我的书签
添加书签
移除书签Crypto Module
The crypto module provides implementations of various hashing algorithms as well as cryptography related functions.
These functions deal with cryptographic nonces.
For single server use only.
crypto.createNonce(): string
Creates a cryptographic nonce consisting of the first 32 bits of a timestamp and 64 bit of randomness.
The nonce is held in memory for approximately one hour by the server.
Returns the created nonce as base64-encoded string.
checkAndMarkNonce
crypto.checkAndMarkNonce(nonce): void
Checks if the nonce is valid and marks it as used.
Arguments
nonce:
stringThe nonce to check and mark.
Returns true if the supplied nonce was issued by the server and not marked before, otherwise false.
The following functions deal with generating random values.
rand
crypto.rand(): number
Generates a random integer that may be positive, negative or even zero.
Returns the generated number.
genRandomAlphaNumbers
crypto.genRandomAlphaNumbers(length): string
Generates a string of random alpabetical characters and digits.
Arguments
length:
numberThe length of the string to generate.
Returns the generated string.
genRandomNumbers
crypto.genRandomNumbers(length): string
Generates a string of random digits.
Arguments
length:
numberThe length of the string to generate.
Returns the generated string.
genRandomSalt
crypto.genRandomSalt(length): string
Generates a string of random (printable) ASCII characters.
Arguments
length:
numberThe length of the string to generate.
Returns the generated string.
genRandomBytes
crypto.genRandomBytes(length): Buffer
Generates a buffer of random bytes.
Arguments
length:
numberThe length of the buffer to generate.
Returns the generated buffer.
crypto.uuidv4(): string
Generates a random UUID v4 string.
Returns the generated UUID string.
These methods implement the JSON Web Token standard.
jwtEncode
crypto.jwtEncode(key, message, algorithm): string
Arguments
key:
string | nullThe secret cryptographic key to be used to sign the message using the given algorithm. Note that this function will raise an error if the key is omitted but the algorithm expects a key, and also if the algorithm does not expect a key but a key is provided (e.g. when using
"none").message:
stringMessage to be encoded as JWT. Note that the message will only be base64-encoded and signed, not encrypted. Do not store sensitive information in tokens unless they will only be handled by trusted parties.
algorithm:
Name of the algorithm to use for signing the message, e.g.
"HS512".
Returns the JSON Web Token.
jwtDecode
crypto.jwtDecode(key, token, noVerify): string | null
Arguments
key:
string | nullThe secret cryptographic key that was used to sign the message using the algorithm indicated by the token. Note that this function will raise an error if the key is omitted but the algorithm expects a key.
If the algorithm does not expect a key but a key is provided, the token will fail to verify.
noVerify:
boolean(Default:false)Whether verification should be skipped. If this is set to
truethe signature of the token will not be verified. Otherwise the function will raise an error if the signature can not be verified using the given key.
Returns the decoded JSON message or null if no token is provided.
jwtAlgorithms
A helper object containing the supported JWT algorithms. Each attribute name corresponds to a JWT alg and the value is an object with sign and verify methods.
jwtCanonicalAlgorithmName
crypto.jwtCanonicalAlgorithmName(name): string
A helper function that translates a JWT alg value found in a JWT header into the canonical name of the algorithm in jwtAlgorithms. Raises an error if no algorithm with a matching name is found.
Arguments
name:
stringAlgorithm name to look up.
Returns the canonical name for the algorithm.
md5
crypto.md5(message): string
Hashes the given message using the MD5 algorithm.
Arguments
message:
stringThe message to hash.
Returns the cryptographic hash.
sha1
crypto.sha1(message): string
Hashes the given message using the SHA-1 algorithm.
Arguments
message:
stringThe message to hash.
Returns the cryptographic hash.
Hashes the given message using the SHA-224 algorithm.
Arguments
message:
stringThe message to hash.
Returns the cryptographic hash.
sha256
crypto.sha256(message): string
Hashes the given message using the SHA-256 algorithm.
message:
stringThe message to hash.
Returns the cryptographic hash.
sha384
crypto.sha384(message): string
Hashes the given message using the SHA-384 algorithm.
Arguments
message:
stringThe message to hash.
Returns the cryptographic hash.
sha512
crypto.sha512(message): string
Hashes the given message using the SHA-512 algorithm.
Arguments
message:
stringThe message to hash.
Returns the cryptographic hash.
constantEquals
crypto.constantEquals(str1, str2): boolean
Compares two strings. This function iterates over the entire length of both strings and can help making certain timing attacks harder.
Arguments
str1:
stringThe first string to compare.
str2:
stringThe second string to compare.
Returns true if the strings are equal, false otherwise.
pbkdf2
crypto.pbkdf2(salt, password, iterations, keyLength): string
Generates a PBKDF2-HMAC-SHA1 hash of the given password.
Arguments
salt:
stringThe cryptographic salt to hash the password with.
password:
stringThe message or password to hash.
iterations:
numberThe number of iterations. This should be a very high number. OWASP recommended 64000 iterations in 2012 and recommends doubling that number every two years.
When using PBKDF2 for password hashes it is also recommended to add a random value (typically between 0 and 32000) to that number that is different for each user.
keyLength:
numberThe key length.
Returns the cryptographic hash.
hmac
crypto.hmac(key, message, algorithm): string
Generates an HMAC hash of the given message.
Arguments
key:
stringThe cryptographic key to use to hash the message.
message:
The message to hash.
algorithm:
stringThe name of the algorithm to use.
Returns the cryptographic hash.
