec1';
195 format: T;
196 cipher?: string;
197 passphrase?: string | Buffer;
198 }
199
200 interface JwkKeyExportOptions {
201 format: 'jwk';
202 }
203
204 interface JsonWebKey {
205 crv?: string;
206 d?: string;
207 dp?: string;
208 dq?: string;
209 e?: string;
210 k?: string;
211 kty?: string;
212 n?: string;
213 p?: string;
214 q?: string;
215 qi?: string;
216 x?: string;
217 y?: string;
218 }
219
220 interface AsymmetricKeyDetails {
221 /**
222 * Key size in bits (RSA, DSA).
223 */
224 modulusLength?: number;
225 /**
226 * Public exponent (RSA).
227 */
228 publicExponent?: bigint;
229 /**
230 * Size of q in bits (DSA).
231 */
232 divisorLength?: number;
233 /**
234 * Name of the curve (EC).
235 */
236 namedCurve?: string;
237 }
238
239 class KeyObject {
240 private constructor();
241 asymmetricKeyType?: KeyType;
242 /**
243 * For asymmetric keys, this property represents the size of the embedded key in
244 * bytes. This property is `undefined` for symmetric keys.
245 */
246 asymmetricKeySize?: number;
247 /**
248 * This property exists only on asymmetric keys. Depending on the type of the key,
249 * this object contains information about the key. None of the information obtained
250 * through this property can be used to uniquely identify a key or to compromise the
251 * security of the key.
252 */
253 asymmetricKeyDetails?: AsymmetricKeyDetails;
254 export(options: KeyExportOptions<'pem'>): string | Buffer;
255 export(options?: KeyExportOptions<'der'>): Buffer;
256 symmetricKeySize?: number;
257 type: KeyObjectType;
258 }
259
260 type CipherCCMTypes = 'aes-128-ccm' | 'aes-192-ccm' | 'aes-256-ccm' | 'chacha20-poly1305';
261 type CipherGCMTypes = 'aes-128-gcm' | 'aes-192-gcm' | 'aes-256-gcm';
262
263 type BinaryLike = string | NodeJS.ArrayBufferView;
264
265 type CipherKey = BinaryLike | KeyObject;
266
267 interface CipherCCMOptions extends stream.TransformOptions {
268 authTagLength: number;
269 }
270 interface CipherGCMOptions extends stream.TransformOptions {
271 authTagLength?: number;
272 }
273 /** @deprecated since v10.0.0 use `createCipheriv()` */
274 function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
275 /** @deprecated since v10.0.0 use `createCipheriv()` */
276 function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
277 /** @deprecated since v10.0.0 use `createCipheriv()` */
278 function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
279
280 function createCipheriv(
281 algorithm: CipherCCMTypes,
282 key: CipherKey,
283 iv: BinaryLike | null,
284 options: CipherCCMOptions,
285 ): CipherCCM;
286 function createCipheriv(
287 algorithm: CipherGCMTypes,
288 key: CipherKey,
289 iv: BinaryLike | null,
290 options?: CipherGCMOptions,
291 ): CipherGCM;
292 function createCipheriv(
293 algorithm: string,
294 key: CipherKey,
295 iv: BinaryLike | null,
296 options?: stream.TransformOptions,
297 ): Cipher;
298
299 class Cipher extends stream.Transform {
300 private constructor();
301 update(data: BinaryLike): Buffer;
302 update(data: string, input_encoding: Encoding): Buffer;
303 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
304 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
305 final(): Buffer;
306 final(output_encoding: BufferEncoding): string;
307 setAutoPadding(auto_padding?: boolean): this;
308 // getAuthTag(): Buffer;
309 // setAAD(buffer: NodeJS.ArrayBufferView): this;
310 }
311 interface CipherCCM extends Cipher {
312 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
313 getAuthTag(): Buffer;
314 }
315 interface CipherGCM extends Cipher {
316 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
317 getAuthTag(): Buffer;
318 }
319 /** @deprecated since v10.0.0 use `createDecipheriv()` */
320 function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
321 /** @deprecated since v10.0.0 use `createDecipheriv()` */
322 function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
323 /** @deprecated since v10.0.0 use `createDecipheriv()` */
324 function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
325
326 function createDecipheriv(
327 algorithm: CipherCCMTypes,
328 key: CipherKey,
329 iv: BinaryLike | null,
330 options: CipherCCMOptions,
331 ): DecipherCCM;
332 function createDecipheriv(
333 algorithm: CipherGCMTypes,
334 key: CipherKey,
335 iv: BinaryLike | null,
336 options?: CipherGCMOptions,
337 ): DecipherGCM;
338 function createDecipheriv(
339 algorithm: string,
340 key: CipherKey,
341 iv: BinaryLike | null,
342 options?: stream.TransformOptions,
343 ): Decipher;
344
345 class Decipher extends stream.Transform {
346 private constructor();
347 update(data: NodeJS.ArrayBufferView): Buffer;
348 update(data: string, input_encoding: Encoding): Buffer;
349 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
350 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
351 final(): Buffer;
352 final(output_encoding: BufferEncoding): string;
353 setAutoPadding(auto_padding?: boolean): this;
354 // setAuthTag(tag: NodeJS.ArrayBufferView): this;
355 // setAAD(buffer: NodeJS.ArrayBufferView): this;
356 }
357 interface DecipherCCM extends Decipher {
358 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
359 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
360 }
361 interface DecipherGCM extends Decipher {
362 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
363 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
364 }
365
366 interface PrivateKeyInput {
367 key: string | Buffer;
368 format?: KeyFormat;
369 type?: 'pkcs1' | 'pkcs8' | 'sec1';
370 passphrase?: string | Buffer;
371 }
372
373 interface PublicKeyInput {
374 key: string | Buffer;
375 format?: KeyFormat;
376 type?: 'pkcs1' | 'spki';
377 }
378
379 function createPrivateKey(key: PrivateKeyInput | string | Buffer): KeyObject;
380 function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject): KeyObject;
381 function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
382
383 function createSign(algorithm: string, options?: stream.WritableOptions): Signer;
384
385 type DSAEncoding = 'der' | 'ieee-p1363';
386
387 interface SigningOptions {
388 /**
389 * @See crypto.constants.RSA_PKCS1_PADDING
390 */
391 padding?: number;
392 saltLength?: number;
393 dsaEncoding?: DSAEncoding;
394 }
395
396 interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions { }
397 interface SignKeyObjectInput extends SigningOptions {
398 key: KeyObject;
399 }
400 interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions { }
401 interface VerifyKeyObjectInput extends SigningOptions {
402 key: KeyObject;
403 }
404
405 type KeyLike = string | Buffer | KeyObject;
406
407 class Signer extends stream.Writable {
408 private constructor();
409
410 update(data: BinaryLike): Signer;
411 update(data: string, input_encoding: Encoding): Signer;
412 sign(private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
413 sign(
414 private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
415 output_format: BinaryToTextEncoding,
416 ): string;
417 }
418
419 function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
420 class Verify extends stream.Writable {
421 private constructor();
422
423 update(data: BinaryLike): Verify;
424 update(data: string, input_encoding: Encoding): Verify;
425 verify(
426 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
427 signature: NodeJS.ArrayBufferView,
428 ): boolean;
429 verify(
430 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
431 signature: string,
432 signature_format?: BinaryToTextEncoding,
433 ): boolean;
434 // https://nodejs.org/api/crypto.html#crypto_verifier_verify_object_signature_signature_format
435 // The signature field accepts a TypedArray type, but it is only available starting ES2017
436 }
437 function createDiffieHellman(prime_length: number, generator?: number | NodeJS.ArrayBufferView): DiffieHellman;
438 function createDiffieHellman(prime: NodeJS.ArrayBufferView): DiffieHellman;
439 function createDiffieHellman(prime: string, prime_encoding: BinaryToTextEncoding): DiffieHellman;
440 function createDiffieHellman(
441 prime: string,
442 prime_encoding: BinaryToTextEncoding,
443 generator: number | NodeJS.ArrayBufferView,
444 ): DiffieHellman;
445 function createDiffieHellman(
446 prime: string,
447 prime_encoding: BinaryToTextEncoding,
448 generator: string,
449 generator_encoding: BinaryToTextEncoding,
450 ): DiffieHellman;
451 class DiffieHellman {
452 private constructor();
453 generateKeys(): Buffer;
454 generateKeys(encoding: BinaryToTextEncoding): string;
455 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
456 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
457 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
458 computeSecret(
459 other_public_key: string,
460 input_encoding: BinaryToTextEncoding,
461 output_encoding: BinaryToTextEncoding,
462 ): string;
463 getPrime(): Buffer;
464 getPrime(encoding: BinaryToTextEncoding): string;
465 getGenerator(): Buffer;
466 getGenerator(encoding: BinaryToTextEncoding): string;
467 getPublicKey(): Buffer;
468 getPublicKey(encoding: BinaryToTextEncoding): string;
469 getPrivateKey(): Buffer;
470 getPrivateKey(encoding: BinaryToTextEncoding): string;
471 setPublicKey(public_key: NodeJS.ArrayBufferView): void;
472 setPublicKey(public_key: string, encoding: BufferEncoding): void;
473 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
474 setPrivateKey(private_key: string, encoding: BufferEncoding): void;
475 verifyError: number;
476 }
477 function getDiffieHellman(group_name: string): DiffieHellman;
478 function pbkdf2(
479 password: BinaryLike,
480 salt: BinaryLike,
481 iterations: number,
482 keylen: number,
483 digest: string,
484 callback: (err: Error | null, derivedKey: Buffer) => any,
485 ): void;
486 function pbkdf2Sync(
487 password: BinaryLike,
488 salt: BinaryLike,
489 iterations: number,
490 keylen: number,
491 digest: string,
492 ): Buffer;
493
494 function randomBytes(size: number): Buffer;
495 function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
496 function pseudoRandomBytes(size: number): Buffer;
497 function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
498
499 function randomInt(max: number): number;
500 function randomInt(min: number, max: number): number;
501 function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
502 function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
503
504 function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
505 function randomFill<T extends NodeJS.ArrayBufferView>(
506 buffer: T,
507 callback: (err: Error | null, buf: T) => void,
508 ): void;
509 function randomFill<T extends NodeJS.ArrayBufferView>(
510 buffer: T,
511 offset: number,
512 callback: (err: Error | null, buf: T) => void,
513 ): void;
514 function randomFill<T extends NodeJS.ArrayBufferView>(
515 buffer: T,
516 offset: number,
517 size: number,
518 callback: (err: Error | null, buf: T) => void,
519 ): void;
520
521 interface ScryptOptions {
522 cost?: number;
523 blockSize?: number;
524 parallelization?: number;
525 N?: number;
526 r?: number;
527 p?: number;
528 maxmem?: number;
529 }
530 function scrypt(
531 password: BinaryLike,
532 salt: BinaryLike,
533 keylen: number,
534 callback: (err: Error | null, derivedKey: Buffer) => void,
535 ): void;
536 function scrypt(
537 password: BinaryLike,
538 salt: BinaryLike,
539 keylen: number,
540 options: ScryptOptions,
541 callback: (err: Error | null, derivedKey: Buffer) => void,
542 ): void;
543 function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
544
545 interface RsaPublicKey {
546 key: KeyLike;
547 padding?: number;
548 }
549 interface RsaPrivateKey {
550 key: KeyLike;
551 passphrase?: string;
552 /**
553 * @default 'sha1'
554 */
555 oaepHash?: string;
556 oaepLabel?: NodeJS.TypedArray;
557 padding?: number;
558 }
559 function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
560 function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
561 function privateDecrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
562 function privateEncrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
563 function getCiphers(): string[];
564 function getCurves(): string[];
565 function getFips(): 1 | 0;
566 function getHashes(): string[];
567 class ECDH {
568 private constructor();
569 static convertKey(
570 key: BinaryLike,
571 curve: string,
572 inputEncoding?: BinaryToTextEncoding,
573 outputEncoding?: 'latin1' | 'hex' | 'base64',
574 format?: 'uncompressed' | 'compressed' | 'hybrid',
575 ): Buffer | string;
576 generateKeys(): Buffer;
577 generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
578 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
579 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
580 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
581 computeSecret(
582 other_public_key: string,
583 input_encoding: BinaryToTextEncoding,
584 output_encoding: BinaryToTextEncoding,
585 ): string;
586 getPrivateKey(): Buffer;
587 getPrivateKey(encoding: BinaryToTextEncoding): string;
588 getPublicKey(): Buffer;
589 getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
590 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
591 setPrivateKey(private_key: string, encoding: BinaryToTextEncoding): void;
592 }
593 function createECDH(curve_name: string): ECDH;
594 function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
595 /** @deprecated since v10.0.0 */
596 const DEFAULT_ENCODING: BufferEncoding;
597
598 type KeyType = 'rsa' | 'dsa' | 'ec' | 'ed25519' | 'ed448' | 'x25519' | 'x448';
599 type KeyFormat = 'pem' | 'der';
600
601 interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
602 format: T;
603 cipher?: string;
604 passphrase?: string;
605 }
606
607 interface KeyPairKeyObjectResult {
608 publicKey: KeyObject;
609 privateKey: KeyObject;
610 }
611
612 interface ED25519KeyPairKeyObjectOptions {
613 /**
614 * No options.
615 */
616 }
617
618 interface ED448KeyPairKeyObjectOptions {
619 /**
620 * No options.
621 */
622 }
623
624 interface X25519KeyPairKeyObjectOptions {
625 /**
626 * No options.
627 */
628 }
629
630 interface X448KeyPairKeyObjectOptions {
631 /**
632 * No options.
633 */
634 }
635
636 interface ECKeyPairKeyObjectOptions {
637 /**
638 * Name of the curve to use.
639 */
640 namedCurve: string;
641 }
642
643 interface RSAKeyPairKeyObjectOptions {
644 /**
645 * Key size in bits
646 */
647 modulusLength: number;
648
649 /**
650 * @default 0x10001
651 */
652 publicExponent?: number;
653 }
654
655 interface DSAKeyPairKeyObjectOptions {
656 /**
657 * Key size in bits
658 */
659 modulusLength: number;
660
661 /**
662 * Size of q in bits
663 */
664 divisorLength: number;
665 }
666
667 interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
668 /**
669 * Key size in bits
670 */
671 modulusLength: number;
672 /**
673 * @default 0x10001
674 */
675 publicExponent?: number;
676
677 publicKeyEncoding: {
678 type: 'pkcs1' | 'spki';
679 format: PubF;
680 };
681 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
682 type: 'pkcs1' | 'pkcs8';
683 };
684 }
685
686 interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
687 /**
688 * Key size in bits
689 */
690 modulusLength: number;
691 /**
692 * Size of q in bits
693 */
694 divisorLength: number;
695
696 publicKeyEncoding: {
697 type: 'spki';
698 format: PubF;
699 };
700 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
701 type: 'pkcs8';
702 };
703 }
704
705 interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
706 /**
707 * Name of the curve to use.
708 */
709 namedCurve: string;
710
711 publicKeyEncoding: {
712 type: 'pkcs1' | 'spki';
713 format: PubF;
714 };
715 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
716 type: 'sec1' | 'pkcs8';
717 };
718 }
719
720 interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
721 publicKeyEncoding: {
722 type: 'spki';
723 format: PubF;
724 };
725 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
726 type: 'pkcs8';
727 };
728 }
729
730 interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
731 publicKeyEncoding: {
732 type: 'spki';
733 format: PubF;
734 };
735 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
736 type: 'pkcs8';
737 };
738 }
739
740 interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
741 publicKeyEncoding: {
742 type: 'spki';
743 format: PubF;
744 };
745 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
746 type: 'pkcs8';
747 };
748 }
749
750 interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
751 publicKeyEncoding: {
752 type: 'spki';
753 format: PubF;
754 };
755 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
756 type: 'pkcs8';
757 };
758 }
759
760 interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
761 publicKey: T1;
762 privateKey: T2;
763 }
764
765 function generateKeyPairSync(
766 type: 'rsa',
767 options: RSAKeyPairOptions<'pem', 'pem'>,
768 ): KeyPairSyncResult<string, string>;
769 function generateKeyPairSync(
770 type: 'rsa',
771 options: RSAKeyPairOptions<'pem', 'der'>,
772 ): KeyPairSyncResult<string, Buffer>;
773 function generateKeyPairSync(
774 type: 'rsa',
775 options: RSAKeyPairOptions<'der', 'pem'>,
776 ): KeyPairSyncResult<Buffer, string>;
777 function generateKeyPairSync(
778 type: 'rsa',
779 options: RSAKeyPairOptions<'der', 'der'>,
780 ): KeyPairSyncResult<Buffer, Buffer>;
781 function generateKeyPairSync(type: 'rsa', options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
782
783 function generateKeyPairSync(
784 type: 'dsa',
785 options: DSAKeyPairOptions<'pem', 'pem'>,
786 ): KeyPairSyncResult<string, string>;
787 function generateKeyPairSync(
788 type: 'dsa',
789 options: DSAKeyPairOptions<'pem', 'der'>,
790 ): KeyPairSyncResult<string, Buffer>;
791 function generateKeyPairSync(
792 type: 'dsa',
793 options: DSAKeyPairOptions<'der', 'pem'>,
794 ): KeyPairSyncResult<Buffer, string>;
795 function generateKeyPairSync(
796 type: 'dsa',
797 options: DSAKeyPairOptions<'der', 'der'>,
798 ): KeyPairSyncResult<Buffer, Buffer>;
799 function generateKeyPairSync(type: 'dsa', options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
800
801 function generateKeyPairSync(
802 type: 'ec',
803 options: ECKeyPairOptions<'pem', 'pem'>,
804 ): KeyPairSyncResult<string, string>;
805 function generateKeyPairSync(
806 type: 'ec',
807 options: ECKeyPairOptions<'pem', 'der'>,
808 ): KeyPairSyncResult<string, Buffer>;
809 function generateKeyPairSync(
810 type: 'ec',
811 options: ECKeyPairOptions<'der', 'pem'>,
812 ): KeyPairSyncResult<Buffer, string>;
813 function generateKeyPairSync(
814 type: 'ec',
815 options: ECKeyPairOptions<'der', 'der'>,
816 ): KeyPairSyncResult<Buffer, Buffer>;
817 function generateKeyPairSync(type: 'ec', options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
818
819 function generateKeyPairSync(
820 type: 'ed25519',
821 options: ED25519KeyPairOptions<'pem', 'pem'>,
822 ): KeyPairSyncResult<string, string>;
823 function generateKeyPairSync(
824 type: 'ed25519',
825 options: ED25519KeyPairOptions<'pem', 'der'>,
826 ): KeyPairSyncResult<string, Buffer>;
827 function generateKeyPairSync(
828 type: 'ed25519',
829 options: ED25519KeyPairOptions<'der', 'pem'>,
830 ): KeyPairSyncResult<Buffer, string>;
831 function generateKeyPairSync(
832 type: 'ed25519',
833 options: ED25519KeyPairOptions<'der', 'der'>,
834 ): KeyPairSyncResult<Buffer, Buffer>;
835 function generateKeyPairSync(type: 'ed25519', options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
836
837 function generateKeyPairSync(
838 type: 'ed448',
839 options: ED448KeyPairOptions<'pem', 'pem'>,
840 ): KeyPairSyncResult<string, string>;
841 function generateKeyPairSync(
842 type: 'ed448',
843 options: ED448KeyPairOptions<'pem', 'der'>,
844 ): KeyPairSyncResult<string, Buffer>;
845 function generateKeyPairSync(
846 type: 'ed448',
847 options: ED448KeyPairOptions<'der', 'pem'>,
848 ): KeyPairSyncResult<Buffer, string>;
849 function generateKeyPairSync(
850 type: 'ed448',
851 options: ED448KeyPairOptions<'der', 'der'>,
852 ): KeyPairSyncResult<Buffer, Buffer>;
853 function generateKeyPairSync(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
854
855 function generateKeyPairSync(
856 type: 'x25519',
857 options: X25519KeyPairOptions<'pem', 'pem'>,
858 ): KeyPairSyncResult<string, string>;
859 function generateKeyPairSync(
860 type: 'x25519',
861 options: X25519KeyPairOptions<'pem', 'der'>,
862 ): KeyPairSyncResult<string, Buffer>;
863 function generateKeyPairSync(
864 type: 'x25519',
865 options: X25519KeyPairOptions<'der', 'pem'>,
866 ): KeyPairSyncResult<Buffer, string>;
867 function generateKeyPairSync(
868 type: 'x25519',
869 options: X25519KeyPairOptions<'der', 'der'>,
870 ): KeyPairSyncResult<Buffer, Buffer>;
871 function generateKeyPairSync(type: 'x25519', options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
872
873 function generateKeyPairSync(
874 type: 'x448',
875 options: X448KeyPairOptions<'pem', 'pem'>,
876 ): KeyPairSyncResult<string, string>;
877 function generateKeyPairSync(
878 type: 'x448',
879 options: X448KeyPairOptions<'pem', 'der'>,
880 ): KeyPairSyncResult<string, Buffer>;
881 function generateKeyPairSync(
882 type: 'x448',
883 options: X448KeyPairOptions<'der', 'pem'>,
884 ): KeyPairSyncResult<Buffer, string>;
885 function generateKeyPairSync(
886 type: 'x448',
887 options: X448KeyPairOptions<'der', 'der'>,
888 ): KeyPairSyncResult<Buffer, Buffer>;
889 function generateKeyPairSync(type: 'x448', options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
890
891 function generateKeyPair(
892 type: 'rsa',
893 options: RSAKeyPairOptions<'pem', 'pem'>,
894 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
895 ): void;
896 function generateKeyPair(
897 type: 'rsa',
898 options: RSAKeyPairOptions<'pem', 'der'>,
899 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
900 ): void;
901 function generateKeyPair(
902 type: 'rsa',
903 options: RSAKeyPairOptions<'der', 'pem'>,
904 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
905 ): void;
906 function generateKeyPair(
907 type: 'rsa',
908 options: RSAKeyPairOptions<'der', 'der'>,
909 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
910 ): void;
911 function generateKeyPair(
912 type: 'rsa',
913 options: RSAKeyPairKeyObjectOptions,
914 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
915 ): void;
916
917 function generateKeyPair(
918 type: 'dsa',
919 options: DSAKeyPairOptions<'pem', 'pem'>,
920 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
921 ): void;
922 function generateKeyPair(
923 type: 'dsa',
924 options: DSAKeyPairOptions<'pem', 'der'>,
925 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
926 ): void;
927 function generateKeyPair(
928 type: 'dsa',
929 options: DSAKeyPairOptions<'der', 'pem'>,
930 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
931 ): void;
932 function generateKeyPair(
933 type: 'dsa',
934 options: DSAKeyPairOptions<'der', 'der'>,
935 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
936 ): void;
937 function generateKeyPair(
938 type: 'dsa',
939 options: DSAKeyPairKeyObjectOptions,
940 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
941 ): void;
942
943 function generateKeyPair(
944 type: 'ec',
945 options: ECKeyPairOptions<'pem', 'pem'>,
946 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
947 ): void;
948 function generateKeyPair(
949 type: 'ec',
950 options: ECKeyPairOptions<'pem', 'der'>,
951 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
952 ): void;
953 function generateKeyPair(
954 type: 'ec',
955 options: ECKeyPairOptions<'der', 'pem'>,
956 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
957 ): void;
958 function generateKeyPair(
959 type: 'ec',
960 options: ECKeyPairOptions<'der', 'der'>,
961 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
962 ): void;
963 function generateKeyPair(
964 type: 'ec',
965 options: ECKeyPairKeyObjectOptions,
966 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
967 ): void;
968
969 function generateKeyPair(
970 type: 'ed25519',
971 options: ED25519KeyPairOptions<'pem', 'pem'>,
972 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
973 ): void;
974 function generateKeyPair(
975 type: 'ed25519',
976 options: ED25519KeyPairOptions<'pem', 'der'>,
977 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
978 ): void;
979 function generateKeyPair(
980 type: 'ed25519',
981 options: ED25519KeyPairOptions<'der', 'pem'>,
982 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
983 ): void;
984 function generateKeyPair(
985 type: 'ed25519',
986 options: ED25519KeyPairOptions<'der', 'der'>,
987 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
988 ): void;
989 function generateKeyPair(
990 type: 'ed25519',
991 options: ED25519KeyPairKeyObjectOptions | undefined,
992 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
993 ): void;
994
995 function generateKeyPair(
996 type: 'ed448',
997 options: ED448KeyPairOptions<'pem', 'pem'>,
998 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
999 ): void;
1000 function generateKeyPair(
1001 type: 'ed448',
1002 options: ED448KeyPairOptions<'pem', 'der'>,
1003 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1004 ): void;
1005 function generateKeyPair(
1006 type: 'ed448',
1007 options: ED448KeyPairOptions<'der', 'pem'>,
1008 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1009 ): void;
1010 function generateKeyPair(
1011 type: 'ed448',
1012 options: ED448KeyPairOptions<'der', 'der'>,
1013 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1014 ): void;
1015 function generateKeyPair(
1016 type: 'ed448',
1017 options: ED448KeyPairKeyObjectOptions | undefined,
1018 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1019 ): void;
1020
1021 function generateKeyPair(
1022 type: 'x25519',
1023 options: X25519KeyPairOptions<'pem', 'pem'>,
1024 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1025 ): void;
1026 function generateKeyPair(
1027 type: 'x25519',
1028 options: X25519KeyPairOptions<'pem', 'der'>,
1029 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1030 ): void;
1031 function generateKeyPair(
1032 type: 'x25519',
1033 options: X25519KeyPairOptions<'der', 'pem'>,
1034 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1035 ): void;
1036 function generateKeyPair(
1037 type: 'x25519',
1038 options: X25519KeyPairOptions<'der', 'der'>,
1039 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1040 ): void;
1041 function generateKeyPair(
1042 type: 'x25519',
1043 options: X25519KeyPairKeyObjectOptions | undefined,
1044 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1045 ): void;
1046
1047 function generateKeyPair(
1048 type: 'x448',
1049 options: X448KeyPairOptions<'pem', 'pem'>,
1050 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1051 ): void;
1052 function generateKeyPair(
1053 type: 'x448',
1054 options: X448KeyPairOptions<'pem', 'der'>,
1055 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1056 ): void;
1057 function generateKeyPair(
1058 type: 'x448',
1059 options: X448KeyPairOptions<'der', 'pem'>,
1060 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1061 ): void;
1062 function generateKeyPair(
1063 type: 'x448',
1064 options: X448KeyPairOptions<'der', 'der'>,
1065 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1066 ): void;
1067 function generateKeyPair(
1068 type: 'x448',
1069 options: X448KeyPairKeyObjectOptions | undefined,
1070 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1071 ): void;
1072
1073 namespace generateKeyPair {
1074 function __promisify__(
1075 type: 'rsa',
1076 options: RSAKeyPairOptions<'pem', 'pem'>,
1077 ): Promise<{ publicKey: string; privateKey: string }>;
1078 function __promisify__(
1079 type: 'rsa',
1080 options: RSAKeyPairOptions<'pem', 'der'>,
1081 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1082 function __promisify__(
1083 type: 'rsa',
1084 options: RSAKeyPairOptions<'der', 'pem'>,
1085 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1086 function __promisify__(
1087 type: 'rsa',
1088 options: RSAKeyPairOptions<'der', 'der'>,
1089 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1090 function __promisify__(type: 'rsa', options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1091
1092 function __promisify__(
1093 type: 'dsa',
1094 options: DSAKeyPairOptions<'pem', 'pem'>,
1095 ): Promise<{ publicKey: string; privateKey: string }>;
1096 function __promisify__(
1097 type: 'dsa',
1098 options: DSAKeyPairOptions<'pem', 'der'>,
1099 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1100 function __promisify__(
1101 type: 'dsa',
1102 options: DSAKeyPairOptions<'der', 'pem'>,
1103 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1104 function __promisify__(
1105 type: 'dsa',
1106 options: DSAKeyPairOptions<'der', 'der'>,
1107 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1108 function __promisify__(type: 'dsa', options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1109
1110 function __promisify__(
1111 type: 'ec',
1112 options: ECKeyPairOptions<'pem', 'pem'>,
1113 ): Promise<{ publicKey: string; privateKey: string }>;
1114 function __promisify__(
1115 type: 'ec',
1116 options: ECKeyPairOptions<'pem', 'der'>,
1117 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1118 function __promisify__(
1119 type: 'ec',
1120 options: ECKeyPairOptions<'der', 'pem'>,
1121 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1122 function __promisify__(
1123 type: 'ec',
1124 options: ECKeyPairOptions<'der', 'der'>,
1125 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1126 function __promisify__(type: 'ec', options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1127
1128 function __promisify__(
1129 type: 'ed25519',
1130 options: ED25519KeyPairOptions<'pem', 'pem'>,
1131 ): Promise<{ publicKey: string; privateKey: string }>;
1132 function __promisify__(
1133 type: 'ed25519',
1134 options: ED25519KeyPairOptions<'pem', 'der'>,
1135 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1136 function __promisify__(
1137 type: 'ed25519',
1138 options: ED25519KeyPairOptions<'der', 'pem'>,
1139 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1140 function __promisify__(
1141 type: 'ed25519',
1142 options: ED25519KeyPairOptions<'der', 'der'>,
1143 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1144 function __promisify__(
1145 type: 'ed25519',
1146 options?: ED25519KeyPairKeyObjectOptions,
1147 ): Promise<KeyPairKeyObjectResult>;
1148
1149 function __promisify__(
1150 type: 'ed448',
1151 options: ED448KeyPairOptions<'pem', 'pem'>,
1152 ): Promise<{ publicKey: string; privateKey: string }>;
1153 function __promisify__(
1154 type: 'ed448',
1155 options: ED448KeyPairOptions<'pem', 'der'>,
1156 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1157 function __promisify__(
1158 type: 'ed448',
1159 options: ED448KeyPairOptions<'der', 'pem'>,
1160 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1161 function __promisify__(
1162 type: 'ed448',
1163 options: ED448KeyPairOptions<'der', 'der'>,
1164 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1165 function __promisify__(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1166
1167 function __promisify__(
1168 type: 'x25519',
1169 options: X25519KeyPairOptions<'pem', 'pem'>,
1170 ): Promise<{ publicKey: string; privateKey: string }>;
1171 function __promisify__(
1172 type: 'x25519',
1173 options: X25519KeyPairOptions<'pem', 'der'>,
1174 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1175 function __promisify__(
1176 type: 'x25519',
1177 options: X25519KeyPairOptions<'der', 'pem'>,
1178 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1179 function __promisify__(
1180 type: 'x25519',
1181 options: X25519KeyPairOptions<'der', 'der'>,
1182 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1183 function __promisify__(
1184 type: 'x25519',
1185 options?: X25519KeyPairKeyObjectOptions,
1186 ): Promise<KeyPairKeyObjectResult>;
1187
1188 function __promisify__(
1189 type: 'x448',
1190 options: X448KeyPairOptions<'pem', 'pem'>,
1191 ): Promise<{ publicKey: string; privateKey: string }>;
1192 function __promisify__(
1193 type: 'x448',
1194 options: X448KeyPairOptions<'pem', 'der'>,
1195 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1196 function __promisify__(
1197 type: 'x448',
1198 options: X448KeyPairOptions<'der', 'pem'>,
1199 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1200 function __promisify__(
1201 type: 'x448',
1202 options: X448KeyPairOptions<'der', 'der'>,
1203 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1204 function __promisify__(type: 'x448', options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1205 }
1206
1207 /**
1208 * Calculates and returns the signature for `data` using the given private key and
1209 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1210 * dependent upon the key type (especially Ed25519 and Ed448).
1211 *
1212 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1213 * passed to `crypto.createPrivateKey().
1214 */
1215 function sign(
1216 algorithm: string | null | undefined,
1217 data: NodeJS.ArrayBufferView,
1218 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1219 ): Buffer;
1220 function sign(
1221 algorithm: string | null | undefined,
1222 data: NodeJS.ArrayBufferView,
1223 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1224 callback: (error: Error | null, data: Buffer) => void
1225 ): void;
1226
1227 /**
1228 * Calculates and returns the signature for `data` using the given private key and
1229 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1230 * dependent upon the key type (especially Ed25519 and Ed448).
1231 *
1232 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1233 * passed to `crypto.createPublicKey()`.
1234 */
1235 function verify(
1236 algorithm: string | null | undefined,
1237 data: NodeJS.ArrayBufferView,
1238 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1239 signature: NodeJS.ArrayBufferView,
1240 ): boolean;
1241 function verify(
1242 algorithm: string | null | undefined,
1243 data: NodeJS.ArrayBufferView,
1244 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1245 signature: NodeJS.ArrayBufferView,
1246 callback: (error: Error | null, result: boolean) => void
1247 ): void;
1248
1249 /**
1250 * Computes the Diffie-Hellman secret based on a privateKey and a publicKey.
1251 * Both keys must have the same asymmetricKeyType, which must be one of
1252 * 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).
1253 */
1254 function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
1255
1256 type CipherMode = 'cbc' | 'ccm' | 'cfb' | 'ctr' | 'ecb' | 'gcm' | 'ocb' | 'ofb' | 'stream' | 'wrap' | 'xts';
1257
1258 interface CipherInfoOptions {
1259 /**
1260 * A test key length.
1261 */
1262 keyLength?: number;
1263 /**
1264 * A test IV length.
1265 */
1266 ivLength?: number;
1267 }
1268
1269 interface CipherInfo {
1270 /**
1271 * The name of the cipher.
1272 */
1273 name: string;
1274 /**
1275 * The nid of the cipher.
1276 */
1277 nid: number;
1278 /**
1279 * The block size of the cipher in bytes.
1280 * This property is omitted when mode is 'stream'.
1281 */
1282 blockSize?: number;
1283 /**
1284 * The expected or default initialization vector length in bytes.
1285 * This property is omitted if the cipher does not use an initialization vector.
1286 */
1287 ivLength?: number;
1288 /**
1289 * The expected or default key length in bytes.
1290 */
1291 keyLength: number;
1292 /**
1293 * The cipher mode.
1294 */
1295 mode: CipherMode;
1296 }
1297
1298 /**
1299 * Returns information about a given cipher.
1300 *
1301 * Some ciphers accept variable length keys and initialization vectors.
1302 * By default, the `crypto.getCipherInfo()` method will return the default
1303 * values for these ciphers. To test if a given key length or iv length
1304 * is acceptable for given cipher, use the `keyLenth` and `ivLenth` options.
1305 * If the given values are unacceptable, `undefined` will be returned.
1306 * @param nameOrNid The name or nid of the cipher to query.
1307 */
1308 function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
1309
1310 /**
1311 * HKDF is a simple key derivation function defined in RFC 5869.
1312 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1313 *
1314 * The supplied `callback` function is called with two arguments: `err` and `derivedKey`.
1315 * If an errors occurs while deriving the key, `err` will be set; otherwise `err` will be `null`.
1316 * The successfully generated `derivedKey` will be passed to the callback as an `ArrayBuffer`.
1317 * An error will be thrown if any of the input aguments specify invalid values or types.
1318 */
1319 function hkdf(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: ArrayBuffer) => any): void;
1320
1321 /**
1322 * Provides a synchronous HKDF key derivation function as defined in RFC 5869.
1323 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1324 *
1325 * The successfully generated `derivedKey` will be returned as an `ArrayBuffer`.
1326 * An error will be thrown if any of the input aguments specify invalid values or types,
1327 * or if the derived key cannot be generated.
1328 */
1329 function hkdfSync(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number): ArrayBuffer;
1330
1331 interface SecureHeapUsage {
1332 /**
1333 * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
1334 */
1335 total: number;
1336
1337 /**
1338 * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
1339 */
1340 min: number;
1341
1342 /**
1343 * The total number of bytes currently allocated from the secure heap.
1344 */
1345 used: number;
1346
1347 /**
1348 * The calculated ratio of `used` to `total` allocated bytes.
1349 */
1350 utilization: number;
1351 }
1352
1353 function secureHeapUsed(): SecureHeapUsage;
1354
1355 // TODO: X509Certificate
1356
1357 interface RandomUUIDOptions {
1358 /**
1359 * By default, to improve performance,
1360 * Node.js will pre-emptively generate and persistently cache enough
1361 * random data to generate up to 128 random UUIDs. To generate a UUID
1362 * without using the cache, set `disableEntropyCache` to `true`.
1363 *
1364 * @default `false`
1365 */
1366 disableEntropyCache?: boolean;
1367 }
1368
1369 function randomUUID(options?: RandomUUIDOptions): string;
1370
1371 interface X509CheckOptions {
1372 /**
1373 * @default 'always'
1374 */
1375 subject: 'always' | 'never';
1376
1377 /**
1378 * @default true
1379 */
1380 wildcards: boolean;
1381
1382 /**
1383 * @default true
1384 */
1385 partialWildcards: boolean;
1386
1387 /**
1388 * @default false
1389 */
1390 multiLabelWildcards: boolean;
1391
1392 /**
1393 * @default false
1394 */
1395 singleLabelSubdomains: boolean;
1396 }
1397
1398 class X509Certificate {
1399 /**
1400 * Will be `true` if this is a Certificate Authority (ca) certificate.
1401 */
1402 readonly ca: boolean;
1403
1404 /**
1405 * The SHA-1 fingerprint of this certificate.
1406 */
1407 readonly fingerprint: string;
1408
1409 /**
1410 * The SHA-256 fingerprint of this certificate.
1411 */
1412 readonly fingerprint256: string;
1413
1414 /**
1415 * The complete subject of this certificate.
1416 */
1417 readonly subject: string;
1418
1419 /**
1420 * The subject alternative name specified for this certificate.
1421 */
1422 readonly subjectAltName: string;
1423
1424 /**
1425 * The information access content of this certificate.
1426 */
1427 readonly infoAccess: string;
1428
1429 /**
1430 * An array detailing the key usages for this certificate.
1431 */
1432 readonly keyUsage: string[];
1433
1434 /**
1435 * The issuer identification included in this certificate.
1436 */
1437 readonly issuer: string;
1438
1439 /**
1440 * The issuer certificate or `undefined` if the issuer certificate is not available.
1441 */
1442 readonly issuerCertificate?: X509Certificate;
1443
1444 /**
1445 * The public key for this certificate.
1446 */
1447 readonly publicKey: KeyObject;
1448
1449 /**
1450 * A `Buffer` containing the DER encoding of this certificate.
1451 */
1452 readonly raw: Buffer;
1453
1454 /**
1455 * The serial number of this certificate.
1456 */
1457 readonly serialNumber: string;
1458
1459 /**
1460 * Returns the PEM-encoded certificate.
1461 */
1462 readonly validFrom: string;
1463
1464 /**
1465 * The date/time from which this certificate is considered valid.
1466 */
1467 readonly validTo: string;
1468
1469 constructor(buffer: BinaryLike);
1470
1471 /**
1472 * Checks whether the certificate matches the given email address.
1473 *
1474 * Returns `email` if the certificate matches,`undefined` if it does not.
1475 */
1476 checkEmail(email: string, options?: X509CheckOptions): string | undefined;
1477
1478 /**
1479 * Checks whether the certificate matches the given host name.
1480 *
1481 * Returns `name` if the certificate matches, `undefined` if it does not.
1482 */
1483 checkHost(name: string, options?: X509CheckOptions): string | undefined;
1484
1485 /**
1486 * Checks whether the certificate matches the given IP address (IPv4 or IPv6).
1487 *
1488 * Returns `ip` if the certificate matches, `undefined` if it does not.
1489 */
1490 checkIP(ip: string, options?: X509CheckOptions): string | undefined;
1491
1492 /**
1493 * Checks whether this certificate was issued by the given `otherCert`.
1494 */
1495 checkIssued(otherCert: X509Certificate): boolean;
1496
1497 /**
1498 * Checks whether this certificate was issued by the given `otherCert`.
1499 */
1500 checkPrivateKey(privateKey: KeyObject): boolean;
1501
1502 /**
1503 * There is no standard JSON encoding for X509 certificates. The
1504 * `toJSON()` method returns a string containing the PEM encoded
1505 * certificate.
1506 */
1507 toJSON(): string;
1508
1509 /**
1510 * Returns information about this certificate using the legacy certificate object encoding.
1511 */
1512 toLegacyObject(): PeerCertificate;
1513
1514 /**
1515 * Returns the PEM-encoded certificate.
1516 */
1517 toString(): string;
1518
1519 /**
1520 * Verifies that this certificate was signed by the given public key.
1521 * Does not perform any other validation checks on the certificate.
1522 */
1523 verify(publicKey: KeyObject): boolean;
1524 }
1525
1526 type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
1527
1528 interface GeneratePrimeOptions {
1529 add?: LargeNumberLike;
1530 rem?: LargeNumberLike;
1531 /**
1532 * @default false
1533 */
1534 safe?: boolean;
1535 bigint?: boolean;
1536 }
1537
1538 interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
1539 bigint: true;
1540 }
1541
1542 interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
1543 bigint?: false;
1544 }
1545
1546 function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1547 function generatePrime(size: number, options: GeneratePrimeOptionsBigInt, callback: (err: Error | null, prime: bigint) => void): void;
1548 function generatePrime(size: number, options: GeneratePrimeOptionsArrayBuffer, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1549 function generatePrime(size: number, options: GeneratePrimeOptions, callback: (err: Error | null, prime: ArrayBuffer | bigint) => void): void;
1550
1551 function generatePrimeSync(size: number): ArrayBuffer;
1552 function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
1553 function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
1554 function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
1555
1556 interface CheckPrimeOptions {
1557 /**
1558 * The number of Miller-Rabin probabilistic primality iterations to perform.
1559 * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most 2-64 for random input.
1560 * Care must be used when selecting a number of checks.
1561 * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
1562 *
1563 * @default 0
1564 */
1565 checks?: number;
1566 }
1567
1568 /**
1569 * Checks the primality of the candidate.
1570 */
1571 function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
1572 function checkPrime(value: LargeNumberLike, options: CheckPrimeOptions, callback: (err: Error | null, result: boolean) => void): void;
1573
1574 /**
1575 * Checks the primality of the candidate.
1576 */
1577 function checkPrimeSync(value: LargeNumberLike, options?: CheckPrimeOptions): boolean;
1578}