UNPKG

57.9 kBTypeScriptView Raw
1declare module 'crypto' {
2 import * as stream from 'stream';
3 import { PeerCertificate } from 'tls';
4
5 interface Certificate {
6 /**
7 * @deprecated
8 * @param spkac
9 * @returns The challenge component of the `spkac` data structure,
10 * which includes a public key and a challenge.
11 */
12 exportChallenge(spkac: BinaryLike): Buffer;
13 /**
14 * @deprecated
15 * @param spkac
16 * @param encoding The encoding of the spkac string.
17 * @returns The public key component of the `spkac` data structure,
18 * which includes a public key and a challenge.
19 */
20 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
21 /**
22 * @deprecated
23 * @param spkac
24 * @returns `true` if the given `spkac` data structure is valid,
25 * `false` otherwise.
26 */
27 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
28 }
29 const Certificate: Certificate & {
30 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
31 new(): Certificate;
32 /** @deprecated since v14.9.0 - Use static methods of `crypto.Certificate` instead. */
33 (): Certificate;
34
35 /**
36 * @param spkac
37 * @returns The challenge component of the `spkac` data structure,
38 * which includes a public key and a challenge.
39 */
40 exportChallenge(spkac: BinaryLike): Buffer;
41 /**
42 * @param spkac
43 * @param encoding The encoding of the spkac string.
44 * @returns The public key component of the `spkac` data structure,
45 * which includes a public key and a challenge.
46 */
47 exportPublicKey(spkac: BinaryLike, encoding?: string): Buffer;
48 /**
49 * @param spkac
50 * @returns `true` if the given `spkac` data structure is valid,
51 * `false` otherwise.
52 */
53 verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
54 };
55
56 namespace constants {
57 // https://nodejs.org/dist/latest-v10.x/docs/api/crypto.html#crypto_crypto_constants
58 const OPENSSL_VERSION_NUMBER: number;
59
60 /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
61 const SSL_OP_ALL: number;
62 /** Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
63 const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
64 /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
65 const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
66 /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
67 const SSL_OP_CISCO_ANYCONNECT: number;
68 /** Instructs OpenSSL to turn on cookie exchange. */
69 const SSL_OP_COOKIE_EXCHANGE: number;
70 /** Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. */
71 const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
72 /** Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. */
73 const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
74 /** Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations. */
75 const SSL_OP_EPHEMERAL_RSA: number;
76 /** Allows initial connection to servers that do not support RI. */
77 const SSL_OP_LEGACY_SERVER_CONNECT: number;
78 const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: number;
79 const SSL_OP_MICROSOFT_SESS_ID_BUG: number;
80 /** Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation. */
81 const SSL_OP_MSIE_SSLV2_RSA_PADDING: number;
82 const SSL_OP_NETSCAPE_CA_DN_BUG: number;
83 const SSL_OP_NETSCAPE_CHALLENGE_BUG: number;
84 const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: number;
85 const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: number;
86 /** Instructs OpenSSL to disable support for SSL/TLS compression. */
87 const SSL_OP_NO_COMPRESSION: number;
88 const SSL_OP_NO_QUERY_MTU: number;
89 /** Instructs OpenSSL to always start a new session when performing renegotiation. */
90 const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
91 const SSL_OP_NO_SSLv2: number;
92 const SSL_OP_NO_SSLv3: number;
93 const SSL_OP_NO_TICKET: number;
94 const SSL_OP_NO_TLSv1: number;
95 const SSL_OP_NO_TLSv1_1: number;
96 const SSL_OP_NO_TLSv1_2: number;
97 const SSL_OP_PKCS1_CHECK_1: number;
98 const SSL_OP_PKCS1_CHECK_2: number;
99 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters. */
100 const SSL_OP_SINGLE_DH_USE: number;
101 /** Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters. */
102 const SSL_OP_SINGLE_ECDH_USE: number;
103 const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: number;
104 const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: number;
105 const SSL_OP_TLS_BLOCK_PADDING_BUG: number;
106 const SSL_OP_TLS_D5_BUG: number;
107 /** Instructs OpenSSL to disable version rollback attack detection. */
108 const SSL_OP_TLS_ROLLBACK_BUG: number;
109
110 const ENGINE_METHOD_RSA: number;
111 const ENGINE_METHOD_DSA: number;
112 const ENGINE_METHOD_DH: number;
113 const ENGINE_METHOD_RAND: number;
114 const ENGINE_METHOD_EC: number;
115 const ENGINE_METHOD_CIPHERS: number;
116 const ENGINE_METHOD_DIGESTS: number;
117 const ENGINE_METHOD_PKEY_METHS: number;
118 const ENGINE_METHOD_PKEY_ASN1_METHS: number;
119 const ENGINE_METHOD_ALL: number;
120 const ENGINE_METHOD_NONE: number;
121
122 const DH_CHECK_P_NOT_SAFE_PRIME: number;
123 const DH_CHECK_P_NOT_PRIME: number;
124 const DH_UNABLE_TO_CHECK_GENERATOR: number;
125 const DH_NOT_SUITABLE_GENERATOR: number;
126
127 const ALPN_ENABLED: number;
128
129 const RSA_PKCS1_PADDING: number;
130 const RSA_SSLV23_PADDING: number;
131 const RSA_NO_PADDING: number;
132 const RSA_PKCS1_OAEP_PADDING: number;
133 const RSA_X931_PADDING: number;
134 const RSA_PKCS1_PSS_PADDING: number;
135 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying. */
136 const RSA_PSS_SALTLEN_DIGEST: number;
137 /** Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data. */
138 const RSA_PSS_SALTLEN_MAX_SIGN: number;
139 /** Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature. */
140 const RSA_PSS_SALTLEN_AUTO: number;
141
142 const POINT_CONVERSION_COMPRESSED: number;
143 const POINT_CONVERSION_UNCOMPRESSED: number;
144 const POINT_CONVERSION_HYBRID: number;
145
146 /** Specifies the built-in default cipher list used by Node.js (colon-separated values). */
147 const defaultCoreCipherList: string;
148 /** Specifies the active default cipher list used by the current Node.js process (colon-separated values). */
149 const defaultCipherList: string;
150 }
151
152 interface HashOptions extends stream.TransformOptions {
153 /**
154 * For XOF hash functions such as `shake256`, the
155 * outputLength option can be used to specify the desired output length in bytes.
156 */
157 outputLength?: number;
158 }
159
160 /** @deprecated since v10.0.0 */
161 const fips: boolean;
162
163 function createHash(algorithm: string, options?: HashOptions): Hash;
164 function createHmac(algorithm: string, key: BinaryLike | KeyObject, options?: stream.TransformOptions): Hmac;
165
166 // https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
167 type BinaryToTextEncoding = 'base64' | 'hex';
168 type CharacterEncoding = 'utf8' | 'utf-8' | 'utf16le' | 'latin1';
169 type LegacyCharacterEncoding = 'ascii' | 'binary' | 'ucs2' | 'ucs-2';
170
171 type Encoding = BinaryToTextEncoding | CharacterEncoding | LegacyCharacterEncoding;
172
173 type ECDHKeyFormat = 'compressed' | 'uncompressed' | 'hybrid';
174
175 class Hash extends stream.Transform {
176 private constructor();
177 copy(): Hash;
178 update(data: BinaryLike): Hash;
179 update(data: string, input_encoding: Encoding): Hash;
180 digest(): Buffer;
181 digest(encoding: BinaryToTextEncoding): string;
182 }
183 class Hmac extends stream.Transform {
184 private constructor();
185 update(data: BinaryLike): Hmac;
186 update(data: string, input_encoding: Encoding): Hmac;
187 digest(): Buffer;
188 digest(encoding: BinaryToTextEncoding): string;
189 }
190
191 type KeyObjectType = 'secret' | 'public' | 'private';
192
193 interface KeyExportOptions<T extends KeyFormat> {
194 type: 'pkcs1' | 'spki' | 'pkcs8' | 'sec1';
195 format: T;
196 cipher?: string;
197 passphrase?: string | Buffer;
198 }
199
200 class KeyObject {
201 private constructor();
202 asymmetricKeyType?: KeyType;
203 /**
204 * For asymmetric keys, this property represents the size of the embedded key in
205 * bytes. This property is `undefined` for symmetric keys.
206 */
207 asymmetricKeySize?: number;
208 export(options: KeyExportOptions<'pem'>): string | Buffer;
209 export(options?: KeyExportOptions<'der'>): Buffer;
210 symmetricKeySize?: number;
211 type: KeyObjectType;
212 }
213
214 type CipherCCMTypes = 'aes-128-ccm' | 'aes-192-ccm' | 'aes-256-ccm' | 'chacha20-poly1305';
215 type CipherGCMTypes = 'aes-128-gcm' | 'aes-192-gcm' | 'aes-256-gcm';
216
217 type BinaryLike = string | NodeJS.ArrayBufferView;
218
219 type CipherKey = BinaryLike | KeyObject;
220
221 interface CipherCCMOptions extends stream.TransformOptions {
222 authTagLength: number;
223 }
224 interface CipherGCMOptions extends stream.TransformOptions {
225 authTagLength?: number;
226 }
227 /** @deprecated since v10.0.0 use `createCipheriv()` */
228 function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
229 /** @deprecated since v10.0.0 use `createCipheriv()` */
230 function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
231 /** @deprecated since v10.0.0 use `createCipheriv()` */
232 function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
233
234 function createCipheriv(
235 algorithm: CipherCCMTypes,
236 key: CipherKey,
237 iv: BinaryLike | null,
238 options: CipherCCMOptions,
239 ): CipherCCM;
240 function createCipheriv(
241 algorithm: CipherGCMTypes,
242 key: CipherKey,
243 iv: BinaryLike | null,
244 options?: CipherGCMOptions,
245 ): CipherGCM;
246 function createCipheriv(
247 algorithm: string,
248 key: CipherKey,
249 iv: BinaryLike | null,
250 options?: stream.TransformOptions,
251 ): Cipher;
252
253 class Cipher extends stream.Transform {
254 private constructor();
255 update(data: BinaryLike): Buffer;
256 update(data: string, input_encoding: Encoding): Buffer;
257 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
258 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
259 final(): Buffer;
260 final(output_encoding: BufferEncoding): string;
261 setAutoPadding(auto_padding?: boolean): this;
262 // getAuthTag(): Buffer;
263 // setAAD(buffer: NodeJS.ArrayBufferView): this;
264 }
265 interface CipherCCM extends Cipher {
266 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
267 getAuthTag(): Buffer;
268 }
269 interface CipherGCM extends Cipher {
270 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
271 getAuthTag(): Buffer;
272 }
273 /** @deprecated since v10.0.0 use `createDecipheriv()` */
274 function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
275 /** @deprecated since v10.0.0 use `createDecipheriv()` */
276 function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
277 /** @deprecated since v10.0.0 use `createDecipheriv()` */
278 function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
279
280 function createDecipheriv(
281 algorithm: CipherCCMTypes,
282 key: CipherKey,
283 iv: BinaryLike | null,
284 options: CipherCCMOptions,
285 ): DecipherCCM;
286 function createDecipheriv(
287 algorithm: CipherGCMTypes,
288 key: CipherKey,
289 iv: BinaryLike | null,
290 options?: CipherGCMOptions,
291 ): DecipherGCM;
292 function createDecipheriv(
293 algorithm: string,
294 key: CipherKey,
295 iv: BinaryLike | null,
296 options?: stream.TransformOptions,
297 ): Decipher;
298
299 class Decipher extends stream.Transform {
300 private constructor();
301 update(data: NodeJS.ArrayBufferView): Buffer;
302 update(data: string, input_encoding: Encoding): Buffer;
303 update(data: NodeJS.ArrayBufferView, input_encoding: undefined, output_encoding: Encoding): string;
304 update(data: string, input_encoding: Encoding | undefined, output_encoding: Encoding): string;
305 final(): Buffer;
306 final(output_encoding: BufferEncoding): string;
307 setAutoPadding(auto_padding?: boolean): this;
308 // setAuthTag(tag: NodeJS.ArrayBufferView): this;
309 // setAAD(buffer: NodeJS.ArrayBufferView): this;
310 }
311 interface DecipherCCM extends Decipher {
312 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
313 setAAD(buffer: NodeJS.ArrayBufferView, options: { plaintextLength: number }): this;
314 }
315 interface DecipherGCM extends Decipher {
316 setAuthTag(buffer: NodeJS.ArrayBufferView): this;
317 setAAD(buffer: NodeJS.ArrayBufferView, options?: { plaintextLength: number }): this;
318 }
319
320 interface PrivateKeyInput {
321 key: string | Buffer;
322 format?: KeyFormat;
323 type?: 'pkcs1' | 'pkcs8' | 'sec1';
324 passphrase?: string | Buffer;
325 }
326
327 interface PublicKeyInput {
328 key: string | Buffer;
329 format?: KeyFormat;
330 type?: 'pkcs1' | 'spki';
331 }
332
333 function createPrivateKey(key: PrivateKeyInput | string | Buffer): KeyObject;
334 function createPublicKey(key: PublicKeyInput | string | Buffer | KeyObject): KeyObject;
335 function createSecretKey(key: NodeJS.ArrayBufferView): KeyObject;
336
337 function createSign(algorithm: string, options?: stream.WritableOptions): Signer;
338
339 type DSAEncoding = 'der' | 'ieee-p1363';
340
341 interface SigningOptions {
342 /**
343 * @See crypto.constants.RSA_PKCS1_PADDING
344 */
345 padding?: number;
346 saltLength?: number;
347 dsaEncoding?: DSAEncoding;
348 }
349
350 interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions { }
351 interface SignKeyObjectInput extends SigningOptions {
352 key: KeyObject;
353 }
354 interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions { }
355 interface VerifyKeyObjectInput extends SigningOptions {
356 key: KeyObject;
357 }
358
359 type KeyLike = string | Buffer | KeyObject;
360
361 class Signer extends stream.Writable {
362 private constructor();
363
364 update(data: BinaryLike): Signer;
365 update(data: string, input_encoding: Encoding): Signer;
366 sign(private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
367 sign(
368 private_key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
369 output_format: BinaryToTextEncoding,
370 ): string;
371 }
372
373 function createVerify(algorithm: string, options?: stream.WritableOptions): Verify;
374 class Verify extends stream.Writable {
375 private constructor();
376
377 update(data: BinaryLike): Verify;
378 update(data: string, input_encoding: Encoding): Verify;
379 verify(
380 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
381 signature: NodeJS.ArrayBufferView,
382 ): boolean;
383 verify(
384 object: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
385 signature: string,
386 signature_format?: BinaryToTextEncoding,
387 ): boolean;
388 // https://nodejs.org/api/crypto.html#crypto_verifier_verify_object_signature_signature_format
389 // The signature field accepts a TypedArray type, but it is only available starting ES2017
390 }
391 function createDiffieHellman(prime_length: number, generator?: number | NodeJS.ArrayBufferView): DiffieHellman;
392 function createDiffieHellman(prime: NodeJS.ArrayBufferView): DiffieHellman;
393 function createDiffieHellman(prime: string, prime_encoding: BinaryToTextEncoding): DiffieHellman;
394 function createDiffieHellman(
395 prime: string,
396 prime_encoding: BinaryToTextEncoding,
397 generator: number | NodeJS.ArrayBufferView,
398 ): DiffieHellman;
399 function createDiffieHellman(
400 prime: string,
401 prime_encoding: BinaryToTextEncoding,
402 generator: string,
403 generator_encoding: BinaryToTextEncoding,
404 ): DiffieHellman;
405 class DiffieHellman {
406 private constructor();
407 generateKeys(): Buffer;
408 generateKeys(encoding: BinaryToTextEncoding): string;
409 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
410 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
411 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
412 computeSecret(
413 other_public_key: string,
414 input_encoding: BinaryToTextEncoding,
415 output_encoding: BinaryToTextEncoding,
416 ): string;
417 getPrime(): Buffer;
418 getPrime(encoding: BinaryToTextEncoding): string;
419 getGenerator(): Buffer;
420 getGenerator(encoding: BinaryToTextEncoding): string;
421 getPublicKey(): Buffer;
422 getPublicKey(encoding: BinaryToTextEncoding): string;
423 getPrivateKey(): Buffer;
424 getPrivateKey(encoding: BinaryToTextEncoding): string;
425 setPublicKey(public_key: NodeJS.ArrayBufferView): void;
426 setPublicKey(public_key: string, encoding: BufferEncoding): void;
427 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
428 setPrivateKey(private_key: string, encoding: BufferEncoding): void;
429 verifyError: number;
430 }
431 function getDiffieHellman(group_name: string): DiffieHellman;
432 function pbkdf2(
433 password: BinaryLike,
434 salt: BinaryLike,
435 iterations: number,
436 keylen: number,
437 digest: string,
438 callback: (err: Error | null, derivedKey: Buffer) => any,
439 ): void;
440 function pbkdf2Sync(
441 password: BinaryLike,
442 salt: BinaryLike,
443 iterations: number,
444 keylen: number,
445 digest: string,
446 ): Buffer;
447
448 function randomBytes(size: number): Buffer;
449 function randomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
450 function pseudoRandomBytes(size: number): Buffer;
451 function pseudoRandomBytes(size: number, callback: (err: Error | null, buf: Buffer) => void): void;
452
453 function randomInt(max: number): number;
454 function randomInt(min: number, max: number): number;
455 function randomInt(max: number, callback: (err: Error | null, value: number) => void): void;
456 function randomInt(min: number, max: number, callback: (err: Error | null, value: number) => void): void;
457
458 function randomFillSync<T extends NodeJS.ArrayBufferView>(buffer: T, offset?: number, size?: number): T;
459 function randomFill<T extends NodeJS.ArrayBufferView>(
460 buffer: T,
461 callback: (err: Error | null, buf: T) => void,
462 ): void;
463 function randomFill<T extends NodeJS.ArrayBufferView>(
464 buffer: T,
465 offset: number,
466 callback: (err: Error | null, buf: T) => void,
467 ): void;
468 function randomFill<T extends NodeJS.ArrayBufferView>(
469 buffer: T,
470 offset: number,
471 size: number,
472 callback: (err: Error | null, buf: T) => void,
473 ): void;
474
475 interface ScryptOptions {
476 cost?: number;
477 blockSize?: number;
478 parallelization?: number;
479 N?: number;
480 r?: number;
481 p?: number;
482 maxmem?: number;
483 }
484 function scrypt(
485 password: BinaryLike,
486 salt: BinaryLike,
487 keylen: number,
488 callback: (err: Error | null, derivedKey: Buffer) => void,
489 ): void;
490 function scrypt(
491 password: BinaryLike,
492 salt: BinaryLike,
493 keylen: number,
494 options: ScryptOptions,
495 callback: (err: Error | null, derivedKey: Buffer) => void,
496 ): void;
497 function scryptSync(password: BinaryLike, salt: BinaryLike, keylen: number, options?: ScryptOptions): Buffer;
498
499 interface RsaPublicKey {
500 key: KeyLike;
501 padding?: number;
502 }
503 interface RsaPrivateKey {
504 key: KeyLike;
505 passphrase?: string;
506 /**
507 * @default 'sha1'
508 */
509 oaepHash?: string;
510 oaepLabel?: NodeJS.TypedArray;
511 padding?: number;
512 }
513 function publicEncrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
514 function publicDecrypt(key: RsaPublicKey | RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
515 function privateDecrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
516 function privateEncrypt(private_key: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
517 function getCiphers(): string[];
518 function getCurves(): string[];
519 function getFips(): 1 | 0;
520 function getHashes(): string[];
521 class ECDH {
522 private constructor();
523 static convertKey(
524 key: BinaryLike,
525 curve: string,
526 inputEncoding?: BinaryToTextEncoding,
527 outputEncoding?: 'latin1' | 'hex' | 'base64',
528 format?: 'uncompressed' | 'compressed' | 'hybrid',
529 ): Buffer | string;
530 generateKeys(): Buffer;
531 generateKeys(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
532 computeSecret(other_public_key: NodeJS.ArrayBufferView): Buffer;
533 computeSecret(other_public_key: string, input_encoding: BinaryToTextEncoding): Buffer;
534 computeSecret(other_public_key: NodeJS.ArrayBufferView, output_encoding: BinaryToTextEncoding): string;
535 computeSecret(
536 other_public_key: string,
537 input_encoding: BinaryToTextEncoding,
538 output_encoding: BinaryToTextEncoding,
539 ): string;
540 getPrivateKey(): Buffer;
541 getPrivateKey(encoding: BinaryToTextEncoding): string;
542 getPublicKey(): Buffer;
543 getPublicKey(encoding: BinaryToTextEncoding, format?: ECDHKeyFormat): string;
544 setPrivateKey(private_key: NodeJS.ArrayBufferView): void;
545 setPrivateKey(private_key: string, encoding: BinaryToTextEncoding): void;
546 }
547 function createECDH(curve_name: string): ECDH;
548 function timingSafeEqual(a: NodeJS.ArrayBufferView, b: NodeJS.ArrayBufferView): boolean;
549 /** @deprecated since v10.0.0 */
550 const DEFAULT_ENCODING: BufferEncoding;
551
552 type KeyType = 'rsa' | 'dsa' | 'ec' | 'ed25519' | 'ed448' | 'x25519' | 'x448';
553 type KeyFormat = 'pem' | 'der';
554
555 interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
556 format: T;
557 cipher?: string;
558 passphrase?: string;
559 }
560
561 interface KeyPairKeyObjectResult {
562 publicKey: KeyObject;
563 privateKey: KeyObject;
564 }
565
566 interface ED25519KeyPairKeyObjectOptions {
567 /**
568 * No options.
569 */
570 }
571
572 interface ED448KeyPairKeyObjectOptions {
573 /**
574 * No options.
575 */
576 }
577
578 interface X25519KeyPairKeyObjectOptions {
579 /**
580 * No options.
581 */
582 }
583
584 interface X448KeyPairKeyObjectOptions {
585 /**
586 * No options.
587 */
588 }
589
590 interface ECKeyPairKeyObjectOptions {
591 /**
592 * Name of the curve to use.
593 */
594 namedCurve: string;
595 }
596
597 interface RSAKeyPairKeyObjectOptions {
598 /**
599 * Key size in bits
600 */
601 modulusLength: number;
602
603 /**
604 * @default 0x10001
605 */
606 publicExponent?: number;
607 }
608
609 interface DSAKeyPairKeyObjectOptions {
610 /**
611 * Key size in bits
612 */
613 modulusLength: number;
614
615 /**
616 * Size of q in bits
617 */
618 divisorLength: number;
619 }
620
621 interface RSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
622 /**
623 * Key size in bits
624 */
625 modulusLength: number;
626 /**
627 * @default 0x10001
628 */
629 publicExponent?: number;
630
631 publicKeyEncoding: {
632 type: 'pkcs1' | 'spki';
633 format: PubF;
634 };
635 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
636 type: 'pkcs1' | 'pkcs8';
637 };
638 }
639
640 interface DSAKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
641 /**
642 * Key size in bits
643 */
644 modulusLength: number;
645 /**
646 * Size of q in bits
647 */
648 divisorLength: number;
649
650 publicKeyEncoding: {
651 type: 'spki';
652 format: PubF;
653 };
654 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
655 type: 'pkcs8';
656 };
657 }
658
659 interface ECKeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
660 /**
661 * Name of the curve to use.
662 */
663 namedCurve: string;
664
665 publicKeyEncoding: {
666 type: 'pkcs1' | 'spki';
667 format: PubF;
668 };
669 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
670 type: 'sec1' | 'pkcs8';
671 };
672 }
673
674 interface ED25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
675 publicKeyEncoding: {
676 type: 'spki';
677 format: PubF;
678 };
679 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
680 type: 'pkcs8';
681 };
682 }
683
684 interface ED448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
685 publicKeyEncoding: {
686 type: 'spki';
687 format: PubF;
688 };
689 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
690 type: 'pkcs8';
691 };
692 }
693
694 interface X25519KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
695 publicKeyEncoding: {
696 type: 'spki';
697 format: PubF;
698 };
699 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
700 type: 'pkcs8';
701 };
702 }
703
704 interface X448KeyPairOptions<PubF extends KeyFormat, PrivF extends KeyFormat> {
705 publicKeyEncoding: {
706 type: 'spki';
707 format: PubF;
708 };
709 privateKeyEncoding: BasePrivateKeyEncodingOptions<PrivF> & {
710 type: 'pkcs8';
711 };
712 }
713
714 interface KeyPairSyncResult<T1 extends string | Buffer, T2 extends string | Buffer> {
715 publicKey: T1;
716 privateKey: T2;
717 }
718
719 function generateKeyPairSync(
720 type: 'rsa',
721 options: RSAKeyPairOptions<'pem', 'pem'>,
722 ): KeyPairSyncResult<string, string>;
723 function generateKeyPairSync(
724 type: 'rsa',
725 options: RSAKeyPairOptions<'pem', 'der'>,
726 ): KeyPairSyncResult<string, Buffer>;
727 function generateKeyPairSync(
728 type: 'rsa',
729 options: RSAKeyPairOptions<'der', 'pem'>,
730 ): KeyPairSyncResult<Buffer, string>;
731 function generateKeyPairSync(
732 type: 'rsa',
733 options: RSAKeyPairOptions<'der', 'der'>,
734 ): KeyPairSyncResult<Buffer, Buffer>;
735 function generateKeyPairSync(type: 'rsa', options: RSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
736
737 function generateKeyPairSync(
738 type: 'dsa',
739 options: DSAKeyPairOptions<'pem', 'pem'>,
740 ): KeyPairSyncResult<string, string>;
741 function generateKeyPairSync(
742 type: 'dsa',
743 options: DSAKeyPairOptions<'pem', 'der'>,
744 ): KeyPairSyncResult<string, Buffer>;
745 function generateKeyPairSync(
746 type: 'dsa',
747 options: DSAKeyPairOptions<'der', 'pem'>,
748 ): KeyPairSyncResult<Buffer, string>;
749 function generateKeyPairSync(
750 type: 'dsa',
751 options: DSAKeyPairOptions<'der', 'der'>,
752 ): KeyPairSyncResult<Buffer, Buffer>;
753 function generateKeyPairSync(type: 'dsa', options: DSAKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
754
755 function generateKeyPairSync(
756 type: 'ec',
757 options: ECKeyPairOptions<'pem', 'pem'>,
758 ): KeyPairSyncResult<string, string>;
759 function generateKeyPairSync(
760 type: 'ec',
761 options: ECKeyPairOptions<'pem', 'der'>,
762 ): KeyPairSyncResult<string, Buffer>;
763 function generateKeyPairSync(
764 type: 'ec',
765 options: ECKeyPairOptions<'der', 'pem'>,
766 ): KeyPairSyncResult<Buffer, string>;
767 function generateKeyPairSync(
768 type: 'ec',
769 options: ECKeyPairOptions<'der', 'der'>,
770 ): KeyPairSyncResult<Buffer, Buffer>;
771 function generateKeyPairSync(type: 'ec', options: ECKeyPairKeyObjectOptions): KeyPairKeyObjectResult;
772
773 function generateKeyPairSync(
774 type: 'ed25519',
775 options: ED25519KeyPairOptions<'pem', 'pem'>,
776 ): KeyPairSyncResult<string, string>;
777 function generateKeyPairSync(
778 type: 'ed25519',
779 options: ED25519KeyPairOptions<'pem', 'der'>,
780 ): KeyPairSyncResult<string, Buffer>;
781 function generateKeyPairSync(
782 type: 'ed25519',
783 options: ED25519KeyPairOptions<'der', 'pem'>,
784 ): KeyPairSyncResult<Buffer, string>;
785 function generateKeyPairSync(
786 type: 'ed25519',
787 options: ED25519KeyPairOptions<'der', 'der'>,
788 ): KeyPairSyncResult<Buffer, Buffer>;
789 function generateKeyPairSync(type: 'ed25519', options?: ED25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
790
791 function generateKeyPairSync(
792 type: 'ed448',
793 options: ED448KeyPairOptions<'pem', 'pem'>,
794 ): KeyPairSyncResult<string, string>;
795 function generateKeyPairSync(
796 type: 'ed448',
797 options: ED448KeyPairOptions<'pem', 'der'>,
798 ): KeyPairSyncResult<string, Buffer>;
799 function generateKeyPairSync(
800 type: 'ed448',
801 options: ED448KeyPairOptions<'der', 'pem'>,
802 ): KeyPairSyncResult<Buffer, string>;
803 function generateKeyPairSync(
804 type: 'ed448',
805 options: ED448KeyPairOptions<'der', 'der'>,
806 ): KeyPairSyncResult<Buffer, Buffer>;
807 function generateKeyPairSync(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
808
809 function generateKeyPairSync(
810 type: 'x25519',
811 options: X25519KeyPairOptions<'pem', 'pem'>,
812 ): KeyPairSyncResult<string, string>;
813 function generateKeyPairSync(
814 type: 'x25519',
815 options: X25519KeyPairOptions<'pem', 'der'>,
816 ): KeyPairSyncResult<string, Buffer>;
817 function generateKeyPairSync(
818 type: 'x25519',
819 options: X25519KeyPairOptions<'der', 'pem'>,
820 ): KeyPairSyncResult<Buffer, string>;
821 function generateKeyPairSync(
822 type: 'x25519',
823 options: X25519KeyPairOptions<'der', 'der'>,
824 ): KeyPairSyncResult<Buffer, Buffer>;
825 function generateKeyPairSync(type: 'x25519', options?: X25519KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
826
827 function generateKeyPairSync(
828 type: 'x448',
829 options: X448KeyPairOptions<'pem', 'pem'>,
830 ): KeyPairSyncResult<string, string>;
831 function generateKeyPairSync(
832 type: 'x448',
833 options: X448KeyPairOptions<'pem', 'der'>,
834 ): KeyPairSyncResult<string, Buffer>;
835 function generateKeyPairSync(
836 type: 'x448',
837 options: X448KeyPairOptions<'der', 'pem'>,
838 ): KeyPairSyncResult<Buffer, string>;
839 function generateKeyPairSync(
840 type: 'x448',
841 options: X448KeyPairOptions<'der', 'der'>,
842 ): KeyPairSyncResult<Buffer, Buffer>;
843 function generateKeyPairSync(type: 'x448', options?: X448KeyPairKeyObjectOptions): KeyPairKeyObjectResult;
844
845 function generateKeyPair(
846 type: 'rsa',
847 options: RSAKeyPairOptions<'pem', 'pem'>,
848 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
849 ): void;
850 function generateKeyPair(
851 type: 'rsa',
852 options: RSAKeyPairOptions<'pem', 'der'>,
853 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
854 ): void;
855 function generateKeyPair(
856 type: 'rsa',
857 options: RSAKeyPairOptions<'der', 'pem'>,
858 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
859 ): void;
860 function generateKeyPair(
861 type: 'rsa',
862 options: RSAKeyPairOptions<'der', 'der'>,
863 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
864 ): void;
865 function generateKeyPair(
866 type: 'rsa',
867 options: RSAKeyPairKeyObjectOptions,
868 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
869 ): void;
870
871 function generateKeyPair(
872 type: 'dsa',
873 options: DSAKeyPairOptions<'pem', 'pem'>,
874 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
875 ): void;
876 function generateKeyPair(
877 type: 'dsa',
878 options: DSAKeyPairOptions<'pem', 'der'>,
879 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
880 ): void;
881 function generateKeyPair(
882 type: 'dsa',
883 options: DSAKeyPairOptions<'der', 'pem'>,
884 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
885 ): void;
886 function generateKeyPair(
887 type: 'dsa',
888 options: DSAKeyPairOptions<'der', 'der'>,
889 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
890 ): void;
891 function generateKeyPair(
892 type: 'dsa',
893 options: DSAKeyPairKeyObjectOptions,
894 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
895 ): void;
896
897 function generateKeyPair(
898 type: 'ec',
899 options: ECKeyPairOptions<'pem', 'pem'>,
900 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
901 ): void;
902 function generateKeyPair(
903 type: 'ec',
904 options: ECKeyPairOptions<'pem', 'der'>,
905 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
906 ): void;
907 function generateKeyPair(
908 type: 'ec',
909 options: ECKeyPairOptions<'der', 'pem'>,
910 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
911 ): void;
912 function generateKeyPair(
913 type: 'ec',
914 options: ECKeyPairOptions<'der', 'der'>,
915 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
916 ): void;
917 function generateKeyPair(
918 type: 'ec',
919 options: ECKeyPairKeyObjectOptions,
920 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
921 ): void;
922
923 function generateKeyPair(
924 type: 'ed25519',
925 options: ED25519KeyPairOptions<'pem', 'pem'>,
926 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
927 ): void;
928 function generateKeyPair(
929 type: 'ed25519',
930 options: ED25519KeyPairOptions<'pem', 'der'>,
931 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
932 ): void;
933 function generateKeyPair(
934 type: 'ed25519',
935 options: ED25519KeyPairOptions<'der', 'pem'>,
936 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
937 ): void;
938 function generateKeyPair(
939 type: 'ed25519',
940 options: ED25519KeyPairOptions<'der', 'der'>,
941 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
942 ): void;
943 function generateKeyPair(
944 type: 'ed25519',
945 options: ED25519KeyPairKeyObjectOptions | undefined,
946 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
947 ): void;
948
949 function generateKeyPair(
950 type: 'ed448',
951 options: ED448KeyPairOptions<'pem', 'pem'>,
952 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
953 ): void;
954 function generateKeyPair(
955 type: 'ed448',
956 options: ED448KeyPairOptions<'pem', 'der'>,
957 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
958 ): void;
959 function generateKeyPair(
960 type: 'ed448',
961 options: ED448KeyPairOptions<'der', 'pem'>,
962 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
963 ): void;
964 function generateKeyPair(
965 type: 'ed448',
966 options: ED448KeyPairOptions<'der', 'der'>,
967 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
968 ): void;
969 function generateKeyPair(
970 type: 'ed448',
971 options: ED448KeyPairKeyObjectOptions | undefined,
972 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
973 ): void;
974
975 function generateKeyPair(
976 type: 'x25519',
977 options: X25519KeyPairOptions<'pem', 'pem'>,
978 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
979 ): void;
980 function generateKeyPair(
981 type: 'x25519',
982 options: X25519KeyPairOptions<'pem', 'der'>,
983 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
984 ): void;
985 function generateKeyPair(
986 type: 'x25519',
987 options: X25519KeyPairOptions<'der', 'pem'>,
988 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
989 ): void;
990 function generateKeyPair(
991 type: 'x25519',
992 options: X25519KeyPairOptions<'der', 'der'>,
993 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
994 ): void;
995 function generateKeyPair(
996 type: 'x25519',
997 options: X25519KeyPairKeyObjectOptions | undefined,
998 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
999 ): void;
1000
1001 function generateKeyPair(
1002 type: 'x448',
1003 options: X448KeyPairOptions<'pem', 'pem'>,
1004 callback: (err: Error | null, publicKey: string, privateKey: string) => void,
1005 ): void;
1006 function generateKeyPair(
1007 type: 'x448',
1008 options: X448KeyPairOptions<'pem', 'der'>,
1009 callback: (err: Error | null, publicKey: string, privateKey: Buffer) => void,
1010 ): void;
1011 function generateKeyPair(
1012 type: 'x448',
1013 options: X448KeyPairOptions<'der', 'pem'>,
1014 callback: (err: Error | null, publicKey: Buffer, privateKey: string) => void,
1015 ): void;
1016 function generateKeyPair(
1017 type: 'x448',
1018 options: X448KeyPairOptions<'der', 'der'>,
1019 callback: (err: Error | null, publicKey: Buffer, privateKey: Buffer) => void,
1020 ): void;
1021 function generateKeyPair(
1022 type: 'x448',
1023 options: X448KeyPairKeyObjectOptions | undefined,
1024 callback: (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => void,
1025 ): void;
1026
1027 namespace generateKeyPair {
1028 function __promisify__(
1029 type: 'rsa',
1030 options: RSAKeyPairOptions<'pem', 'pem'>,
1031 ): Promise<{ publicKey: string; privateKey: string }>;
1032 function __promisify__(
1033 type: 'rsa',
1034 options: RSAKeyPairOptions<'pem', 'der'>,
1035 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1036 function __promisify__(
1037 type: 'rsa',
1038 options: RSAKeyPairOptions<'der', 'pem'>,
1039 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1040 function __promisify__(
1041 type: 'rsa',
1042 options: RSAKeyPairOptions<'der', 'der'>,
1043 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1044 function __promisify__(type: 'rsa', options: RSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1045
1046 function __promisify__(
1047 type: 'dsa',
1048 options: DSAKeyPairOptions<'pem', 'pem'>,
1049 ): Promise<{ publicKey: string; privateKey: string }>;
1050 function __promisify__(
1051 type: 'dsa',
1052 options: DSAKeyPairOptions<'pem', 'der'>,
1053 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1054 function __promisify__(
1055 type: 'dsa',
1056 options: DSAKeyPairOptions<'der', 'pem'>,
1057 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1058 function __promisify__(
1059 type: 'dsa',
1060 options: DSAKeyPairOptions<'der', 'der'>,
1061 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1062 function __promisify__(type: 'dsa', options: DSAKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1063
1064 function __promisify__(
1065 type: 'ec',
1066 options: ECKeyPairOptions<'pem', 'pem'>,
1067 ): Promise<{ publicKey: string; privateKey: string }>;
1068 function __promisify__(
1069 type: 'ec',
1070 options: ECKeyPairOptions<'pem', 'der'>,
1071 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1072 function __promisify__(
1073 type: 'ec',
1074 options: ECKeyPairOptions<'der', 'pem'>,
1075 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1076 function __promisify__(
1077 type: 'ec',
1078 options: ECKeyPairOptions<'der', 'der'>,
1079 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1080 function __promisify__(type: 'ec', options: ECKeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1081
1082 function __promisify__(
1083 type: 'ed25519',
1084 options: ED25519KeyPairOptions<'pem', 'pem'>,
1085 ): Promise<{ publicKey: string; privateKey: string }>;
1086 function __promisify__(
1087 type: 'ed25519',
1088 options: ED25519KeyPairOptions<'pem', 'der'>,
1089 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1090 function __promisify__(
1091 type: 'ed25519',
1092 options: ED25519KeyPairOptions<'der', 'pem'>,
1093 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1094 function __promisify__(
1095 type: 'ed25519',
1096 options: ED25519KeyPairOptions<'der', 'der'>,
1097 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1098 function __promisify__(
1099 type: 'ed25519',
1100 options?: ED25519KeyPairKeyObjectOptions,
1101 ): Promise<KeyPairKeyObjectResult>;
1102
1103 function __promisify__(
1104 type: 'ed448',
1105 options: ED448KeyPairOptions<'pem', 'pem'>,
1106 ): Promise<{ publicKey: string; privateKey: string }>;
1107 function __promisify__(
1108 type: 'ed448',
1109 options: ED448KeyPairOptions<'pem', 'der'>,
1110 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1111 function __promisify__(
1112 type: 'ed448',
1113 options: ED448KeyPairOptions<'der', 'pem'>,
1114 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1115 function __promisify__(
1116 type: 'ed448',
1117 options: ED448KeyPairOptions<'der', 'der'>,
1118 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1119 function __promisify__(type: 'ed448', options?: ED448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1120
1121 function __promisify__(
1122 type: 'x25519',
1123 options: X25519KeyPairOptions<'pem', 'pem'>,
1124 ): Promise<{ publicKey: string; privateKey: string }>;
1125 function __promisify__(
1126 type: 'x25519',
1127 options: X25519KeyPairOptions<'pem', 'der'>,
1128 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1129 function __promisify__(
1130 type: 'x25519',
1131 options: X25519KeyPairOptions<'der', 'pem'>,
1132 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1133 function __promisify__(
1134 type: 'x25519',
1135 options: X25519KeyPairOptions<'der', 'der'>,
1136 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1137 function __promisify__(
1138 type: 'x25519',
1139 options?: X25519KeyPairKeyObjectOptions,
1140 ): Promise<KeyPairKeyObjectResult>;
1141
1142 function __promisify__(
1143 type: 'x448',
1144 options: X448KeyPairOptions<'pem', 'pem'>,
1145 ): Promise<{ publicKey: string; privateKey: string }>;
1146 function __promisify__(
1147 type: 'x448',
1148 options: X448KeyPairOptions<'pem', 'der'>,
1149 ): Promise<{ publicKey: string; privateKey: Buffer }>;
1150 function __promisify__(
1151 type: 'x448',
1152 options: X448KeyPairOptions<'der', 'pem'>,
1153 ): Promise<{ publicKey: Buffer; privateKey: string }>;
1154 function __promisify__(
1155 type: 'x448',
1156 options: X448KeyPairOptions<'der', 'der'>,
1157 ): Promise<{ publicKey: Buffer; privateKey: Buffer }>;
1158 function __promisify__(type: 'x448', options?: X448KeyPairKeyObjectOptions): Promise<KeyPairKeyObjectResult>;
1159 }
1160
1161 /**
1162 * Calculates and returns the signature for `data` using the given private key and
1163 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1164 * dependent upon the key type (especially Ed25519 and Ed448).
1165 *
1166 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1167 * passed to `crypto.createPrivateKey().
1168 */
1169 function sign(
1170 algorithm: string | null | undefined,
1171 data: NodeJS.ArrayBufferView,
1172 key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
1173 ): Buffer;
1174
1175 /**
1176 * Calculates and returns the signature for `data` using the given private key and
1177 * algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is
1178 * dependent upon the key type (especially Ed25519 and Ed448).
1179 *
1180 * If `key` is not a `KeyObject`, this function behaves as if `key` had been
1181 * passed to `crypto.createPublicKey()`.
1182 */
1183 function verify(
1184 algorithm: string | null | undefined,
1185 data: NodeJS.ArrayBufferView,
1186 key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
1187 signature: NodeJS.ArrayBufferView,
1188 ): boolean;
1189
1190 /**
1191 * Computes the Diffie-Hellman secret based on a privateKey and a publicKey.
1192 * Both keys must have the same asymmetricKeyType, which must be one of
1193 * 'dh' (for Diffie-Hellman), 'ec' (for ECDH), 'x448', or 'x25519' (for ECDH-ES).
1194 */
1195 function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
1196
1197 type CipherMode = 'cbc' | 'ccm' | 'cfb' | 'ctr' | 'ecb' | 'gcm' | 'ocb' | 'ofb' | 'stream' | 'wrap' | 'xts';
1198
1199 interface CipherInfoOptions {
1200 /**
1201 * A test key length.
1202 */
1203 keyLength?: number;
1204 /**
1205 * A test IV length.
1206 */
1207 ivLength?: number;
1208 }
1209
1210 interface CipherInfo {
1211 /**
1212 * The name of the cipher.
1213 */
1214 name: string;
1215 /**
1216 * The nid of the cipher.
1217 */
1218 nid: number;
1219 /**
1220 * The block size of the cipher in bytes.
1221 * This property is omitted when mode is 'stream'.
1222 */
1223 blockSize?: number;
1224 /**
1225 * The expected or default initialization vector length in bytes.
1226 * This property is omitted if the cipher does not use an initialization vector.
1227 */
1228 ivLength?: number;
1229 /**
1230 * The expected or default key length in bytes.
1231 */
1232 keyLength: number;
1233 /**
1234 * The cipher mode.
1235 */
1236 mode: CipherMode;
1237 }
1238
1239 /**
1240 * Returns information about a given cipher.
1241 *
1242 * Some ciphers accept variable length keys and initialization vectors.
1243 * By default, the `crypto.getCipherInfo()` method will return the default
1244 * values for these ciphers. To test if a given key length or iv length
1245 * is acceptable for given cipher, use the `keyLenth` and `ivLenth` options.
1246 * If the given values are unacceptable, `undefined` will be returned.
1247 * @param nameOrNid The name or nid of the cipher to query.
1248 */
1249 function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
1250
1251 /**
1252 * HKDF is a simple key derivation function defined in RFC 5869.
1253 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1254 *
1255 * The supplied `callback` function is called with two arguments: `err` and `derivedKey`.
1256 * If an errors occurs while deriving the key, `err` will be set; otherwise `err` will be `null`.
1257 * The successfully generated `derivedKey` will be passed to the callback as an `ArrayBuffer`.
1258 * An error will be thrown if any of the input aguments specify invalid values or types.
1259 */
1260 function hkdf(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number, callback: (err: Error | null, derivedKey: ArrayBuffer) => any): void;
1261
1262 /**
1263 * Provides a synchronous HKDF key derivation function as defined in RFC 5869.
1264 * The given `key`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
1265 *
1266 * The successfully generated `derivedKey` will be returned as an `ArrayBuffer`.
1267 * An error will be thrown if any of the input aguments specify invalid values or types,
1268 * or if the derived key cannot be generated.
1269 */
1270 function hkdfSync(digest: string, key: BinaryLike | KeyObject, salt: BinaryLike, info: BinaryLike, keylen: number): ArrayBuffer;
1271
1272 interface SecureHeapUsage {
1273 /**
1274 * The total allocated secure heap size as specified using the `--secure-heap=n` command-line flag.
1275 */
1276 total: number;
1277
1278 /**
1279 * The minimum allocation from the secure heap as specified using the `--secure-heap-min` command-line flag.
1280 */
1281 min: number;
1282
1283 /**
1284 * The total number of bytes currently allocated from the secure heap.
1285 */
1286 used: number;
1287
1288 /**
1289 * The calculated ratio of `used` to `total` allocated bytes.
1290 */
1291 utilization: number;
1292 }
1293
1294 function secureHeapUsed(): SecureHeapUsage;
1295
1296 // TODO: X509Certificate
1297
1298 interface RandomUUIDOptions {
1299 /**
1300 * By default, to improve performance,
1301 * Node.js will pre-emptively generate and persistently cache enough
1302 * random data to generate up to 128 random UUIDs. To generate a UUID
1303 * without using the cache, set `disableEntropyCache` to `true`.
1304 *
1305 * @default `false`
1306 */
1307 disableEntropyCache?: boolean;
1308 }
1309
1310 function randomUUID(options?: RandomUUIDOptions): string;
1311
1312 interface X509CheckOptions {
1313 /**
1314 * @default 'always'
1315 */
1316 subject: 'always' | 'never';
1317
1318 /**
1319 * @default true
1320 */
1321 wildcards: boolean;
1322
1323 /**
1324 * @default true
1325 */
1326 partialWildcards: boolean;
1327
1328 /**
1329 * @default false
1330 */
1331 multiLabelWildcards: boolean;
1332
1333 /**
1334 * @default false
1335 */
1336 singleLabelSubdomains: boolean;
1337 }
1338
1339 class X509Certificate {
1340 /**
1341 * Will be `true` if this is a Certificate Authority (ca) certificate.
1342 */
1343 readonly ca: boolean;
1344
1345 /**
1346 * The SHA-1 fingerprint of this certificate.
1347 */
1348 readonly fingerprint: string;
1349
1350 /**
1351 * The SHA-256 fingerprint of this certificate.
1352 */
1353 readonly fingerprint256: string;
1354
1355 /**
1356 * The complete subject of this certificate.
1357 */
1358 readonly subject: string;
1359
1360 /**
1361 * The subject alternative name specified for this certificate.
1362 */
1363 readonly subjectAltName: string;
1364
1365 /**
1366 * The information access content of this certificate.
1367 */
1368 readonly infoAccess: string;
1369
1370 /**
1371 * An array detailing the key usages for this certificate.
1372 */
1373 readonly keyUsage: string[];
1374
1375 /**
1376 * The issuer identification included in this certificate.
1377 */
1378 readonly issuer: string;
1379
1380 /**
1381 * The issuer certificate or `undefined` if the issuer certificate is not available.
1382 */
1383 readonly issuerCertificate?: X509Certificate;
1384
1385 /**
1386 * The public key for this certificate.
1387 */
1388 readonly publicKey: KeyObject;
1389
1390 /**
1391 * A `Buffer` containing the DER encoding of this certificate.
1392 */
1393 readonly raw: Buffer;
1394
1395 /**
1396 * The serial number of this certificate.
1397 */
1398 readonly serialNumber: string;
1399
1400 /**
1401 * Returns the PEM-encoded certificate.
1402 */
1403 readonly validFrom: string;
1404
1405 /**
1406 * The date/time from which this certificate is considered valid.
1407 */
1408 readonly validTo: string;
1409
1410 constructor(buffer: BinaryLike);
1411
1412 /**
1413 * Checks whether the certificate matches the given email address.
1414 *
1415 * Returns `email` if the certificate matches,`undefined` if it does not.
1416 */
1417 checkEmail(email: string, options?: X509CheckOptions): string | undefined;
1418
1419 /**
1420 * Checks whether the certificate matches the given host name.
1421 *
1422 * Returns `name` if the certificate matches, `undefined` if it does not.
1423 */
1424 checkHost(name: string, options?: X509CheckOptions): string | undefined;
1425
1426 /**
1427 * Checks whether the certificate matches the given IP address (IPv4 or IPv6).
1428 *
1429 * Returns `ip` if the certificate matches, `undefined` if it does not.
1430 */
1431 checkIP(ip: string, options?: X509CheckOptions): string | undefined;
1432
1433 /**
1434 * Checks whether this certificate was issued by the given `otherCert`.
1435 */
1436 checkIssued(otherCert: X509Certificate): boolean;
1437
1438 /**
1439 * Checks whether this certificate was issued by the given `otherCert`.
1440 */
1441 checkPrivateKey(privateKey: KeyObject): boolean;
1442
1443 /**
1444 * There is no standard JSON encoding for X509 certificates. The
1445 * `toJSON()` method returns a string containing the PEM encoded
1446 * certificate.
1447 */
1448 toJSON(): string;
1449
1450 /**
1451 * Returns information about this certificate using the legacy certificate object encoding.
1452 */
1453 toLegacyObject(): PeerCertificate;
1454
1455 /**
1456 * Returns the PEM-encoded certificate.
1457 */
1458 toString(): string;
1459
1460 /**
1461 * Verifies that this certificate was signed by the given public key.
1462 * Does not perform any other validation checks on the certificate.
1463 */
1464 verify(publicKey: KeyObject): boolean;
1465 }
1466
1467 type LargeNumberLike = NodeJS.ArrayBufferView | SharedArrayBuffer | ArrayBuffer | bigint;
1468
1469 interface GeneratePrimeOptions {
1470 add?: LargeNumberLike;
1471 rem?: LargeNumberLike;
1472 /**
1473 * @default false
1474 */
1475 safe?: boolean;
1476 bigint?: boolean;
1477 }
1478
1479 interface GeneratePrimeOptionsBigInt extends GeneratePrimeOptions {
1480 bigint: true;
1481 }
1482
1483 interface GeneratePrimeOptionsArrayBuffer extends GeneratePrimeOptions {
1484 bigint?: false;
1485 }
1486
1487 function generatePrime(size: number, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1488 function generatePrime(size: number, options: GeneratePrimeOptionsBigInt, callback: (err: Error | null, prime: bigint) => void): void;
1489 function generatePrime(size: number, options: GeneratePrimeOptionsArrayBuffer, callback: (err: Error | null, prime: ArrayBuffer) => void): void;
1490 function generatePrime(size: number, options: GeneratePrimeOptions, callback: (err: Error | null, prime: ArrayBuffer | bigint) => void): void;
1491
1492 function generatePrimeSync(size: number): ArrayBuffer;
1493 function generatePrimeSync(size: number, options: GeneratePrimeOptionsBigInt): bigint;
1494 function generatePrimeSync(size: number, options: GeneratePrimeOptionsArrayBuffer): ArrayBuffer;
1495 function generatePrimeSync(size: number, options: GeneratePrimeOptions): ArrayBuffer | bigint;
1496
1497 interface CheckPrimeOptions {
1498 /**
1499 * The number of Miller-Rabin probabilistic primality iterations to perform.
1500 * When the value is 0 (zero), a number of checks is used that yields a false positive rate of at most 2-64 for random input.
1501 * Care must be used when selecting a number of checks.
1502 * Refer to the OpenSSL documentation for the BN_is_prime_ex function nchecks options for more details.
1503 *
1504 * @default 0
1505 */
1506 checks?: number;
1507 }
1508
1509 /**
1510 * Checks the primality of the candidate.
1511 */
1512 function checkPrime(value: LargeNumberLike, callback: (err: Error | null, result: boolean) => void): void;
1513 function checkPrime(value: LargeNumberLike, options: CheckPrimeOptions, callback: (err: Error | null, result: boolean) => void): void;
1514
1515 /**
1516 * Checks the primality of the candidate.
1517 */
1518 function checkPrimeSync(value: LargeNumberLike, options?: CheckPrimeOptions): boolean;
1519}