Use `require('crypto')` to access this module.
- const crypto = require('crypto');
-
- const secret = 'abcdefg';
- const hash = crypto.createHmac('sha256', secret)
- .update('I love cupcakes')
- .digest('hex');
- console.log(hash);
- // Prints:
- // c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
+```js
+const crypto = require('crypto');
+
+const secret = 'abcdefg';
+const hash = crypto.createHmac('sha256', secret)
+ .update('I love cupcakes')
+ .digest('hex');
+console.log(hash);
+ // Prints:
+ // c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
+```
## Class: Certificate
Instances of the `Certificate` class can be created using the `new` keyword
or by calling `crypto.Certificate()` as a function:
- const crypto = require('crypto');
+```js
+const crypto = require('crypto');
- const cert1 = new crypto.Certificate();
- const cert2 = crypto.Certificate();
+const cert1 = new crypto.Certificate();
+const cert2 = crypto.Certificate();
+```
### certificate.exportChallenge(spkac)
form of a Node.js [`Buffer`][]. The `spkac` argument can be either a string
or a [`Buffer`][].
- const cert = require('crypto').Certificate();
- const spkac = getSpkacSomehow();
- const challenge = cert.exportChallenge(spkac);
- console.log(challenge.toString('utf8'));
- // Prints the challenge as a UTF8 string
+```js
+const cert = require('crypto').Certificate();
+const spkac = getSpkacSomehow();
+const challenge = cert.exportChallenge(spkac);
+console.log(challenge.toString('utf8'));
+ // Prints the challenge as a UTF8 string
+```
-### Certificate.exportPublicKey(spkac)
+### certificate.exportPublicKey(spkac)
The `spkac` data structure includes a public key and a challenge. The
`certificate.exportPublicKey()` returns the public key component in the
form of a Node.js [`Buffer`][]. The `spkac` argument can be either a string
or a [`Buffer`][].
- const cert = require('crypto').Certificate();
- const spkac = getSpkacSomehow();
- const publicKey = cert.exportPublicKey(spkac);
- console.log(publicKey);
- // Prints the public key as <Buffer ...>
+```js
+const cert = require('crypto').Certificate();
+const spkac = getSpkacSomehow();
+const publicKey = cert.exportPublicKey(spkac);
+console.log(publicKey);
+ // Prints the public key as <Buffer ...>
+```
-### Certificate.verifySpkac(spkac)
+### certificate.verifySpkac(spkac)
Returns `true` if the given `spkac` data structure is valid, `false` otherwise.
The `spkac` argument must be a Node.js [`Buffer`][].
- const cert = require('crypto').Certificate();
- const spkac = getSpkacSomehow();
- console.log(cert.verifySpkac(new Buffer(spkac)));
- // Prints true or false
+```js
+const cert = require('crypto').Certificate();
+const spkac = getSpkacSomehow();
+console.log(cert.verifySpkac(new Buffer(spkac)));
+ // Prints true or false
+```
## Class: Cipher
- As a [stream][] that is both readable and writable, where plain unencrypted
data is written to produce encrypted data on the readable side, or
-- Using the `cipher.update()` and `cipher.final()` methods to produce the
- encrypted data.
+- Using the [`cipher.update()`][] and [`cipher.final()`][] methods to produce
+ the encrypted data.
-The `crypto.createCipher()` or `crypto.createCipheriv()` methods are used to
-create `Cipher` instances. `Cipher` objects are not to be created directly
-using the `new` keyword.
+The [`crypto.createCipher()`][] or [`crypto.createCipheriv()`][] methods are
+used to create `Cipher` instances. `Cipher` objects are not to be created
+directly using the `new` keyword.
Example: Using `Cipher` objects as streams:
- const crypto = require('crypto');
- const cipher = crypto.createCipher('aes192', 'a password');
-
- cipher.on('readable', () => {
- var data = cipher.read();
- if (data)
- console.log(data.toString('hex'));
- // Prints: b919f20fc5ac2f9c1d2cce94cb1d9c2d
- });
-
- cipher.write('clear text data');
- cipher.end();
+```js
+const crypto = require('crypto');
+const cipher = crypto.createCipher('aes192', 'a password');
+
+var encrypted = '';
+cipher.on('readable', () => {
+ var data = cipher.read();
+ if (data)
+ encrypted += data.toString('hex');
+});
+cipher.on('end', () => {
+ console.log(encrypted);
+ // Prints: ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504
+});
+
+cipher.write('some clear text data');
+cipher.end();
+```
Example: Using `Cipher` and piped streams:
- const crypto = require('crypto');
- const fs = require('fs');
- const cipher = crypto.createCipher('aes192', 'a password');
+```js
+const crypto = require('crypto');
+const fs = require('fs');
+const cipher = crypto.createCipher('aes192', 'a password');
- const input = fs.createReadStream('test.js');
- const output = fs.createWriteStream('test.enc');
+const input = fs.createReadStream('test.js');
+const output = fs.createWriteStream('test.enc');
- input.pipe(cipher).pipe(output);
+input.pipe(cipher).pipe(output);
+```
-Example: Using the `cipher.update()` and `cipher.final()` methods:
+Example: Using the [`cipher.update()`][] and [`cipher.final()`][] methods:
- const crypto = require('crypto');
- const cipher = crypto.createCipher('aes192', 'a password');
+```js
+const crypto = require('crypto');
+const cipher = crypto.createCipher('aes192', 'a password');
- cipher.update('clear text data');
- console.log(cipher.final('hex'));
- // Prints: b919f20fc5ac2f9c1d2cce94cb1d9c2d
+var encrypted = cipher.update('some clear text data', 'utf8', 'hex');
+encrypted += cipher.final('hex');
+console.log(encrypted);
+ // Prints: ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504
+```
### cipher.final([output_encoding])
### cipher.setAAD(buffer)
When using an authenticated encryption mode (only `GCM` is currently
-supported), the `cipher.getAAD()` method sets the value used for the
+supported), the `cipher.setAAD()` method sets the value used for the
_additional authenticated data_ (AAD) input parameter.
### cipher.getAuthTag()
the _authentication tag_ that has been computed from the given data.
The `cipher.getAuthTag()` method should only be called after encryption has
-been completed using the `cipher.final()` method.
+been completed using the [`cipher.final()`][] method.
### cipher.setAutoPadding(auto_padding=true)
default padding call `cipher.setAutoPadding(false)`.
When `auto_padding` is `false`, the length of the entire input data must be a
-multiple of the cipher's block size or `cipher.final()` will throw an Error.
+multiple of the cipher's block size or [`cipher.final()`][] will throw an Error.
Disabling automatic padding is useful for non-standard padding, for instance
using `0x0` instead of PKCS padding.
-The `cipher.setAutoPadding()` method must be called before `cipher.final()`.
+The `cipher.setAutoPadding()` method must be called before [`cipher.final()`][].
### cipher.update(data[, input_encoding][, output_encoding])
`output_encoding` is provided, a [`Buffer`][] is returned.
The `cipher.update()` method can be called multiple times with new data until
-`cipher.final()` is called. Calling `cipher.update()` after `cipher.final()`
-will result in an error being thrown.
+[`cipher.final()`][] is called. Calling `cipher.update()` after
+[`cipher.final()`][] will result in an error being thrown.
## Class: Decipher
- As a [stream][] that is both readable and writable, where plain encrypted
data is written to produce unencrypted data on the readable side, or
-- Using the `decipher.update()` and `decipher.final()` methods to produce the
- unencrypted data.
+- Using the [`decipher.update()`][] and [`decipher.final()`][] methods to
+ produce the unencrypted data.
-The `crypto.createDecipher()` or `crypto.createDecipheriv()` methods are used
-to create `Decipher` instances. `Decipher` objects are not to be created
+The [`crypto.createDecipher()`][] or [`crypto.createDecipheriv()`][] methods are
+used to create `Decipher` instances. `Decipher` objects are not to be created
directly using the `new` keyword.
Example: Using `Decipher` objects as streams:
- const crypto = require('crypto');
- const decipher = crypto.createDecipher('aes192', 'a password');
-
- decipher.on('readable', () => {
- var data = decipher.read();
- if (data)
- console.log(data.toString());
- // Prints: clear text data
- });
-
- decipher.write('b919f20fc5ac2f9c1d2cce94cb1d9c2d', 'hex');
- decipher.end();
+```js
+const crypto = require('crypto');
+const decipher = crypto.createDecipher('aes192', 'a password');
+
+var decrypted = '';
+decipher.on('readable', () => {
+ var data = decipher.read();
+ if (data)
+ decrypted += data.toString('utf8');
+});
+decipher.on('end', () => {
+ console.log(decrypted);
+ // Prints: some clear text data
+});
+
+var encrypted = 'ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504';
+decipher.write(encrypted, 'hex');
+decipher.end();
+```
Example: Using `Decipher` and piped streams:
- const crypto = require('crypto');
- const fs = require('fs');
- const decipher = crypto.createDecipher('aes192', 'a password');
+```js
+const crypto = require('crypto');
+const fs = require('fs');
+const decipher = crypto.createDecipher('aes192', 'a password');
- const input = fs.createReadStream('test.enc');
- const output = fs.createWriteStream('test.js');
+const input = fs.createReadStream('test.enc');
+const output = fs.createWriteStream('test.js');
- input.pipe(decipher).pipe(output);
+input.pipe(decipher).pipe(output);
+```
-Example: Using the `decipher.update()` and `decipher.final()` methods:
+Example: Using the [`decipher.update()`][] and [`decipher.final()`][] methods:
- const crypto = require('crypto');
- const decipher = crypto.createDecipher('aes192', 'a password');
+```js
+const crypto = require('crypto');
+const decipher = crypto.createDecipher('aes192', 'a password');
- decipher.update('b919f20fc5ac2f9c1d2cce94cb1d9c2d', 'hex');
- console.log(decipher.final('utf8'));
- // Prints: clear text data
+var encrypted = 'ca981be48e90867604588e75d04feabb63cc007a8f8ad89b10616ed84d815504';
+var decrypted = decipher.update(encrypted, 'hex', 'utf8');
+decrypted += decipher.final('utf8');
+console.log(decrypted);
+ // Prints: some clear text data
+```
### decipher.final([output_encoding])
### decipher.setAAD(buffer)
When using an authenticated encryption mode (only `GCM` is currently
-supported), the `cipher.getAAD()` method sets the value used for the
+supported), the `cipher.setAAD()` method sets the value used for the
_additional authenticated data_ (AAD) input parameter.
### decipher.setAuthTag(buffer)
When using an authenticated encryption mode (only `GCM` is currently
supported), the `decipher.setAuthTag()` method is used to pass in the
-received _authentication tag_. If no tag is provided, or if the ciphertext
-has been tampered with, `decipher.final()` with throw, indicating that the
-ciphertext should be discarded due to failed authentication.
+received _authentication tag_. If no tag is provided, or if the cipher text
+has been tampered with, [`decipher.final()`][] with throw, indicating that the
+cipher text should be discarded due to failed authentication.
### decipher.setAutoPadding(auto_padding=true)
When data has been encrypted without standard block padding, calling
-`decipher.setAuthPadding(false)` will disable automatic padding to prevent
-`decipher.final()` from checking for and removing padding.
+`decipher.setAutoPadding(false)` will disable automatic padding to prevent
+[`decipher.final()`][] from checking for and removing padding.
Turning auto padding off will only work if the input data's length is a
multiple of the ciphers block size.
The `decipher.setAutoPadding()` method must be called before
-`decipher.update()`.
+[`decipher.update()`][].
### decipher.update(data[, input_encoding][, output_encoding])
`output_encoding` is provided, a [`Buffer`][] is returned.
The `decipher.update()` method can be called multiple times with new data until
-`decipher.final()` is called. Calling `decipher.update()` after
-`decipher.final()` will result in an error being thrown.
+[`decipher.final()`][] is called. Calling `decipher.update()` after
+[`decipher.final()`][] will result in an error being thrown.
## Class: DiffieHellman
exchanges.
Instances of the `DiffieHellman` class can be created using the
-`crypto.createDiffieHellman()` function.
+[`crypto.createDiffieHellman()`][] function.
- const crypto = require('crypto');
- const assert = require('assert');
+```js
+const crypto = require('crypto');
+const assert = require('assert');
- // Generate Alice's keys...
- const alice = crypto.createDiffieHellman(11);
- const alice_key = alice.generateKeys();
+// Generate Alice's keys...
+const alice = crypto.createDiffieHellman(2048);
+const alice_key = alice.generateKeys();
- // Generate Bob's keys...
- const bob = crypto.createDiffieHellman(11);
- const bob_key = bob.generateKeys();
+// Generate Bob's keys...
+const bob = crypto.createDiffieHellman(alice.getPrime(), alice.getGenerator());
+const bob_key = bob.generateKeys();
- // Exchange and generate the secret...
- const alice_secret = alice.computeSecret(bob_key);
- const bob_secret = bob.computeSecret(alice_key);
+// Exchange and generate the secret...
+const alice_secret = alice.computeSecret(bob_key);
+const bob_secret = bob.computeSecret(alice_key);
- assert(alice_secret, bob_secret);
- // OK
+// OK
+assert.equal(alice_secret.toString('hex'), bob_secret.toString('hex'));
+```
### diffieHellman.computeSecret(other_public_key[, input_encoding][, output_encoding])
Generates private and public Diffie-Hellman key values, and returns
the public key in the specified `encoding`. This key should be
transferred to the other party. Encoding can be `'binary'`, `'hex'`,
-or `'base64'`. If `encoding` is provided a string is returned; otherwise a
+or `'base64'`. If `encoding` is provided a string is returned; otherwise a
[`Buffer`][] is returned.
### diffieHellman.getGenerator([encoding])
key exchanges.
Instances of the `ECDH` class can be created using the
-`crypto.createECDH()` function.
+[`crypto.createECDH()`][] function.
- const crypto = require('crypto');
- const assert = require('assert');
+```js
+const crypto = require('crypto');
+const assert = require('assert');
- // Generate Alice's keys...
- const alice = crypto.createECDH('secp521r1');
- const alice_key = alice.generateKeys();
+// Generate Alice's keys...
+const alice = crypto.createECDH('secp521r1');
+const alice_key = alice.generateKeys();
- // Generate Bob's keys...
- const bob = crypto.createECDH('secp521r1');
- const bob_key = bob.generateKeys();
+// Generate Bob's keys...
+const bob = crypto.createECDH('secp521r1');
+const bob_key = bob.generateKeys();
- // Exchange and generate the secret...
- const alice_secret = alice.computeSecret(bob_key);
- const bob_secret = bob.computeSecret(alice_key);
+// Exchange and generate the secret...
+const alice_secret = alice.computeSecret(bob_key);
+const bob_secret = bob.computeSecret(alice_key);
- assert(alice_secret, bob_secret);
- // OK
+assert(alice_secret, bob_secret);
+ // OK
+```
-### ECDH.computeSecret(other_public_key[, input_encoding][, output_encoding])
+### ecdh.computeSecret(other_public_key[, input_encoding][, output_encoding])
Computes the shared secret using `other_public_key` as the other
party's public key and returns the computed shared secret. The supplied
If `output_encoding` is given a string will be returned; otherwise a
[`Buffer`][] is returned.
-### ECDH.generateKeys([encoding[, format]])
+### ecdh.generateKeys([encoding[, format]])
Generates private and public EC Diffie-Hellman key values, and returns
the public key in the specified `format` and `encoding`. This key should be
`encoding` is provided a string is returned; otherwise a [`Buffer`][]
is returned.
-### ECDH.getPrivateKey([encoding])
+### ecdh.getPrivateKey([encoding])
Returns the EC Diffie-Hellman private key in the specified `encoding`,
which can be `'binary'`, `'hex'`, or `'base64'`. If `encoding` is provided
a string is returned; otherwise a [`Buffer`][] is returned.
-### ECDH.getPublicKey([encoding[, format]])
+### ecdh.getPublicKey([encoding[, format]])
Returns the EC Diffie-Hellman public key in the specified `encoding` and
`format`.
`encoding` is specified, a string is returned; otherwise a [`Buffer`][] is
returned.
-### ECDH.setPrivateKey(private_key[, encoding])
+### ecdh.setPrivateKey(private_key[, encoding])
Sets the EC Diffie-Hellman private key. The `encoding` can be `'binary'`,
`'hex'` or `'base64'`. If `encoding` is provided, `private_key` is expected
created, an error is thrown. Upon setting the private key, the associated
public point (key) is also generated and set in the ECDH object.
-### ECDH.setPublicKey(public_key[, encoding])
+### ecdh.setPublicKey(public_key[, encoding])
Stability: 0 - Deprecated
Note that there is not normally a reason to call this method because `ECDH`
only requires a private key and the other party's public key to compute the
-shared secret. Typically either `ecdh.generateKeys()` or `ecdh.setPrivateKey()`
-will be called. The `ecdh.setPrivateKey()` method attempts to generate the
-public point/key associated with the private key being set.
+shared secret. Typically either [`ecdh.generateKeys()`][] or
+[`ecdh.setPrivateKey()`][] will be called. The [`ecdh.setPrivateKey()`][] method
+attempts to generate the public point/key associated with the private key being
+set.
Example (obtaining a shared secret):
- const crypto = require('crypto');
- const alice = crypto.createECDH('secp256k1');
- const bob = crypto.createECDH('secp256k1');
-
- // Note: This is a shortcut way to specify one of Alice's previous private
- // keys. It would be unwise to use such a predictable private key in a real
- // application.
- alice.setPrivateKey(
- crypto.createHash('sha256').update('alice', 'utf8').digest()
- );
+```js
+const crypto = require('crypto');
+const alice = crypto.createECDH('secp256k1');
+const bob = crypto.createECDH('secp256k1');
- // Bob uses a newly generated cryptographically strong
- // pseudorandom key pair bob.generateKeys();
+// Note: This is a shortcut way to specify one of Alice's previous private
+// keys. It would be unwise to use such a predictable private key in a real
+// application.
+alice.setPrivateKey(
+ crypto.createHash('sha256').update('alice', 'utf8').digest()
+);
- const alice_secret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
- const bob_secret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
+// Bob uses a newly generated cryptographically strong
+// pseudorandom key pair bob.generateKeys();
- /* alice_secret and bob_secret should be the same */
- console.log(alice_secret == bob_secret);
+const alice_secret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
+const bob_secret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
-### ECDH.setPublicKey(public_key[, encoding])
-
-Sets the EC Diffie-Hellman public key. Key encoding can be `'binary'`,
-`'hex'` or `'base64'`. If no encoding is provided, then a buffer is
-expected.
+// alice_secret and bob_secret should be the same shared secret value
+console.log(alice_secret === bob_secret);
+```
## Class: Hash
- As a [stream][] that is both readable and writable, where data is written
to produce a computed hash digest on the readable side, or
-- Using the `hash.update()` and `hash.final()` methods to produce the
+- Using the [`hash.update()`][] and [`hash.digest()`][] methods to produce the
computed hash.
-The `crypto.createHash()` method is used to create `Hash` instances. `Hash`
+The [`crypto.createHash()`][] method is used to create `Hash` instances. `Hash`
objects are not to be created directly using the `new` keyword.
Example: Using `Hash` objects as streams:
- const crypto = require('crypto');
- const hash = crypto.createHash('sha256');
+```js
+const crypto = require('crypto');
+const hash = crypto.createHash('sha256');
- hash.on('readable', () => {
- var data = hash.read();
- if (data)
- console.log(data.toString('hex'));
- // Prints:
- // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
- });
+hash.on('readable', () => {
+ var data = hash.read();
+ if (data)
+ console.log(data.toString('hex'));
+ // Prints:
+ // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
+});
- hash.write('some data to hash');
- hash.end();
+hash.write('some data to hash');
+hash.end();
+```
Example: Using `Hash` and piped streams:
- const crypto = require('crypto');
- const fs = require('fs');
- const hash = crypto.createHash('sha256');
+```js
+const crypto = require('crypto');
+const fs = require('fs');
+const hash = crypto.createHash('sha256');
- const input = fs.createReadStream('test.js');
- input.pipe(hash).pipe(process.stdout);
+const input = fs.createReadStream('test.js');
+input.pipe(hash).pipe(process.stdout);
+```
-Example: Using the `hash.update()` and `hash.digest()` methods:
+Example: Using the [`hash.update()`][] and [`hash.digest()`][] methods:
- const crypto = require('crypto');
- const hash = crypto.createHash('sha256');
+```js
+const crypto = require('crypto');
+const hash = crypto.createHash('sha256');
- hash.update('some data to hash');
- console.log(hash.digest('hex'));
- // Prints:
- // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
+hash.update('some data to hash');
+console.log(hash.digest('hex'));
+ // Prints:
+ // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
+```
### hash.digest([encoding])
Calculates the digest of all of the data passed to be hashed (using the
-`hash.update()` method). The `encoding` can be `'hex'`, `'binary'` or
-`'base64'`. If `encoding` is provided a string will be returned; otherwise
+[`hash.update()`][] method). The `encoding` can be `'hex'`, `'binary'` or
+`'base64'`. If `encoding` is provided a string will be returned; otherwise
a [`Buffer`][] is returned.
The `Hash` object can not be used again after `hash.digest()` method has been
Updates the hash content with the given `data`, the encoding of which
is given in `input_encoding` and can be `'utf8'`, `'ascii'` or
-`'binary'`. If `encoding` is not provided, and the `data` is a string, an
+`'binary'`. If `encoding` is not provided, and the `data` is a string, an
encoding of `'binary'` is enforced. If `data` is a [`Buffer`][] then
`input_encoding` is ignored.
- As a [stream][] that is both readable and writable, where data is written
to produce a computed HMAC digest on the readable side, or
-- Using the `hmac.update()` and `hmac.final()` methods to produce the
+- Using the [`hmac.update()`][] and [`hmac.digest()`][] methods to produce the
computed HMAC digest.
-The `crypto.createHmac()` method is used to create `Hmac` instances. `Hmac`
+The [`crypto.createHmac()`][] method is used to create `Hmac` instances. `Hmac`
objects are not to be created directly using the `new` keyword.
Example: Using `Hmac` objects as streams:
- const crypto = require('crypto');
- const hmac = crypto.createHmac('sha256', 'a secret');
+```js
+const crypto = require('crypto');
+const hmac = crypto.createHmac('sha256', 'a secret');
- hmac.on('readable', () => {
- var data = hmac.read();
- if (data)
- console.log(data.toString('hex'));
- // Prints:
- // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
- });
+hmac.on('readable', () => {
+ var data = hmac.read();
+ if (data)
+ console.log(data.toString('hex'));
+ // Prints:
+ // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
+});
- hmac.write('some data to hash');
- hmac.end();
+hmac.write('some data to hash');
+hmac.end();
+```
Example: Using `Hmac` and piped streams:
- const crypto = require('crypto');
- const fs = require('fs');
- const hmac = crypto.createHmac('sha256', 'a secret');
+```js
+const crypto = require('crypto');
+const fs = require('fs');
+const hmac = crypto.createHmac('sha256', 'a secret');
- const input = fs.createReadStream('test.js');
- input.pipe(hmac).pipe(process.stdout);
+const input = fs.createReadStream('test.js');
+input.pipe(hmac).pipe(process.stdout);
+```
-Example: Using the `hmac.update()` and `hmac.digest()` methods:
+Example: Using the [`hmac.update()`][] and [`hmac.digest()`][] methods:
- const crypto = require('crypto');
- const hmac = crypto.createHmac('sha256', 'a secret');
+```js
+const crypto = require('crypto');
+const hmac = crypto.createHmac('sha256', 'a secret');
- hmac.update('some data to hash');
- console.log(hmac.digest('hex'));
- // Prints:
- // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
+hmac.update('some data to hash');
+console.log(hmac.digest('hex'));
+ // Prints:
+ // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
+```
### hmac.digest([encoding])
-Calculates the HMAC digest of all of the data passed using `hmac.update()`. The
-`encoding` can be `'hex'`, `'binary'` or `'base64'`. If `encoding` is provided
-a string is returned; otherwise a [`Buffer`][] is returned;
+Calculates the HMAC digest of all of the data passed using [`hmac.update()`][].
+The `encoding` can be `'hex'`, `'binary'` or `'base64'`. If `encoding` is
+provided a string is returned; otherwise a [`Buffer`][] is returned;
The `Hmac` object can not be used again after `hmac.digest()` has been
called. Multiple calls to `hmac.digest()` will result in an error being thrown.
-### hmac.update(data)
+### hmac.update(data[, input_encoding])
-Update the `Hmac` content with the given `data`. This can be called
-many times with new data as it is streamed.
+Updates the `Hmac` content with the given `data`, the encoding of which
+is given in `input_encoding` and can be `'utf8'`, `'ascii'` or
+`'binary'`. If `encoding` is not provided, and the `data` is a string, an
+encoding of `'utf8'` is enforced. If `data` is a [`Buffer`][] then
+`input_encoding` is ignored.
+
+This can be called many times with new data as it is streamed.
## Class: Sign
of two ways:
- As a writable [stream][], where data to be signed is written and the
- `sign.sign()` method is used to generate and return the signature, or
-- Using the `sign.update()` and `sign.sign()` methods to produce the
+ [`sign.sign()`][] method is used to generate and return the signature, or
+- Using the [`sign.update()`][] and [`sign.sign()`][] methods to produce the
signature.
-The `crypto.createSign()` method is used to create `Sign` instances. `Sign`
+The [`crypto.createSign()`][] method is used to create `Sign` instances. `Sign`
objects are not to be created directly using the `new` keyword.
Example: Using `Sign` objects as streams:
- const crypto = require('crypto');
- const sign = crypto.createSign('rsa-sha256');
+```js
+const crypto = require('crypto');
+const sign = crypto.createSign('RSA-SHA256');
+
+sign.write('some data to sign');
+sign.end();
+
+const private_key = getPrivateKeySomehow();
+console.log(sign.sign(private_key, 'hex'));
+ // Prints the calculated signature
+```
+
+Example: Using the [`sign.update()`][] and [`sign.sign()`][] methods:
+
+```js
+const crypto = require('crypto');
+const sign = crypto.createSign('RSA-SHA256');
+
+sign.update('some data to sign');
+
+const private_key = getPrivateKeySomehow();
+console.log(sign.sign(private_key, 'hex'));
+ // Prints the calculated signature
+```
- sign.write('some data to sign');
- sign.end();
+A [`sign`][] instance can also be created by just passing in the digest
+algorithm name, in which case OpenSSL will infer the full signature algorithm
+from the type of the PEM-formatted private key, including algorithms that
+do not have directly exposed name constants, e.g. 'ecdsa-with-SHA256'.
- const private_key = getPrivateKeySomehow();
- console.log(sign.sign(private_key, 'hex'));
- // Prints the calculated signature
+Example: signing using ECDSA with SHA256
-Example: Using the `sign.update()` and `sign.sign()` methods:
+```js
+const crypto = require('crypto');
+const sign = crypto.createSign('sha256');
- const crypto = require('crypto');
- const sign = crypto.createSign('rsa-sha256');
+sign.update('some data to sign');
- sign.update('some data to sign');
+const private_key = '-----BEGIN EC PRIVATE KEY-----\n' +
+ 'MHcCAQEEIF+jnWY1D5kbVYDNvxxo/Y+ku2uJPDwS0r/VuPZQrjjVoAoGCCqGSM49\n' +
+ 'AwEHoUQDQgAEurOxfSxmqIRYzJVagdZfMMSjRNNhB8i3mXyIMq704m2m52FdfKZ2\n' +
+ 'pQhByd5eyj3lgZ7m7jbchtdgyOF8Io/1ng==\n' +
+ '-----END EC PRIVATE KEY-----\n';
- const private_key = getPrivateKeySomehow();
- console.log(sign.sign(private_key, 'hex'));
- // Prints the calculated signature
+console.log(sign.sign(private_key).toString('hex'));
+```
### sign.sign(private_key[, output_format])
Calculates the signature on all the data passed through using either
-`sign.update()` or `sign.write()`.
+[`sign.update()`][] or [`sign.write()`][stream-writable-write].
The `private_key` argument can be an object or a string. If `private_key` is a
string, it is treated as a raw key with no passphrase. If `private_key` is an
object, it is interpreted as a hash containing two properties:
-* `key` : A string holding the PEM encoded private key
-* `passphrase` : A string of passphrase for the private key
+* `key` : {String} - PEM encoded private key
+* `passphrase` : {String} - passphrase for the private key
The `output_format` can specify one of `'binary'`, `'hex'` or `'base64'`. If
`output_format` is provided a string is returned; otherwise a [`Buffer`][] is
The `Sign` object can not be again used after `sign.sign()` method has been
called. Multiple calls to `sign.sign()` will result in an error being thrown.
-### sign.update(data)
+### sign.update(data[, input_encoding])
-Updates the sign object with the given `data`. This can be called many times
-with new data as it is streamed.
+Updates the `Sign` content with the given `data`, the encoding of which
+is given in `input_encoding` and can be `'utf8'`, `'ascii'` or
+`'binary'`. If `encoding` is not provided, and the `data` is a string, an
+encoding of `'utf8'` is enforced. If `data` is a [`Buffer`][] then
+`input_encoding` is ignored.
+
+This can be called many times with new data as it is streamed.
## Class: Verify
- As a writable [stream][] where written data is used to validate against the
supplied signature, or
-- Using the `verify.update()` and `verify.verify()` methods to verify the
- signature.
+- Using the [`verify.update()`][] and [`verify.verify()`][] methods to verify
+ the signature.
- The `crypto.createSign()` method is used to create `Sign` instances. `Sign`
- objects are not to be created directly using the `new` keyword.
+ The [`crypto.createSign()`][] method is used to create `Sign` instances.
+ `Sign` objects are not to be created directly using the `new` keyword.
Example: Using `Verify` objects as streams:
- const crypto = require('crypto');
- const verify = crypto.createVerify('rsa-sha256');
+```js
+const crypto = require('crypto');
+const verify = crypto.createVerify('RSA-SHA256');
- verify.write('some data to sign');
- verify.end();
+verify.write('some data to sign');
+verify.end();
- const public_key = getPublicKeySomehow();
- const signature = getSignatureToVerify();
- console.log(sign.verify(public_key, signature));
- // Prints true or false
+const public_key = getPublicKeySomehow();
+const signature = getSignatureToVerify();
+console.log(sign.verify(public_key, signature));
+ // Prints true or false
+```
-Example: Using the `verify.update()` and `verify.verify()` methods:
+Example: Using the [`verify.update()`][] and [`verify.verify()`][] methods:
- const crypto = require('crypto');
- const verify = crypto.createVerify('rsa-sha256');
+```js
+const crypto = require('crypto');
+const verify = crypto.createVerify('RSA-SHA256');
- verify.update('some data to sign');
+verify.update('some data to sign');
- const public_key = getPublicKeySomehow();
- const signature = getSignatureToVerify();
- console.log(verify.verify(public_key, signature));
- // Prints true or false
+const public_key = getPublicKeySomehow();
+const signature = getSignatureToVerify();
+console.log(verify.verify(public_key, signature));
+ // Prints true or false
+```
-### verifier.update(data)
+### verifier.update(data[, input_encoding])
-Updates the verifier object with the given `data`. This can be called many
-times with new data as it is streamed.
+Updates the `Verify` content with the given `data`, the encoding of which
+is given in `input_encoding` and can be `'utf8'`, `'ascii'` or
+`'binary'`. If `encoding` is not provided, and the `data` is a string, an
+encoding of `'utf8'` is enforced. If `data` is a [`Buffer`][] then
+`input_encoding` is ignored.
+
+This can be called many times with new data as it is streamed.
### verifier.verify(object, signature[, signature_format])
### crypto.DEFAULT_ENCODING
The default encoding to use for functions that can take either strings
-or [buffers][]. The default value is `'buffer'`, which makes methods default
-to [`Buffer`][] objects.
+or [buffers][`Buffer`]. The default value is `'buffer'`, which makes methods
+default to [`Buffer`][] objects.
The `crypto.DEFAULT_ENCODING` mechanism is provided for backwards compatibility
with legacy programs that expect `'binary'` to be the default encoding.
Creates and returns a `Cipher` object that uses the given `algorithm` and
`password`.
-The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
+The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list-cipher-algorithms` will display the
available cipher algorithms.
The `password` is used to derive the cipher key and initialization vector (IV).
-The value must be either a `'binary'` encoded string or a [`Buffer`[].
+The value must be either a `'binary'` encoded string or a [`Buffer`][].
The implementation of `crypto.createCipher()` derives keys using the OpenSSL
function [`EVP_BytesToKey`][] with the digest algorithm set to MD5, one
In line with OpenSSL's recommendation to use pbkdf2 instead of
[`EVP_BytesToKey`][] it is recommended that developers derive a key and IV on
-their own using [`crypto.pbkdf2`][] and to use [`crypto.createCipheriv()`][]
+their own using [`crypto.pbkdf2()`][] and to use [`crypto.createCipheriv()`][]
to create the `Cipher` object.
### crypto.createCipheriv(algorithm, key, iv)
Creates and returns a `Cipher` object, with the given `algorithm`, `key` and
initialization vector (`iv`).
-The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
+The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list-cipher-algorithms` will display the
available cipher algorithms.
The `key` is the raw key used by the `algorithm` and `iv` is an
[initialization vector][]. Both arguments must be `'binary'` encoded strings or
-[buffers][].
+[buffers][`Buffer`].
### crypto.createCredentials(details)
- Stability: 0 - Deprecated: Use [`tls.createSecureContext`][] instead.
+ Stability: 0 - Deprecated: Use [`tls.createSecureContext()`][] instead.
The `crypto.createCredentials()` method is a deprecated alias for creating
and returning a `tls.SecureContext` object. The `crypto.createCredentials()`
The optional `details` argument is a hash object with keys:
-* `pfx` : A string or [`Buffer`][] holding the PFX or PKCS12 encoded private
+* `pfx` : {String|Buffer} - PFX or PKCS12 encoded private
key, certificate and CA certificates
-* `key` : A string holding the PEM encoded private key
-* `passphrase` : The string passphrase for the private key or PFX
-* `cert` : A string holding the PEM encoded certificate
-* `ca` : Either a string or array of strings of PEM encoded CA
+* `key` : {String} - PEM encoded private key
+* `passphrase` : {String} - passphrase for the private key or PFX
+* `cert` : {String} - PEM encoded certificate
+* `ca` : {String|Array} - Either a string or array of strings of PEM encoded CA
certificates to trust.
-* `crl` : Either a string or array of strings of PEM encoded CRLs
+* `crl` : {String|Array} - Either a string or array of strings of PEM encoded CRLs
(Certificate Revocation List)
-* `ciphers`: A string using the [OpenSSL cipher list format][] describing the
+* `ciphers`: {String} using the [OpenSSL cipher list format][] describing the
cipher algorithms to use or exclude.
If no 'ca' details are given, Node.js will use Mozilla's default
In line with OpenSSL's recommendation to use pbkdf2 instead of
[`EVP_BytesToKey`][] it is recommended that developers derive a key and IV on
-their own using [`crypto.pbkdf2`][] and to use [`crypto.createDecipheriv()`][]
+their own using [`crypto.pbkdf2()`][] and to use [`crypto.createDecipheriv()`][]
to create the `Decipher` object.
### crypto.createDecipheriv(algorithm, key, iv)
Creates and returns a `Decipher` object that uses the given `algorithm`, `key`
and initialization vector (`iv`).
-The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
+The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list-cipher-algorithms` will display the
available cipher algorithms.
The `key` is the raw key used by the `algorithm` and `iv` is an
[initialization vector][]. Both arguments must be `'binary'` encoded strings or
-[buffers][].
+[buffers][`Buffer`].
-## crypto.createDiffieHellman(prime[, prime_encoding][, generator][, generator_encoding])
+### crypto.createDiffieHellman(prime[, prime_encoding][, generator][, generator_encoding])
Creates a `DiffieHellman` key exchange object using the supplied `prime` and an
optional specific `generator`.
Example: generating the sha256 sum of a file
- const filename = process.argv[2];
- const crypto = require('crypto');
- const fs = require('fs');
+```js
+const filename = process.argv[2];
+const crypto = require('crypto');
+const fs = require('fs');
- const hash = crypto.createHash('sha256');
+const hash = crypto.createHash('sha256');
- const input = fs.createReadStream(filename);
- input.on('readable', () => {
- var data = input.read();
- if (data)
- hash.update(data);
- else {
- console.log(`${hash.digest('hex')} ${filename}`);
- }
- });
+const input = fs.createReadStream(filename);
+input.on('readable', () => {
+ var data = input.read();
+ if (data)
+ hash.update(data);
+ else {
+ console.log(`${hash.digest('hex')} ${filename}`);
+ }
+});
+```
### crypto.createHmac(algorithm, key)
Example: generating the sha256 HMAC of a file
- const filename = process.argv[2];
- const crypto = require('crypto');
- const fs = require('fs');
+```js
+const filename = process.argv[2];
+const crypto = require('crypto');
+const fs = require('fs');
- const hmac = crypto.createHmac('sha256', 'a secret');
+const hmac = crypto.createHmac('sha256', 'a secret');
- const input = fs.createReadStream(filename);
- input.on('readable', () => {
- var data = input.read();
- if (data)
- hmac.update(data);
- else {
- console.log(`${hmac.digest('hex')} ${filename}`);
- }
- });
+const input = fs.createReadStream(filename);
+input.on('readable', () => {
+ var data = input.read();
+ if (data)
+ hmac.update(data);
+ else {
+ console.log(`${hmac.digest('hex')} ${filename}`);
+ }
+});
+```
### crypto.createSign(algorithm)
Example:
- const ciphers = crypto.getCiphers();
- console.log(ciphers); // ['aes-128-cbc', 'aes-128-ccm', ...]
+```js
+const ciphers = crypto.getCiphers();
+console.log(ciphers); // ['aes-128-cbc', 'aes-128-ccm', ...]
+```
### crypto.getCurves()
Example:
- const curves = crypto.getCurves();
- console.log(curves); // ['secp256k1', 'secp384r1', ...]
+```js
+const curves = crypto.getCurves();
+console.log(curves); // ['secp256k1', 'secp384r1', ...]
+```
### crypto.getDiffieHellman(group_name)
-Creates a predefined `DiffieHellman` key exchange object. The
+Creates a predefined `DiffieHellman` key exchange object. The
supported groups are: `'modp1'`, `'modp2'`, `'modp5'` (defined in
[RFC 2412][], but see [Caveats][]) and `'modp14'`, `'modp15'`,
`'modp16'`, `'modp17'`, `'modp18'` (defined in [RFC 3526][]). The
Example (obtaining a shared secret):
- const crypto = require('crypto');
- const alice = crypto.getDiffieHellman('modp14');
- const bob = crypto.getDiffieHellman('modp14');
+```js
+const crypto = require('crypto');
+const alice = crypto.getDiffieHellman('modp14');
+const bob = crypto.getDiffieHellman('modp14');
- alice.generateKeys();
- bob.generateKeys();
+alice.generateKeys();
+bob.generateKeys();
- const alice_secret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
- const bob_secret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
+const alice_secret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
+const bob_secret = bob.computeSecret(alice.getPublicKey(), null, 'hex');
- /* alice_secret and bob_secret should be the same */
- console.log(alice_secret == bob_secret);
+/* alice_secret and bob_secret should be the same */
+console.log(alice_secret == bob_secret);
+```
### crypto.getHashes()
Example:
- const hashes = crypto.getHashes();
- console.log(hashes); // ['sha', 'sha1', 'sha1WithRSAEncryption', ...]
+```js
+const hashes = crypto.getHashes();
+console.log(hashes); // ['sha', 'sha1', 'sha1WithRSAEncryption', ...]
+```
### crypto.pbkdf2(password, salt, iterations, keylen[, digest], callback)
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
-implementation. A selected HMAC digest algorithm specified by `digest` is
+implementation. A selected HMAC digest algorithm specified by `digest` is
applied to derive a key of the requested byte length (`keylen`) from the
`password`, `salt` and `iterations`. If the `digest` algorithm is not specified,
a default of `'sha1'` is used.
Example:
- const crypto = require('crypto');
- crypto.pbkdf2('secret', 'salt', 100000, 512, 'sha512', (err, key) => {
- if (err) throw err;
- console.log(key.toString('hex')); // 'c5e478d...1469e50'
- });
+```js
+const crypto = require('crypto');
+crypto.pbkdf2('secret', 'salt', 100000, 512, 'sha512', (err, key) => {
+ if (err) throw err;
+ console.log(key.toString('hex')); // 'c5e478d...1469e50'
+});
+```
An array of supported digest functions can be retrieved using
[`crypto.getHashes()`][].
### crypto.pbkdf2Sync(password, salt, iterations, keylen[, digest])
Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
-implementation. A selected HMAC digest algorithm specified by `digest` is
+implementation. A selected HMAC digest algorithm specified by `digest` is
applied to derive a key of the requested byte length (`keylen`) from the
`password`, `salt` and `iterations`. If the `digest` algorithm is not specified,
a default of `'sha1'` is used.
Example:
- const crypto = require('crypto');
- const key = crypto.pbkdf2sync('secret', 'salt', 100000, 512, 'sha512');
- console.log(key.toString('hex')); // 'c5e478d...1469e50'
+```js
+const crypto = require('crypto');
+const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 512, 'sha512');
+console.log(key.toString('hex')); // 'c5e478d...1469e50'
+```
An array of supported digest functions can be retrieved using
[`crypto.getHashes()`][].
If `private_key` is an object, it is interpreted as a hash object with the
keys:
-* `key` : A string holding the PEM encoded private key
-* `passphrase` : An optional string of passphrase for the private key
+* `key` : {String} - PEM encoded private key
+* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
* `constants.RSA_NO_PADDING`
* `constants.RSA_PKCS1_PADDING`
If `private_key` is an object, it is interpreted as a hash object with the
keys:
-* `key` : A string holding the PEM encoded private key
-* `passphrase` : An optional string of passphrase for the private key
+* `key` : {String} - PEM encoded private key
+* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
* `constants.RSA_NO_PADDING`
* `constants.RSA_PKCS1_PADDING`
If `public_key` is an object, it is interpreted as a hash object with the
keys:
-* `key` : A string holding the PEM encoded public key
-* `passphrase` : An optional string of passphrase for the private key
+* `key` : {String} - PEM encoded public key
+* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
* `constants.RSA_NO_PADDING`
* `constants.RSA_PKCS1_PADDING`
If `public_key` is an object, it is interpreted as a hash object with the
keys:
-* `key` : A string holding the PEM encoded public key
-* `passphrase` : An optional string of passphrase for the private key
+* `key` : {String} - PEM encoded public key
+* `passphrase` : {String} - Optional passphrase for the private key
* `padding` : An optional padding value, one of the following:
* `constants.RSA_NO_PADDING`
* `constants.RSA_PKCS1_PADDING`
If an error occurs, `err` will be an Error object; otherwise it is null. The
`buf` argument is a [`Buffer`][] containing the generated bytes.
- // Asynchronous
- const crypto = require('crypto');
- crypto.randomBytes(256, (err, buf) => {
- if (err) throw err;
- console.log(
- `${buf.length}` bytes of random data: ${buf.toString('hex')});
- });
+```js
+// Asynchronous
+const crypto = require('crypto');
+crypto.randomBytes(256, (err, buf) => {
+ if (err) throw err;
+ console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
+});
+```
If the `callback` function is not provided, the random bytes are generated
synchronously and returned as a [`Buffer`][]. An error will be thrown if
there is a problem generating the bytes.
- // Synchronous
- const buf = crypto.randomBytes(256);
- console.log(
- `${buf.length}` bytes of random data: ${buf.toString('hex')});
+```js
+// Synchronous
+const buf = crypto.randomBytes(256);
+console.log(
+ `${buf.length} bytes of random data: ${buf.toString('hex')}`);
+```
The `crypto.randomBytes()` method will block until there is sufficient entropy.
This should normally never take longer than a few milliseconds. The only time
The Crypto module was added to Node.js before there was the concept of a
unified Stream API, and before there were [`Buffer`][] objects for handling
binary data. As such, the many of the `crypto` defined classes have methods not
-typically found on other Node.js classes that implement the [streams][]
-API (e.g. `update()`, `final()`, or `digest()`). Also, many methods accepted
-and returned `'binary'` encoded strings by default rather than Buffers. This
+typically found on other Node.js classes that implement the [streams][stream]
+API (e.g. `update()`, `final()`, or `digest()`). Also, many methods accepted
+and returned `'binary'` encoded strings by default rather than Buffers. This
default was changed after Node.js v0.8 to use [`Buffer`][] objects by default
instead.
### Recent ECDH Changes
Usage of `ECDH` with non-dynamically generated key pairs has been simplified.
-Now, `ecdh.setPrivateKey()` can be called with a preselected private key and the
-associated public point (key) will be computed and stored in the object.
+Now, [`ecdh.setPrivateKey()`][] can be called with a preselected private key
+and the associated public point (key) will be computed and stored in the object.
This allows code to only store and provide the private part of the EC key pair.
-`ecdh.setPrivateKey()` now also validates that the private key is valid for the
-selected curve.
+[`ecdh.setPrivateKey()`][] now also validates that the private key is valid for
+the selected curve.
-The `ecdh.setPublicKey()` method is now deprecated as its inclusion in the API
-is not useful. Either a previously stored private key should be set, which
-automatically generates the associated public key, or `ecdh.generateKeys()`
-should be called. The main drawback of using `ecdh.setPublicKey()` is that it
-can be used to put the ECDH key pair into an inconsistent state.
+The [`ecdh.setPublicKey()`][] method is now deprecated as its inclusion in the
+API is not useful. Either a previously stored private key should be set, which
+automatically generates the associated public key, or [`ecdh.generateKeys()`][]
+should be called. The main drawback of using [`ecdh.setPublicKey()`][] is that
+it can be used to put the ECDH key pair into an inconsistent state.
### Support for weak or compromised algorithms
See the reference for other recommendations and details.
-[HTML5's `keygen` element]: http://www.w3.org/TR/html5/forms.html#the-keygen-element
-[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/apps/spkac.html
-[`createCipher()`]: #crypto_crypto_createcipher_algorithm_password
-[`createCipheriv()`]: #crypto_crypto_createcipheriv_algorithm_key_iv
-[`createHash()`]: #crypto_crypto_createhash_algorithm
-[`crypto.createDecipher`]: #crypto_crypto_createdecipher_algorithm_password
-[`crypto.createDecipheriv`]: #crypto_crypto_createdecipheriv_algorithm_key_iv
+[`Buffer`]: buffer.html
+[`cipher.final()`]: #crypto_cipher_final_output_encoding
+[`cipher.update()`]: #crypto_cipher_update_data_input_encoding_output_encoding
+[`crypto.createCipher()`]: #crypto_crypto_createcipher_algorithm_password
+[`crypto.createCipheriv()`]: #crypto_crypto_createcipheriv_algorithm_key_iv
+[`crypto.createDecipher()`]: #crypto_crypto_createdecipher_algorithm_password
+[`crypto.createDecipheriv()`]: #crypto_crypto_createdecipheriv_algorithm_key_iv
[`crypto.createDiffieHellman()`]: #crypto_crypto_creatediffiehellman_prime_prime_encoding_generator_generator_encoding
+[`crypto.createECDH()`]: #crypto_crypto_createecdh_curve_name
+[`crypto.createHash()`]: #crypto_crypto_createhash_algorithm
+[`crypto.createHmac()`]: #crypto_crypto_createhmac_algorithm_key
+[`crypto.createSign()`]: #crypto_crypto_createsign_algorithm
+[`crypto.getCurves()`]: #crypto_crypto_getcurves
[`crypto.getHashes()`]: #crypto_crypto_gethashes
-[`crypto.pbkdf2`]: #crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback
-[`decipher.update`]: #crypto_decipher_update_data_input_encoding_output_encoding
+[`crypto.pbkdf2()`]: #crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback
+[`decipher.final()`]: #crypto_decipher_final_output_encoding
+[`decipher.update()`]: #crypto_decipher_update_data_input_encoding_output_encoding
[`diffieHellman.setPublicKey()`]: #crypto_diffiehellman_setpublickey_public_key_encoding
+[`ecdh.generateKeys()`]: #crypto_ecdh_generatekeys_encoding_format
+[`ecdh.setPrivateKey()`]: #crypto_ecdh_setprivatekey_private_key_encoding
+[`ecdh.setPublicKey()`]: #crypto_ecdh_setpublickey_public_key_encoding
[`EVP_BytesToKey`]: https://www.openssl.org/docs/crypto/EVP_BytesToKey.html
-[`getCurves()`]: #crypto_crypto_getcurves
-[`tls.createSecureContext`]: tls.html#tls_tls_createsecurecontext_details
-[`Buffer`]: buffer.html
-[buffers]: buffer.html
+[`hash.digest()`]: #crypto_hash_digest_encoding
+[`hash.update()`]: #crypto_hash_update_data_input_encoding
+[`hmac.digest()`]: #crypto_hmac_digest_encoding
+[`hmac.update()`]: #crypto_hmac_update_data
+[`sign.sign()`]: #crypto_sign_sign_private_key_output_format
+[`sign.update()`]: #crypto_sign_update_data
+[`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_details
+[`verify.update()`]: #crypto_verifier_update_data
+[`verify.verify()`]: #crypto_verifier_verify_object_signature_signature_format
[Caveats]: #crypto_support_for_weak_or_compromised_algorithms
+[HTML5's `keygen` element]: http://www.w3.org/TR/html5/forms.html#the-keygen-element
[initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector
[NIST SP 800-131A]: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf
[NIST SP 800-132]: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
+[OpenSSL cipher list format]: https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
+[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/apps/spkac.html
+[publicly trusted list of CAs]: https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt
[RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt
[RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt
[stream]: stream.html
-[streams]: stream.html
-[OpenSSL cipher list format]: https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
-[publicly trusted list of CAs]: https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt
+[stream-writable-write]: stream.html#stream_writable_write_chunk_encoding_callback