class Crypto

The default encoding to use for functions that can take either strings or buffers. The default value is 'buffer', which makes it default to using Buffer objects. This is here to make the crypto module more easily compatible with legacy programs that expected 'binary' to be the default encoding.

Note that new programs will probably expect buffers, so only use this as a temporary measure.

Property for checking and controlling whether a FIPS compliant crypto provider is currently in use. Setting to true requires a FIPS build of Node.js.

Creates and returns a cipher object, with the given algorithm and password.

algorithm is dependent on OpenSSL, examples are 'aes192', etc. On recent releases, openssl list-cipher-algorithms will display the available cipher algorithms.

password is used to derive key and IV, which must be a 'binary' encoded string or a buffer.

It is a stream that is both readable and writable. The written data is used to compute the hash. Once the writable side of the stream is ended, use the read method to get the computed hash digest. The legacy update and digest methods are also supported.

Creates and returns a cipher object, with the given algorithm, key and iv.

algorithm is the same as the argument to createCipher.

key is the raw key used by the algorithm.

iv is an initialization vector.

key and iv must be 'binary' encoded strings or buffers.

Creates a credentials object

Creates and returns a decipher object, with the given algorithm and key. This is the mirror of the createCipher above.

Creates and returns a decipher object, with the given algorithm, key and iv. This is the mirror of the createCipheriv above.

Creates a Diffie-Hellman key exchange object using the supplied prime or generated prime of given bit prime_length. The generator used is 2. encoding can be 'binary', 'hex', or 'base64'.

Creates a Diffie-Hellman key exchange object and generates a prime of the given bit length. The generator used is 2.

Creates an Elliptic Curve (EC) Diffie-Hellman key exchange object using a predefined curve specified by the curve_name string. Use getCurves to obtain a list of available curve names. On recent releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.

Creates and returns a hash object, a cryptographic hash with the given algorithm which can be used to generate hash digests. algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha1', 'md5', 'sha256', 'sha512', etc. On recent releases, openssl list-message-digest-algorithms will display the available digest algorithms.

Creates and returns a hmac object, a cryptographic hmac with the given algorithm and key. algorithm is dependent on the available algorithms supported by OpenSSL - see createHash above. key is the hmac key to be used.

Creates and returns a signing object, with the given algorithm. On recent OpenSSL releases, openssl list-public-key-algorithms will display the available signing algorithms. Example: 'RSA-SHA256'.

Creates and returns a verification object, with the given algorithm. This is the mirror of the signing object above.

Returns an array with the names of the supported ciphers.

Returns an array with the names of the supported elliptic curves.

Creates a predefined Diffie-Hellman key exchange object. The supported groups are: 'modp1', 'modp2', 'modp5' (defined in RFC 2412) and 'modp14', 'modp15', 'modp16', 'modp17', 'modp18' (defined in RFC 3526). The returned object mimics the interface of objects created by createDiffieHellman above, but will not allow to change the keys (with setPublicKey() for example). The advantage of using this routine is that the parties don't have to generate nor exchange group modulus beforehand, saving both processor and communication time.

Returns an array with the names of the supported hash algorithms.

Asynchronous PBKDF2 applies pseudorandom function HMAC-SHA1 to derive a key of given length from the given password, salt and iterations.

Synchronous PBKDF2 function. Returns derivedKey or throws error.

Decrypts buffer with private_key.

private_key can be an object or a string. If private_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING.

Encrypts buffer with private_key.

private_key can be an object or a string. If private_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_PADDING.

Decrypts buffer with public_key.

public_key can be an object or a string. If public_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_PADDING.

Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.

Encrypts buffer with public_key.

public_key can be an object or a string. If public_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING.

Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.

Generates cryptographically strong pseudo-random data.

If callback is specified, the function runs asynchronously, otherwise it will block and synchronously return random bytes.

NOTE: Will throw error or invoke callback with error, if there is not enough accumulated entropy to generate cryptographically strong data. In other words, randomBytes without callback will not block even if all entropy sources are drained.

Load and set engine for some/all OpenSSL functions (selected by flags).

engine could be either an id or a path to the to the engine's shared library.

flags is optional and has Constants.ENGINE_METHOD_ALL value by default. It could take one of or mix of flags prefixed with ENGINE_METHOD_ defined in Constants module.