crypto.createDecipheriv(algorithm, key, iv[, options])
-
algorithm
<string> -
key
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> | <CryptoKey> -
iv
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <null> -
options
<Object>stream.transform
选项¥
options
<Object>stream.transform
options -
返回:<Decipher>
¥Returns: <Decipher>
创建并返回使用给定的 algorithm
、key
和初始化向量(iv
)的 Decipher
对象。
¥Creates and returns a Decipher
object that uses the given algorithm
, key
and initialization vector (iv
).
options
参数控制流行为并且是可选的,除非使用 CCM 或 OCB 模式(例如 'aes-128-ccm'
)的密码。在这种情况下,需要 authTagLength
选项并以字节为单位指定身份验证标记的长度,请参阅 CCM 模式。对于 AES-GCM 和 chacha20-poly1305
,authTagLength
选项默认为 16 字节,如果使用不同的长度,则必须将其设置为不同的值。
¥The options
argument controls stream behavior and is optional except when a
cipher in CCM or OCB mode (e.g. 'aes-128-ccm'
) is used. In that case, the
authTagLength
option is required and specifies the length of the
authentication tag in bytes, see CCM mode.
For AES-GCM and chacha20-poly1305
, the authTagLength
option defaults to 16
bytes and must be set to a different value if a different length is used.
algorithm
依赖于 OpenSSL,例如 'aes192'
等。在最近的 OpenSSL 版本中,openssl list -cipher-algorithms
将显示可用的密码算法。
¥The algorithm
is dependent on OpenSSL, examples are 'aes192'
, etc. On
recent OpenSSL releases, openssl list -cipher-algorithms
will
display the available cipher algorithms.
key
是 algorithm
使用的原始密钥,iv
是 初始化向量。两个参数都必须是 'utf8'
编码的字符串、缓冲区、TypedArray
或 DataView
。key
可以是 secret
类型的 KeyObject
。如果加密不需要初始化向量,则 iv
可以是 null
。
¥The key
is the raw key used by the algorithm
and iv
is an
initialization vector. Both arguments must be 'utf8'
encoded strings,
Buffers, TypedArray
, or DataView
s. The key
may optionally be
a KeyObject
of type secret
. If the cipher does not need
an initialization vector, iv
may be null
.
为 key
或 iv
传递字符串时,请考虑 使用字符串作为加密 API 的输入时的注意事项。
¥When passing strings for key
or iv
, please consider
caveats when using strings as inputs to cryptographic APIs.
初始化向量应该是不可预测的和唯一的;理想情况下,它们将是加密随机的。他们不必是秘密的:IV 通常只是添加到未加密的密文消息中。有些东西必须是不可预测的和独特的,但不一定是秘密的,这听起来可能很矛盾;请记住,攻击者不能提前预测给定的 IV 是什么。
¥Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; remember that an attacker must not be able to predict ahead of time what a given IV will be.