Node.js v8.x 中文文档
目录
- crypto (加密)
- Determining if crypto support is unavailable
- Class: Certificate
- Class: Cipher
- Class: Decipher
- Class: DiffieHellman
- diffieHellman.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])
- diffieHellman.generateKeys([encoding])
- diffieHellman.getGenerator([encoding])
- diffieHellman.getPrime([encoding])
- diffieHellman.getPrivateKey([encoding])
- diffieHellman.getPublicKey([encoding])
- diffieHellman.setPrivateKey(privateKey[, encoding])
- diffieHellman.setPublicKey(publicKey[, encoding])
- diffieHellman.verifyError
- Class: ECDH
- Class: Hash
- Class: Hmac
- Class: Sign
- Class: Verify
crypto
module methods and properties- crypto.constants
- crypto.DEFAULT_ENCODING
- crypto.fips
- crypto.createCipher(algorithm, password[, options])
- crypto.createCipheriv(algorithm, key, iv[, options])
- crypto.createCredentials(details)
- crypto.createDecipher(algorithm, password[, options])
- crypto.createDecipheriv(algorithm, key, iv[, options])
- crypto.createDiffieHellman(prime[, primeEncoding][, generator][, generatorEncoding])
- crypto.createDiffieHellman(primeLength[, generator])
- crypto.createECDH(curveName)
- crypto.createHash(algorithm[, options])
- crypto.createHmac(algorithm, key[, options])
- crypto.createSign(algorithm[, options])
- crypto.createVerify(algorithm[, options])
- crypto.getCiphers()
- crypto.getCurves()
- crypto.getDiffieHellman(groupName)
- crypto.getHashes()
- crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)
- crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)
- crypto.privateDecrypt(privateKey, buffer)
- crypto.privateEncrypt(privateKey, buffer)
- crypto.publicDecrypt(key, buffer)
- crypto.publicEncrypt(key, buffer)
- crypto.randomBytes(size[, callback])
- crypto.randomFillSync(buffer[, offset][, size])
- crypto.randomFill(buffer[, offset][, size], callback)
- crypto.setEngine(engine[, flags])
- crypto.timingSafeEqual(a, b)
- Notes
- Crypto Constants
crypto (加密)#
crypto
模块提供了加密功能,包含对 OpenSSL 的哈希、HMAC、加密、解密、签名、以及验证功能的一整套封装。
使用 require('crypto')
来访问该模块。
const crypto = require('crypto');
const secret = 'abcdefg';
const hash = crypto.createHmac('sha256', secret)
.update('I love cupcakes')
.digest('hex');
console.log(hash);
// Prints:
// c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
Determining if crypto support is unavailable#
可以在不包括支持 crypto
模块的情况下构建 Node.js, 这时, 调用 require('crypto')
将
导致抛出异常.
let crypto;
try {
crypto = require('crypto');
} catch (err) {
console.log('不支持 crypto!');
}
Class: Certificate#
SPKAC 最初是由 Netscape 实现的一种证书签名请求机制, 现在正式成为 HTML5's keygen
element 的一部分.
crypto
模块提供 Certificate
类用于处理 SPKAC 数据. 最普遍的用法是处理 HTML5 keygen
元素
产生的输出. Node.js 内部使用 OpenSSL's SPKAC implementation 处理.
new crypto.Certificate()#
可以使用 new
关键字或者调用 crypto.Certificate()
方法创建 Certificate
类的实例:
const crypto = require('crypto');
const cert1 = new crypto.Certificate();
const cert2 = crypto.Certificate();
certificate.exportChallenge(spkac)#
spkac
<string> | <Buffer> | <TypedArray> | <DataView>- 返回
<Buffer> 返回
spkac
数据结构的 challenge 部分,spkac
包含一个公钥和一个 challange。
const cert = require('crypto').Certificate();
const spkac = getSpkacSomehow();
const challenge = cert.exportChallenge(spkac);
console.log(challenge.toString('utf8'));
// Prints: the challenge as a UTF8 string
certificate.exportPublicKey(spkac)#
spkac
<string> | <Buffer> | <TypedArray> | <DataView>- 返回
<Buffer> 数据结构的公钥部分,
spkac
包含一个公钥和一个 challange。
const cert = require('crypto').Certificate();
const spkac = getSpkacSomehow();
const publicKey = cert.exportPublicKey(spkac);
console.log(publicKey);
// Prints: the public key as <Buffer ...>
certificate.verifySpkac(spkac)#
spkac
<Buffer> | <TypedArray> | <DataView>- 返回
<boolean> 如果
spkac
数据结构是有效的返回true
,否则返回false
。
const cert = require('crypto').Certificate();
const spkac = getSpkacSomehow();
console.log(cert.verifySpkac(Buffer.from(spkac)));
// Prints: true 或者 false
Class: Cipher#
Cipher
类的实例用于加密数据。这个类可以用在以下两种方法中的一种:
- 作为stream,既可读又可写,未加密数据的编写是为了在可读的方面生成加密的数据,或者
- 使用
cipher.update()
和cipher.final()
方法产生加密的数据。
crypto.createCipher()
或crypto.createCipheriv()
方法用于创建Cipher
实例。Cipher
对象不能直接使用new
关键字创建。
示例:使用Cipher
对象作为流:
const crypto = require('crypto');
const cipher = crypto.createCipher('aes192', 'a password');
let encrypted = '';
cipher.on('readable', () => {
const data = cipher.read();
if (data)
encrypted += data.toString('hex');
});
cipher.on('end', () => {
console.log(encrypted);
// Prints: ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504
});
cipher.write('some clear text data');
cipher.end();
示例:使用Cipher
和管道流:
const crypto = require('crypto');
const fs = require('fs');
const cipher = crypto.createCipher('aes192', 'a password');
const input = fs.createReadStream('test.js');
const output = fs.createWriteStream('test.enc');
input.pipe(cipher).pipe(output);
示例:使用cipher.update()
和cipher.final()
方法:
const crypto = require('crypto');
const cipher = crypto.createCipher('aes192', 'a password');
let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
encrypted += cipher.final('hex');
console.log(encrypted);
// Prints: ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504
cipher.final([outputEncoding])#
outputEncoding
<string>
返回任何加密的内容。如果 outputEncoding
参数是'latin1'
, 'base64'
或者 'hex'
,返回字符串。
如果没有提供 outputEncoding
,则返回Buffer
。
一旦cipher.final()
方法已被调用,Cipher
对象就不能再用于加密数据。如果试图再次调用cipher.final()
,将会抛出一个错误。
cipher.setAAD(buffer)#
buffer
<Buffer>- 返回<Cipher>方法链。
当使用经过验证的加密模式(目前只支持GCM
)时,cipher.setAAD()
方法设置用于additional authenticated data(附加验证的data(AAD))输入参数的值。
cipher.setAAD()
法必须在cipher.update()
之前调用。
cipher.getAuthTag()#
当使用经验证的加密模式时(目前只有GCM
支持),cipher.getAuthTag()
方法返回一个Buffer
,此Buffer
包含已从给定数据计算后的authentication tag。
cipher.getAuthTag()
方法只能在使用cipher.final()
方法完全加密后调用。
cipher.setAutoPadding([autoPadding])#
autoPadding
<boolean> 默认为true
.- 返回<Cipher>方法链。
当使用块加密算法时,Cipher
类会自动添加padding到输入数据中,来适配相应块大小。可调用cipher.setAutoPadding(false)
禁用默认padding。
当autoPadding
是false
时,整个输入数据的长度必须是cipher块大小的倍数,否则cipher.final()
将抛出一个错误。
禁用自动填充对于非标准填充是有用的,例如使用0x0
代替PKCS填充。
cipher.setAutoPadding()
必须在cipher.final()
之前被调用。
cipher.update(data[, inputEncoding][, outputEncoding])#
data
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>outputEncoding
<string>
用data
更新密码。如果给出了inputEncoding
的论证,它的值必须是'utf8'
, 'ascii'
, 或者'latin1'
,而data
参数是使用指定编码的字符串。如果不给出inputEncoding
的参数,则data
必须是Buffer
,TypedArray
, 或者DataView
。如果data
是一个Buffer
,TypedArray
, 或者 DataView
, 那么inputEncoding
就被忽略了。
outputEncoding
指定了加密数据的输出格式,可以是'latin1'
, 'base64'
或者 'hex'
。如果指定了outputEncoding
,则返回使用指定编码的字符串。如果没有outputEncoding
被提供,会返回Buffer
。
cipher.update()
方法可以用新数据多次调用,直到cipher.final()
被调用。
[' cipher.final()'][]。在cipher.final()
之后调用cipher.update()
将抛出错误。
Class: Decipher#
Decipher
类的实例用于解密数据。这个类可以用在以下两种方法中的一种:
- 作为stream,既可读,又可写,加密数据的编写是为了在可读的方面生成未加密的数据
- 使用
decipher.update()
和decipher.final()
方法产生未加密的数据。
crypto.createDecipher()
或crypto.createDecipheriv()
的方法
用于创建Decipher
实例。Decipher
对象不能直接使用new
关键字创建。
示例:使用Decipher
对象作为流:
const crypto = require('crypto');
const decipher = crypto.createDecipher('aes192', 'a password');
let decrypted = '';
decipher.on('readable', () => {
const data = decipher.read();
if (data)
decrypted += data.toString('utf8');
});
decipher.on('end', () => {
console.log(decrypted);
// Prints: some clear text data
});
const encrypted =
'ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504';
decipher.write(encrypted, 'hex');
decipher.end();
示例:使用Decipher
和管道流:
const crypto = require('crypto');
const fs = require('fs');
const decipher = crypto.createDecipher('aes192', 'a password');
const input = fs.createReadStream('test.enc');
const output = fs.createWriteStream('test.js');
input.pipe(decipher).pipe(output);
示例:使用decipher.update()
和decipher.final()
方法:
const crypto = require('crypto');
const decipher = crypto.createDecipher('aes192', 'a password');
const encrypted =
'ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504';
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
console.log(decrypted);
// Prints: some clear text data
decipher.final([outputEncoding])#
outputEncoding
<string>
返回任何剩余的解密内容。如果outputEncoding
参数是'latin1','ascii'或'utf8'之一,则返回一个字符串。
如果未提供输出编码,则返回Buffer
。
一旦调用了decipher.final()
方法,Decipher
对象就不能再用于解密数据。
试图不止一次调用decipher.final()
会导致错误被抛出。
decipher.setAAD(buffer)#
buffer
<Buffer> | <TypedArray> | <DataView>- 返回<cipher>的一个方法链。
当使用经过验证的加密模式(当前仅支持GCM
)时,decipher.setAAD()
方法会设置用于附加验证数据(AAD)输入参数的值。
decipher.setAAD()
必须在decipher.update()
之前被调用。
decipher.setAuthTag(buffer)#
buffer
<Buffer> | <TypedArray> | <DataView>- Returns the <Cipher> for method chaining.
When using an authenticated encryption mode (only GCM
is currently
supported), the decipher.setAuthTag()
method is used to pass in the
received authentication tag. If no tag is provided, or if the cipher text
has been tampered with, decipher.final()
will throw, indicating that the
cipher text should be discarded due to failed authentication.
The decipher.setAuthTag()
method must be called before
decipher.final()
.
decipher.setAutoPadding([autoPadding])#
autoPadding
<boolean> Defaults totrue
.- Returns the <Cipher> for method chaining.
When data has been encrypted without standard block padding, calling
decipher.setAutoPadding(false)
will disable automatic padding to prevent
decipher.final()
from checking for and removing padding.
Turning auto padding off will only work if the input data's length is a multiple of the ciphers block size.
The decipher.setAutoPadding()
method must be called before
decipher.final()
.
decipher.update(data[, inputEncoding][, outputEncoding])#
data
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>outputEncoding
<string>
使用新数据更新解密。如果给出inputEncoding
参数,它的值必须是'latin1'
, 'base64'
或'hex'
中的一个,data
参数是使用指定编码的字符串。如果未给出inputEncoding
参数,则data
必须是Buffer
。如果data
是Buffer
,则忽略inputEncoding
。
outputEncoding
指定加密数据的输出格式,可以是'latin1'
, 'ascii'
或'utf8'
。如果指定了outputEncoding
,则返回使用指定编码的字符串。如果未提供outputEncoding
,则返回Buffer
。
可以使用新数据多次调用decipher.update()
方法,直到调用decipher.final()
。在decipher.final()
之后调用decipher.update()
会导致抛出错误。
Class: DiffieHellman#
DiffieHellman
类是一个用来创建Diffie-Hellman键交换的工具。
DiffieHellman
类的实例可以使用crypto.createDiffieHellman()
方法。
const crypto = require('crypto');
const assert = require('assert');
// Generate Alice's keys...
const alice = crypto.createDiffieHellman(2048);
const aliceKey = alice.generateKeys();
// Generate Bob's keys...
const bob = crypto.createDiffieHellman(alice.getPrime(), alice.getGenerator());
const bobKey = bob.generateKeys();
// Exchange and generate the secret...
const aliceSecret = alice.computeSecret(bobKey);
const bobSecret = bob.computeSecret(aliceKey);
// OK
assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
diffieHellman.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])#
otherPublicKey
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>outputEncoding
<string>
Computes the shared secret using otherPublicKey
as the other
party's public key and returns the computed shared secret. The supplied
key is interpreted using the specified inputEncoding
, and secret is
encoded using specified outputEncoding
. Encodings can be
'latin1'
, 'hex'
, or 'base64'
. If the inputEncoding
is not
provided, otherPublicKey
is expected to be a Buffer
,
TypedArray
, or DataView
.
If outputEncoding
is given a string is returned; otherwise, a
Buffer
is returned.
diffieHellman.generateKeys([encoding])#
encoding
<string>
Generates private and public Diffie-Hellman key values, and returns
the public key in the specified encoding
. This key should be
transferred to the other party. Encoding can be 'latin1'
, 'hex'
,
or 'base64'
. If encoding
is provided a string is returned; otherwise a
Buffer
is returned.
diffieHellman.getGenerator([encoding])#
encoding
<string>
Returns the Diffie-Hellman generator in the specified encoding
, which can
be 'latin1'
, 'hex'
, or 'base64'
. If encoding
is provided a string is
returned; otherwise a Buffer
is returned.
diffieHellman.getPrime([encoding])#
encoding
<string>
Returns the Diffie-Hellman prime in the specified encoding
, which can
be 'latin1'
, 'hex'
, or 'base64'
. If encoding
is provided a string is
returned; otherwise a Buffer
is returned.
diffieHellman.getPrivateKey([encoding])#
encoding
<string>
Returns the Diffie-Hellman private key in the specified encoding
,
which can be 'latin1'
, 'hex'
, or 'base64'
. If encoding
is provided a
string is returned; otherwise a Buffer
is returned.
diffieHellman.getPublicKey([encoding])#
encoding
<string>
Returns the Diffie-Hellman public key in the specified encoding
, which
can be 'latin1'
, 'hex'
, or 'base64'
. If encoding
is provided a
string is returned; otherwise a Buffer
is returned.
diffieHellman.setPrivateKey(privateKey[, encoding])#
privateKey
<string> | <Buffer> | <TypedArray> | <DataView>encoding
<string>
Sets the Diffie-Hellman private key. If the encoding
argument is provided
and is either 'latin1'
, 'hex'
, or 'base64'
, privateKey
is expected
to be a string. If no encoding
is provided, privateKey
is expected
to be a Buffer
, TypedArray
, or DataView
.
diffieHellman.setPublicKey(publicKey[, encoding])#
publicKey
<string> | <Buffer> | <TypedArray> | <DataView>encoding
<string>
Sets the Diffie-Hellman public key. If the encoding
argument is provided
and is either 'latin1'
, 'hex'
or 'base64'
, publicKey
is expected
to be a string. If no encoding
is provided, publicKey
is expected
to be a Buffer
, TypedArray
, or DataView
.
diffieHellman.verifyError#
A bit field containing any warnings and/or errors resulting from a check
performed during initialization of the DiffieHellman
object.
The following values are valid for this property (as defined in constants
module):
DH_CHECK_P_NOT_SAFE_PRIME
DH_CHECK_P_NOT_PRIME
DH_UNABLE_TO_CHECK_GENERATOR
DH_NOT_SUITABLE_GENERATOR
Class: ECDH#
ECDH
类是创建椭圆曲线Diffie-Hellman(Elliptic Curve Diffie-Hellman (ECDH))键交换的实用工具。
ECDH
类的实例可以使用crypto.createECDH()
方法。
const crypto = require('crypto');
const assert = require('assert');
// Generate Alice's keys...
const alice = crypto.createECDH('secp521r1');
const aliceKey = alice.generateKeys();
// Generate Bob's keys...
const bob = crypto.createECDH('secp521r1');
const bobKey = bob.generateKeys();
// Exchange and generate the secret...
const aliceSecret = alice.computeSecret(bobKey);
const bobSecret = bob.computeSecret(aliceKey);
assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
// OK
ecdh.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])#
otherPublicKey
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>outputEncoding
<string>
Computes the shared secret using otherPublicKey
as the other
party's public key and returns the computed shared secret. The supplied
key is interpreted using specified inputEncoding
, and the returned secret
is encoded using the specified outputEncoding
. Encodings can be
'latin1'
, 'hex'
, or 'base64'
. If the inputEncoding
is not
provided, otherPublicKey
is expected to be a Buffer
, TypedArray
, or
DataView
.
If outputEncoding
is given a string will be returned; otherwise a
Buffer
is returned.
ecdh.generateKeys([encoding[, format]])#
Generates private and public EC Diffie-Hellman key values, and returns
the public key in the specified format
and encoding
. This key should be
transferred to the other party.
The format
argument specifies point encoding and can be 'compressed'
or
'uncompressed'
. If format
is not specified, the point will be returned in
'uncompressed'
format.
The encoding
argument can be 'latin1'
, 'hex'
, or 'base64'
. If
encoding
is provided a string is returned; otherwise a Buffer
is returned.
ecdh.getPrivateKey([encoding])#
encoding
<string>
Returns the EC Diffie-Hellman private key in the specified encoding
,
which can be 'latin1'
, 'hex'
, or 'base64'
. If encoding
is provided
a string is returned; otherwise a Buffer
is returned.
ecdh.getPublicKey([encoding][, format])#
Returns the EC Diffie-Hellman public key in the specified encoding
and
format
.
The format
argument specifies point encoding and can be 'compressed'
or
'uncompressed'
. If format
is not specified the point will be returned in
'uncompressed'
format.
The encoding
argument can be 'latin1'
, 'hex'
, or 'base64'
. If
encoding
is specified, a string is returned; otherwise a Buffer
is
returned.
ecdh.setPrivateKey(privateKey[, encoding])#
privateKey
<string> | <Buffer> | <TypedArray> | <DataView>encoding
<string>
Sets the EC Diffie-Hellman private key. The encoding
can be 'latin1'
,
'hex'
or 'base64'
. If encoding
is provided, privateKey
is expected
to be a string; otherwise privateKey
is expected to be a Buffer
,
TypedArray
, or DataView
.
If privateKey
is not valid for the curve specified when the ECDH
object was
created, an error is thrown. Upon setting the private key, the associated
public point (key) is also generated and set in the ECDH object.
ecdh.setPublicKey(publicKey[, encoding])#
publicKey
<string> | <Buffer> | <TypedArray> | <DataView>encoding
<string>
Sets the EC Diffie-Hellman public key. Key encoding can be 'latin1'
,
'hex'
or 'base64'
. If encoding
is provided publicKey
is expected to
be a string; otherwise a Buffer
, TypedArray
, or DataView
is expected.
Note that there is not normally a reason to call this method because ECDH
only requires a private key and the other party's public key to compute the
shared secret. Typically either ecdh.generateKeys()
or
ecdh.setPrivateKey()
will be called. The ecdh.setPrivateKey()
method
attempts to generate the public point/key associated with the private key being
set.
Example (obtaining a shared secret):
const crypto = require('crypto');
const alice = crypto.createECDH('secp256k1');
const bob = crypto.createECDH('secp256k1');
// Note: This is a shortcut way to specify one of Alice's previous private
// keys. It would be unwise to use such a predictable private key in a real
// application.
alice.setPrivateKey(
crypto.createHash('sha256').update('alice', 'utf8').digest()
);
// Bob uses a newly generated cryptographically strong
// pseudorandom key pair
bob.generateKeys();
const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
// aliceSecret and bobSecret should be the same shared secret value
console.log(aliceSecret === bobSecret);
Class: Hash#
Hash
类是用于创建数据哈希值的工具类。它能用以下方法使用:
作为一个stream,它既可读又可写,数据被写入要在可读的方面生成一个计算散列摘要
使用
hash.update()
和hash.digest()
方法产生计算后的哈希。
crypto.createHash()
方法用于创建Hash
实例。Hash
不能直接使用new
关键字创建对象。
示例: 使用Hash
对象作为流:
const crypto = require('crypto');
const hash = crypto.createHash('sha256');
hash.on('readable', () => {
const data = hash.read();
if (data) {
console.log(data.toString('hex'));
// Prints:
// 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
}
});
hash.write('some data to hash');
hash.end();
示例:使用 Hash
和管道流
const crypto = require('crypto');
const fs = require('fs');
const hash = crypto.createHash('sha256');
const input = fs.createReadStream('test.js');
input.pipe(hash).pipe(process.stdout);
示例:使用hash.update()
和hash.digest()
const crypto = require('crypto');
const hash = crypto.createHash('sha256');
hash.update('some data to hash');
console.log(hash.digest('hex'));
// Prints:
// 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
hash.digest([encoding])#
encoding
<string>
Calculates the digest of all of the data passed to be hashed (using the
hash.update()
method). The encoding
can be 'hex'
, 'latin1'
or
'base64'
. If encoding
is provided a string will be returned; otherwise
a Buffer
is returned.
The Hash
object can not be used again after hash.digest()
method has been
called. Multiple calls will cause an error to be thrown.
hash.update(data[, inputEncoding])#
data
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>
Updates the hash content with the given data
, the encoding of which
is given in inputEncoding
and can be 'utf8'
, 'ascii'
or
'latin1'
. If encoding
is not provided, and the data
is a string, an
encoding of 'utf8'
is enforced. If data
is a Buffer
, TypedArray
, or
DataView
, then inputEncoding
is ignored.
This can be called many times with new data as it is streamed.
Class: Hmac#
Hmac
类是用于创建加密Hmac摘要的工具。它可以有两种用法:
- 作为stream,它既可读又可写,数据被写入要在可读的方面生成一个经过计算的HMAC摘要。
- 使用
hmac.update()
和hmac.digest()
方法产生计算后的HMAC摘要。
crypto.createHmac()
方法用来创建Hmac
实例。Hmac
不能直接使用new
关键字创建对象。
示例:使用Hmac
对象作为流:
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', 'a secret');
hmac.on('readable', () => {
const data = hmac.read();
if (data) {
console.log(data.toString('hex'));
// Prints:
// 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
}
});
hmac.write('some data to hash');
hmac.end();
示例:使用Hmac
和管道流
const crypto = require('crypto');
const fs = require('fs');
const hmac = crypto.createHmac('sha256', 'a secret');
const input = fs.createReadStream('test.js');
input.pipe(hmac).pipe(process.stdout);
示例:使用hmac.update()
和hmac.digest()
方法
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', 'a secret');
hmac.update('some data to hash');
console.log(hmac.digest('hex'));
// Prints:
// 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
hmac.digest([encoding])#
encoding
<string>
Calculates the HMAC digest of all of the data passed using hmac.update()
.
The encoding
can be 'hex'
, 'latin1'
or 'base64'
. If encoding
is
provided a string is returned; otherwise a Buffer
is returned;
The Hmac
object can not be used again after hmac.digest()
has been
called. Multiple calls to hmac.digest()
will result in an error being thrown.
hmac.update(data[, inputEncoding])#
data
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>
Updates the Hmac
content with the given data
, the encoding of which
is given in inputEncoding
and can be 'utf8'
, 'ascii'
or
'latin1'
. If encoding
is not provided, and the data
is a string, an
encoding of 'utf8'
is enforced. If data
is a Buffer
, TypedArray
, or
DataView
, then inputEncoding
is ignored.
This can be called many times with new data as it is streamed.
Class: Sign#
“Sign”类是生成签名的实用工具。它有两种使用方式:
- 作为一个可写的stream,在这里,要签署的数据是写出来的,
sign.sign()
方法用于生成并返回签名 - 使用
sign.update()
和sign.sign()
方法生产签名。
crypto.createSign()
方法用于创建Sign
实例。Sign
实例不能直接使用new
关键字创建。
示例:使用“符号”对象作为流:
const crypto = require('crypto');
const sign = crypto.createSign('SHA256');
sign.write('some data to sign');
sign.end();
const privateKey = getPrivateKeySomehow();
console.log(sign.sign(privateKey, 'hex'));
// Prints: the calculated signature using the specified private key and
// SHA-256. For RSA keys, the algorithm is RSASSA-PKCS1-v1_5 (see padding
// parameter below for RSASSA-PSS). For EC keys, the algorithm is ECDSA.
示例:使用sign.update()
和sign.sign()
方法:
const crypto = require('crypto');
const sign = crypto.createSign('SHA256');
sign.update('some data to sign');
const privateKey = getPrivateKeySomehow();
console.log(sign.sign(privateKey, 'hex'));
// Prints: the calculated signature
一个Sign
实例也可以通过仅仅通过摘要来创建算法名称,在这种情况下,OpenSSL将会从PEM-formatted私钥的类型推断出完整的签名算法,包括不直接暴露姓名常数的算法。比如'ecdsa-with-SHA256'。
示例:使用ECDSA与SHA256进行签名
const crypto = require('crypto');
const sign = crypto.createSign('RSA-SHA256');
sign.update('some data to sign');
const privateKey = getPrivateKeySomehow();
console.log(sign.sign(privateKey, 'hex'));
// Prints: the calculated signature
sign.sign(privateKey[, outputFormat])#
Calculates the signature on all the data passed through using either
sign.update()
or sign.write()
.
The privateKey
argument can be an object or a string. If privateKey
is a
string, it is treated as a raw key with no passphrase. If privateKey
is an
object, it must contain one or more of the following properties:
key
: <string> - PEM encoded private key (required)passphrase
: <string> - passphrase for the private keypadding
: <integer> - Optional padding value for RSA, one of the following:crypto.constants.RSA_PKCS1_PADDING
(default)crypto.constants.RSA_PKCS1_PSS_PADDING
Note that
RSA_PKCS1_PSS_PADDING
will use MGF1 with the same hash function used to sign the message as specified in section 3.1 of RFC 4055.saltLength
: <integer> - salt length for when padding isRSA_PKCS1_PSS_PADDING
. The special valuecrypto.constants.RSA_PSS_SALTLEN_DIGEST
sets the salt length to the digest size,crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN
(default) sets it to the maximum permissible value.
The outputFormat
can specify one of 'latin1'
, 'hex'
or 'base64'
. If
outputFormat
is provided a string is returned; otherwise a Buffer
is
returned.
The Sign
object can not be again used after sign.sign()
method has been
called. Multiple calls to sign.sign()
will result in an error being thrown.
sign.update(data[, inputEncoding])#
data
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>
Updates the Sign
content with the given data
, the encoding of which
is given in inputEncoding
and can be 'utf8'
, 'ascii'
or
'latin1'
. If encoding
is not provided, and the data
is a string, an
encoding of 'utf8'
is enforced. If data
is a Buffer
, TypedArray
, or
DataView
, then inputEncoding
is ignored.
This can be called many times with new data as it is streamed.
Class: Verify#
Verify
类是验证签名的工具。它可以两种方式使用:
- 作为可写的stream,使用书面数据来验证提供的签名
- 使用
verify.update()
和verify.verify()
的方法来验证签名。
crypto.createVerify()
方法用于创建Verify
实例。
Verify
对象不能直接使用new
关键字创建。
示例:使用“验证”对象作为流:
const crypto = require('crypto');
const verify = crypto.createVerify('SHA256');
verify.write('some data to sign');
verify.end();
const publicKey = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(verify.verify(publicKey, signature));
// Prints: true or false
示例:使用verify.update()
和verify.verify()
方法
const crypto = require('crypto');
const verify = crypto.createVerify('SHA256');
verify.update('some data to sign');
const publicKey = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(verify.verify(publicKey, signature));
// Prints: true or false
verify.update(data[, inputEncoding])#
data
<string> | <Buffer> | <TypedArray> | <DataView>inputEncoding
<string>
Updates the Verify
content with the given data
, the encoding of which
is given in inputEncoding
and can be 'utf8'
, 'ascii'
or
'latin1'
. If encoding
is not provided, and the data
is a string, an
encoding of 'utf8'
is enforced. If data
is a Buffer
, TypedArray
, or
DataView
, then inputEncoding
is ignored.
This can be called many times with new data as it is streamed.
verify.verify(object, signature[, signatureFormat])#
object
<string> | <Object>signature
<string> | <Buffer> | <TypedArray> | <DataView>signatureFormat
<string>
Verifies the provided data using the given object
and signature
.
The object
argument can be either a string containing a PEM encoded object,
which can be an RSA public key, a DSA public key, or an X.509 certificate,
or an object with one or more of the following properties:
key
: <string> - PEM encoded public key (required)padding
: <integer> - Optional padding value for RSA, one of the following:crypto.constants.RSA_PKCS1_PADDING
(default)crypto.constants.RSA_PKCS1_PSS_PADDING
Note that
RSA_PKCS1_PSS_PADDING
will use MGF1 with the same hash function used to verify the message as specified in section 3.1 of RFC 4055.saltLength
: <integer> - salt length for when padding isRSA_PKCS1_PSS_PADDING
. The special valuecrypto.constants.RSA_PSS_SALTLEN_DIGEST
sets the salt length to the digest size,crypto.constants.RSA_PSS_SALTLEN_AUTO
(default) causes it to be determined automatically.
The signature
argument is the previously calculated signature for the data, in
the signatureFormat
which can be 'latin1'
, 'hex'
or 'base64'
.
If a signatureFormat
is specified, the signature
is expected to be a
string; otherwise signature
is expected to be a Buffer
,
TypedArray
, or DataView
.
Returns true
or false
depending on the validity of the signature for
the data and public key.
The verify
object can not be used again after verify.verify()
has been
called. Multiple calls to verify.verify()
will result in an error being
thrown.
crypto
module methods and properties#
crypto.constants#
Returns an object containing commonly used constants for crypto and security related operations. The specific constants currently defined are described in Crypto Constants.
crypto.DEFAULT_ENCODING#
The default encoding to use for functions that can take either strings
or buffers. The default value is 'buffer'
, which makes methods
default to Buffer
objects.
The crypto.DEFAULT_ENCODING
mechanism is provided for backwards compatibility
with legacy programs that expect 'latin1'
to be the default encoding.
New applications should expect the default to be 'buffer'
. This property may
become deprecated in a future Node.js release.
crypto.fips#
Property for checking and controlling whether a FIPS compliant crypto provider is currently in use. Setting to true requires a FIPS build of Node.js.
crypto.createCipher(algorithm, password[, options])#
algorithm
<string>password
<string> | <Buffer> | <TypedArray> | <DataView>options
<Object>stream.transform
options
Creates and returns a Cipher
object that uses the given algorithm
and
password
. Optional options
argument controls stream behavior.
The algorithm
is dependent on OpenSSL, examples are 'aes192'
, etc. On
recent OpenSSL releases, openssl list-cipher-algorithms
will display the
available cipher algorithms.
The password
is used to derive the cipher key and initialization vector (IV).
The value must be either a 'latin1'
encoded string, a Buffer
, a
TypedArray
, or a DataView
.
The implementation of crypto.createCipher()
derives keys using the OpenSSL
function EVP_BytesToKey
with the digest algorithm set to MD5, one
iteration, and no salt. The lack of salt allows dictionary attacks as the same
password always creates the same key. The low iteration count and
non-cryptographically secure hash algorithm allow passwords to be tested very
rapidly.
In line with OpenSSL's recommendation to use PBKDF2 instead of
EVP_BytesToKey
it is recommended that developers derive a key and IV on
their own using crypto.pbkdf2()
and to use crypto.createCipheriv()
to create the Cipher
object. Users should not use ciphers with counter mode
(e.g. CTR, GCM, or CCM) in crypto.createCipher()
. A warning is emitted when
they are used in order to avoid the risk of IV reuse that causes
vulnerabilities. For the case when IV is reused in GCM, see Nonce-Disrespecting
Adversaries for details.
crypto.createCipheriv(algorithm, key, iv[, options])#
algorithm
<string>key
<string> | <Buffer> | <TypedArray> | <DataView>iv
<string> | <Buffer> | <TypedArray> | <DataView>options
<Object>stream.transform
options
Creates and returns a Cipher
object, with the given algorithm
, key
and
initialization vector (iv
). Optional options
argument controls stream behavior.
The algorithm
is dependent on OpenSSL, examples are 'aes192'
, etc. On
recent OpenSSL releases, openssl list-cipher-algorithms
will display the
available cipher algorithms.
The key
is the raw key used by the algorithm
and iv
is an
initialization vector. Both arguments must be 'utf8'
encoded strings,
Buffers, TypedArray
, or DataView
s.
crypto.createCredentials(details)#
tls.createSecureContext()
instead.details
<Object> Identical totls.createSecureContext()
.
The crypto.createCredentials()
method is a deprecated function for creating
and returning a tls.SecureContext
. It should not be used. Replace it with
tls.createSecureContext()
which has the exact same arguments and return
value.
Returns a tls.SecureContext
, as-if tls.createSecureContext()
had been
called.
crypto.createDecipher(algorithm, password[, options])#
algorithm
<string>password
<string> | <Buffer> | <TypedArray> | <DataView>options
<Object>stream.transform
options
Creates and returns a Decipher
object that uses the given algorithm
and
password
(key). Optional options
argument controls stream behavior.
The implementation of crypto.createDecipher()
derives keys using the OpenSSL
function EVP_BytesToKey
with the digest algorithm set to MD5, one
iteration, and no salt. The lack of salt allows dictionary attacks as the same
password always creates the same key. The low iteration count and
non-cryptographically secure hash algorithm allow passwords to be tested very
rapidly.
In line with OpenSSL's recommendation to use PBKDF2 instead of
EVP_BytesToKey
it is recommended that developers derive a key and IV on
their own using crypto.pbkdf2()
and to use crypto.createDecipheriv()
to create the Decipher
object.
crypto.createDecipheriv(algorithm, key, iv[, options])#
algorithm
<string>key
<string> | <Buffer> | <TypedArray> | <DataView>iv
<string> | <Buffer> | <TypedArray> | <DataView>options
<Object>stream.transform
options
Creates and returns a Decipher
object that uses the given algorithm
, key
and initialization vector (iv
). Optional options
argument controls stream
behavior.
The algorithm
is dependent on OpenSSL, examples are 'aes192'
, etc. On
recent OpenSSL releases, openssl list-cipher-algorithms
will display the
available cipher algorithms.
The key
is the raw key used by the algorithm
and iv
is an
initialization vector. Both arguments must be 'utf8'
encoded strings or
buffers.
crypto.createDiffieHellman(prime[, primeEncoding][, generator][, generatorEncoding])#
prime
<string> | <Buffer> | <TypedArray> | <DataView>primeEncoding
<string>generator
<number> | <string> | <Buffer> | <TypedArray> | <DataView> Defaults to2
.generatorEncoding
<string>
Creates a DiffieHellman
key exchange object using the supplied prime
and an
optional specific generator
.
The generator
argument can be a number, string, or Buffer
. If
generator
is not specified, the value 2
is used.
The primeEncoding
and generatorEncoding
arguments can be 'latin1'
,
'hex'
, or 'base64'
.
If primeEncoding
is specified, prime
is expected to be a string; otherwise
a Buffer
, TypedArray
, or DataView
is expected.
If generatorEncoding
is specified, generator
is expected to be a string;
otherwise a number, Buffer
, TypedArray
, or DataView
is expected.
crypto.createDiffieHellman(primeLength[, generator])#
primeLength
<number>generator
<number> | <string> | <Buffer> | <TypedArray> | <DataView> Defaults to2
.
Creates a DiffieHellman
key exchange object and generates a prime of
primeLength
bits using an optional specific numeric generator
.
If generator
is not specified, the value 2
is used.
crypto.createECDH(curveName)#
curveName
<string>
Creates an Elliptic Curve Diffie-Hellman (ECDH
) key exchange object using a
predefined curve specified by the curveName
string. Use
crypto.getCurves()
to obtain a list of available curve names. On recent
OpenSSL releases, openssl ecparam -list_curves
will also display the name
and description of each available elliptic curve.
crypto.createHash(algorithm[, options])#
algorithm
<string>options
<Object>stream.transform
options
Creates and returns a Hash
object that can be used to generate hash digests
using the given algorithm
. Optional options
argument controls stream
behavior.
The algorithm
is dependent on the available algorithms supported by the
version of OpenSSL on the platform. Examples are 'sha256'
, 'sha512'
, etc.
On recent releases of OpenSSL, openssl list-message-digest-algorithms
will
display the available digest algorithms.
Example: generating the sha256 sum of a file
const filename = process.argv[2];
const crypto = require('crypto');
const fs = require('fs');
const hash = crypto.createHash('sha256');
const input = fs.createReadStream(filename);
input.on('readable', () => {
const data = input.read();
if (data)
hash.update(data);
else {
console.log(`${hash.digest('hex')} ${filename}`);
}
});
crypto.createHmac(algorithm, key[, options])#
algorithm
<string>key
<string> | <Buffer> | <TypedArray> | <DataView>options
<Object>stream.transform
options
Creates and returns an Hmac
object that uses the given algorithm
and key
.
Optional options
argument controls stream behavior.
The algorithm
is dependent on the available algorithms supported by the
version of OpenSSL on the platform. Examples are 'sha256'
, 'sha512'
, etc.
On recent releases of OpenSSL, openssl list-message-digest-algorithms
will
display the available digest algorithms.
The key
is the HMAC key used to generate the cryptographic HMAC hash.
Example: generating the sha256 HMAC of a file
const filename = process.argv[2];
const crypto = require('crypto');
const fs = require('fs');
const hmac = crypto.createHmac('sha256', 'a secret');
const input = fs.createReadStream(filename);
input.on('readable', () => {
const data = input.read();
if (data)
hmac.update(data);
else {
console.log(`${hmac.digest('hex')} ${filename}`);
}
});
crypto.createSign(algorithm[, options])#
algorithm
<string>options
<Object>stream.Writable
options
Creates and returns a Sign
object that uses the given algorithm
.
Use crypto.getHashes()
to obtain an array of names of the available
signing algorithms. Optional options
argument controls the
stream.Writable
behavior.
crypto.createVerify(algorithm[, options])#
algorithm
<string>options
<Object>stream.Writable
options
Creates and returns a Verify
object that uses the given algorithm.
Use crypto.getHashes()
to obtain an array of names of the available
signing algorithms. Optional options
argument controls the
stream.Writable
behavior.
crypto.getCiphers()#
Returns an array with the names of the supported cipher algorithms.
Example:
const ciphers = crypto.getCiphers();
console.log(ciphers); // ['aes-128-cbc', 'aes-128-ccm', ...]
crypto.getCurves()#
Returns an array with the names of the supported elliptic curves.
Example:
const curves = crypto.getCurves();
console.log(curves); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]
crypto.getDiffieHellman(groupName)#
groupName
<string>
Creates a predefined DiffieHellman
key exchange object. The
supported groups are: 'modp1'
, 'modp2'
, 'modp5'
(defined in
RFC 2412, but see Caveats) and 'modp14'
, 'modp15'
,
'modp16'
, 'modp17'
, 'modp18'
(defined in RFC 3526). The
returned object mimics the interface of objects created by
crypto.createDiffieHellman()
, but will not allow changing
the keys (with diffieHellman.setPublicKey()
for example). The
advantage of using this method is that the parties do not have to
generate nor exchange a group modulus beforehand, saving both processor
and communication time.
Example (obtaining a shared secret):
const crypto = require('crypto');
const alice = crypto.getDiffieHellman('modp14');
const bob = crypto.getDiffieHellman('modp14');
alice.generateKeys();
bob.generateKeys();
const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
/* aliceSecret and bobSecret should be the same */
console.log(aliceSecret === bobSecret);
crypto.getHashes()#
Returns an array of the names of the supported hash algorithms,
such as RSA-SHA256
.
Example:
const hashes = crypto.getHashes();
console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)#
password
<string>salt
<string>iterations
<number>keylen
<number>digest
<string>callback
<Function>
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation. A selected HMAC digest algorithm specified by digest
is
applied to derive a key of the requested byte length (keylen
) from the
password
, salt
and iterations
.
The supplied callback
function is called with two arguments: err
and
derivedKey
. If an error occurs, err
will be set; otherwise err
will be
null. The successfully generated derivedKey
will be passed as a Buffer
.
The iterations
argument must be a number set as high as possible. The
higher the number of iterations, the more secure the derived key will be,
but will take a longer amount of time to complete.
The salt
should also be as unique as possible. It is recommended that the
salts are random and their lengths are at least 16 bytes. See
NIST SP 800-132 for details.
Example:
const crypto = require('crypto');
crypto.pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
if (err) throw err;
console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
});
An array of supported digest functions can be retrieved using
crypto.getHashes()
.
Note that this API uses libuv's threadpool, which can have surprising and
negative performance implications for some applications, see the
UV_THREADPOOL_SIZE
documentation for more information.
crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)#
Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
implementation. A selected HMAC digest algorithm specified by digest
is
applied to derive a key of the requested byte length (keylen
) from the
password
, salt
and iterations
.
If an error occurs an Error will be thrown, otherwise the derived key will be
returned as a Buffer
.
The iterations
argument must be a number set as high as possible. The
higher the number of iterations, the more secure the derived key will be,
but will take a longer amount of time to complete.
The salt
should also be as unique as possible. It is recommended that the
salts are random and their lengths are at least 16 bytes. See
NIST SP 800-132 for details.
Example:
const crypto = require('crypto');
const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex')); // '3745e48...08d59ae'
An array of supported digest functions can be retrieved using
crypto.getHashes()
.
crypto.privateDecrypt(privateKey, buffer)#
privateKey
<Object> | <string>buffer
<Buffer> | <TypedArray> | <DataView>- Returns:
<Buffer> A new
Buffer
with the decrypted content.
Decrypts buffer
with privateKey
.
privateKey
can be an object or a string. If privateKey
is a string, it is
treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING
.
crypto.privateEncrypt(privateKey, buffer)#
privateKey
<Object> | <string>buffer
<Buffer> | <TypedArray> | <DataView>- Returns:
<Buffer> A new
Buffer
with the encrypted content.
Encrypts buffer
with privateKey
.
privateKey
can be an object or a string. If privateKey
is a string, it is
treated as the key with no passphrase and will use RSA_PKCS1_PADDING
.
crypto.publicDecrypt(key, buffer)#
key
<Object> | <string>buffer
<Buffer> | <TypedArray> | <DataView>- Returns:
<Buffer> A new
Buffer
with the decrypted content.
Decrypts buffer
with key
.
key
can be an object or a string. If key
is a string, it is treated as
the key with no passphrase and will use RSA_PKCS1_PADDING
.
Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.
crypto.publicEncrypt(key, buffer)#
key
<Object> | <string>key
<string> A PEM encoded public or private key.passphrase
<string> An optional passphrase for the private key.padding
<crypto.constants> An optional padding value defined incrypto.constants
, which may be:crypto.constants.RSA_NO_PADDING
,RSA_PKCS1_PADDING
, orcrypto.constants.RSA_PKCS1_OAEP_PADDING
.
buffer
<Buffer> | <TypedArray> | <DataView>- Returns:
<Buffer> A new
Buffer
with the encrypted content.
Encrypts the content of buffer
with key
and returns a new
Buffer
with encrypted content.
key
can be an object or a string. If key
is a string, it is treated as
the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING
.
Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.
crypto.randomBytes(size[, callback])#
size
<number>callback
<Function>
生成加密强伪随机数据. size
参数是指示要生成的字节数的数值。
如果提供 callback
回调函数 ,这些字节是异步生成的并且使用两个参数调用callback
函数:err
和buf
。
如果发生错误, err
是一个Error对象; 否则为null。buf
参数是包含生成字节的Buffer
。
// Asynchronous
const crypto = require('crypto');
crypto.randomBytes(256, (err, buf) => {
if (err) throw err;
console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
});
如果未提供 callback
回调函数, 则同步地生成随机字节并返回为Buffer
。如果生成字节遇到问题,将会抛出一个错误。
// Synchronous
const buf = crypto.randomBytes(256);
console.log(
`${buf.length} bytes of random data: ${buf.toString('hex')}`);
crypto.randomBytes()
方法将在获得足够的熵之后完成。这通常不会超过几毫秒。只有在刚开机时才可能会阻塞更久,因为此时整个系统的熵不多。
注意这个API使用libuv的线程池,所以在某些时候可能会产生意外的性能问题,查看UV_THREADPOOL_SIZE
的文档以了解更多信息。
Note: The asynchronous version of crypto.randomBytes()
is carried out
in a single threadpool request. To minimize threadpool task length variation,
partition large randomBytes
requests when doing so as part of fulfilling a
client request.
crypto.randomFillSync(buffer[, offset][, size])#
buffer
<Buffer> | <Uint8Array> Must be supplied.offset
<number> Defaults to0
.size
<number> Defaults tobuffer.length - offset
.
Synchronous version of crypto.randomFill()
.
Returns buffer
const buf = Buffer.alloc(10);
console.log(crypto.randomFillSync(buf).toString('hex'));
crypto.randomFillSync(buf, 5);
console.log(buf.toString('hex'));
// The above is equivalent to the following:
crypto.randomFillSync(buf, 5, 5);
console.log(buf.toString('hex'));
crypto.randomFill(buffer[, offset][, size], callback)#
buffer
<Buffer> | <Uint8Array>必须被支持.offset
<number> Defaults to0
.size
<number> Defaults tobuffer.length - offset
.callback
<Function>function(err, buf) {}
.
This function is similar to crypto.randomBytes()
but requires the first
argument to be a Buffer
that will be filled. It also
requires that a callback is passed in.
If the callback
function is not provided, an error will be thrown.
const buf = Buffer.alloc(10);
crypto.randomFill(buf, (err, buf) => {
if (err) throw err;
console.log(buf.toString('hex'));
});
crypto.randomFill(buf, 5, (err, buf) => {
if (err) throw err;
console.log(buf.toString('hex'));
});
// The above is equivalent to the following:
crypto.randomFill(buf, 5, 5, (err, buf) => {
if (err) throw err;
console.log(buf.toString('hex'));
});
Note that this API uses libuv's threadpool, which can have surprising and
negative performance implications for some applications, see the
UV_THREADPOOL_SIZE
documentation for more information.
Note: The asynchronous version of crypto.randomFill()
is carried out
in a single threadpool request. To minimize threadpool task length variation,
partition large randomFill
requests when doing so as part of fulfilling a
client request.
crypto.setEngine(engine[, flags])#
engine
<string>flags
<crypto.constants> Defaults tocrypto.constants.ENGINE_METHOD_ALL
.
Load and set the engine
for some or all OpenSSL functions (selected by flags).
engine
could be either an id or a path to the engine's shared library.
The optional flags
argument uses ENGINE_METHOD_ALL
by default. The flags
is a bit field taking one of or a mix of the following flags (defined in
crypto.constants
):
crypto.constants.ENGINE_METHOD_RSA
crypto.constants.ENGINE_METHOD_DSA
crypto.constants.ENGINE_METHOD_DH
crypto.constants.ENGINE_METHOD_RAND
crypto.constants.ENGINE_METHOD_ECDH
crypto.constants.ENGINE_METHOD_ECDSA
crypto.constants.ENGINE_METHOD_CIPHERS
crypto.constants.ENGINE_METHOD_DIGESTS
crypto.constants.ENGINE_METHOD_STORE
crypto.constants.ENGINE_METHOD_PKEY_METHS
crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS
crypto.constants.ENGINE_METHOD_ALL
crypto.constants.ENGINE_METHOD_NONE
crypto.timingSafeEqual(a, b)#
a
<Buffer> | <TypedArray> | <DataView>b
<Buffer> | <TypedArray> | <DataView>
This function is based on a constant-time algorithm.
Returns true if a
is equal to b
, without leaking timing information that
would allow an attacker to guess one of the values. This is suitable for
comparing HMAC digests or secret values like authentication cookies or
capability urls.
a
and b
must both be Buffer
s, TypedArray
s, or DataView
s, and they
must have the same length.
Note: Use of crypto.timingSafeEqual
does not guarantee that the
surrounding code is timing-safe. Care should be taken to ensure that the
surrounding code does not introduce timing vulnerabilities.
Notes#
Legacy Streams API (pre Node.js v0.10)#
The Crypto module was added to Node.js before there was the concept of a
unified Stream API, and before there were Buffer
objects for handling
binary data. As such, the many of the crypto
defined classes have methods not
typically found on other Node.js classes that implement the streams
API (e.g. update()
, final()
, or digest()
). Also, many methods accepted
and returned 'latin1'
encoded strings by default rather than Buffers. This
default was changed after Node.js v0.8 to use Buffer
objects by default
instead.
Recent ECDH Changes#
Usage of ECDH
with non-dynamically generated key pairs has been simplified.
Now, ecdh.setPrivateKey()
can be called with a preselected private key
and the associated public point (key) will be computed and stored in the object.
This allows code to only store and provide the private part of the EC key pair.
ecdh.setPrivateKey()
now also validates that the private key is valid for
the selected curve.
The ecdh.setPublicKey()
method is now deprecated as its inclusion in the
API is not useful. Either a previously stored private key should be set, which
automatically generates the associated public key, or ecdh.generateKeys()
should be called. The main drawback of using ecdh.setPublicKey()
is that
it can be used to put the ECDH key pair into an inconsistent state.
Support for weak or compromised algorithms#
The crypto
module still supports some algorithms which are already
compromised and are not currently recommended for use. The API also allows
the use of ciphers and hashes with a small key size that are considered to be
too weak for safe use.
Users should take full responsibility for selecting the crypto algorithm and key size according to their security requirements.
Based on the recommendations of NIST SP 800-131A:
- MD5 and SHA-1 are no longer acceptable where collision resistance is required such as digital signatures.
- The key used with RSA, DSA, and DH algorithms is recommended to have at least 2048 bits and that of the curve of ECDSA and ECDH at least 224 bits, to be safe to use for several years.
- The DH groups of
modp1
,modp2
andmodp5
have a key size smaller than 2048 bits and are not recommended.
See the reference for other recommendations and details.
Crypto Constants#
The following constants exported by crypto.constants
apply to various uses of
the crypto
, tls
, and https
modules and are generally specific to OpenSSL.
OpenSSL Options#
Constant | Description |
---|---|
SSL_OP_ALL |
Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. |
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. |
SSL_OP_CIPHER_SERVER_PREFERENCE |
Attempts to use the server's preferences instead of the client's when selecting a cipher. Behavior depends on protocol version. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. |
SSL_OP_CISCO_ANYCONNECT |
Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. |
SSL_OP_COOKIE_EXCHANGE |
Instructs OpenSSL to turn on cookie exchange. |
SSL_OP_CRYPTOPRO_TLSEXT_BUG |
Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft. |
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d. |
SSL_OP_EPHEMERAL_RSA |
Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations. |
SSL_OP_LEGACY_SERVER_CONNECT |
Allows initial connection to servers that do not support RI. |
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
|
SSL_OP_MICROSOFT_SESS_ID_BUG |
|
SSL_OP_MSIE_SSLV2_RSA_PADDING |
Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation. |
SSL_OP_NETSCAPE_CA_DN_BUG |
|
SSL_OP_NETSCAPE_CHALLENGE_BUG |
|
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG |
|
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
|
SSL_OP_NO_COMPRESSION |
Instructs OpenSSL to disable support for SSL/TLS compression. |
SSL_OP_NO_QUERY_MTU |
|
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Instructs OpenSSL to always start a new session when performing renegotiation. |
SSL_OP_NO_SSLv2 |
Instructs OpenSSL to turn off SSL v2 |
SSL_OP_NO_SSLv3 |
Instructs OpenSSL to turn off SSL v3 |
SSL_OP_NO_TICKET |
Instructs OpenSSL to disable use of RFC4507bis tickets. |
SSL_OP_NO_TLSv1 |
Instructs OpenSSL to turn off TLS v1 |
SSL_OP_NO_TLSv1_1 |
Instructs OpenSSL to turn off TLS v1.1 |
SSL_OP_NO_TLSv1_2 |
Instructs OpenSSL to turn off TLS v1.2 |
SSL_OP_PKCS1_CHECK_1 |
|
SSL_OP_PKCS1_CHECK_2 |
|
SSL_OP_SINGLE_DH_USE |
Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters. |
SSL_OP_SINGLE_ECDH_USE |
Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters. |
SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
|
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
|
SSL_OP_TLS_BLOCK_PADDING_BUG |
|
SSL_OP_TLS_D5_BUG |
|
SSL_OP_TLS_ROLLBACK_BUG |
Instructs OpenSSL to disable version rollback attack detection. |
OpenSSL Engine Constants#
Constant | Description |
---|---|
ENGINE_METHOD_RSA |
Limit engine usage to RSA |
ENGINE_METHOD_DSA |
Limit engine usage to DSA |
ENGINE_METHOD_DH |
Limit engine usage to DH |
ENGINE_METHOD_RAND |
Limit engine usage to RAND |
ENGINE_METHOD_ECDH |
Limit engine usage to ECDH |
ENGINE_METHOD_ECDSA |
Limit engine usage to ECDSA |
ENGINE_METHOD_CIPHERS |
Limit engine usage to CIPHERS |
ENGINE_METHOD_DIGESTS |
Limit engine usage to DIGESTS |
ENGINE_METHOD_STORE |
Limit engine usage to STORE |
ENGINE_METHOD_PKEY_METHS |
Limit engine usage to PKEY_METHDS |
ENGINE_METHOD_PKEY_ASN1_METHS |
Limit engine usage to PKEY_ASN1_METHS |
ENGINE_METHOD_ALL |
|
ENGINE_METHOD_NONE |
Other OpenSSL Constants#
Constant | Description |
---|---|
DH_CHECK_P_NOT_SAFE_PRIME |
|
DH_CHECK_P_NOT_PRIME |
|
DH_UNABLE_TO_CHECK_GENERATOR |
|
DH_NOT_SUITABLE_GENERATOR |
|
NPN_ENABLED |
|
ALPN_ENABLED |
|
RSA_PKCS1_PADDING |
|
RSA_SSLV23_PADDING |
|
RSA_NO_PADDING |
|
RSA_PKCS1_OAEP_PADDING |
|
RSA_X931_PADDING |
|
RSA_PKCS1_PSS_PADDING |
|
RSA_PSS_SALTLEN_DIGEST |
Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size
when signing or verifying. |
RSA_PSS_SALTLEN_MAX_SIGN |
Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum
permissible value when signing data. |
RSA_PSS_SALTLEN_AUTO |
Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined
automatically when verifying a signature. |
POINT_CONVERSION_COMPRESSED |
|
POINT_CONVERSION_UNCOMPRESSED |
|
POINT_CONVERSION_HYBRID |
Node.js Crypto Constants#
Constant | Description |
---|---|
defaultCoreCipherList |
Specifies the built-in default cipher list used by Node.js. |
defaultCipherList |
Specifies the active default cipher list used by the current Node.js process. |
- 断言测试
- 异步钩子(Async Hooks)
- 缓存(Buffer)
- C++ 插件
- C/C++ 插件 - N-API
- 子进程
- 集群(Cluster)
- 命令行参数
- 控制台(Console)
- 加密(Crypto)
- 调试器
- 废弃的 API
- DNS
- 域(Domain)
- ECMAScript 模块
- 错误(Errors)
- 事件(Events)
- 文件系统
- 全局对象(Globals)
- HTTP
- HTTP/2
- HTTPS
- 检查工具(Inspector)
- 国际化
- 模块(Modules)
- 网络(Net)
- 操作系统(OS)
- 路径(Path)
- 性能钩子(Performance Hooks)
- 进程
- Punycode
- 查询字符串
- 逐行读取
- 交互式解释器(REPL)
- 流(Stream)
- 字符串解码
- 定时器(Timers)
- 安全传输层(TLS/SSL)
- 事件跟踪(Tracing)
- TTY
- UDP / 数据报
- URL
- 工具集
- V8
- 虚拟机(VM)
- 压缩(ZLIB)