Skip to content

doc: document key encryption options #23632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tniessen wants to merge 4 commits into from
Closed

doc: document key encryption options #23632

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
12cac31
doc: document key pair generation encryption
tniessen Oct 12, 2018
11066fc
Use Sam's suggestion
tniessen Nov 19, 2018
464b674
Adapt to KeyObject API
tniessen Jan 4, 2019
fcfa241
Use Trott's suggestion
tniessen Jan 4, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
doc: document key pair generation encryption
  • Loading branch information
@tniessen
tniessen committed Jan 4, 2019
commit 12cac31d4cb733cdc38ee49272aadd9585919873
16 changes: 16 additions & 0 deletions doc/api/crypto.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1923,6 +1923,14 @@ generateKeyPair('rsa', {
On completion, `callback` will be called with `err` set to `undefined` and
`publicKey` / `privateKey` representing the generated key pair.

Private keys can be encrypted if the `type` is PKCS#8 or the `format` is PEM.
If a `cipher` is specified and PKCS#8 was selected, an `EncryptedPrivateKeyInfo`
structure will be produced. If PKCS#1 or SEC1 was selected and the `format` is
PEM, RFC1421-style PEM-level encryption will be used. For maximum compatibility,
Comment thread
tniessen marked this conversation as resolved.
Outdated
it is recommended to use PKCS#8 for encrypted private keys. Since PKCS#8
defines its own encryption mechanism, PEM-level encryption is not supported when
encrypting a PKCS#8 key.

If this method is invoked as its [`util.promisify()`][]ed version, it returns
a `Promise` for an `Object` with `publicKey` and `privateKey` properties.

Expand Down Expand Up @@ -1984,6 +1992,14 @@ The return value `{ publicKey, privateKey }` represents the generated key pair.
When PEM encoding was selected, the respective key will be a string, otherwise
it will be a buffer containing the data encoded as DER.

Private keys can be encrypted if the `type` is PKCS#8 or the `format` is PEM.
If a `cipher` is specified and PKCS#8 was selected, an `EncryptedPrivateKeyInfo`
structure will be produced. If PKCS#1 or SEC1 was selected and the `format` is
PEM, RFC1421-style PEM-level encryption will be used. For maximum compatibility,
it is recommended to use PKCS#8 for encrypted private keys. Since PKCS#8
defines its own encryption mechanism, PEM-level encryption is not supported when
encrypting a PKCS#8 key.

### crypto.getCiphers()
<!-- YAML
added: v0.9.3
Expand Down