> [!WARNING] Deno compatibility > The methods are non-functional stubs. SPKAC is a Certificate Signing Request mechanism originally implemented by Netscape and was specified formally as part of HTML5's `keygen` element. `` is deprecated since [HTML 5.2](https://www.w3.org/TR/html52/changes.html#features-removed) and new projects should not use this element anymore. The `node:crypto` module provides the `Certificate` class for working with SPKAC data. The most common usage is handling output generated by the HTML5 `` element. Node.js uses [OpenSSL's SPKAC implementation](https://www.openssl.org/docs/man3.0/man1/openssl-spkac.html) internally.

Instances of the `Cipher` class are used to encrypt data. The class can be used in one of two ways: * As a `stream` that is both readable and writable, where plain unencrypted data is written to produce encrypted data on the readable side, or * Using the `cipher.update()` and `cipher.final()` methods to produce the encrypted data. The [createCipheriv](.././node__crypto.d.ts/~/createCipheriv) method is used to create `Cipher` instances. `Cipher` objects are not to be created directly using the `new` keyword. Example: Using `Cipher` objects as streams: ```js const { scrypt, randomFill, createCipheriv, } = await import('node:crypto'); const algorithm = 'aes-192-cbc'; const password = 'Password used to generate key'; // First, we'll generate the key. The key length is dependent on the algorithm. // In this case for aes192, it is 24 bytes (192 bits). scrypt(password, 'salt', 24, (err, key) => { if (err) throw err; // Then, we'll generate a random initialization vector randomFill(new Uint8Array(16), (err, iv) => { if (err) throw err; // Once we have the key and iv, we can create and use the cipher... const cipher = createCipheriv(algorithm, key, iv); let encrypted = ''; cipher.setEncoding('hex'); cipher.on('data', (chunk) => encrypted += chunk); cipher.on('end', () => console.log(encrypted)); cipher.write('some clear text data'); cipher.end(); }); }); ``` Example: Using `Cipher` and piped streams: ```js import { createReadStream, createWriteStream, } from 'node:fs'; import { pipeline, } from 'node:stream'; const { scrypt, randomFill, createCipheriv, } = await import('node:crypto'); const algorithm = 'aes-192-cbc'; const password = 'Password used to generate key'; // First, we'll generate the key. The key length is dependent on the algorithm. // In this case for aes192, it is 24 bytes (192 bits). scrypt(password, 'salt', 24, (err, key) => { if (err) throw err; // Then, we'll generate a random initialization vector randomFill(new Uint8Array(16), (err, iv) => { if (err) throw err; const cipher = createCipheriv(algorithm, key, iv); const input = createReadStream('test.js'); const output = createWriteStream('test.enc'); pipeline(input, cipher, output, (err) => { if (err) throw err; }); }); }); ``` Example: Using the `cipher.update()` and `cipher.final()` methods: ```js const { scrypt, randomFill, createCipheriv, } = await import('node:crypto'); const algorithm = 'aes-192-cbc'; const password = 'Password used to generate key'; // First, we'll generate the key. The key length is dependent on the algorithm. // In this case for aes192, it is 24 bytes (192 bits). scrypt(password, 'salt', 24, (err, key) => { if (err) throw err; // Then, we'll generate a random initialization vector randomFill(new Uint8Array(16), (err, iv) => { if (err) throw err; const cipher = createCipheriv(algorithm, key, iv); let encrypted = cipher.update('some clear text data', 'utf8', 'hex'); encrypted += cipher.final('hex'); console.log(encrypted); }); }); ```

Instances of the `Decipher` class are used to decrypt data. The class can be used in one of two ways: * As a `stream` that is both readable and writable, where plain encrypted data is written to produce unencrypted data on the readable side, or * Using the `decipher.update()` and `decipher.final()` methods to produce the unencrypted data. The [createDecipheriv](.././node__crypto.d.ts/~/createDecipheriv) method is used to create `Decipher` instances. `Decipher` objects are not to be created directly using the `new` keyword. Example: Using `Decipher` objects as streams: ```js import { Buffer } from 'node:buffer'; const { scryptSync, createDecipheriv, } = await import('node:crypto'); const algorithm = 'aes-192-cbc'; const password = 'Password used to generate key'; // Key length is dependent on the algorithm. In this case for aes192, it is // 24 bytes (192 bits). // Use the async `crypto.scrypt()` instead. const key = scryptSync(password, 'salt', 24); // The IV is usually passed along with the ciphertext. const iv = Buffer.alloc(16, 0); // Initialization vector. const decipher = createDecipheriv(algorithm, key, iv); let decrypted = ''; decipher.on('readable', () => { let chunk; while (null !== (chunk = decipher.read())) { decrypted += chunk.toString('utf8'); } }); decipher.on('end', () => { console.log(decrypted); // Prints: some clear text data }); // Encrypted with same algorithm, key and iv. const encrypted = 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa'; decipher.write(encrypted, 'hex'); decipher.end(); ``` Example: Using `Decipher` and piped streams: ```js import { createReadStream, createWriteStream, } from 'node:fs'; import { Buffer } from 'node:buffer'; const { scryptSync, createDecipheriv, } = await import('node:crypto'); const algorithm = 'aes-192-cbc'; const password = 'Password used to generate key'; // Use the async `crypto.scrypt()` instead. const key = scryptSync(password, 'salt', 24); // The IV is usually passed along with the ciphertext. const iv = Buffer.alloc(16, 0); // Initialization vector. const decipher = createDecipheriv(algorithm, key, iv); const input = createReadStream('test.enc'); const output = createWriteStream('test.js'); input.pipe(decipher).pipe(output); ``` Example: Using the `decipher.update()` and `decipher.final()` methods: ```js import { Buffer } from 'node:buffer'; const { scryptSync, createDecipheriv, } = await import('node:crypto'); const algorithm = 'aes-192-cbc'; const password = 'Password used to generate key'; // Use the async `crypto.scrypt()` instead. const key = scryptSync(password, 'salt', 24); // The IV is usually passed along with the ciphertext. const iv = Buffer.alloc(16, 0); // Initialization vector. const decipher = createDecipheriv(algorithm, key, iv); // Encrypted using same algorithm, key and iv. const encrypted = 'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa'; let decrypted = decipher.update(encrypted, 'hex', 'utf8'); decrypted += decipher.final('utf8'); console.log(decrypted); // Prints: some clear text data ```

The `DiffieHellman` class is a utility for creating Diffie-Hellman key exchanges. Instances of the `DiffieHellman` class can be created using the [createDiffieHellman](.././node__crypto.d.ts/~/createDiffieHellman) function. ```js import assert from 'node:assert'; const { createDiffieHellman, } = await import('node:crypto'); // Generate Alice's keys... const alice = createDiffieHellman(2048); const aliceKey = alice.generateKeys(); // Generate Bob's keys... const bob = createDiffieHellman(alice.getPrime(), alice.getGenerator()); const bobKey = bob.generateKeys(); // Exchange and generate the secret... const aliceSecret = alice.computeSecret(bobKey); const bobSecret = bob.computeSecret(aliceKey); // OK assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex')); ```

> [!WARNING] Deno compatibility > The `convertKey` method is a non-functional sub. The `ECDH` class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) key exchanges. Instances of the `ECDH` class can be created using the [createECDH](.././node__crypto.d.ts/~/createECDH) function. ```js import assert from 'node:assert'; const { createECDH, } = await import('node:crypto'); // Generate Alice's keys... const alice = createECDH('secp521r1'); const aliceKey = alice.generateKeys(); // Generate Bob's keys... const bob = createECDH('secp521r1'); const bobKey = bob.generateKeys(); // Exchange and generate the secret... const aliceSecret = alice.computeSecret(bobKey); const bobSecret = bob.computeSecret(aliceKey); assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex')); // OK ```

The `Hash` class is a utility for creating hash digests of data. It can be used in one of two ways: * As a `stream` that is both readable and writable, where data is written to produce a computed hash digest on the readable side, or * Using the `hash.update()` and `hash.digest()` methods to produce the computed hash. The [createHash](.././node__crypto.d.ts/~/createHash) method is used to create `Hash` instances. `Hash`objects are not to be created directly using the `new` keyword. Example: Using `Hash` objects as streams: ```js const { createHash, } = await import('node:crypto'); const hash = createHash('sha256'); hash.on('readable', () => { // Only one element is going to be produced by the // hash stream. const data = hash.read(); if (data) { console.log(data.toString('hex')); // Prints: // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50 } }); hash.write('some data to hash'); hash.end(); ``` Example: Using `Hash` and piped streams: ```js import { createReadStream } from 'node:fs'; import { stdout } from 'node:process'; const { createHash } = await import('node:crypto'); const hash = createHash('sha256'); const input = createReadStream('test.js'); input.pipe(hash).setEncoding('hex').pipe(stdout); ``` Example: Using the `hash.update()` and `hash.digest()` methods: ```js const { createHash, } = await import('node:crypto'); const hash = createHash('sha256'); hash.update('some data to hash'); console.log(hash.digest('hex')); // Prints: // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50 ```

> [!WARNING] Deno compatibility > The following are non-functional stubs: > - from > - symmetricKeySize > - equals > - export > Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key, and each kind of key exposes different functions. The [createSecretKey](.././node__crypto.d.ts/~/createSecretKey), [createPublicKey](.././node__crypto.d.ts/~/createPublicKey) and [createPrivateKey](.././node__crypto.d.ts/~/createPrivateKey) methods are used to create `KeyObject`instances. `KeyObject` objects are not to be created directly using the `new`keyword. Most applications should consider using the new `KeyObject` API instead of passing keys as strings or `Buffer`s due to improved security features. `KeyObject` instances can be passed to other threads via `postMessage()`. The receiver obtains a cloned `KeyObject`, and the `KeyObject` does not need to be listed in the `transferList` argument.

> [!WARNING] Deno compatibility > The `sign` and `verify` methods are not supported with non BinaryLike input. The `Sign` class is a utility for generating signatures. It can be used in one of two ways: * As a writable `stream`, where data to be signed is written and the `sign.sign()` method is used to generate and return the signature, or * Using the `sign.update()` and `sign.sign()` methods to produce the signature. The [createSign](.././node__crypto.d.ts/~/createSign) method is used to create `Sign` instances. The argument is the string name of the hash function to use. `Sign` objects are not to be created directly using the `new` keyword. Example: Using `Sign` and `Verify` objects as streams: ```js const { generateKeyPairSync, createSign, createVerify, } = await import('node:crypto'); const { privateKey, publicKey } = generateKeyPairSync('ec', { namedCurve: 'sect239k1', }); const sign = createSign('SHA256'); sign.write('some data to sign'); sign.end(); const signature = sign.sign(privateKey, 'hex'); const verify = createVerify('SHA256'); verify.write('some data to sign'); verify.end(); console.log(verify.verify(publicKey, signature, 'hex')); // Prints: true ``` Example: Using the `sign.update()` and `verify.update()` methods: ```js const { generateKeyPairSync, createSign, createVerify, } = await import('node:crypto'); const { privateKey, publicKey } = generateKeyPairSync('rsa', { modulusLength: 2048, }); const sign = createSign('SHA256'); sign.update('some data to sign'); sign.end(); const signature = sign.sign(privateKey); const verify = createVerify('SHA256'); verify.update('some data to sign'); verify.end(); console.log(verify.verify(publicKey, signature)); // Prints: true ```

The `Verify` class is a utility for verifying signatures. It can be used in one of two ways: * As a writable `stream` where written data is used to validate against the supplied signature, or * Using the `verify.update()` and `verify.verify()` methods to verify the signature. The [createVerify](.././node__crypto.d.ts/~/createVerify) method is used to create `Verify` instances. `Verify` objects are not to be created directly using the `new` keyword. See `Sign` for examples.

Encapsulates an X509 certificate and provides read-only access to its information. ```js const { X509Certificate } = await import('node:crypto'); const x509 = new X509Certificate('{... pem encoded cert ...}'); console.log(x509.subject); ```

The `Hmac` class is a utility for creating cryptographic HMAC digests. It can be used in one of two ways: * As a `stream` that is both readable and writable, where data is written to produce a computed HMAC digest on the readable side, or * Using the `hmac.update()` and `hmac.digest()` methods to produce the computed HMAC digest. The [createHmac](.././node__crypto.d.ts/~/createHmac) method is used to create `Hmac` instances. `Hmac`objects are not to be created directly using the `new` keyword. Example: Using `Hmac` objects as streams: ```js const { createHmac, } = await import('node:crypto'); const hmac = createHmac('sha256', 'a secret'); hmac.on('readable', () => { // Only one element is going to be produced by the // hash stream. const data = hmac.read(); if (data) { console.log(data.toString('hex')); // Prints: // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e } }); hmac.write('some data to hash'); hmac.end(); ``` Example: Using `Hmac` and piped streams: ```js import { createReadStream } from 'node:fs'; import { stdout } from 'node:process'; const { createHmac, } = await import('node:crypto'); const hmac = createHmac('sha256', 'a secret'); const input = createReadStream('test.js'); input.pipe(hmac).pipe(stdout); ``` Example: Using the `hmac.update()` and `hmac.digest()` methods: ```js const { createHmac, } = await import('node:crypto'); const hmac = createHmac('sha256', 'a secret'); hmac.update('some data to hash'); console.log(hmac.digest('hex')); // Prints: // 7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e ```

Checks the primality of the `candidate`.

Checks the primality of the `candidate`.

Creates and returns a `Cipher` object, with the given `algorithm`, `key` and initialization vector (`iv`). The `options` argument controls stream behavior and is optional except when a cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication tag that will be returned by `getAuthTag()` and defaults to 16 bytes. For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will display the available cipher algorithms. The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be a `KeyObject` of type `secret`. If the cipher does not need an initialization vector, `iv` may be `null`. When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`. Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; remember that an attacker must not be able to predict ahead of time what a given IV will be.

Creates and returns a `Decipher` object that uses the given `algorithm`, `key` and initialization vector (`iv`). The `options` argument controls stream behavior and is optional except when a cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength` option is not required but can be used to restrict accepted authentication tags to those with the specified length. For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will display the available cipher algorithms. The `key` is the raw key used by the `algorithm` and `iv` is an [initialization vector](https://en.wikipedia.org/wiki/Initialization_vector). Both arguments must be `'utf8'` encoded strings,`Buffers`, `TypedArray`, or `DataView`s. The `key` may optionally be a `KeyObject` of type `secret`. If the cipher does not need an initialization vector, `iv` may be `null`. When passing strings for `key` or `iv`, please consider `caveats when using strings as inputs to cryptographic APIs`. Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; remember that an attacker must not be able to predict ahead of time what a given IV will be.

Creates a `DiffieHellman` key exchange object using the supplied `prime` and an optional specific `generator`. The `generator` argument can be a number, string, or `Buffer`. If `generator` is not specified, the value `2` is used. If `primeEncoding` is specified, `prime` is expected to be a string; otherwise a `Buffer`, `TypedArray`, or `DataView` is expected. If `generatorEncoding` is specified, `generator` is expected to be a string; otherwise a number, `Buffer`, `TypedArray`, or `DataView` is expected.

An alias for [getDiffieHellman](.././node__crypto.d.ts/~/getDiffieHellman)

Creates an Elliptic Curve Diffie-Hellman (`ECDH`) key exchange object using a predefined curve specified by the `curveName` string. Use [getCurves](.././node__crypto.d.ts/~/getCurves) to obtain a list of available curve names. On recent OpenSSL releases, `openssl ecparam -list_curves` will also display the name and description of each available elliptic curve.

Creates and returns a `Hash` object that can be used to generate hash digests using the given `algorithm`. Optional `options` argument controls stream behavior. For XOF hash functions such as `'shake256'`, the `outputLength` option can be used to specify the desired output length in bytes. The `algorithm` is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc. On recent releases of OpenSSL, `openssl list -digest-algorithms` will display the available digest algorithms. Example: generating the sha256 sum of a file ```js import { createReadStream, } from 'node:fs'; import { argv } from 'node:process'; const { createHash, } = await import('node:crypto'); const filename = argv[2]; const hash = createHash('sha256'); const input = createReadStream(filename); input.on('readable', () => { // Only one element is going to be produced by the // hash stream. const data = input.read(); if (data) hash.update(data); else { console.log(`${hash.digest('hex')} ${filename}`); } }); ```

Creates and returns an `Hmac` object that uses the given `algorithm` and `key`. Optional `options` argument controls stream behavior. The `algorithm` is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc. On recent releases of OpenSSL, `openssl list -digest-algorithms` will display the available digest algorithms. The `key` is the HMAC key used to generate the cryptographic HMAC hash. If it is a `KeyObject`, its type must be `secret`. If it is a string, please consider `caveats when using strings as inputs to cryptographic APIs`. If it was obtained from a cryptographically secure source of entropy, such as [randomBytes](.././node__crypto.d.ts/~/randomBytes) or [generateKey](.././node__crypto.d.ts/~/generateKey), its length should not exceed the block size of `algorithm` (e.g., 512 bits for SHA-256). Example: generating the sha256 HMAC of a file ```js import { createReadStream, } from 'node:fs'; import { argv } from 'node:process'; const { createHmac, } = await import('node:crypto'); const filename = argv[2]; const hmac = createHmac('sha256', 'a secret'); const input = createReadStream(filename); input.on('readable', () => { // Only one element is going to be produced by the // hash stream. const data = input.read(); if (data) hmac.update(data); else { console.log(`${hmac.digest('hex')} ${filename}`); } }); ```

Creates and returns a new key object containing a private key. If `key` is a string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key` must be an object with the properties described above. If the private key is encrypted, a `passphrase` must be specified. The length of the passphrase is limited to 1024 bytes.

Creates and returns a new key object containing a public key. If `key` is a string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject` with type `'private'`, the public key is derived from the given private key; otherwise, `key` must be an object with the properties described above. If the format is `'pem'`, the `'key'` may also be an X.509 certificate. Because public keys can be derived from private keys, a private key may be passed instead of a public key. In that case, this function behaves as if [createPrivateKey](.././node__crypto.d.ts/~/createPrivateKey) had been called, except that the type of the returned `KeyObject` will be `'public'` and that the private key cannot be extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type `'private'` is given, a new `KeyObject` with type `'public'` will be returned and it will be impossible to extract the private key from the returned object.

Creates and returns a new key object containing a secret key for symmetric encryption or `Hmac`.

Creates and returns a `Sign` object that uses the given `algorithm`. Use [getHashes](.././node__crypto.d.ts/~/getHashes) to obtain the names of the available digest algorithms. Optional `options` argument controls the `stream.Writable` behavior. In some cases, a `Sign` instance can be created using the name of a signature algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use the corresponding digest algorithm. This does not work for all signature algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest algorithm names.

Creates and returns a `Verify` object that uses the given algorithm. Use [getHashes](.././node__crypto.d.ts/~/getHashes) to obtain an array of names of the available signing algorithms. Optional `options` argument controls the `stream.Writable` behavior. In some cases, a `Verify` instance can be created using the name of a signature algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use the corresponding digest algorithm. This does not work for all signature algorithms, such as `'ecdsa-with-SHA256'`, so it is best to always use digest algorithm names.

Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`. Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'` (for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).

Asynchronously generates a new random secret key of the given `length`. The `type` will determine which validations will be performed on the `length`. ```js const { generateKey, } = await import('node:crypto'); generateKey('hmac', { length: 512 }, (err, key) => { if (err) throw err; console.log(key.export().toString('hex')); // 46e..........620 }); ``` The size of a generated HMAC key should not exceed the block size of the underlying hash function. See [createHmac](.././node__crypto.d.ts/~/createHmac) for more information.

> [!WARNING] Deno compatibility > The `x448` option is not supported. Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC, Ed25519, Ed448, X25519, X448, and DH are currently supported. If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function behaves as if `keyObject.export()` had been called on its result. Otherwise, the respective part of the key is returned as a `KeyObject`. It is recommended to encode public keys as `'spki'` and private keys as `'pkcs8'` with encryption for long-term storage: ```js const { generateKeyPair, } = await import('node:crypto'); generateKeyPair('rsa', { modulusLength: 4096, publicKeyEncoding: { type: 'spki', format: 'pem', }, privateKeyEncoding: { type: 'pkcs8', format: 'pem', cipher: 'aes-256-cbc', passphrase: 'top secret', }, }, (err, publicKey, privateKey) => { // Handle errors and use the generated key pair. }); ``` On completion, `callback` will be called with `err` set to `undefined` and `publicKey` / `privateKey` representing the generated key pair. If this method is invoked as its `util.promisify()` ed version, it returns a `Promise` for an `Object` with `publicKey` and `privateKey` properties.

Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC, Ed25519, Ed448, X25519, X448, and DH are currently supported. If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function behaves as if `keyObject.export()` had been called on its result. Otherwise, the respective part of the key is returned as a `KeyObject`. When encoding public keys, it is recommended to use `'spki'`. When encoding private keys, it is recommended to use `'pkcs8'` with a strong passphrase, and to keep the passphrase confidential. ```js const { generateKeyPairSync, } = await import('node:crypto'); const { publicKey, privateKey, } = generateKeyPairSync('rsa', { modulusLength: 4096, publicKeyEncoding: { type: 'spki', format: 'pem', }, privateKeyEncoding: { type: 'pkcs8', format: 'pem', cipher: 'aes-256-cbc', passphrase: 'top secret', }, }); ``` The return value `{ publicKey, privateKey }` represents the generated key pair. When PEM encoding was selected, the respective key will be a string, otherwise it will be a buffer containing the data encoded as DER.

Synchronously generates a new random secret key of the given `length`. The `type` will determine which validations will be performed on the `length`. ```js const { generateKeySync, } = await import('node:crypto'); const key = generateKeySync('hmac', { length: 512 }); console.log(key.export().toString('hex')); // e89..........41e ``` The size of a generated HMAC key should not exceed the block size of the underlying hash function. See [createHmac](.././node__crypto.d.ts/~/createHmac) for more information.

> [!WARNING] Deno compatibility > The `safe`, `add` and `rem` option is not supported. Generates a pseudorandom prime of `size` bits. If `options.safe` is `true`, the prime will be a safe prime -- that is, `(prime - 1) / 2` will also be a prime. The `options.add` and `options.rem` parameters can be used to enforce additional requirements, e.g., for Diffie-Hellman: * If `options.add` and `options.rem` are both set, the prime will satisfy the condition that `prime % add = rem`. * If only `options.add` is set and `options.safe` is not `true`, the prime will satisfy the condition that `prime % add = 1`. * If only `options.add` is set and `options.safe` is set to `true`, the prime will instead satisfy the condition that `prime % add = 3`. This is necessary because `prime % add = 1` for `options.add > 2` would contradict the condition enforced by `options.safe`. * `options.rem` is ignored if `options.add` is not given. Both `options.add` and `options.rem` must be encoded as big-endian sequences if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or `DataView`. By default, the prime is encoded as a big-endian sequence of octets in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.

Generates a pseudorandom prime of `size` bits. If `options.safe` is `true`, the prime will be a safe prime -- that is, `(prime - 1) / 2` will also be a prime. The `options.add` and `options.rem` parameters can be used to enforce additional requirements, e.g., for Diffie-Hellman: * If `options.add` and `options.rem` are both set, the prime will satisfy the condition that `prime % add = rem`. * If only `options.add` is set and `options.safe` is not `true`, the prime will satisfy the condition that `prime % add = 1`. * If only `options.add` is set and `options.safe` is set to `true`, the prime will instead satisfy the condition that `prime % add = 3`. This is necessary because `prime % add = 1` for `options.add > 2` would contradict the condition enforced by `options.safe`. * `options.rem` is ignored if `options.add` is not given. Both `options.add` and `options.rem` must be encoded as big-endian sequences if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or `DataView`. By default, the prime is encoded as a big-endian sequence of octets in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a [bigint](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt) is provided.

Returns information about a given cipher. Some ciphers accept variable length keys and initialization vectors. By default, the `crypto.getCipherInfo()` method will return the default values for these ciphers. To test if a given key length or iv length is acceptable for given cipher, use the `keyLength` and `ivLength` options. If the given values are unacceptable, `undefined` will be returned.

```js const { getCiphers, } = await import('node:crypto'); console.log(getCiphers()); // ['aes-128-cbc', 'aes-128-ccm', ...] ```

```js const { getCurves, } = await import('node:crypto'); console.log(getCurves()); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...] ```

Creates a predefined `DiffieHellmanGroup` key exchange object. The supported groups are listed in the documentation for `DiffieHellmanGroup`. The returned object mimics the interface of objects created by [createDiffieHellman](.././node__crypto.d.ts/~/createDiffieHellman), but will not allow changing the keys (with `diffieHellman.setPublicKey()`, for example). The advantage of using this method is that the parties do not have to generate nor exchange a group modulus beforehand, saving both processor and communication time. Example (obtaining a shared secret): ```js const { getDiffieHellman, } = await import('node:crypto'); const alice = getDiffieHellman('modp14'); const bob = getDiffieHellman('modp14'); alice.generateKeys(); bob.generateKeys(); const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex'); const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex'); // aliceSecret and bobSecret should be the same console.log(aliceSecret === bobSecret); ```

```js const { getHashes, } = await import('node:crypto'); console.log(getHashes()); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...] ```

A convenient alias for webcrypto.getRandomValues. This implementation is not compliant with the Web Crypto spec, to write web-compatible code use webcrypto.getRandomValues instead.

A utility for creating one-shot hash digests of data. It can be faster than the object-based `crypto.createHash()` when hashing a smaller amount of data (<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use `crypto.createHash()` instead. The `algorithm` is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc. On recent releases of OpenSSL, `openssl list -digest-algorithms` will display the available digest algorithms. Example: ```js import crypto from 'node:crypto'; import { Buffer } from 'node:buffer'; // Hashing a string and return the result as a hex-encoded string. const string = 'Node.js'; // 10b3493287f831e81a438811a1ffba01f8cec4b7 console.log(crypto.hash('sha1', string)); // Encode a base64-encoded string into a Buffer, hash it and return // the result as a buffer. const base64 = 'Tm9kZS5qcw=='; // console.log(crypto.hash('sha1', Buffer.from(base64, 'base64'), 'buffer')); ```

HKDF is a simple key derivation function defined in RFC 5869\. The given `ikm`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes. The supplied `callback` function is called with two arguments: `err` and `derivedKey`. If an errors occurs while deriving the key, `err` will be set; otherwise `err` will be `null`. The successfully generated `derivedKey` will be passed to the callback as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). An error will be thrown if any of the input arguments specify invalid values or types. ```js import { Buffer } from 'node:buffer'; const { hkdf, } = await import('node:crypto'); hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => { if (err) throw err; console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653' }); ```

Provides a synchronous HKDF key derivation function as defined in RFC 5869\. The given `ikm`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes. The successfully generated `derivedKey` will be returned as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). An error will be thrown if any of the input arguments specify invalid values or types, or if the derived key cannot be generated. ```js import { Buffer } from 'node:buffer'; const { hkdfSync, } = await import('node:crypto'); const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64); console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653' ```

Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by `digest` is applied to derive a key of the requested byte length (`keylen`) from the `password`, `salt` and `iterations`. The supplied `callback` function is called with two arguments: `err` and `derivedKey`. If an error occurs while deriving the key, `err` will be set; otherwise `err` will be `null`. By default, the successfully generated `derivedKey` will be passed to the callback as a `Buffer`. An error will be thrown if any of the input arguments specify invalid values or types. The `iterations` argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete. The `salt` should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details. When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`. ```js const { pbkdf2, } = await import('node:crypto'); pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => { if (err) throw err; console.log(derivedKey.toString('hex')); // '3745e48...08d59ae' }); ``` An array of supported digest functions can be retrieved using [getHashes](.././node__crypto.d.ts/~/getHashes). This API uses libuv's threadpool, which can have surprising and negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information.

Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by `digest` is applied to derive a key of the requested byte length (`keylen`) from the `password`, `salt` and `iterations`. If an error occurs an `Error` will be thrown, otherwise the derived key will be returned as a `Buffer`. The `iterations` argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete. The `salt` should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details. When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`. ```js const { pbkdf2Sync, } = await import('node:crypto'); const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512'); console.log(key.toString('hex')); // '3745e48...08d59ae' ``` An array of supported digest functions can be retrieved using [getHashes](.././node__crypto.d.ts/~/getHashes).

Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using the corresponding public key, for example using [publicEncrypt](.././node__crypto.d.ts/~/publicEncrypt). If `privateKey` is not a `KeyObject`, this function behaves as if `privateKey` had been passed to [createPrivateKey](.././node__crypto.d.ts/~/createPrivateKey). If it is an object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_OAEP_PADDING`.

Encrypts `buffer` with `privateKey`. The returned data can be decrypted using the corresponding public key, for example using [publicDecrypt](.././node__crypto.d.ts/~/publicDecrypt). If `privateKey` is not a `KeyObject`, this function behaves as if `privateKey` had been passed to [createPrivateKey](.././node__crypto.d.ts/~/createPrivateKey). If it is an object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_PADDING`.

> [!WARNING] Deno compatibility > This symbol is a non-functional stub. Decrypts `buffer` with `key`.`buffer` was previously encrypted using the corresponding private key, for example using [privateEncrypt](.././node__crypto.d.ts/~/privateEncrypt). If `key` is not a `KeyObject`, this function behaves as if `key` had been passed to [createPublicKey](.././node__crypto.d.ts/~/createPublicKey). If it is an object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_PADDING`. Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.

Encrypts the content of `buffer` with `key` and returns a new `Buffer` with encrypted content. The returned data can be decrypted using the corresponding private key, for example using [privateDecrypt](.././node__crypto.d.ts/~/privateDecrypt). If `key` is not a `KeyObject`, this function behaves as if `key` had been passed to [createPublicKey](.././node__crypto.d.ts/~/createPublicKey). If it is an object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_OAEP_PADDING`. Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.

Generates cryptographically strong pseudorandom data. The `size` argument is a number indicating the number of bytes to generate. If a `callback` function is provided, the bytes are generated asynchronously and the `callback` function is invoked with two arguments: `err` and `buf`. If an error occurs, `err` will be an `Error` object; otherwise it is `null`. The `buf` argument is a `Buffer` containing the generated bytes. ```js // Asynchronous const { randomBytes, } = await import('node:crypto'); randomBytes(256, (err, buf) => { if (err) throw err; console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`); }); ``` If the `callback` function is not provided, the random bytes are generated synchronously and returned as a `Buffer`. An error will be thrown if there is a problem generating the bytes. ```js // Synchronous const { randomBytes, } = await import('node:crypto'); const buf = randomBytes(256); console.log( `${buf.length} bytes of random data: ${buf.toString('hex')}`); ``` The `crypto.randomBytes()` method will not complete until there is sufficient entropy available. This should normally never take longer than a few milliseconds. The only time when generating the random bytes may conceivably block for a longer period of time is right after boot, when the whole system is still low on entropy. This API uses libuv's threadpool, which can have surprising and negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information. The asynchronous version of `crypto.randomBytes()` is carried out in a single threadpool request. To minimize threadpool task length variation, partition large `randomBytes` requests when doing so as part of fulfilling a client request.

This function is similar to [randomBytes](.././node__crypto.d.ts/~/randomBytes) but requires the first argument to be a `Buffer` that will be filled. It also requires that a callback is passed in. If the `callback` function is not provided, an error will be thrown. ```js import { Buffer } from 'node:buffer'; const { randomFill } = await import('node:crypto'); const buf = Buffer.alloc(10); randomFill(buf, (err, buf) => { if (err) throw err; console.log(buf.toString('hex')); }); randomFill(buf, 5, (err, buf) => { if (err) throw err; console.log(buf.toString('hex')); }); // The above is equivalent to the following: randomFill(buf, 5, 5, (err, buf) => { if (err) throw err; console.log(buf.toString('hex')); }); ``` Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as `buffer`. While this includes instances of `Float32Array` and `Float64Array`, this function should not be used to generate random floating-point numbers. The result may contain `+Infinity`, `-Infinity`, and `NaN`, and even if the array contains finite numbers only, they are not drawn from a uniform random distribution and have no meaningful lower or upper bounds. ```js import { Buffer } from 'node:buffer'; const { randomFill } = await import('node:crypto'); const a = new Uint32Array(10); randomFill(a, (err, buf) => { if (err) throw err; console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength) .toString('hex')); }); const b = new DataView(new ArrayBuffer(10)); randomFill(b, (err, buf) => { if (err) throw err; console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength) .toString('hex')); }); const c = new ArrayBuffer(10); randomFill(c, (err, buf) => { if (err) throw err; console.log(Buffer.from(buf).toString('hex')); }); ``` This API uses libuv's threadpool, which can have surprising and negative performance implications for some applications; see the `UV_THREADPOOL_SIZE` documentation for more information. The asynchronous version of `crypto.randomFill()` is carried out in a single threadpool request. To minimize threadpool task length variation, partition large `randomFill` requests when doing so as part of fulfilling a client request.

Synchronous version of [randomFill](.././node__crypto.d.ts/~/randomFill). ```js import { Buffer } from 'node:buffer'; const { randomFillSync } = await import('node:crypto'); const buf = Buffer.alloc(10); console.log(randomFillSync(buf).toString('hex')); randomFillSync(buf, 5); console.log(buf.toString('hex')); // The above is equivalent to the following: randomFillSync(buf, 5, 5); console.log(buf.toString('hex')); ``` Any `ArrayBuffer`, `TypedArray` or `DataView` instance may be passed as`buffer`. ```js import { Buffer } from 'node:buffer'; const { randomFillSync } = await import('node:crypto'); const a = new Uint32Array(10); console.log(Buffer.from(randomFillSync(a).buffer, a.byteOffset, a.byteLength).toString('hex')); const b = new DataView(new ArrayBuffer(10)); console.log(Buffer.from(randomFillSync(b).buffer, b.byteOffset, b.byteLength).toString('hex')); const c = new ArrayBuffer(10); console.log(Buffer.from(randomFillSync(c)).toString('hex')); ```

Return a random integer `n` such that `min <= n < max`. This implementation avoids [modulo bias](https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias). The range (`max - min`) must be less than 2**48. `min` and `max` must be [safe integers](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger). If the `callback` function is not provided, the random integer is generated synchronously. ```js // Asynchronous const { randomInt, } = await import('node:crypto'); randomInt(3, (err, n) => { if (err) throw err; console.log(`Random number chosen from (0, 1, 2): ${n}`); }); ``` ```js // Synchronous const { randomInt, } = await import('node:crypto'); const n = randomInt(3); console.log(`Random number chosen from (0, 1, 2): ${n}`); ``` ```js // With `min` argument const { randomInt, } = await import('node:crypto'); const n = randomInt(1, 7); console.log(`The dice rolled: ${n}`); ```

Generates a random [RFC 4122](https://www.rfc-editor.org/rfc/rfc4122.txt) version 4 UUID. The UUID is generated using a cryptographic pseudorandom number generator.

Provides an asynchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding. The `salt` should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details. When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`. The `callback` function is called with two arguments: `err` and `derivedKey`. `err` is an exception object when key derivation fails, otherwise `err` is `null`. `derivedKey` is passed to the callback as a `Buffer`. An exception is thrown when any of the input arguments specify invalid values or types. ```js const { scrypt, } = await import('node:crypto'); // Using the factory defaults. scrypt('password', 'salt', 64, (err, derivedKey) => { if (err) throw err; console.log(derivedKey.toString('hex')); // '3745e48...08d59ae' }); // Using a custom N parameter. Must be a power of two. scrypt('password', 'salt', 64, { N: 1024 }, (err, derivedKey) => { if (err) throw err; console.log(derivedKey.toString('hex')); // '3745e48...aa39b34' }); ```

Provides a synchronous [scrypt](https://en.wikipedia.org/wiki/Scrypt) implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding. The `salt` should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See [NIST SP 800-132](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf) for details. When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`. An exception is thrown when key derivation fails, otherwise the derived key is returned as a `Buffer`. An exception is thrown when any of the input arguments specify invalid values or types. ```js const { scryptSync, } = await import('node:crypto'); // Using the factory defaults. const key1 = scryptSync('password', 'salt', 64); console.log(key1.toString('hex')); // '3745e48...08d59ae' // Using a custom N parameter. Must be a power of two. const key2 = scryptSync('password', 'salt', 64, { N: 1024 }); console.log(key2.toString('hex')); // '3745e48...aa39b34' ```

> [!WARNING] Deno compatibility > This symbol is a non-functional stub.

> [!WARNING] Deno compatibility > This symbol is a non-functional stub. Load and set the `engine` for some or all OpenSSL functions (selected by flags). `engine` could be either an id or a path to the engine's shared library. The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags` is a bit field taking one of or a mix of the following flags (defined in `crypto.constants`): * `crypto.constants.ENGINE_METHOD_RSA` * `crypto.constants.ENGINE_METHOD_DSA` * `crypto.constants.ENGINE_METHOD_DH` * `crypto.constants.ENGINE_METHOD_RAND` * `crypto.constants.ENGINE_METHOD_EC` * `crypto.constants.ENGINE_METHOD_CIPHERS` * `crypto.constants.ENGINE_METHOD_DIGESTS` * `crypto.constants.ENGINE_METHOD_PKEY_METHS` * `crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS` * `crypto.constants.ENGINE_METHOD_ALL` * `crypto.constants.ENGINE_METHOD_NONE`

Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. Throws an error if FIPS mode is not available.

Calculates and returns the signature for `data` using the given private key and algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is dependent upon the key type (especially Ed25519 and Ed448). If `key` is not a `KeyObject`, this function behaves as if `key` had been passed to [createPrivateKey](.././node__crypto.d.ts/~/createPrivateKey). If it is an object, the following additional properties can be passed: If the `callback` function is provided this function uses libuv's threadpool.

This function compares the underlying bytes that represent the given `ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time algorithm. This function does not leak timing information that would allow an attacker to guess one of the values. This is suitable for comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/). `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they must have the same byte length. An error is thrown if `a` and `b` have different byte lengths. If at least one of `a` and `b` is a `TypedArray` with more than one byte per entry, such as `Uint16Array`, the result will be computed using the platform byte order. **When both of the inputs are `Float32Array`s or `Float64Array`s, this function might return unexpected results due to IEEE 754** **encoding of floating-point numbers. In particular, neither `x === y` nor `Object.is(x, y)` implies that the byte representations of two floating-point** **numbers `x` and `y` are equal.** Use of `crypto.timingSafeEqual` does not guarantee that the _surrounding_ code is timing-safe. Care should be taken to ensure that the surrounding code does not introduce timing vulnerabilities.

Verifies the given signature for `data` using the given key and algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is dependent upon the key type (especially Ed25519 and Ed448). If `key` is not a `KeyObject`, this function behaves as if `key` had been passed to [createPublicKey](.././node__crypto.d.ts/~/createPublicKey). If it is an object, the following additional properties can be passed: The `signature` argument is the previously calculated signature for the `data`. Because public keys can be derived from private keys, a private key or a public key may be passed for `key`. If the `callback` function is provided this function uses libuv's threadpool.

Importing the `webcrypto` object (`import { webcrypto } from 'node:crypto'`) gives an instance of the `Crypto` class. `Crypto` is a singleton that provides access to the remainder of the crypto API.

The `CryptoKeyPair` is a simple dictionary object with `publicKey` and `privateKey` properties, representing an asymmetric key pair.

Specifies the active default cipher list used by the current Node.js process (colon-separated values).

Specifies the built-in default cipher list used by Node.js (colon-separated values).

Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature.

Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying.

Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data.

Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.

Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3

Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.

Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.

Instructs OpenSSL to use Cisco's version identifier of DTLS_BAD_VER.

Instructs OpenSSL to turn on cookie exchange.

Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.

Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.

Allows initial connection to servers that do not support RI.

Instructs OpenSSL to disable support for SSL/TLS compression.

Instructs OpenSSL to disable encrypt-then-MAC.

Instructs OpenSSL to disable renegotiation.

Instructs OpenSSL to always start a new session when performing renegotiation.

Instructs OpenSSL to turn off SSL v2

Instructs OpenSSL to turn off SSL v3

Instructs OpenSSL to disable use of RFC4507bis tickets.

Instructs OpenSSL to turn off TLS v1

Instructs OpenSSL to turn off TLS v1.1

Instructs OpenSSL to turn off TLS v1.2

Instructs OpenSSL to turn off TLS v1.3

Instructs OpenSSL server to prioritize ChaCha20-Poly1305 when the client does. This option has no effect if `SSL_OP_CIPHER_SERVER_PREFERENCE` is not enabled.

Instructs OpenSSL to disable version rollback attack detection.

A convenient alias for `crypto.webcrypto.subtle`.