581 lines
32 KiB
HTML
581 lines
32 KiB
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Crypto Node.js v0.8.14 Manual & Documentation</title>
|
|
<link rel="stylesheet" href="assets/style.css">
|
|
<link rel="stylesheet" href="assets/sh.css">
|
|
<link rel="canonical" href="http://nodejs.org/api/crypto.html">
|
|
</head>
|
|
<body class="alt apidoc" id="api-section-crypto">
|
|
<div id="intro" class="interior">
|
|
<a href="/" title="Go back to the home page">
|
|
<img id="logo" src="http://nodejs.org/images/logo-light.png" alt="node.js">
|
|
</a>
|
|
</div>
|
|
<div id="content" class="clearfix">
|
|
<div id="column2" class="interior">
|
|
<ul>
|
|
<li><a href="/" class="home">Home</a></li>
|
|
<li><a href="/download/" class="download">Download</a></li>
|
|
<li><a href="/about/" class="about">About</a></li>
|
|
<li><a href="http://search.npmjs.org/" class="npm">npm Registry</a></li>
|
|
<li><a href="http://nodejs.org/api/" class="docs current">Docs</a></li>
|
|
<li><a href="http://blog.nodejs.org" class="blog">Blog</a></li>
|
|
<li><a href="/community/" class="community">Community</a></li>
|
|
<li><a href="/logos/" class="logos">Logos</a></li>
|
|
<li><a href="http://jobs.nodejs.org/" class="jobs">Jobs</a></li>
|
|
</ul>
|
|
<p class="twitter"><a href="http://twitter.com/nodejs">@nodejs</a></p>
|
|
</div>
|
|
|
|
<div id="column1" class="interior">
|
|
<header>
|
|
<h1>Node.js v0.8.14 Manual & Documentation</h1>
|
|
<div id="gtoc">
|
|
<p>
|
|
<a href="index.html" name="toc">Index</a> |
|
|
<a href="all.html">View on single page</a> |
|
|
<a href="crypto.json">View as JSON</a>
|
|
</p>
|
|
</div>
|
|
<hr>
|
|
</header>
|
|
|
|
<div id="toc">
|
|
<h2>Table of Contents</h2>
|
|
<ul>
|
|
<li><a href="#crypto_crypto">Crypto</a><ul>
|
|
<li><a href="#crypto_crypto_createcredentials_details">crypto.createCredentials(details)</a></li>
|
|
<li><a href="#crypto_crypto_createhash_algorithm">crypto.createHash(algorithm)</a></li>
|
|
<li><a href="#crypto_class_hash">Class: Hash</a><ul>
|
|
<li><a href="#crypto_hash_update_data_input_encoding">hash.update(data, [input_encoding])</a></li>
|
|
<li><a href="#crypto_hash_digest_encoding">hash.digest([encoding])</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_createhmac_algorithm_key">crypto.createHmac(algorithm, key)</a></li>
|
|
<li><a href="#crypto_class_hmac">Class: Hmac</a><ul>
|
|
<li><a href="#crypto_hmac_update_data">hmac.update(data)</a></li>
|
|
<li><a href="#crypto_hmac_digest_encoding">hmac.digest([encoding])</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_createcipher_algorithm_password">crypto.createCipher(algorithm, password)</a></li>
|
|
<li><a href="#crypto_crypto_createcipheriv_algorithm_key_iv">crypto.createCipheriv(algorithm, key, iv)</a></li>
|
|
<li><a href="#crypto_class_cipher">Class: Cipher</a><ul>
|
|
<li><a href="#crypto_cipher_update_data_input_encoding_output_encoding">cipher.update(data, [input_encoding], [output_encoding])</a></li>
|
|
<li><a href="#crypto_cipher_final_output_encoding">cipher.final([output_encoding])</a></li>
|
|
<li><a href="#crypto_cipher_setautopadding_auto_padding_true">cipher.setAutoPadding(auto_padding=true)</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_createdecipher_algorithm_password">crypto.createDecipher(algorithm, password)</a></li>
|
|
<li><a href="#crypto_crypto_createdecipheriv_algorithm_key_iv">crypto.createDecipheriv(algorithm, key, iv)</a></li>
|
|
<li><a href="#crypto_class_decipher">Class: Decipher</a><ul>
|
|
<li><a href="#crypto_decipher_update_data_input_encoding_output_encoding">decipher.update(data, [input_encoding], [output_encoding])</a></li>
|
|
<li><a href="#crypto_decipher_final_output_encoding">decipher.final([output_encoding])</a></li>
|
|
<li><a href="#crypto_decipher_setautopadding_auto_padding_true">decipher.setAutoPadding(auto_padding=true)</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_createsign_algorithm">crypto.createSign(algorithm)</a></li>
|
|
<li><a href="#crypto_class_signer">Class: Signer</a><ul>
|
|
<li><a href="#crypto_signer_update_data">signer.update(data)</a></li>
|
|
<li><a href="#crypto_signer_sign_private_key_output_format">signer.sign(private_key, [output_format])</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_createverify_algorithm">crypto.createVerify(algorithm)</a></li>
|
|
<li><a href="#crypto_class_verify">Class: Verify</a><ul>
|
|
<li><a href="#crypto_verifier_update_data">verifier.update(data)</a></li>
|
|
<li><a href="#crypto_verifier_verify_object_signature_signature_format">verifier.verify(object, signature, [signature_format])</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_creatediffiehellman_prime_length">crypto.createDiffieHellman(prime_length)</a></li>
|
|
<li><a href="#crypto_crypto_creatediffiehellman_prime_encoding">crypto.createDiffieHellman(prime, [encoding])</a></li>
|
|
<li><a href="#crypto_class_diffiehellman">Class: DiffieHellman</a><ul>
|
|
<li><a href="#crypto_diffiehellman_generatekeys_encoding">diffieHellman.generateKeys([encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_computesecret_other_public_key_input_encoding_output_encoding">diffieHellman.computeSecret(other_public_key, [input_encoding], [output_encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_getprime_encoding">diffieHellman.getPrime([encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_getgenerator_encoding">diffieHellman.getGenerator([encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_getpublickey_encoding">diffieHellman.getPublicKey([encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_getprivatekey_encoding">diffieHellman.getPrivateKey([encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_setpublickey_public_key_encoding">diffieHellman.setPublicKey(public_key, [encoding])</a></li>
|
|
<li><a href="#crypto_diffiehellman_setprivatekey_public_key_encoding">diffieHellman.setPrivateKey(public_key, [encoding])</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#crypto_crypto_getdiffiehellman_group_name">crypto.getDiffieHellman(group_name)</a></li>
|
|
<li><a href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_callback">crypto.pbkdf2(password, salt, iterations, keylen, callback)</a></li>
|
|
<li><a href="#crypto_crypto_randombytes_size_callback">crypto.randomBytes(size, [callback])</a></li>
|
|
<li><a href="#crypto_proposed_api_changes_in_future_versions_of_node">Proposed API Changes in Future Versions of Node</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
|
|
<div id="apicontent">
|
|
<h1>Crypto<span><a class="mark" href="#crypto_crypto" id="crypto_crypto">#</a></span></h1>
|
|
<pre><code>Stability: 2 - Unstable; API changes are being discussed for
|
|
future versions. Breaking changes will be minimized. See below.</code></pre>
|
|
<p>Use <code>require('crypto')</code> to access this module.
|
|
|
|
</p>
|
|
<p>The crypto module requires OpenSSL to be available on the underlying platform.
|
|
It offers a way of encapsulating secure credentials to be used as part
|
|
of a secure HTTPS net or http connection.
|
|
|
|
</p>
|
|
<p>It also offers a set of wrappers for OpenSSL's hash, hmac, cipher, decipher, sign and verify methods.
|
|
|
|
</p>
|
|
<h2>crypto.createCredentials(details)<span><a class="mark" href="#crypto_crypto_createcredentials_details" id="crypto_crypto_createcredentials_details">#</a></span></h2>
|
|
<p>Creates a credentials object, with the optional details being a dictionary with keys:
|
|
|
|
</p>
|
|
<ul>
|
|
<li><code>pfx</code> : A string or buffer holding the PFX or PKCS12 encoded private key, certificate and CA certificates</li>
|
|
<li><code>key</code> : A string holding the PEM encoded private key</li>
|
|
<li><code>passphrase</code> : A string of passphrase for the private key or pfx</li>
|
|
<li><code>cert</code> : A string holding the PEM encoded certificate</li>
|
|
<li><code>ca</code> : Either a string or list of strings of PEM encoded CA certificates to trust.</li>
|
|
<li><code>crl</code> : Either a string or list of strings of PEM encoded CRLs (Certificate Revocation List)</li>
|
|
<li><code>ciphers</code>: A string describing the ciphers to use or exclude. Consult
|
|
<a href="http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT">http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT</a> for details
|
|
on the format.</li>
|
|
</ul>
|
|
<p>If no 'ca' details are given, then node.js will use the default publicly trusted list of CAs as given in
|
|
</p>
|
|
<p><a href="http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt">http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt</a>.
|
|
|
|
|
|
</p>
|
|
<h2>crypto.createHash(algorithm)<span><a class="mark" href="#crypto_crypto_createhash_algorithm" id="crypto_crypto_createhash_algorithm">#</a></span></h2>
|
|
<p>Creates and returns a hash object, a cryptographic hash with the given algorithm
|
|
which can be used to generate hash digests.
|
|
|
|
</p>
|
|
<p><code>algorithm</code> is dependent on the available algorithms supported by the version
|
|
of OpenSSL on the platform. Examples are <code>'sha1'</code>, <code>'md5'</code>, <code>'sha256'</code>, <code>'sha512'</code>, etc.
|
|
On recent releases, <code>openssl list-message-digest-algorithms</code> will display the available digest algorithms.
|
|
|
|
</p>
|
|
<p>Example: this program that takes the sha1 sum of a file
|
|
|
|
</p>
|
|
<pre><code>var filename = process.argv[2];
|
|
var crypto = require('crypto');
|
|
var fs = require('fs');
|
|
|
|
var shasum = crypto.createHash('sha1');
|
|
|
|
var s = fs.ReadStream(filename);
|
|
s.on('data', function(d) {
|
|
shasum.update(d);
|
|
});
|
|
|
|
s.on('end', function() {
|
|
var d = shasum.digest('hex');
|
|
console.log(d + ' ' + filename);
|
|
});</code></pre>
|
|
<h2>Class: Hash<span><a class="mark" href="#crypto_class_hash" id="crypto_class_hash">#</a></span></h2>
|
|
<p>The class for creating hash digests of data.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createHash</code>.
|
|
|
|
</p>
|
|
<h3>hash.update(data, [input_encoding])<span><a class="mark" href="#crypto_hash_update_data_input_encoding" id="crypto_hash_update_data_input_encoding">#</a></span></h3>
|
|
<p>Updates the hash content with the given <code>data</code>, the encoding of which is given
|
|
in <code>input_encoding</code> and can be <code>'utf8'</code>, <code>'ascii'</code> or <code>'binary'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
This can be called many times with new data as it is streamed.
|
|
|
|
</p>
|
|
<h3>hash.digest([encoding])<span><a class="mark" href="#crypto_hash_digest_encoding" id="crypto_hash_digest_encoding">#</a></span></h3>
|
|
<p>Calculates the digest of all of the passed data to be hashed.
|
|
The <code>encoding</code> can be <code>'hex'</code>, <code>'binary'</code> or <code>'base64'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Note: <code>hash</code> object can not be used after <code>digest()</code> method been called.
|
|
|
|
|
|
</p>
|
|
<h2>crypto.createHmac(algorithm, key)<span><a class="mark" href="#crypto_crypto_createhmac_algorithm_key" id="crypto_crypto_createhmac_algorithm_key">#</a></span></h2>
|
|
<p>Creates and returns a hmac object, a cryptographic hmac with the given algorithm and key.
|
|
|
|
</p>
|
|
<p><code>algorithm</code> is dependent on the available algorithms supported by OpenSSL - see createHash above.
|
|
<code>key</code> is the hmac key to be used.
|
|
|
|
</p>
|
|
<h2>Class: Hmac<span><a class="mark" href="#crypto_class_hmac" id="crypto_class_hmac">#</a></span></h2>
|
|
<p>Class for creating cryptographic hmac content.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createHmac</code>.
|
|
|
|
</p>
|
|
<h3>hmac.update(data)<span><a class="mark" href="#crypto_hmac_update_data" id="crypto_hmac_update_data">#</a></span></h3>
|
|
<p>Update the hmac content with the given <code>data</code>.
|
|
This can be called many times with new data as it is streamed.
|
|
|
|
</p>
|
|
<h3>hmac.digest([encoding])<span><a class="mark" href="#crypto_hmac_digest_encoding" id="crypto_hmac_digest_encoding">#</a></span></h3>
|
|
<p>Calculates the digest of all of the passed data to the hmac.
|
|
The <code>encoding</code> can be <code>'hex'</code>, <code>'binary'</code> or <code>'base64'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Note: <code>hmac</code> object can not be used after <code>digest()</code> method been called.
|
|
|
|
|
|
</p>
|
|
<h2>crypto.createCipher(algorithm, password)<span><a class="mark" href="#crypto_crypto_createcipher_algorithm_password" id="crypto_crypto_createcipher_algorithm_password">#</a></span></h2>
|
|
<p>Creates and returns a cipher object, with the given algorithm and password.
|
|
|
|
</p>
|
|
<p><code>algorithm</code> is dependent on OpenSSL, examples are <code>'aes192'</code>, etc.
|
|
On recent releases, <code>openssl list-cipher-algorithms</code> will display the
|
|
available cipher algorithms.
|
|
<code>password</code> is used to derive key and IV, which must be a <code>'binary'</code> encoded
|
|
string or a <a href="buffer.html">buffer</a>.
|
|
|
|
</p>
|
|
<h2>crypto.createCipheriv(algorithm, key, iv)<span><a class="mark" href="#crypto_crypto_createcipheriv_algorithm_key_iv" id="crypto_crypto_createcipheriv_algorithm_key_iv">#</a></span></h2>
|
|
<p>Creates and returns a cipher object, with the given algorithm, key and iv.
|
|
|
|
</p>
|
|
<p><code>algorithm</code> is the same as the argument to <code>createCipher()</code>.
|
|
<code>key</code> is the raw key used by the algorithm.
|
|
<code>iv</code> is an <a href="http://en.wikipedia.org/wiki/Initialization_vector">initialization
|
|
vector</a>.
|
|
|
|
</p>
|
|
<p><code>key</code> and <code>iv</code> must be <code>'binary'</code> encoded strings or <a href="buffer.html">buffers</a>.
|
|
|
|
</p>
|
|
<h2>Class: Cipher<span><a class="mark" href="#crypto_class_cipher" id="crypto_class_cipher">#</a></span></h2>
|
|
<p>Class for encrypting data.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createCipher</code> and <code>crypto.createCipheriv</code>.
|
|
|
|
</p>
|
|
<h3>cipher.update(data, [input_encoding], [output_encoding])<span><a class="mark" href="#crypto_cipher_update_data_input_encoding_output_encoding" id="crypto_cipher_update_data_input_encoding_output_encoding">#</a></span></h3>
|
|
<p>Updates the cipher with <code>data</code>, the encoding of which is given in
|
|
<code>input_encoding</code> and can be <code>'utf8'</code>, <code>'ascii'</code> or <code>'binary'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>The <code>output_encoding</code> specifies the output format of the enciphered data,
|
|
and can be <code>'binary'</code>, <code>'base64'</code> or <code>'hex'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Returns the enciphered contents, and can be called many times with new data as it is streamed.
|
|
|
|
</p>
|
|
<h3>cipher.final([output_encoding])<span><a class="mark" href="#crypto_cipher_final_output_encoding" id="crypto_cipher_final_output_encoding">#</a></span></h3>
|
|
<p>Returns any remaining enciphered contents, with <code>output_encoding</code> being one of:
|
|
<code>'binary'</code>, <code>'base64'</code> or <code>'hex'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Note: <code>cipher</code> object can not be used after <code>final()</code> method been called.
|
|
|
|
</p>
|
|
<h3>cipher.setAutoPadding(auto_padding=true)<span><a class="mark" href="#crypto_cipher_setautopadding_auto_padding_true" id="crypto_cipher_setautopadding_auto_padding_true">#</a></span></h3>
|
|
<p>You can disable automatic padding of the input data to block size. If <code>auto_padding</code> is false,
|
|
the length of the entire input data must be a multiple of the cipher's block size or <code>final</code> will fail.
|
|
Useful for non-standard padding, e.g. using <code>0x0</code> instead of PKCS padding. You must call this before <code>cipher.final</code>.
|
|
|
|
|
|
</p>
|
|
<h2>crypto.createDecipher(algorithm, password)<span><a class="mark" href="#crypto_crypto_createdecipher_algorithm_password" id="crypto_crypto_createdecipher_algorithm_password">#</a></span></h2>
|
|
<p>Creates and returns a decipher object, with the given algorithm and key.
|
|
This is the mirror of the <a href="#crypto_crypto_createcipher_algorithm_password">createCipher()</a> above.
|
|
|
|
</p>
|
|
<h2>crypto.createDecipheriv(algorithm, key, iv)<span><a class="mark" href="#crypto_crypto_createdecipheriv_algorithm_key_iv" id="crypto_crypto_createdecipheriv_algorithm_key_iv">#</a></span></h2>
|
|
<p>Creates and returns a decipher object, with the given algorithm, key and iv.
|
|
This is the mirror of the <a href="#crypto_crypto_createcipheriv_algorithm_key_iv">createCipheriv()</a> above.
|
|
|
|
</p>
|
|
<h2>Class: Decipher<span><a class="mark" href="#crypto_class_decipher" id="crypto_class_decipher">#</a></span></h2>
|
|
<p>Class for decrypting data.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createDecipher</code> and <code>crypto.createDecipheriv</code>.
|
|
|
|
</p>
|
|
<h3>decipher.update(data, [input_encoding], [output_encoding])<span><a class="mark" href="#crypto_decipher_update_data_input_encoding_output_encoding" id="crypto_decipher_update_data_input_encoding_output_encoding">#</a></span></h3>
|
|
<p>Updates the decipher with <code>data</code>, which is encoded in <code>'binary'</code>, <code>'base64'</code>
|
|
or <code>'hex'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>The <code>output_decoding</code> specifies in what format to return the deciphered
|
|
plaintext: <code>'binary'</code>, <code>'ascii'</code> or <code>'utf8'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>decipher.final([output_encoding])<span><a class="mark" href="#crypto_decipher_final_output_encoding" id="crypto_decipher_final_output_encoding">#</a></span></h3>
|
|
<p>Returns any remaining plaintext which is deciphered,
|
|
with <code>output_encoding</code> being one of: <code>'binary'</code>, <code>'ascii'</code> or <code>'utf8'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Note: <code>decipher</code> object can not be used after <code>final()</code> method been called.
|
|
|
|
</p>
|
|
<h3>decipher.setAutoPadding(auto_padding=true)<span><a class="mark" href="#crypto_decipher_setautopadding_auto_padding_true" id="crypto_decipher_setautopadding_auto_padding_true">#</a></span></h3>
|
|
<p>You can disable auto padding if the data has been encrypted without standard block padding to prevent
|
|
<code>decipher.final</code> from checking and removing it. Can only work if the input data's length is a multiple of the
|
|
ciphers block size. You must call this before streaming data to <code>decipher.update</code>.
|
|
|
|
</p>
|
|
<h2>crypto.createSign(algorithm)<span><a class="mark" href="#crypto_crypto_createsign_algorithm" id="crypto_crypto_createsign_algorithm">#</a></span></h2>
|
|
<p>Creates and returns a signing object, with the given algorithm.
|
|
On recent OpenSSL releases, <code>openssl list-public-key-algorithms</code> will display
|
|
the available signing algorithms. Examples are <code>'RSA-SHA256'</code>.
|
|
|
|
</p>
|
|
<h2>Class: Signer<span><a class="mark" href="#crypto_class_signer" id="crypto_class_signer">#</a></span></h2>
|
|
<p>Class for generating signatures.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createSign</code>.
|
|
|
|
</p>
|
|
<h3>signer.update(data)<span><a class="mark" href="#crypto_signer_update_data" id="crypto_signer_update_data">#</a></span></h3>
|
|
<p>Updates the signer object with data.
|
|
This can be called many times with new data as it is streamed.
|
|
|
|
</p>
|
|
<h3>signer.sign(private_key, [output_format])<span><a class="mark" href="#crypto_signer_sign_private_key_output_format" id="crypto_signer_sign_private_key_output_format">#</a></span></h3>
|
|
<p>Calculates the signature on all the updated data passed through the signer.
|
|
<code>private_key</code> is a string containing the PEM encoded private key for signing.
|
|
|
|
</p>
|
|
<p>Returns the signature in <code>output_format</code> which can be <code>'binary'</code>, <code>'hex'</code> or
|
|
<code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Note: <code>signer</code> object can not be used after <code>sign()</code> method been called.
|
|
|
|
</p>
|
|
<h2>crypto.createVerify(algorithm)<span><a class="mark" href="#crypto_crypto_createverify_algorithm" id="crypto_crypto_createverify_algorithm">#</a></span></h2>
|
|
<p>Creates and returns a verification object, with the given algorithm.
|
|
This is the mirror of the signing object above.
|
|
|
|
</p>
|
|
<h2>Class: Verify<span><a class="mark" href="#crypto_class_verify" id="crypto_class_verify">#</a></span></h2>
|
|
<p>Class for verifying signatures.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createVerify</code>.
|
|
|
|
</p>
|
|
<h3>verifier.update(data)<span><a class="mark" href="#crypto_verifier_update_data" id="crypto_verifier_update_data">#</a></span></h3>
|
|
<p>Updates the verifier object with data.
|
|
This can be called many times with new data as it is streamed.
|
|
|
|
</p>
|
|
<h3>verifier.verify(object, signature, [signature_format])<span><a class="mark" href="#crypto_verifier_verify_object_signature_signature_format" id="crypto_verifier_verify_object_signature_signature_format">#</a></span></h3>
|
|
<p>Verifies the signed data by using the <code>object</code> and <code>signature</code>. <code>object</code> is a
|
|
string containing a PEM encoded object, which can be one of RSA public key,
|
|
DSA public key, or X.509 certificate. <code>signature</code> is the previously calculated
|
|
signature for the data, in the <code>signature_format</code> which can be <code>'binary'</code>,
|
|
<code>'hex'</code> or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<p>Returns true or false depending on the validity of the signature for the data and public key.
|
|
|
|
</p>
|
|
<p>Note: <code>verifier</code> object can not be used after <code>verify()</code> method been called.
|
|
|
|
</p>
|
|
<h2>crypto.createDiffieHellman(prime_length)<span><a class="mark" href="#crypto_crypto_creatediffiehellman_prime_length" id="crypto_crypto_creatediffiehellman_prime_length">#</a></span></h2>
|
|
<p>Creates a Diffie-Hellman key exchange object and generates a prime of the
|
|
given bit length. The generator used is <code>2</code>.
|
|
|
|
</p>
|
|
<h2>crypto.createDiffieHellman(prime, [encoding])<span><a class="mark" href="#crypto_crypto_creatediffiehellman_prime_encoding" id="crypto_crypto_creatediffiehellman_prime_encoding">#</a></span></h2>
|
|
<p>Creates a Diffie-Hellman key exchange object using the supplied prime. The
|
|
generator used is <code>2</code>. Encoding can be <code>'binary'</code>, <code>'hex'</code>, or <code>'base64'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h2>Class: DiffieHellman<span><a class="mark" href="#crypto_class_diffiehellman" id="crypto_class_diffiehellman">#</a></span></h2>
|
|
<p>The class for creating Diffie-Hellman key exchanges.
|
|
|
|
</p>
|
|
<p>Returned by <code>crypto.createDiffieHellman</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.generateKeys([encoding])<span><a class="mark" href="#crypto_diffiehellman_generatekeys_encoding" id="crypto_diffiehellman_generatekeys_encoding">#</a></span></h3>
|
|
<p>Generates private and public Diffie-Hellman key values, and returns the
|
|
public key in the specified encoding. This key should be transferred to the
|
|
other party. Encoding can be <code>'binary'</code>, <code>'hex'</code>, or <code>'base64'</code>.
|
|
Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.computeSecret(other_public_key, [input_encoding], [output_encoding])<span><a class="mark" href="#crypto_diffiehellman_computesecret_other_public_key_input_encoding_output_encoding" id="crypto_diffiehellman_computesecret_other_public_key_input_encoding_output_encoding">#</a></span></h3>
|
|
<p>Computes the shared secret using <code>other_public_key</code> as the other party's
|
|
public key and returns the computed shared secret. Supplied key is
|
|
interpreted using specified <code>input_encoding</code>, and secret is encoded using
|
|
specified <code>output_encoding</code>. Encodings can be <code>'binary'</code>, <code>'hex'</code>, or
|
|
<code>'base64'</code>. The input encoding defaults to <code>'binary'</code>.
|
|
If no output encoding is given, the input encoding is used as output encoding.
|
|
|
|
</p>
|
|
<h3>diffieHellman.getPrime([encoding])<span><a class="mark" href="#crypto_diffiehellman_getprime_encoding" id="crypto_diffiehellman_getprime_encoding">#</a></span></h3>
|
|
<p>Returns the Diffie-Hellman prime in the specified encoding, which can be
|
|
<code>'binary'</code>, <code>'hex'</code>, or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.getGenerator([encoding])<span><a class="mark" href="#crypto_diffiehellman_getgenerator_encoding" id="crypto_diffiehellman_getgenerator_encoding">#</a></span></h3>
|
|
<p>Returns the Diffie-Hellman prime in the specified encoding, which can be
|
|
<code>'binary'</code>, <code>'hex'</code>, or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.getPublicKey([encoding])<span><a class="mark" href="#crypto_diffiehellman_getpublickey_encoding" id="crypto_diffiehellman_getpublickey_encoding">#</a></span></h3>
|
|
<p>Returns the Diffie-Hellman public key in the specified encoding, which can
|
|
be <code>'binary'</code>, <code>'hex'</code>, or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.getPrivateKey([encoding])<span><a class="mark" href="#crypto_diffiehellman_getprivatekey_encoding" id="crypto_diffiehellman_getprivatekey_encoding">#</a></span></h3>
|
|
<p>Returns the Diffie-Hellman private key in the specified encoding, which can
|
|
be <code>'binary'</code>, <code>'hex'</code>, or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.setPublicKey(public_key, [encoding])<span><a class="mark" href="#crypto_diffiehellman_setpublickey_public_key_encoding" id="crypto_diffiehellman_setpublickey_public_key_encoding">#</a></span></h3>
|
|
<p>Sets the Diffie-Hellman public key. Key encoding can be <code>'binary'</code>, <code>'hex'</code>,
|
|
or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h3>diffieHellman.setPrivateKey(public_key, [encoding])<span><a class="mark" href="#crypto_diffiehellman_setprivatekey_public_key_encoding" id="crypto_diffiehellman_setprivatekey_public_key_encoding">#</a></span></h3>
|
|
<p>Sets the Diffie-Hellman private key. Key encoding can be <code>'binary'</code>, <code>'hex'</code>,
|
|
or <code>'base64'</code>. Defaults to <code>'binary'</code>.
|
|
|
|
</p>
|
|
<h2>crypto.getDiffieHellman(group_name)<span><a class="mark" href="#crypto_crypto_getdiffiehellman_group_name" id="crypto_crypto_getdiffiehellman_group_name">#</a></span></h2>
|
|
<p>Creates a predefined Diffie-Hellman key exchange object.
|
|
The supported groups are: <code>'modp1'</code>, <code>'modp2'</code>, <code>'modp5'</code>
|
|
(defined in <a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>)
|
|
and <code>'modp14'</code>, <code>'modp15'</code>, <code>'modp16'</code>, <code>'modp17'</code>, <code>'modp18'</code>
|
|
(defined in <a href="http://www.rfc-editor.org/rfc/rfc3526.txt">RFC 3526</a>).
|
|
The returned object mimics the interface of objects created by
|
|
<a href="#crypto_crypto_creatediffiehellman_prime_encoding">crypto.createDiffieHellman()</a> above, but
|
|
will not allow to change the keys (with
|
|
<a href="#crypto_diffiehellman_setpublickey_public_key_encoding">diffieHellman.setPublicKey()</a> for example).
|
|
The advantage of using this routine is that the parties don't have to
|
|
generate nor exchange group modulus beforehand, saving both processor and
|
|
communication time.
|
|
|
|
</p>
|
|
<p>Example (obtaining a shared secret):
|
|
|
|
</p>
|
|
<pre><code>var crypto = require('crypto');
|
|
var alice = crypto.getDiffieHellman('modp5');
|
|
var bob = crypto.getDiffieHellman('modp5');
|
|
|
|
alice.generateKeys();
|
|
bob.generateKeys();
|
|
|
|
var alice_secret = alice.computeSecret(bob.getPublicKey(), 'binary', 'hex');
|
|
var bob_secret = bob.computeSecret(alice.getPublicKey(), 'binary', 'hex');
|
|
|
|
/* alice_secret and bob_secret should be the same */
|
|
console.log(alice_secret == bob_secret);</code></pre>
|
|
<h2>crypto.pbkdf2(password, salt, iterations, keylen, callback)<span><a class="mark" href="#crypto_crypto_pbkdf2_password_salt_iterations_keylen_callback" id="crypto_crypto_pbkdf2_password_salt_iterations_keylen_callback">#</a></span></h2>
|
|
<p>Asynchronous PBKDF2 applies pseudorandom function HMAC-SHA1 to derive
|
|
a key of given length from the given password, salt and iterations.
|
|
The callback gets two arguments <code>(err, derivedKey)</code>.
|
|
|
|
</p>
|
|
<h2>crypto.randomBytes(size, [callback])<span><a class="mark" href="#crypto_crypto_randombytes_size_callback" id="crypto_crypto_randombytes_size_callback">#</a></span></h2>
|
|
<p>Generates cryptographically strong pseudo-random data. Usage:
|
|
|
|
</p>
|
|
<pre><code>// async
|
|
crypto.randomBytes(256, function(ex, buf) {
|
|
if (ex) throw ex;
|
|
console.log('Have %d bytes of random data: %s', buf.length, buf);
|
|
});
|
|
|
|
// sync
|
|
try {
|
|
var buf = crypto.randomBytes(256);
|
|
console.log('Have %d bytes of random data: %s', buf.length, buf);
|
|
} catch (ex) {
|
|
// handle error
|
|
}</code></pre>
|
|
<h2>Proposed API Changes in Future Versions of Node<span><a class="mark" href="#crypto_proposed_api_changes_in_future_versions_of_node" id="crypto_proposed_api_changes_in_future_versions_of_node">#</a></span></h2>
|
|
<p>The Crypto module was added to Node before there was the concept of a
|
|
unified Stream API, and before there were Buffer objects for handling
|
|
binary data.
|
|
|
|
</p>
|
|
<p>As such, the streaming classes don't have the typical methods found on
|
|
other Node classes, and many methods accept and return Binary-encoded
|
|
strings by default rather than Buffers.
|
|
|
|
</p>
|
|
<p>A future version of node will make Buffers the default data type.
|
|
This will be a breaking change for some use cases, but not all.
|
|
|
|
</p>
|
|
<p>For example, if you currently use the default arguments to the Sign
|
|
class, and then pass the results to the Verify class, without ever
|
|
inspecting the data, then it will continue to work as before. Where
|
|
you now get a binary string and then present the binary string to the
|
|
Verify object, you'll get a Buffer, and present the Buffer to the
|
|
Verify object.
|
|
|
|
</p>
|
|
<p>However, if you are doing things with the string data that will not
|
|
work properly on Buffers (such as, concatenating them, storing in
|
|
databases, etc.), or you are passing binary strings to the crypto
|
|
functions without an encoding argument, then you will need to start
|
|
providing encoding arguments to specify which encoding you'd like to
|
|
use.
|
|
|
|
</p>
|
|
<p>Also, a Streaming API will be provided, but this will be done in such
|
|
a way as to preserve the legacy API surface.
|
|
|
|
|
|
</p>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="footer">
|
|
<ul class="clearfix">
|
|
<li><a href="/">Node.js</a></li>
|
|
<li><a href="/download/">Download</a></li>
|
|
<li><a href="/about/">About</a></li>
|
|
<li><a href="http://search.npmjs.org/">npm Registry</a></li>
|
|
<li><a href="http://nodejs.org/api/">Docs</a></li>
|
|
<li><a href="http://blog.nodejs.org">Blog</a></li>
|
|
<li><a href="/community/">Community</a></li>
|
|
<li><a href="/logos/">Logos</a></li>
|
|
<li><a href="http://jobs.nodejs.org/">Jobs</a></li>
|
|
<li><a href="http://twitter.com/nodejs" class="twitter">@nodejs</a></li>
|
|
</ul>
|
|
|
|
<p>Copyright <a href="http://joyent.com/">Joyent, Inc</a>, Node.js is a <a href="/trademark-policy.pdf">trademark</a> of Joyent, Inc. View <a href="https://raw.github.com/joyent/node/v0.8.14/LICENSE">license</a>.</p>
|
|
</div>
|
|
|
|
<script src="../sh_main.js"></script>
|
|
<script src="../sh_javascript.min.js"></script>
|
|
<script>highlight(undefined, undefined, 'pre');</script>
|
|
<script>
|
|
window._gaq = [['_setAccount', 'UA-10874194-2'], ['_trackPageview']];
|
|
(function(d, t) {
|
|
var g = d.createElement(t),
|
|
s = d.getElementsByTagName(t)[0];
|
|
g.src = '//www.google-analytics.com/ga.js';
|
|
s.parentNode.insertBefore(g, s);
|
|
}(document, 'script'));
|
|
</script>
|
|
</body>
|
|
</html>
|
|
|