crypto.generateKeyPairSync(type, options)
type: <string> 必须是'rsa'、'rsa-pss'、'dsa'、'ec'、'ed25519'、'ed448'、'x25519'、'x448'、或'dh'。options: <Object>modulusLength: <number> 以位为单位的密钥大小(RSA、DSA)。publicExponent: <number> 公共指数 (RSA)。 默认值:0x10001。hashAlgorithm: <string> 消息摘要的名称(RSA-PSS)。mgf1HashAlgorithm: <string> MGF1 使用的消息摘要的名称(RSA-PSS)。saltLength: <number> 以字节为单位的最小盐长度(RSA-PSS)。divisorLength: <number>q的比特大小 (DSA)。namedCurve: <string> 要使用的曲线名称 (EC)。prime: <Buffer> 素数参数 (DH)。primeLength: <number> 以比特为单位的质数长度 (DH)。generator: <number> 自定义生成器 (DH)。 默认值:2。groupName: <string> Diffie-Hellman 组名 (DH)。 参见crypto.getDiffieHellman()。publicKeyEncoding: <Object> 参见keyObject.export()。privateKeyEncoding: <Object> 参见keyObject.export()。
- 返回: <Object>
publicKey: <string> | <Buffer> | <KeyObject>privateKey: <string> | <Buffer> | <KeyObject>
生成给定 type 的新非对称密钥对。
目前支持 RSA、RSA-PSS、DSA、EC、Ed25519、Ed448、X25519、X448、以及 DH。
如果指定了 publicKeyEncoding 或 privateKeyEncoding,则此函数的行为就像对其结果调用了 keyObject.export()。
否则,密钥的相应部分将作为 KeyObject 返回。
对公钥进行编码时,建议使用'spki'。
对私钥进行编码时,建议使用强密码的'pkcs8',并对密码进行保密。
const {
generateKeyPairSync
} = await import('node:crypto');
const {
publicKey,
privateKey,
} = generateKeyPairSync('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret'
}
});const {
generateKeyPairSync,
} = require('node:crypto');
const {
publicKey,
privateKey,
} = generateKeyPairSync('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret'
}
});返回值 { publicKey, privateKey } 表示生成的密钥对。
选择 PEM 编码时,相应的密钥将是字符串,否则它将是包含编码为 DER 的数据的缓冲区。
type: <string> Must be'rsa','rsa-pss','dsa','ec','ed25519','ed448','x25519','x448', or'dh'.options: <Object>modulusLength: <number> Key size in bits (RSA, DSA).publicExponent: <number> Public exponent (RSA). Default:0x10001.hashAlgorithm: <string> Name of the message digest (RSA-PSS).mgf1HashAlgorithm: <string> Name of the message digest used by MGF1 (RSA-PSS).saltLength: <number> Minimal salt length in bytes (RSA-PSS).divisorLength: <number> Size ofqin bits (DSA).namedCurve: <string> Name of the curve to use (EC).prime: <Buffer> The prime parameter (DH).primeLength: <number> Prime length in bits (DH).generator: <number> Custom generator (DH). Default:2.groupName: <string> Diffie-Hellman group name (DH). Seecrypto.getDiffieHellman().publicKeyEncoding: <Object> SeekeyObject.export().privateKeyEncoding: <Object> SeekeyObject.export().
- Returns: <Object>
publicKey: <string> | <Buffer> | <KeyObject>privateKey: <string> | <Buffer> | <KeyObject>
Generates a new asymmetric key pair of the given type. RSA, RSA-PSS, DSA, EC,
Ed25519, Ed448, X25519, X448, and DH are currently supported.
If a publicKeyEncoding or privateKeyEncoding was specified, this function
behaves as if keyObject.export() had been called on its result. Otherwise,
the respective part of the key is returned as a KeyObject.
When encoding public keys, it is recommended to use 'spki'. When encoding
private keys, it is recommended to use 'pkcs8' with a strong passphrase,
and to keep the passphrase confidential.
const {
generateKeyPairSync
} = await import('node:crypto');
const {
publicKey,
privateKey,
} = generateKeyPairSync('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret'
}
});const {
generateKeyPairSync,
} = require('node:crypto');
const {
publicKey,
privateKey,
} = generateKeyPairSync('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret'
}
});The return value { publicKey, privateKey } represents the generated key pair.
When PEM encoding was selected, the respective key will be a string, otherwise
it will be a buffer containing the data encoded as DER.