diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-10-13 01:29:46 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2019-01-05 17:54:43 +0100 |
commit | 345d3f380bcbaa646529df424d4ac8e11026f8c9 (patch) | |
tree | a721d50c156879d01a510cd8fb00a4d9a03d1e6f /doc/api/crypto.md | |
parent | 992c8ab4762123a49b5ec12fb4f03a67a4750f8a (diff) | |
download | android-node-v8-345d3f380bcbaa646529df424d4ac8e11026f8c9.tar.gz android-node-v8-345d3f380bcbaa646529df424d4ac8e11026f8c9.tar.bz2 android-node-v8-345d3f380bcbaa646529df424d4ac8e11026f8c9.zip |
doc: document key encryption options
PR-URL: https://github.com/nodejs/node/pull/23632
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'doc/api/crypto.md')
-rw-r--r-- | doc/api/crypto.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 2ba721d062..bc842062d0 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1157,6 +1157,16 @@ For private keys, the following encoding options can be used: When PEM encoding was selected, the result will be a string, otherwise it will be a buffer containing the data encoded as DER. +PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of +the `cipher` and `format` options. The PKCS#8 `type` can be used with any +`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a +`cipher`. PKCS#1 and SEC1 can only be encrypted by specifying a `cipher` +when the PEM `format` is used. For maximum compatibility, use PKCS#8 for +encrypted private keys. Since PKCS#8 defines its own +encryption mechanism, PEM-level encryption is not supported when encrypting +a PKCS#8 key. See [RFC 5208][] for PKCS#8 encryption and [RFC 1421][] for +PKCS#1 and SEC1 encryption. + ### keyObject.symmetricSize <!-- YAML added: v11.6.0 @@ -3127,10 +3137,12 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. [NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf [Nonce-Disrespecting Adversaries]: https://github.com/nonce-disrespect/nonce-disrespect [OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.1.0/apps/openssl-spkac.html +[RFC 1421]: https://www.rfc-editor.org/rfc/rfc1421.txt [RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt [RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt [RFC 3610]: https://www.rfc-editor.org/rfc/rfc3610.txt [RFC 4055]: https://www.rfc-editor.org/rfc/rfc4055.txt +[RFC 5208]: https://www.rfc-editor.org/rfc/rfc5208.txt [encoding]: buffer.html#buffer_buffers_and_character_encodings [initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector [scrypt]: https://en.wikipedia.org/wiki/Scrypt |