Skip to content

crypto: move DEP0203 and DEP0204 to End-of-Life #63188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
panva wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

crypto: move DEP0203 and DEP0204 to End-of-Life #63188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 62 additions & 19 deletions doc/api/crypto.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2258,6 +2258,10 @@ be listed in the `transferList` argument.
<!-- YAML
added: v15.0.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a non-extractable CryptoKey as `key` is no longer
supported.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62453
description: Passing a non-extractable CryptoKey as `key` is deprecated.
Expand All @@ -2266,11 +2270,11 @@ changes:
* `key` {CryptoKey}
* Returns: {KeyObject}

Returns the underlying {KeyObject} of a {CryptoKey}. The returned {KeyObject}
does not retain any of the restrictions imposed by the Web Crypto API on the
original {CryptoKey}, such as the allowed key usages, the algorithm or hash
algorithm bindings, and the extractability flag. In particular, the underlying
key material of the returned {KeyObject} can always be exported.
Returns a {KeyObject} representation of the underlying key material of an
extractable {CryptoKey}.
The returned {KeyObject} does not retain any of the restrictions imposed by
the Web Crypto API on the original {CryptoKey}, such as the allowed key usages,
the algorithm or hash algorithm bindings.

```mjs
const { KeyObject } = await import('node:crypto');
Expand Down Expand Up @@ -2624,6 +2628,9 @@ console.log(verify.verify(publicKey, signature));
<!-- YAML
added: v0.1.92
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `privateKey` is no longer supported.
- version: v15.0.0
pr-url: https://github.com/nodejs/node/pull/35093
description: The privateKey can also be an ArrayBuffer and CryptoKey.
Expand All @@ -2645,7 +2652,7 @@ changes:

<!--lint disable maximum-line-length remark-lint-->

* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `dsaEncoding` {string}
* `padding` {integer}
* `saltLength` {integer}
Expand Down Expand Up @@ -2754,6 +2761,9 @@ This can be called many times with new data as it is streamed.
<!-- YAML
added: v0.1.92
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v15.0.0
pr-url: https://github.com/nodejs/node/pull/35093
description: The key can also be an ArrayBuffer and CryptoKey.
Expand All @@ -2775,7 +2785,7 @@ changes:

<!--lint disable maximum-line-length remark-lint-->

* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `dsaEncoding` {string}
* `padding` {integer}
* `saltLength` {integer}
Expand Down Expand Up @@ -3536,6 +3546,9 @@ operations. The specific constants currently defined are described in
<!-- YAML
added: v0.1.94
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62453
description: Passing a CryptoKey as `key` is deprecated.
Expand Down Expand Up @@ -3572,7 +3585,7 @@ changes:
-->

* `algorithm` {string}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `iv` {string|ArrayBuffer|Buffer|TypedArray|DataView|null}
* `options` {Object} [`stream.transform` options][]
* Returns: {Cipheriv}
Expand Down Expand Up @@ -3613,6 +3626,9 @@ given IV will be.
<!-- YAML
added: v0.1.94
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62453
description: Passing a CryptoKey as `key` is deprecated.
Expand Down Expand Up @@ -3645,7 +3661,7 @@ changes:
-->

* `algorithm` {string}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `iv` {string|ArrayBuffer|Buffer|TypedArray|DataView|null}
* `options` {Object} [`stream.transform` options][]
* Returns: {Decipheriv}
Expand Down Expand Up @@ -3839,6 +3855,9 @@ input.on('readable', () => {
<!-- YAML
added: v0.1.94
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62453
description: Passing a CryptoKey as `key` is deprecated.
Expand All @@ -3853,7 +3872,7 @@ changes:
-->

* `algorithm` {string}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `options` {Object} [`stream.transform` options][]
* `encoding` {string} The string encoding to use when `key` is a string.
* Returns: {Hmac}
Expand Down Expand Up @@ -3932,6 +3951,9 @@ input.on('readable', () => {
<!-- YAML
added: v11.6.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.1.0
pr-url: https://github.com/nodejs/node/pull/62706
description: Added JWK format support for ML-KEM and SLH-DSA
Expand Down Expand Up @@ -3987,6 +4009,9 @@ of the passphrase is limited to 1024 bytes.
<!-- YAML
added: v11.6.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.1.0
pr-url: https://github.com/nodejs/node/pull/62706
description: Added JWK format support for ML-KEM and SLH-DSA
Expand Down Expand Up @@ -5222,6 +5247,9 @@ An array of supported digest functions can be retrieved using
<!-- YAML
added: v0.11.14
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `privateKey` is no longer supported.
- version:
- v21.6.2
- v20.11.1
Expand All @@ -5248,7 +5276,7 @@ changes:

<!--lint disable maximum-line-length remark-lint-->

* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `oaepHash` {string} The hash function to use for OAEP padding and MGF1.
**Default:** `'sha1'`
* `oaepLabel` {string|ArrayBuffer|Buffer|TypedArray|DataView} The label to
Expand Down Expand Up @@ -5280,6 +5308,9 @@ attempting to use `RSA_PKCS1_PADDING` will fail.
<!-- YAML
added: v1.1.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `privateKey` is no longer supported.
- version: v15.0.0
pr-url: https://github.com/nodejs/node/pull/35093
description: Added string, ArrayBuffer, and CryptoKey as allowable key
Expand All @@ -5293,8 +5324,8 @@ changes:

<!--lint disable maximum-line-length remark-lint-->

* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
A PEM encoded private key.
* `passphrase` {string|ArrayBuffer|Buffer|TypedArray|DataView} An optional
passphrase for the private key.
Expand All @@ -5321,6 +5352,9 @@ object, the `padding` property can be passed. Otherwise, this function uses
<!-- YAML
added: v1.1.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v15.0.0
pr-url: https://github.com/nodejs/node/pull/35093
description: Added string, ArrayBuffer, and CryptoKey as allowable key
Expand All @@ -5334,7 +5368,7 @@ changes:

<!--lint disable maximum-line-length remark-lint-->

* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `passphrase` {string|ArrayBuffer|Buffer|TypedArray|DataView} An optional
passphrase for the private key.
* `padding` {crypto.constants} An optional padding value defined in
Expand Down Expand Up @@ -5363,6 +5397,9 @@ be passed instead of a public key.
<!-- YAML
added: v0.11.14
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v15.0.0
pr-url: https://github.com/nodejs/node/pull/35093
description: Added string, ArrayBuffer, and CryptoKey as allowable key
Expand All @@ -5382,9 +5419,9 @@ changes:

<!--lint disable maximum-line-length remark-lint-->

* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
A PEM encoded public or private key, {KeyObject}, or {CryptoKey}.
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
A PEM encoded public or private key, or {KeyObject}.
* `oaepHash` {string} The hash function to use for OAEP padding and MGF1.
**Default:** `'sha1'`
* `oaepLabel` {string|ArrayBuffer|Buffer|TypedArray|DataView} The label to
Expand Down Expand Up @@ -6104,6 +6141,9 @@ Throws an error if FIPS mode is not available.
<!-- YAML
added: v12.0.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62474
description: Add support for Ed25519 context parameter.
Expand Down Expand Up @@ -6135,7 +6175,7 @@ changes:

* `algorithm` {string | null | undefined}
* `data` {ArrayBuffer|Buffer|TypedArray|DataView}
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `callback` {Function}
* `err` {Error}
* `signature` {Buffer}
Expand Down Expand Up @@ -6233,6 +6273,9 @@ not introduce timing vulnerabilities.
<!-- YAML
added: v12.0.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: Passing a CryptoKey as `key` is no longer supported.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62474
description: Add support for Ed25519 context parameter.
Expand Down Expand Up @@ -6267,7 +6310,7 @@ changes:

* `algorithm` {string|null|undefined}
* `data` {ArrayBuffer| Buffer|TypedArray|DataView}
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
* `signature` {ArrayBuffer|Buffer|TypedArray|DataView}
* `callback` {Function}
* `err` {Error}
Expand Down
35 changes: 10 additions & 25 deletions doc/api/deprecations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4489,6 +4489,9 @@ const server = http2.createSecureServer({

<!-- YAML
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: End-of-Life.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62453
description: Runtime deprecation.
Expand All @@ -4499,23 +4502,17 @@ changes:
description: Documentation-only deprecation.
-->

Type: Runtime
Type: End-of-Life

Passing a [`CryptoKey`][] to `node:crypto` functions is deprecated and
will throw an error in a future version. This includes
[`crypto.createPublicKey()`][], [`crypto.createPrivateKey()`][],
[`crypto.sign()`][], [`crypto.verify()`][],
[`crypto.publicEncrypt()`][], [`crypto.publicDecrypt()`][],
[`crypto.privateEncrypt()`][], [`crypto.privateDecrypt()`][],
[`Sign.prototype.sign()`][], [`Verify.prototype.verify()`][],
[`crypto.createHmac()`][], [`crypto.createCipheriv()`][],
[`crypto.createDecipheriv()`][], [`crypto.encapsulate()`][], and
[`crypto.decapsulate()`][].
Passing a [`CryptoKey`][] to `node:crypto` functions is no longer supported.

### DEP0204: `KeyObject.from()` with non-extractable `CryptoKey`

<!-- YAML
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/63188
description: End-of-Life.
- version: v26.0.0
pr-url: https://github.com/nodejs/node/pull/62453
description: Runtime deprecation.
Expand All @@ -4526,10 +4523,10 @@ changes:
description: Documentation-only deprecation.
-->

Type: Runtime
Type: End-of-Life

Passing a non-extractable [`CryptoKey`][] to [`KeyObject.from()`][] is
deprecated and will throw an error in a future version.
no longer supported.

### DEP0205: `module.register()`

Expand Down Expand Up @@ -4600,9 +4597,7 @@ will throw an error in a future version.
[`ReadStream.open()`]: fs.md#class-fsreadstream
[`Server.getConnections()`]: net.md#servergetconnectionscallback
[`Server.listen({fd: <number>})`]: net.md#serverlistenhandle-backlog-callback
[`Sign.prototype.sign()`]: crypto.md#signsignprivatekey-outputencoding
[`String.prototype.toWellFormed`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/toWellFormed
[`Verify.prototype.verify()`]: crypto.md#verifyverifyobject-signature-signatureencoding
[`WriteStream.open()`]: fs.md#class-fswritestream
[`assert`]: assert.md
[`asyncResource.runInAsyncScope()`]: async_context.md#asyncresourceruninasyncscopefn-thisarg-args
Expand All @@ -4620,21 +4615,11 @@ will throw an error in a future version.
[`crypto.createDecipheriv()`]: crypto.md#cryptocreatedecipherivalgorithm-key-iv-options
[`crypto.createHash()`]: crypto.md#cryptocreatehashalgorithm-options
[`crypto.createHmac()`]: crypto.md#cryptocreatehmacalgorithm-key-options
[`crypto.createPrivateKey()`]: crypto.md#cryptocreateprivatekeykey
[`crypto.createPublicKey()`]: crypto.md#cryptocreatepublickeykey
[`crypto.decapsulate()`]: crypto.md#cryptodecapsulatekey-ciphertext-callback
[`crypto.encapsulate()`]: crypto.md#cryptoencapsulatekey-callback
[`crypto.fips`]: crypto.md#cryptofips
[`crypto.pbkdf2()`]: crypto.md#cryptopbkdf2password-salt-iterations-keylen-digest-callback
[`crypto.privateDecrypt()`]: crypto.md#cryptoprivatedecryptprivatekey-buffer
[`crypto.privateEncrypt()`]: crypto.md#cryptoprivateencryptprivatekey-buffer
[`crypto.publicDecrypt()`]: crypto.md#cryptopublicdecryptkey-buffer
[`crypto.publicEncrypt()`]: crypto.md#cryptopublicencryptkey-buffer
[`crypto.randomBytes()`]: crypto.md#cryptorandombytessize-callback
[`crypto.scrypt()`]: crypto.md#cryptoscryptpassword-salt-keylen-options-callback
[`crypto.setEngine()`]: crypto.md#cryptosetengineengine-flags
[`crypto.sign()`]: crypto.md#cryptosignalgorithm-data-key-callback
[`crypto.verify()`]: crypto.md#cryptoverifyalgorithm-data-key-signature-callback
[`decipher.final()`]: crypto.md#decipherfinaloutputencoding
[`decipher.setAuthTag()`]: crypto.md#deciphersetauthtagbuffer-encoding
[`dirent.parentPath`]: fs.md#direntparentpath
Expand Down
Loading
Loading