diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 8052cc5073e727..1a9c43504e87ae 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2926,6 +2926,10 @@ Checks the primality of the `candidate`. added: v0.1.94 deprecated: v10.0.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/42427 + description: The `authTagLength` option is now optional when using the + `chacha20-poly1305` cipher and defaults to 16 bytes. - version: v15.0.0 pr-url: https://github.com/nodejs/node/pull/35093 description: The password argument can be an ArrayBuffer and is limited to @@ -2950,12 +2954,12 @@ Creates and returns a `Cipher` object that uses the given `algorithm` and `password`. The `options` argument controls stream behavior and is optional except when a -cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) or `chacha20-poly1305` is used. -In that case, the +cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength` option is not required but can be used to set the length of the authentication tag that will be returned by `getAuthTag()` and defaults to 16 bytes. +For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will @@ -2986,6 +2990,10 @@ Adversaries][] for details.