node:crypto
Node.js crypto module, resolvable via both ESM import and CommonJS
require. Backed by the runtime's cryptographic primitives: hashing and HMAC
run on JCE (MessageDigest / Mac), random data comes from a process-wide
SecureRandom, and scrypt is served by the native backend.
javascript
import { createHash, randomUUID } from "node:crypto";
// or: const crypto = require("node:crypto");
createHash("sha256").update("abc").digest("hex");
// → "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"Hashing
createHash(algorithm[, options])
Returns a Hash object. Supported algorithms: sha1, sha224, sha256,
sha384, sha512, sha512-224, sha512-256, sha3-224, sha3-256,
sha3-384, sha3-512, md5. An unsupported algorithm throws.
Hash methods:
update(data[, inputEncoding])— feeds data and returns the sameHashfor chaining.datamay be a string (decoded perinputEncoding, defaultutf8; alsohex,base64,base64url,latin1) or anyBufferSource(Buffer,TypedArray,ArrayBuffer,DataView).digest([encoding])— finalizes and returns aBufferwhenencodingis omitted, or a string inhex,base64,base64url, orlatin1. May be called only once.copy()— returns an independentHashcarrying the current state.
createHmac(algorithm, key)
Returns an Hmac object with update / digest (same semantics as Hash,
no copy). Supported algorithms: md5, sha1, sha224, sha256, sha384,
sha512, sha3-224, sha3-256, sha3-384, sha3-512. key is a string or
BufferSource.
javascript
createHmac("sha256", "key").update("data").digest("hex");Random
| Operation | Behaviour |
|---|---|
randomBytes(size) | Returns a Buffer of size CSPRNG bytes. |
randomFillSync(buffer[, offset][, size]) | Fills a Buffer or TypedArray in place; returns it. |
randomFill(buffer[, offset][, size], callback) | As above; invokes callback(null, buffer). |
randomInt([min, ]max[, callback]) | Uniform integer in [min, max); min defaults to 0. max - min must be < 2^48. |
randomUUID() | RFC 4122 version 4 UUID string. |
Key derivation
| Operation | Behaviour |
|---|---|
pbkdf2Sync(password, salt, iterations, keylen, digest) | PBKDF2 (RFC 8018); returns a Buffer. digest is one of the HMAC algorithms above. |
pbkdf2(..., callback) | As above; invokes callback(null, derivedKey). |
scryptSync(password, salt, keylen[, options]) | scrypt (RFC 7914) via the native backend; options accepts N (power of two), r, p. |
scrypt(..., callback) | As above; invokes callback(null, derivedKey). |
Other operations
timingSafeEqual(a, b)— constant-time comparison; throwsRangeErrorwhen the inputs differ in length.getHashes()— array of supported hash algorithm names.getCiphers()— empty array (ciphers are not part of this surface).constants— object of common OpenSSL padding constants.webcrypto— the global Web Cryptocryptoobject, socrypto.webcrypto === globalThis.crypto.
Limitations
- The asynchronous
pbkdf2,scrypt, andrandomFillvariants compute eagerly on the calling thread, but deliver the outcome through the Node-style(err, result)callback: operational errors arrive aserr; only an invalid callback argument throws synchronously. - Hash algorithms are limited to those served by JCE; BLAKE variants are not exposed through
createHash. - Ciphers, key-pair generation, signing/verification, and the Diffie-Hellman / ECDH families are not implemented;
getCiphers()reports none. scryptSync/scryptrequire the native backend; without it they throw. Options acceptN/r/p(and thecost/blockSize/parallelizationaliases) plusmaxmem(default 32 MiB), enforced as in Node.
See also
- Node.js upstream:
- Web Crypto API