|
73 | 73 | } |
74 | 74 | ``` |
75 | 75 |
|
| 76 | +## Asymmetric key types |
| 77 | + |
| 78 | +The following table lists the asymmetric key types recognized by the [`KeyObject`][] API: |
| 79 | + |
| 80 | +| Key Type | Description | OID | |
| 81 | +| --------------------------- | -------------- | ----------------------- | |
| 82 | +| `'dh'` | Diffie-Hellman | 1.2.840.113549.1.3.1 | |
| 83 | +| `'dsa'` | DSA | 1.2.840.10040.4.1 | |
| 84 | +| `'ec'` | Elliptic curve | 1.2.840.10045.2.1 | |
| 85 | +| `'ed25519'` | Ed25519 | 1.3.101.112 | |
| 86 | +| `'ed448'` | Ed448 | 1.3.101.113 | |
| 87 | +| `'ml-dsa-44'`[^openssl35] | ML-DSA-44 | 2.16.840.1.101.3.4.3.17 | |
| 88 | +| `'ml-dsa-65'`[^openssl35] | ML-DSA-65 | 2.16.840.1.101.3.4.3.18 | |
| 89 | +| `'ml-dsa-87'`[^openssl35] | ML-DSA-87 | 2.16.840.1.101.3.4.3.19 | |
| 90 | +| `'ml-kem-1024'`[^openssl35] | ML-KEM-1024 | 2.16.840.1.101.3.4.4.3 | |
| 91 | +| `'ml-kem-512'`[^openssl35] | ML-KEM-512 | 2.16.840.1.101.3.4.4.1 | |
| 92 | +| `'ml-kem-768'`[^openssl35] | ML-KEM-768 | 2.16.840.1.101.3.4.4.2 | |
| 93 | +| `'rsa-pss'` | RSA PSS | 1.2.840.113549.1.1.10 | |
| 94 | +| `'rsa'` | RSA | 1.2.840.113549.1.1.1 | |
| 95 | +| `'x25519'` | X25519 | 1.3.101.110 | |
| 96 | +| `'x448'` | X448 | 1.3.101.111 | |
| 97 | + |
76 | 98 | ## Class: `Certificate` |
77 | 99 |
|
78 | 100 | <!-- YAML |
@@ -2052,24 +2074,8 @@ changes: |
2052 | 2074 |
|
2053 | 2075 | * Type: {string} |
2054 | 2076 |
|
2055 | | -For asymmetric keys, this property represents the type of the key. Supported key |
2056 | | -types are: |
2057 | | - |
2058 | | -* `'rsa'` (OID 1.2.840.113549.1.1.1) |
2059 | | -* `'rsa-pss'` (OID 1.2.840.113549.1.1.10) |
2060 | | -* `'dsa'` (OID 1.2.840.10040.4.1) |
2061 | | -* `'ec'` (OID 1.2.840.10045.2.1) |
2062 | | -* `'x25519'` (OID 1.3.101.110) |
2063 | | -* `'x448'` (OID 1.3.101.111) |
2064 | | -* `'ed25519'` (OID 1.3.101.112) |
2065 | | -* `'ed448'` (OID 1.3.101.113) |
2066 | | -* `'dh'` (OID 1.2.840.113549.1.3.1) |
2067 | | -* `'ml-dsa-44'`[^openssl35] (OID 2.16.840.1.101.3.4.3.17) |
2068 | | -* `'ml-dsa-65'`[^openssl35] (OID 2.16.840.1.101.3.4.3.18) |
2069 | | -* `'ml-dsa-87'`[^openssl35] (OID 2.16.840.1.101.3.4.3.19) |
2070 | | -* `'ml-kem-512'`[^openssl35] (OID 2.16.840.1.101.3.4.4.1) |
2071 | | -* `'ml-kem-768'`[^openssl35] (OID 2.16.840.1.101.3.4.4.2) |
2072 | | -* `'ml-kem-1024'`[^openssl35] (OID 2.16.840.1.101.3.4.4.3) |
| 2077 | +For asymmetric keys, this property represents the type of the key. See the |
| 2078 | +supported [asymmetric key types][]. |
2073 | 2079 |
|
2074 | 2080 | This property is `undefined` for unrecognized `KeyObject` types and symmetric |
2075 | 2081 | keys. |
@@ -3590,9 +3596,9 @@ changes: |
3590 | 3596 | * `secret` {Buffer} |
3591 | 3597 | * Returns: {Buffer} if the `callback` function is not provided. |
3592 | 3598 |
|
3593 | | -Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`. |
3594 | | -Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'` |
3595 | | -(for Diffie-Hellman), `'ec'`, `'x448'`, or `'x25519'` (for ECDH). |
| 3599 | +Computes the Diffie-Hellman shared secret based on a `privateKey` and a `publicKey`. |
| 3600 | +Both keys must have the same `asymmetricKeyType` and must support either the DH or |
| 3601 | +ECDH operation. |
3596 | 3602 |
|
3597 | 3603 | If the `callback` function is provided this function uses libuv's threadpool. |
3598 | 3604 |
|
@@ -3704,9 +3710,8 @@ changes: |
3704 | 3710 | produce key objects if no encoding was specified. |
3705 | 3711 | --> |
3706 | 3712 |
|
3707 | | -* `type` {string} Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, |
3708 | | - `'ed448'`, `'x25519'`, `'x448'`, `'dh'`, `'ml-dsa-44'`[^openssl35], |
3709 | | - `'ml-dsa-65'`[^openssl35], or `'ml-dsa-87'`[^openssl35]. |
| 3713 | +* `type` {string} The asymmetric key type to generate. See the |
| 3714 | + supported [asymmetric key types][]. |
3710 | 3715 | * `options` {Object} |
3711 | 3716 | * `modulusLength` {number} Key size in bits (RSA, DSA). |
3712 | 3717 | * `publicExponent` {number} Public exponent (RSA). **Default:** `0x10001`. |
@@ -3825,9 +3830,8 @@ changes: |
3825 | 3830 | produce key objects if no encoding was specified. |
3826 | 3831 | --> |
3827 | 3832 |
|
3828 | | -* `type` {string} Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`, |
3829 | | - `'ed448'`, `'x25519'`, `'x448'`, `'dh'`, `'ml-dsa-44'`[^openssl35], |
3830 | | - `'ml-dsa-65'`[^openssl35], or `'ml-dsa-87'`[^openssl35]. |
| 3833 | +* `type` {string} The asymmetric key type to generate. See the |
| 3834 | + supported [asymmetric key types][]. |
3831 | 3835 | * `options` {Object} |
3832 | 3836 | * `modulusLength` {number} Key size in bits (RSA, DSA). |
3833 | 3837 | * `publicExponent` {number} Public exponent (RSA). **Default:** `0x10001`. |
@@ -6280,6 +6284,7 @@ See the [list of SSL OP Flags][] for details. |
6280 | 6284 | [`verify.verify()`]: #verifyverifyobject-signature-signatureencoding |
6281 | 6285 | [`x509.fingerprint256`]: #x509fingerprint256 |
6282 | 6286 | [`x509.verify(publicKey)`]: #x509verifypublickey |
| 6287 | +[asymmetric key types]: #asymmetric-key-types |
6283 | 6288 | [caveats when using strings as inputs to cryptographic APIs]: #using-strings-as-inputs-to-cryptographic-apis |
6284 | 6289 | [certificate object]: tls.md#certificate-object |
6285 | 6290 | [encoding]: buffer.md#buffers-and-character-encodings |
|
0 commit comments