crypto.generateKeyPair(type, options, callback)
type
: <string> 必须是'rsa'
、'rsa-pss'
、'dsa'
、'ec'
、'ed25519'
、'ed448'
、'x25519'
、'x448'
、或'dh'
。options
: <Object>modulusLength
: <number> 以位为单位的密钥大小(RSA、DSA)。publicExponent
: <number> 公共指数 (RSA)。 默认值:0x10001
。hashAlgorithm
: <string> 消息摘要的名称(RSA-PSS)。mgf1HashAlgorithm
: <string> MGF1 使用的消息摘要的名称(RSA-PSS)。saltLength
: <number> 以字节为单位的最小盐长度(RSA-PSS)。divisorLength
: <number>q
的比特大小 (DSA)。namedCurve
: <string> 要使用的曲线名称 (EC)。prime
: <Buffer> 素数参数 (DH)。primeLength
: <number> 以比特为单位的质数长度 (DH)。generator
: <number> 自定义生成器 (DH)。 默认值:2
。groupName
: <string> Diffie-Hellman 组名 (DH)。 参见crypto.getDiffieHellman()
。paramEncoding
: <string> 必须是'named'
或'explicit'
(EC)。 默认值:'named'
。publicKeyEncoding
: <Object> 参见keyObject.export()
。privateKeyEncoding
: <Object> 参见keyObject.export()
。
callback
: <Function>err
: <Error>publicKey
: <string> | <Buffer> | <KeyObject>privateKey
: <string> | <Buffer> | <KeyObject>
生成给定 type
的新非对称密钥对。
目前支持 RSA、RSA-PSS、DSA、EC、Ed25519、Ed448、X25519、X448、以及 DH。
如果指定了 publicKeyEncoding
或 privateKeyEncoding
,则此函数的行为就像对其结果调用了 keyObject.export()
。
否则,密钥的相应部分将作为 KeyObject
返回。
建议将公钥编码为 'spki'
,私钥编码为 'pkcs8'
,并加密以进行长期存储:
const {
generateKeyPair,
} = await import('node:crypto');
generateKeyPair('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret',
},
}, (err, publicKey, privateKey) => {
// 处理错误并使用生成的密钥对。
});
const {
generateKeyPair,
} = require('node:crypto');
generateKeyPair('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret',
},
}, (err, publicKey, privateKey) => {
// 处理错误并使用生成的密钥对。
});
完成后,callback
将被调用,err
设置为 undefined
,publicKey
/ privateKey
代表生成的密钥对。
如果此方法作为其 util.promisify()
版本被调用,则其将为具有 publicKey
和 privateKey
属性的 Object
返回 Promise
。
type
: <string> Must be'rsa'
,'rsa-pss'
,'dsa'
,'ec'
,'ed25519'
,'ed448'
,'x25519'
,'x448'
, or'dh'
.options
: <Object>modulusLength
: <number> Key size in bits (RSA, DSA).publicExponent
: <number> Public exponent (RSA). Default:0x10001
.hashAlgorithm
: <string> Name of the message digest (RSA-PSS).mgf1HashAlgorithm
: <string> Name of the message digest used by MGF1 (RSA-PSS).saltLength
: <number> Minimal salt length in bytes (RSA-PSS).divisorLength
: <number> Size ofq
in bits (DSA).namedCurve
: <string> Name of the curve to use (EC).prime
: <Buffer> The prime parameter (DH).primeLength
: <number> Prime length in bits (DH).generator
: <number> Custom generator (DH). Default:2
.groupName
: <string> Diffie-Hellman group name (DH). Seecrypto.getDiffieHellman()
.paramEncoding
: <string> Must be'named'
or'explicit'
(EC). Default:'named'
.publicKeyEncoding
: <Object> SeekeyObject.export()
.privateKeyEncoding
: <Object> SeekeyObject.export()
.
callback
: <Function>err
: <Error>publicKey
: <string> | <Buffer> | <KeyObject>privateKey
: <string> | <Buffer> | <KeyObject>
Generates a new asymmetric key pair of the given type
. RSA, RSA-PSS, DSA, EC,
Ed25519, Ed448, X25519, X448, and DH are currently supported.
If a publicKeyEncoding
or privateKeyEncoding
was specified, this function
behaves as if keyObject.export()
had been called on its result. Otherwise,
the respective part of the key is returned as a KeyObject
.
It is recommended to encode public keys as 'spki'
and private keys as
'pkcs8'
with encryption for long-term storage:
const {
generateKeyPair,
} = await import('node:crypto');
generateKeyPair('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret',
},
}, (err, publicKey, privateKey) => {
// Handle errors and use the generated key pair.
});
const {
generateKeyPair,
} = require('node:crypto');
generateKeyPair('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
cipher: 'aes-256-cbc',
passphrase: 'top secret',
},
}, (err, publicKey, privateKey) => {
// Handle errors and use the generated key pair.
});
On completion, callback
will be called with err
set to undefined
and
publicKey
/ privateKey
representing the generated key pair.
If this method is invoked as its util.promisify()
ed version, it returns
a Promise
for an Object
with publicKey
and privateKey
properties.