|
2 | 2 |
|
3 | 3 | <!-- YAML |
4 | 4 | changes: |
| 5 | + - version: REPLACEME |
| 6 | + pr-url: https://github.com/nodejs/node/pull/56142 |
| 7 | + description: Algorithms `Ed25519` and `X25519` are now stable. |
5 | 8 | - version: |
6 | 9 | - v20.0.0 |
7 | 10 | - v18.17.0 |
@@ -113,9 +116,7 @@ async function generateEcKey(namedCurve = 'P-521') { |
113 | 116 | } |
114 | 117 | ``` |
115 | 118 |
|
116 | | -#### Ed25519/Ed448/X25519/X448 key pairs |
117 | | - |
118 | | -> Stability: 1 - Experimental |
| 119 | +#### Ed25519/X25519 key pairs |
119 | 120 |
|
120 | 121 | ```js |
121 | 122 | const { subtle } = globalThis.crypto; |
@@ -353,28 +354,28 @@ async function digest(data, algorithm = 'SHA-512') { |
353 | 354 | The table details the algorithms supported by the Node.js Web Crypto API |
354 | 355 | implementation and the APIs supported for each: |
355 | 356 |
|
356 | | -| Algorithm | `generateKey` | `exportKey` | `importKey` | `encrypt` | `decrypt` | `wrapKey` | `unwrapKey` | `deriveBits` | `deriveKey` | `sign` | `verify` | `digest` | |
357 | | -| --------------------------------------------------------- | ------------- | ----------- | ----------- | --------- | --------- | --------- | ----------- | ------------ | ----------- | ------ | -------- | -------- | |
358 | | -| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
359 | | -| `'RSA-PSS'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
360 | | -| `'RSA-OAEP'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
361 | | -| `'ECDSA'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
362 | | -| `'Ed25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
363 | | -| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
364 | | -| `'ECDH'` | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
365 | | -| `'X25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
366 | | -| `'X448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
367 | | -| `'AES-CTR'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
368 | | -| `'AES-CBC'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
369 | | -| `'AES-GCM'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
370 | | -| `'AES-KW'` | ✔ | ✔ | ✔ | | | ✔ | ✔ | | | | | | |
371 | | -| `'HMAC'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
372 | | -| `'HKDF'` | | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
373 | | -| `'PBKDF2'` | | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
374 | | -| `'SHA-1'` | | | | | | | | | | | | ✔ | |
375 | | -| `'SHA-256'` | | | | | | | | | | | | ✔ | |
376 | | -| `'SHA-384'` | | | | | | | | | | | | ✔ | |
377 | | -| `'SHA-512'` | | | | | | | | | | | | ✔ | |
| 357 | +| Algorithm | `generateKey` | `exportKey` | `importKey` | `encrypt` | `decrypt` | `wrapKey` | `unwrapKey` | `deriveBits` | `deriveKey` | `sign` | `verify` | `digest` | |
| 358 | +| ------------------------------------------------------- | ------------- | ----------- | ----------- | --------- | --------- | --------- | ----------- | ------------ | ----------- | ------ | -------- | -------- | |
| 359 | +| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
| 360 | +| `'RSA-PSS'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
| 361 | +| `'RSA-OAEP'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
| 362 | +| `'ECDSA'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
| 363 | +| `'Ed25519'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
| 364 | +| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
| 365 | +| `'ECDH'` | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
| 366 | +| `'X25519'` | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
| 367 | +| `'X448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
| 368 | +| `'AES-CTR'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
| 369 | +| `'AES-CBC'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
| 370 | +| `'AES-GCM'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | |
| 371 | +| `'AES-KW'` | ✔ | ✔ | ✔ | | | ✔ | ✔ | | | | | | |
| 372 | +| `'HMAC'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | |
| 373 | +| `'HKDF'` | | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
| 374 | +| `'PBKDF2'` | | ✔ | ✔ | | | | | ✔ | ✔ | | | | |
| 375 | +| `'SHA-1'` | | | | | | | | | | | | ✔ | |
| 376 | +| `'SHA-256'` | | | | | | | | | | | | ✔ | |
| 377 | +| `'SHA-384'` | | | | | | | | | | | | ✔ | |
| 378 | +| `'SHA-512'` | | | | | | | | | | | | ✔ | |
378 | 379 |
|
379 | 380 | ## Class: `Crypto` |
380 | 381 |
|
@@ -496,24 +497,24 @@ The possible usages are: |
496 | 497 | Valid key usages depend on the key algorithm (identified by |
497 | 498 | `cryptokey.algorithm.name`). |
498 | 499 |
|
499 | | -| Key Type | `'encrypt'` | `'decrypt'` | `'sign'` | `'verify'` | `'deriveKey'` | `'deriveBits'` | `'wrapKey'` | `'unwrapKey'` | |
500 | | -| --------------------------------------------------------- | ----------- | ----------- | -------- | ---------- | ------------- | -------------- | ----------- | ------------- | |
501 | | -| `'AES-CBC'` | ✔ | ✔ | | | | | ✔ | ✔ | |
502 | | -| `'AES-CTR'` | ✔ | ✔ | | | | | ✔ | ✔ | |
503 | | -| `'AES-GCM'` | ✔ | ✔ | | | | | ✔ | ✔ | |
504 | | -| `'AES-KW'` | | | | | | | ✔ | ✔ | |
505 | | -| `'ECDH'` | | | | | ✔ | ✔ | | | |
506 | | -| `'X25519'` <span class="experimental-inline"></span>[^1] | | | | | ✔ | ✔ | | | |
507 | | -| `'X448'` <span class="experimental-inline"></span>[^1] | | | | | ✔ | ✔ | | | |
508 | | -| `'ECDSA'` | | | ✔ | ✔ | | | | | |
509 | | -| `'Ed25519'` <span class="experimental-inline"></span>[^1] | | | ✔ | ✔ | | | | | |
510 | | -| `'Ed448'` <span class="experimental-inline"></span>[^1] | | | ✔ | ✔ | | | | | |
511 | | -| `'HDKF'` | | | | | ✔ | ✔ | | | |
512 | | -| `'HMAC'` | | | ✔ | ✔ | | | | | |
513 | | -| `'PBKDF2'` | | | | | ✔ | ✔ | | | |
514 | | -| `'RSA-OAEP'` | ✔ | ✔ | | | | | ✔ | ✔ | |
515 | | -| `'RSA-PSS'` | | | ✔ | ✔ | | | | | |
516 | | -| `'RSASSA-PKCS1-v1_5'` | | | ✔ | ✔ | | | | | |
| 500 | +| Key Type | `'encrypt'` | `'decrypt'` | `'sign'` | `'verify'` | `'deriveKey'` | `'deriveBits'` | `'wrapKey'` | `'unwrapKey'` | |
| 501 | +| ------------------------------------------------------- | ----------- | ----------- | -------- | ---------- | ------------- | -------------- | ----------- | ------------- | |
| 502 | +| `'AES-CBC'` | ✔ | ✔ | | | | | ✔ | ✔ | |
| 503 | +| `'AES-CTR'` | ✔ | ✔ | | | | | ✔ | ✔ | |
| 504 | +| `'AES-GCM'` | ✔ | ✔ | | | | | ✔ | ✔ | |
| 505 | +| `'AES-KW'` | | | | | | | ✔ | ✔ | |
| 506 | +| `'ECDH'` | | | | | ✔ | ✔ | | | |
| 507 | +| `'X25519'` | | | | | ✔ | ✔ | | | |
| 508 | +| `'X448'` <span class="experimental-inline"></span>[^1] | | | | | ✔ | ✔ | | | |
| 509 | +| `'ECDSA'` | | | ✔ | ✔ | | | | | |
| 510 | +| `'Ed25519'` | | | ✔ | ✔ | | | | | |
| 511 | +| `'Ed448'` <span class="experimental-inline"></span>[^1] | | | ✔ | ✔ | | | | | |
| 512 | +| `'HDKF'` | | | | | ✔ | ✔ | | | |
| 513 | +| `'HMAC'` | | | ✔ | ✔ | | | | | |
| 514 | +| `'PBKDF2'` | | | | | ✔ | ✔ | | | |
| 515 | +| `'RSA-OAEP'` | ✔ | ✔ | | | | | ✔ | ✔ | |
| 516 | +| `'RSA-PSS'` | | | ✔ | ✔ | | | | | |
| 517 | +| `'RSASSA-PKCS1-v1_5'` | | | ✔ | ✔ | | | | | |
517 | 518 |
|
518 | 519 | ## Class: `CryptoKeyPair` |
519 | 520 |
|
@@ -608,7 +609,7 @@ containing the generated data. |
608 | 609 | The algorithms currently supported include: |
609 | 610 |
|
610 | 611 | * `'ECDH'` |
611 | | -* `'X25519'` <span class="experimental-inline"></span>[^1] |
| 612 | +* `'X25519'` |
612 | 613 | * `'X448'` <span class="experimental-inline"></span>[^1] |
613 | 614 | * `'HKDF'` |
614 | 615 | * `'PBKDF2'` |
@@ -648,7 +649,7 @@ generate raw keying material, then passing the result into the |
648 | 649 | The algorithms currently supported include: |
649 | 650 |
|
650 | 651 | * `'ECDH'` |
651 | | -* `'X25519'` <span class="experimental-inline"></span>[^1] |
| 652 | +* `'X25519'` |
652 | 653 | * `'X448'` <span class="experimental-inline"></span>[^1] |
653 | 654 | * `'HKDF'` |
654 | 655 | * `'PBKDF2'` |
@@ -732,22 +733,22 @@ When `format` is `'jwk'` and the export is successful, the returned promise |
732 | 733 | will be resolved with a JavaScript object conforming to the [JSON Web Key][] |
733 | 734 | specification. |
734 | 735 |
|
735 | | -| Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | |
736 | | -| --------------------------------------------------------- | -------- | --------- | ------- | ------- | |
737 | | -| `'AES-CBC'` | | | ✔ | ✔ | |
738 | | -| `'AES-CTR'` | | | ✔ | ✔ | |
739 | | -| `'AES-GCM'` | | | ✔ | ✔ | |
740 | | -| `'AES-KW'` | | | ✔ | ✔ | |
741 | | -| `'ECDH'` | ✔ | ✔ | ✔ | ✔ | |
742 | | -| `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | |
743 | | -| `'Ed25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
744 | | -| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
745 | | -| `'HDKF'` | | | | | |
746 | | -| `'HMAC'` | | | ✔ | ✔ | |
747 | | -| `'PBKDF2'` | | | | | |
748 | | -| `'RSA-OAEP'` | ✔ | ✔ | ✔ | | |
749 | | -| `'RSA-PSS'` | ✔ | ✔ | ✔ | | |
750 | | -| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | |
| 736 | +| Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | |
| 737 | +| ------------------------------------------------------- | -------- | --------- | ------- | ------- | |
| 738 | +| `'AES-CBC'` | | | ✔ | ✔ | |
| 739 | +| `'AES-CTR'` | | | ✔ | ✔ | |
| 740 | +| `'AES-GCM'` | | | ✔ | ✔ | |
| 741 | +| `'AES-KW'` | | | ✔ | ✔ | |
| 742 | +| `'ECDH'` | ✔ | ✔ | ✔ | ✔ | |
| 743 | +| `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | |
| 744 | +| `'Ed25519'` | ✔ | ✔ | ✔ | ✔ | |
| 745 | +| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
| 746 | +| `'HDKF'` | | | | | |
| 747 | +| `'HMAC'` | | | ✔ | ✔ | |
| 748 | +| `'PBKDF2'` | | | | | |
| 749 | +| `'RSA-OAEP'` | ✔ | ✔ | ✔ | | |
| 750 | +| `'RSA-PSS'` | ✔ | ✔ | ✔ | | |
| 751 | +| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | |
751 | 752 |
|
752 | 753 | ### `subtle.generateKey(algorithm, extractable, keyUsages)` |
753 | 754 |
|
@@ -776,10 +777,10 @@ include: |
776 | 777 | * `'RSA-PSS'` |
777 | 778 | * `'RSA-OAEP'` |
778 | 779 | * `'ECDSA'` |
779 | | -* `'Ed25519'` <span class="experimental-inline"></span>[^1] |
| 780 | +* `'Ed25519'` |
780 | 781 | * `'Ed448'` <span class="experimental-inline"></span>[^1] |
781 | 782 | * `'ECDH'` |
782 | | -* `'X25519'` <span class="experimental-inline"></span>[^1] |
| 783 | +* `'X25519'` |
783 | 784 | * `'X448'` <span class="experimental-inline"></span>[^1] |
784 | 785 |
|
785 | 786 | The {CryptoKey} (secret key) generating algorithms supported include: |
@@ -828,24 +829,24 @@ If importing a `'PBKDF2'` key, `extractable` must be `false`. |
828 | 829 |
|
829 | 830 | The algorithms currently supported include: |
830 | 831 |
|
831 | | -| Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | |
832 | | -| --------------------------------------------------------- | -------- | --------- | ------- | ------- | |
833 | | -| `'AES-CBC'` | | | ✔ | ✔ | |
834 | | -| `'AES-CTR'` | | | ✔ | ✔ | |
835 | | -| `'AES-GCM'` | | | ✔ | ✔ | |
836 | | -| `'AES-KW'` | | | ✔ | ✔ | |
837 | | -| `'ECDH'` | ✔ | ✔ | ✔ | ✔ | |
838 | | -| `'X25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
839 | | -| `'X448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
840 | | -| `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | |
841 | | -| `'Ed25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
842 | | -| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
843 | | -| `'HDKF'` | | | | ✔ | |
844 | | -| `'HMAC'` | | | ✔ | ✔ | |
845 | | -| `'PBKDF2'` | | | | ✔ | |
846 | | -| `'RSA-OAEP'` | ✔ | ✔ | ✔ | | |
847 | | -| `'RSA-PSS'` | ✔ | ✔ | ✔ | | |
848 | | -| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | |
| 832 | +| Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | |
| 833 | +| ------------------------------------------------------- | -------- | --------- | ------- | ------- | |
| 834 | +| `'AES-CBC'` | | | ✔ | ✔ | |
| 835 | +| `'AES-CTR'` | | | ✔ | ✔ | |
| 836 | +| `'AES-GCM'` | | | ✔ | ✔ | |
| 837 | +| `'AES-KW'` | | | ✔ | ✔ | |
| 838 | +| `'ECDH'` | ✔ | ✔ | ✔ | ✔ | |
| 839 | +| `'X25519'` | ✔ | ✔ | ✔ | ✔ | |
| 840 | +| `'X448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
| 841 | +| `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | |
| 842 | +| `'Ed25519'` | ✔ | ✔ | ✔ | ✔ | |
| 843 | +| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | |
| 844 | +| `'HDKF'` | | | | ✔ | |
| 845 | +| `'HMAC'` | | | ✔ | ✔ | |
| 846 | +| `'PBKDF2'` | | | | ✔ | |
| 847 | +| `'RSA-OAEP'` | ✔ | ✔ | ✔ | | |
| 848 | +| `'RSA-PSS'` | ✔ | ✔ | ✔ | | |
| 849 | +| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | |
849 | 850 |
|
850 | 851 | ### `subtle.sign(algorithm, key, data)` |
851 | 852 |
|
@@ -878,7 +879,7 @@ The algorithms currently supported include: |
878 | 879 | * `'RSASSA-PKCS1-v1_5'` |
879 | 880 | * `'RSA-PSS'` |
880 | 881 | * `'ECDSA'` |
881 | | -* `'Ed25519'` <span class="experimental-inline"></span>[^1] |
| 882 | +* `'Ed25519'` |
882 | 883 | * `'Ed448'` <span class="experimental-inline"></span>[^1] |
883 | 884 | * `'HMAC'` |
884 | 885 |
|
@@ -926,10 +927,10 @@ The unwrapped key algorithms supported include: |
926 | 927 | * `'RSA-PSS'` |
927 | 928 | * `'RSA-OAEP'` |
928 | 929 | * `'ECDSA'` |
929 | | -* `'Ed25519'` <span class="experimental-inline"></span>[^1] |
| 930 | +* `'Ed25519'` |
930 | 931 | * `'Ed448'` <span class="experimental-inline"></span>[^1] |
931 | 932 | * `'ECDH'` |
932 | | -* `'X25519'` <span class="experimental-inline"></span>[^1] |
| 933 | +* `'X25519'` |
933 | 934 | * `'X448'` <span class="experimental-inline"></span>[^1] |
934 | 935 | * `'HMAC'` |
935 | 936 | * `'AES-CTR'` |
@@ -969,7 +970,7 @@ The algorithms currently supported include: |
969 | 970 | * `'RSASSA-PKCS1-v1_5'` |
970 | 971 | * `'RSA-PSS'` |
971 | 972 | * `'ECDSA'` |
972 | | -* `'Ed25519'` <span class="experimental-inline"></span>[^1] |
| 973 | +* `'Ed25519'` |
973 | 974 | * `'Ed448'` <span class="experimental-inline"></span>[^1] |
974 | 975 | * `'HMAC'` |
975 | 976 |
|
@@ -1642,8 +1643,8 @@ added: v15.0.0 |
1642 | 1643 |
|
1643 | 1644 | The length (in bytes) of the random salt to use. |
1644 | 1645 |
|
1645 | | -[^1]: An experimental implementation of |
1646 | | - [Secure Curves in the Web Cryptography API][] as of 30 August 2023 |
| 1646 | +[^1]: An experimental implementation of Ed448 and X448 algorithms from |
| 1647 | + [Secure Curves in the Web Cryptography API][] as of 21 October 2024 |
1647 | 1648 |
|
1648 | 1649 | [JSON Web Key]: https://tools.ietf.org/html/rfc7517 |
1649 | 1650 | [Key usages]: #cryptokeyusages |
|
0 commit comments