diff options
| -rw-r--r-- | doc/api/crypto.md | 16 | ||||
| -rw-r--r-- | lib/crypto.js | 4 | ||||
| -rw-r--r-- | lib/internal/crypto/keys.js | 1 |
3 files changed, 14 insertions, 7 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 1b30633221..0653fcedaa 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1109,14 +1109,18 @@ This can be called many times with new data as it is streamed. ## Class: KeyObject <!-- YAML added: v11.6.0 +changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/26438 + description: This class is now exported. --> -Node.js uses an internal `KeyObject` class which should not be accessed -directly. Instead, factory functions exist to create instances of this class -in a secure manner, see [`crypto.createSecretKey()`][], -[`crypto.createPublicKey()`][] and [`crypto.createPrivateKey()`][]. A -`KeyObject` can represent a symmetric or asymmetric key, and each kind of key -exposes different functions. +Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key, +and each kind of key exposes different functions. The +[`crypto.createSecretKey()`][], [`crypto.createPublicKey()`][] and +[`crypto.createPrivateKey()`][] methods are used to create `KeyObject` +instances. `KeyObject` objects are not to be created directly using the `new` +keyword. Most applications should consider using the new `KeyObject` API instead of passing keys as strings or `Buffer`s due to improved security features. diff --git a/lib/crypto.js b/lib/crypto.js index 8f26ac6c13..673a198466 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -60,7 +60,8 @@ const { const { createSecretKey, createPublicKey, - createPrivateKey + createPrivateKey, + KeyObject, } = require('internal/crypto/keys'); const { DiffieHellman, @@ -191,6 +192,7 @@ module.exports = exports = { ECDH, Hash, Hmac, + KeyObject, Sign, Verify }; diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index a0c2148b30..1eb4a6f7be 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -333,6 +333,7 @@ module.exports = { createSecretKey, createPublicKey, createPrivateKey, + KeyObject, // These are designed for internal use only and should not be exposed. parsePublicKeyEncoding, |