node:crypto

Node.js crypto module, resolvable via both ESM import and CommonJS require. Backed by the runtime's cryptographic primitives: hashing and HMAC run on JCE (MessageDigest / Mac), random data comes from a process-wide SecureRandom, and scrypt is served by the native backend.

javascript
import { createHash, randomUUID } from "node:crypto";
// or: const crypto = require("node:crypto");

createHash("sha256").update("abc").digest("hex");
// → "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"

Hashing

createHash(algorithm[, options])

Returns a Hash object. Supported algorithms: sha1, sha224, sha256, sha384, sha512, sha512-224, sha512-256, sha3-224, sha3-256, sha3-384, sha3-512, md5. An unsupported algorithm throws.

Hash methods:
  • update(data[, inputEncoding]) — feeds data and returns the same Hash for chaining. data may be a string (decoded per inputEncoding, default utf8; also hex, base64, base64url, latin1) or any BufferSource (Buffer, TypedArray, ArrayBuffer, DataView).
  • digest([encoding]) — finalizes and returns a Buffer when encoding is omitted, or a string in hex, base64, base64url, or latin1. May be called only once.
  • copy() — returns an independent Hash carrying the current state.

createHmac(algorithm, key)

Returns an Hmac object with update / digest (same semantics as Hash, no copy). Supported algorithms: md5, sha1, sha224, sha256, sha384, sha512, sha3-224, sha3-256, sha3-384, sha3-512. key is a string or BufferSource.

javascript
createHmac("sha256", "key").update("data").digest("hex");

Random

OperationBehaviour
randomBytes(size)Returns a Buffer of size CSPRNG bytes.
randomFillSync(buffer[, offset][, size])Fills a Buffer or TypedArray in place; returns it.
randomFill(buffer[, offset][, size], callback)As above; invokes callback(null, buffer).
randomInt([min, ]max[, callback])Uniform integer in [min, max); min defaults to 0. max - min must be < 2^48.
randomUUID()RFC 4122 version 4 UUID string.

Key derivation

OperationBehaviour
pbkdf2Sync(password, salt, iterations, keylen, digest)PBKDF2 (RFC 8018); returns a Buffer. digest is one of the HMAC algorithms above.
pbkdf2(..., callback)As above; invokes callback(null, derivedKey).
scryptSync(password, salt, keylen[, options])scrypt (RFC 7914) via the native backend; options accepts N (power of two), r, p.
scrypt(..., callback)As above; invokes callback(null, derivedKey).

Other operations

  • timingSafeEqual(a, b) — constant-time comparison; throws RangeError when the inputs differ in length.
  • getHashes() — array of supported hash algorithm names.
  • getCiphers() — empty array (ciphers are not part of this surface).
  • constants — object of common OpenSSL padding constants.
  • webcrypto — the global Web Crypto crypto object, so crypto.webcrypto === globalThis.crypto.

Limitations

  • The asynchronous pbkdf2, scrypt, and randomFill variants compute eagerly on the calling thread, but deliver the outcome through the Node-style (err, result) callback: operational errors arrive as err; only an invalid callback argument throws synchronously.
  • Hash algorithms are limited to those served by JCE; BLAKE variants are not exposed through createHash.
  • Ciphers, key-pair generation, signing/verification, and the Diffie-Hellman / ECDH families are not implemented; getCiphers() reports none.
  • scryptSync / scrypt require the native backend; without it they throw. Options accept N/r/p (and the cost/blockSize/parallelization aliases) plus maxmem (default 32 MiB), enforced as in Node.

See also