+ + +The crypto object is a global object +that allows using cryptographic functionality +(since 0.7.0). + + + + + +сrypto.getRandomValues(typedArray) + +Gets cryptographically strong random values. +Returns the same array passed as typedArray +but with its contents replaced with the newly generated random numbers. +Possible values: + + +typedArray + +can be +Int8Array, +Int16Array, +Uint16Array, +Int32Array, or +Uint32Array + + + + + +сrypto.subtle.encrypt(algorithm, +key, +data) + +Encrypts data +using the provided +algorithm and +key. +Returns a Promise that fulfills with +an ArrayBuffer containing the ciphertext. +Possible values: + + +algorithm + +an object that specifies +the algorithm to be used and any extra parameters if required: + + + +for RSA-OAEP, +pass the object with the following keys: + + + + +name is a string, +should be set to RSA-OAEP: + + +crypto.subtle.encrypt({name: "RSA-OAEP"}, key, data) + + + + + + + + +for AES-CTR, +pass the object with the following keys: + + + + +name is a string, +should be set to AES-CTR + + + +counter is an +ArrayBuffer, +TypedArray, or +DataView — +the initial value of the counter block, +must be 16 bytes long (the AES block size). +The rightmost length bits of this block are used for the counter, +and the rest is used for the nonce. +For example, if length is set to 64, +then the first half of counter is the nonce +and the second half is used for the counter + + + +length is the number of bits in the counter block +that are used for the actual counter. +The counter must be big enough that it doesn't wrap. + + + + + + +for AES-CBC, pass the object with the following keys: + + + + +name is a string, +should be set to AES-CBC + + + +iv or the initialization vector, is an +ArrayBuffer, +TypedArray, or +DataView, +must be 16 bytes, unpredictable, +and preferably cryptographically random. +However, it need not be secret, +for example, it may be transmitted unencrypted along with the ciphertext. + + + + + + +for AES-GCM, pass the object with the following keys: + + + + +name is a string, +should be set to AES-GCM + + + +iv or the initialization vector, is an +ArrayBuffer, +TypedArray, or +DataView, +must be 16 bytes, +and must be unique for every encryption operation carried out with a given key + + + +additionalData (optional) is an +ArrayBuffer, +TypedArray, or +DataView +that contains additional data that +will not be encrypted but will be authenticated along with the encrypted data. +If additionalData is specified, +then the same data must be specified in the corresponding call to +decrypt(): +if the data given to the decrypt() call +does not match the original data, +the decryption will throw an exception. +The bit length of additionalData +must be smaller than 2^64 - 1. + + + +tagLength (optional, default is 128) - +a number that determines the size in bits +of the authentication tag generated in the encryption operation +and used for authentication in the corresponding decryption +Possible values: +32, +64, +96, +104, +112, +120, or +128. +The AES-GCM specification recommends that it should be +96, +104, +112, +120, or +128, +although +32 or +64 +bits may be acceptable in some applications. + + + + + + + + +key + +a CryptoKey that contains +the key to be used for encryption + + +data + +an +ArrayBuffer, +TypedArray, or +DataView +that contains +the data to be encrypted (also known as the plaintext) + + + + + +сrypto.subtle.decrypt(algorithm, +key, +data) + +Decrypts encrypted data. +Returns a Promise with the decrypted data. +Possible values: + + + +algorithm + +an object +that specifies the algorithm to be used, and any extra parameters as required. +The values given for the extra parameters must match +those passed into the corresponding encrypt() call. + + + +for RSA-OAEP, +pass the object with the following keys: + + + + +name is a string, +should be set to RSA-OAEP: + + +crypto.subtle.encrypt({name: "RSA-OAEP"}, key, data) + + + + + + + +for AES-CTR, +pass the object with the following keys: + + + + +name is a string, +should be set to AES-CTR + + + +counter is an +ArrayBuffer, +TypedArray, or +DataView — +the initial value of the counter block, +must be 16 bytes long (the AES block size). +The rightmost length bits of this block are used for the counter, +and the rest is used for the nonce. +For example, if length is set to 64, +then the first half of counter is the nonce +and the second half is used for the counter. + + + +length is the number of bits in the counter block +that are used for the actual counter. +The counter must be big enough that it doesn't wrap. + + + + + + +for AES-CBC, pass the object with the following keys: + + + + +name is a string, +should be set to AES-CBC + + + +iv or the initialization vector, is an +ArrayBuffer, +TypedArray, or +DataView, +must be 16 bytes, unpredictable, +and preferably cryptographically random. +However, it need not be secret +(for example, it may be transmitted unencrypted along with the ciphertext). + + + + + + +for AES-GCM, pass the object with the following keys: + + + + +name is a string, +should be set to AES-GCM + + + +iv or the initialization vector, is an +ArrayBuffer, +TypedArray, or +DataView, +must be 16 bytes, +and must be unique for every encryption operation carried out with a given key + + + +additionalData (optional) is an +ArrayBuffer, +TypedArray, or +DataView +that contains additional data that +will not be encrypted but will be authenticated along with the encrypted data. +If additionalData is specified, +then the same data must be specified in the corresponding call to +decrypt(): +if the data given to the decrypt() call +does not match the original data, +the decryption will throw an exception. +The bit length of additionalData +must be smaller than 2^64 - 1. + + + +tagLength (optional, default is 128) - +a number that determines the size in bits +of the authentication tag generated in the encryption operation +and used for authentication in the corresponding decryption. +Possible values: +32, +64, +96, +104, +112, +120, or +128. +The AES-GCM specification recommends that it should be +96, +104, +112, +120, or +128, +although +32 or +64 +bits may be acceptable in some applications. + + + + + + + + +key + +a CryptoKey +that contains the key to be used for decryption. +If RSA-OAEP is used, this is the +privateKey property of the +CryptoKeyPair object. + + +data + +an +ArrayBuffer, +TypedArray, or +DataView +that contains the data to be decrypted (also known as ciphertext) + + + + + +сrypto.subtle.deriveBits(algorithm, +baseKey, +length) + +Derives an array of bits from a base key. +Returns a Promise +which will be fulfilled with an +ArrayBuffer that contains the derived bits. +Possible values: + + +algorithm + +is an object that defines the derivation algorithm to use: + + + +for HKDF, +pass the object with the following keys: + + + + +name is a string, +should be set to HKDF + + + +hash is a string with the digest algorithm to use: +SHA-1, +SHA-256, +SHA-384, or +SHA-512 + + + +salt is an +ArrayBuffer, +TypedArray, or +DataView +that represents random or pseudo-random value +with the same length as the output of the digest function. +Unlike the input key material passed into deriveKey(), +salt does not need to be kept secret. + + + +info is an +ArrayBuffer, +TypedArray, or +DataView +that represents application-specific contextual information +used to bind the derived key to an application or context, +and enables deriving different keys for different contexts +while using the same input key material. +This property is required but may be an empty buffer. + + + + + + +for PBKDF2, +pass the object with the following keys: + + + + +name is a string, +should be set to PBKDF2 + + + +hash is a string with the digest algorithm to use: +SHA-1, +SHA-256, +SHA-384, or +SHA-512 + + + +salt is an +ArrayBuffer, +TypedArray, or +DataView +that represents random or pseudo-random value +of at least 16 bytes. +Unlike the input key material passed into deriveKey(), +salt does not need to be kept secret. + + + +iterations is a number +that represents the number of times the hash function will be executed +in deriveKey() + + + + + + + + +baseKey + +is a CryptoKey +that represents the input to the derivation algorithm +- the initial key material for the derivation function: +for example, for PBKDF2 it might be a password, +imported as a CryptoKey using +сrypto.subtle.importKey() + + +length + +is a number representing the number of bits to derive. +For browsers compatibility, +the number should be a multiple of 8 + + + + + +сrypto.subtle.deriveKey(algorithm, +baseKey, +derivedKeyAlgorithm, +extractable, +keyUsages) + +Derives a secret key from a master key. +Possible values: + + +algorithm + +is an object that defines the derivation algorithm to use: + + + +for HKDF, +pass the object with the following keys: + + + + +name is a string, +should be set to HKDF + + + +hash is a string with the digest algorithm to use: +SHA-1, +SHA-256, +SHA-384, or +SHA-512 + + + +salt is an +ArrayBuffer, +TypedArray, or +DataView +that represents random or pseudo-random value +with the same length as the output of the digest function. +Unlike the input key material passed into deriveKey(), +salt does not need to be kept secret. + + + +info is an +ArrayBuffer, +TypedArray, or +DataView +that represents application-specific contextual information +used to bind the derived key to an application or context, +and enables deriving different keys for different contexts +while using the same input key material. +This property is required but may be an empty buffer. + + + + + + +for PBKDF2, +pass the object with the following keys: + + + + +name is a string, +should be set to PBKDF2 + + + +hash is a string with the digest algorithm to use: +SHA-1, +SHA-256, +SHA-384, or +SHA-512 + + + +salt is an +ArrayBuffer, +TypedArray, or +DataView +that represents random or pseudo-random value +of at least 16 bytes. +Unlike the input key material passed into deriveKey(), +salt does not need to be kept secret. + + + +iterations is a number +that represents the number of times the hash function will be executed +in deriveKey() + + + + + + + + +baseKey + +is a CryptoKey +that represents the input to the derivation algorithm +- the initial key material for the derivation function: +for example, for PBKDF2 it might be a password, +imported as a CryptoKey using +сrypto.subtle.importKey(). + + +derivedKeyAlgorithm + +is an object +that defines the algorithm the derived key will be used for: + + + +for HMAC, +pass the object with the following keys: + + + + +name is a string, +should be set to HMAC + + + +hash is a string with the name of the digest function to use: +SHA-1, +SHA-256, +SHA-384, or +SHA-512 + + + +length (optional) is a number +that represents the length in bits of the key. +If not specified, the length of the key is equal to +the block size of the chozen hash function + + + + + + +for +AES-CTR, +AES-CBC, or +AES-GCM, +pass the object with the following keys: + + + + +name is a string, +should be set to +AES-CTR, +AES-CBC, or +AES-GCM, +depending on the algorithm used + + + +length is a number that represents +the length in bits of the key to generate: +128, +192, or +256 + + + + + + + + +extractable + +is a boolean value +that indicates whether it will be possible to export the key + + +keyUsages + +is an Array +that indicates what can be done with the derived key. +The key usages must be allowed by the algorithm +set in derivedKeyAlgorithm. +Possible values: + + +encrypt + +key for encrypting messages + + +decrypt + +key for decrypting messages + + +sign + +key for signing messages + + +verify + +key for verifying signatures + + +deriveKey + +key for deriving a new key + + +deriveBits + +key for deriving bits + + +wrapKey + +key for wrapping a key + + +unwrapKey + +key for unwrapping a key + + + + + + + + +сrypto.subtle.digest(algorithm, +data) + +Generates a digest of the given data. +Takes as its arguments an identifier for the digest algorithm to use +and the data to digest. +Returns a Promise which will be fulfilled with the digest. +Possible values: + + +algorithm + +is a string that defines the hash function to use: +SHA-1 (not for cryptographic applications), +SHA-256, +SHA-384, or +SHA-512 + + +data + +is an +ArrayBuffer, +TypedArray, or +DataView +that contains the data to be digested + + + + + +сrypto.subtle.importKey(format, +keyData, +algorithm, +extractable, +keyUsages) + +Imports a key: takes as input a key in an external, portable format +and gives a CryptoKey object. +Returns a Promise that fulfills with the imported key +as a CryptoKey object. +Possible values: + + +format + +a string that describes the data format of the key to import, +can be the following: + + +raw + +the raw data format + + +pkcs8 + +the +PKCS #8 +format + + +spki + +the +SubjectPublicKeyInfo +format + + + + + + +keyData + +the +ArrayBuffer, +TypedArray, or +DataView +object that contains the key in the given format + + +algorithm + +a dictionary object that defines the type of key to import +and provides extra algorithm-specific parameters: + + + +for +RSASSA-PKCS1-v1_5, +RSA-PSS, or +RSA-OAEP, +pass the object with the following keys: + + + +name is a string, should be set to +RSASSA-PKCS1-v1_5, +RSA-PSS, or +RSA-OAEP, +depending on the used algorithm + + + +hash is a string that represents +the name of the digest function to use, can be +SHA-256, +SHA-384, or +SHA-512 + + + + + + +for +ECDSA, +pass the object with the following keys: + + + +name is a string, should be set to ECDSA + + + +namedCurve is a string that represents +the name of the elliptic curve to use, may be +P-256, +P-384, or +P-521 + + + + + + +for +HMAC, +pass the object with the following keys: + + + +name is a string, should be set to HMAC + + + + +hash is a string that represents +the name of the digest function to use, can be +SHA-256, +SHA-384, or +SHA-512 + + + +length (optional) is a number that represents +the length in bits of the key. +If omitted, the length of the key is equal to the length of the digest +generated by the chosen digest function. + + + + + + +for +AES-CTR, +AES-CBC, or +AES-GCM, +pass the string identifying the algorithm or an object +of the form { "name": "ALGORITHM" }, +where ALGORITHM is the name of the algorithm + + + +for +PBKDF2, +pass the PBKDF2 string + + + +for +HKDF, +pass the HKDF string + + + + + +extractable + +boolean value that indicates if it is possible to export the key + + +keyUsages + +an array that indicates possible actions with the key: + + +encrypt + +key for encrypting messages + + +decrypt + +key for decrypting messages + + +sign + +key for signing messages + + +verify + +key for verifying signatures + + +deriveKey + +key for deriving a new key + + +deriveBits + +key for deriving bits + + +wrapKey + +key for wrapping a key + + +unwrapKey + +key for unwrapping a key + + + + + + + + +сrypto.subtle.sign(algorithm, +key, +data) + +Returns signature as a Promise +that fulfills with an ArrayBuffer containing the signature. +Possible values: + + +algorithm + +is a string or object that specifies the signature algorithm to use +and its parameters: + + + + +for RSASSA-PKCS1-v1_5, +pass the string identifying the algorithm or an object +of the form { "name": "ALGORITHM" } + + + +for RSA-PSS, +pass the object with the following keys: + + + +name is a string, should be set to +RSA-PSS + + + +saltLength is a long integer +that represents the length of the random salt to use, in bytes + + + + + + +for ECDSA, +pass the object with the following keys: + + + +name is a string, should be set to +ECDSA + + + +hash is an identifier for the digest algorithm to use, +can be +SHA-256, +SHA-384, or +SHA-512 + + + + + + +for HMAC, +pass the string identifying the algorithm or an object +of the form { "name": "ALGORITHM" } + + + + + +key + +is a CryptoKey object that the key to be used for signing. +If algorithm identifies a public-key cryptosystem, this is the private key. + + +data + +is an +ArrayBuffer, +TypedArray, or +DataView +object that contains the data to be signed + + + + + + +сrypto.subtle.verify(algorithm, +key, +signature, +data) + +Verifies a digital signature, +returns a Promise that fulfills with a boolean value: +true if the signature is valid, +otherwise false. +Possible values: + + +algorithm + +is a string or object that specifies the algorithm to use +and its parameters: + + + + +for RSASSA-PKCS1-v1_5, +pass the string identifying the algorithm or an object +of the form { "name": "ALGORITHM" } + + + +for RSA-PSS, +pass the object with the following keys: + + + +name is a string, should be set to +RSA-PSS + + + +saltLength is a long integer +that represents the length of the random salt to use, in bytes + + + + + + +for ECDSA, +pass the object with the following keys: + + + +name is a string, should be set to +ECDSA + + + +hash is an identifier for the digest algorithm to use, +can be +SHA-256, +SHA-384, or +SHA-512 + + + + + + +for HMAC, +pass the string identifying the algorithm or an object +of the form { "name": "ALGORITHM" } + + + + + +key + +is a CryptoKey object that the key to be used for verifying. +It is the secret key for a symmetric algorithm +and the public key for a public-key system. + + +signature + +is an +ArrayBuffer, +TypedArray, or +DataView +that contains the signature to verify + + +data + +is an +ArrayBuffer, +TypedArray, or +DataView +object that contains the data whose signature is to be verified + + + + + + + + +

+ +

@@ -949,7 +2150,7 @@ njs.version

Returns a string with the current version of njs -(for example, “0.5.2”). +(for example, “0.7.0”).

njs.dump(value) @@ -1919,6 +3120,11 @@

+ +Since 0.7.0, +extended crypto API is available as a global +crypto object. + The Crypto module provides cryptographic functionality support. The Crypto module object is returned by require('crypto').