Skip to content

Commit dae9839

Browse files
committed
crypto: move DEP0203 and DEP0204 to End-of-Life
Moves support for passing CryptoKey instances to node:crypto APIs to End-of-Life status (DEP0203). Moves support for passing a non-extractable CryptoKey instances to KeyObject.from() End-of-Life status (DEP0204). Closes #55293 Signed-off-by: Filip Skokan <panva.ip@gmail.com>
1 parent 2f2b810 commit dae9839

10 files changed

Lines changed: 181 additions & 131 deletions

doc/api/crypto.md

Lines changed: 62 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2256,6 +2256,10 @@ be listed in the `transferList` argument.
22562256
<!-- YAML
22572257
added: v15.0.0
22582258
changes:
2259+
- version: REPLACEME
2260+
pr-url: https://github.com/nodejs/node/pull/63188
2261+
description: Passing a non-extractable CryptoKey as `key` is no longer
2262+
supported.
22592263
- version: v26.0.0
22602264
pr-url: https://github.com/nodejs/node/pull/62453
22612265
description: Passing a non-extractable CryptoKey as `key` is deprecated.
@@ -2264,11 +2268,11 @@ changes:
22642268
* `key` {CryptoKey}
22652269
* Returns: {KeyObject}
22662270

2267-
Returns the underlying {KeyObject} of a {CryptoKey}. The returned {KeyObject}
2268-
does not retain any of the restrictions imposed by the Web Crypto API on the
2269-
original {CryptoKey}, such as the allowed key usages, the algorithm or hash
2270-
algorithm bindings, and the extractability flag. In particular, the underlying
2271-
key material of the returned {KeyObject} can always be exported.
2271+
Returns a {KeyObject} representation of the underlying key material of an
2272+
extractable {CryptoKey}.
2273+
The returned {KeyObject} does not retain any of the restrictions imposed by
2274+
the Web Crypto API on the original {CryptoKey}, such as the allowed key usages,
2275+
the algorithm or hash algorithm bindings.
22722276

22732277
```mjs
22742278
const { KeyObject } = await import('node:crypto');
@@ -2622,6 +2626,9 @@ console.log(verify.verify(publicKey, signature));
26222626
<!-- YAML
26232627
added: v0.1.92
26242628
changes:
2629+
- version: REPLACEME
2630+
pr-url: https://github.com/nodejs/node/pull/63188
2631+
description: Passing a CryptoKey as `privateKey` is no longer supported.
26252632
- version: v15.0.0
26262633
pr-url: https://github.com/nodejs/node/pull/35093
26272634
description: The privateKey can also be an ArrayBuffer and CryptoKey.
@@ -2643,7 +2650,7 @@ changes:
26432650

26442651
<!--lint disable maximum-line-length remark-lint-->
26452652

2646-
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
2653+
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
26472654
* `dsaEncoding` {string}
26482655
* `padding` {integer}
26492656
* `saltLength` {integer}
@@ -2752,6 +2759,9 @@ This can be called many times with new data as it is streamed.
27522759
<!-- YAML
27532760
added: v0.1.92
27542761
changes:
2762+
- version: REPLACEME
2763+
pr-url: https://github.com/nodejs/node/pull/63188
2764+
description: Passing a CryptoKey as `key` is no longer supported.
27552765
- version: v15.0.0
27562766
pr-url: https://github.com/nodejs/node/pull/35093
27572767
description: The key can also be an ArrayBuffer and CryptoKey.
@@ -2773,7 +2783,7 @@ changes:
27732783

27742784
<!--lint disable maximum-line-length remark-lint-->
27752785

2776-
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
2786+
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
27772787
* `dsaEncoding` {string}
27782788
* `padding` {integer}
27792789
* `saltLength` {integer}
@@ -3534,6 +3544,9 @@ operations. The specific constants currently defined are described in
35343544
<!-- YAML
35353545
added: v0.1.94
35363546
changes:
3547+
- version: REPLACEME
3548+
pr-url: https://github.com/nodejs/node/pull/63188
3549+
description: Passing a CryptoKey as `key` is no longer supported.
35373550
- version: v26.0.0
35383551
pr-url: https://github.com/nodejs/node/pull/62453
35393552
description: Passing a CryptoKey as `key` is deprecated.
@@ -3570,7 +3583,7 @@ changes:
35703583
-->
35713584

35723585
* `algorithm` {string}
3573-
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
3586+
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
35743587
* `iv` {string|ArrayBuffer|Buffer|TypedArray|DataView|null}
35753588
* `options` {Object} [`stream.transform` options][]
35763589
* Returns: {Cipheriv}
@@ -3611,6 +3624,9 @@ given IV will be.
36113624
<!-- YAML
36123625
added: v0.1.94
36133626
changes:
3627+
- version: REPLACEME
3628+
pr-url: https://github.com/nodejs/node/pull/63188
3629+
description: Passing a CryptoKey as `key` is no longer supported.
36143630
- version: v26.0.0
36153631
pr-url: https://github.com/nodejs/node/pull/62453
36163632
description: Passing a CryptoKey as `key` is deprecated.
@@ -3643,7 +3659,7 @@ changes:
36433659
-->
36443660

36453661
* `algorithm` {string}
3646-
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
3662+
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
36473663
* `iv` {string|ArrayBuffer|Buffer|TypedArray|DataView|null}
36483664
* `options` {Object} [`stream.transform` options][]
36493665
* Returns: {Decipheriv}
@@ -3837,6 +3853,9 @@ input.on('readable', () => {
38373853
<!-- YAML
38383854
added: v0.1.94
38393855
changes:
3856+
- version: REPLACEME
3857+
pr-url: https://github.com/nodejs/node/pull/63188
3858+
description: Passing a CryptoKey as `key` is no longer supported.
38403859
- version: v26.0.0
38413860
pr-url: https://github.com/nodejs/node/pull/62453
38423861
description: Passing a CryptoKey as `key` is deprecated.
@@ -3851,7 +3870,7 @@ changes:
38513870
-->
38523871

38533872
* `algorithm` {string}
3854-
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
3873+
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
38553874
* `options` {Object} [`stream.transform` options][]
38563875
* `encoding` {string} The string encoding to use when `key` is a string.
38573876
* Returns: {Hmac}
@@ -3930,6 +3949,9 @@ input.on('readable', () => {
39303949
<!-- YAML
39313950
added: v11.6.0
39323951
changes:
3952+
- version: REPLACEME
3953+
pr-url: https://github.com/nodejs/node/pull/63188
3954+
description: Passing a CryptoKey as `key` is no longer supported.
39333955
- version: v26.1.0
39343956
pr-url: https://github.com/nodejs/node/pull/62706
39353957
description: Added JWK format support for ML-KEM and SLH-DSA
@@ -3985,6 +4007,9 @@ of the passphrase is limited to 1024 bytes.
39854007
<!-- YAML
39864008
added: v11.6.0
39874009
changes:
4010+
- version: REPLACEME
4011+
pr-url: https://github.com/nodejs/node/pull/63188
4012+
description: Passing a CryptoKey as `key` is no longer supported.
39884013
- version: v26.1.0
39894014
pr-url: https://github.com/nodejs/node/pull/62706
39904015
description: Added JWK format support for ML-KEM and SLH-DSA
@@ -5220,6 +5245,9 @@ An array of supported digest functions can be retrieved using
52205245
<!-- YAML
52215246
added: v0.11.14
52225247
changes:
5248+
- version: REPLACEME
5249+
pr-url: https://github.com/nodejs/node/pull/63188
5250+
description: Passing a CryptoKey as `privateKey` is no longer supported.
52235251
- version:
52245252
- v21.6.2
52255253
- v20.11.1
@@ -5246,7 +5274,7 @@ changes:
52465274

52475275
<!--lint disable maximum-line-length remark-lint-->
52485276

5249-
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
5277+
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
52505278
* `oaepHash` {string} The hash function to use for OAEP padding and MGF1.
52515279
**Default:** `'sha1'`
52525280
* `oaepLabel` {string|ArrayBuffer|Buffer|TypedArray|DataView} The label to
@@ -5278,6 +5306,9 @@ attempting to use `RSA_PKCS1_PADDING` will fail.
52785306
<!-- YAML
52795307
added: v1.1.0
52805308
changes:
5309+
- version: REPLACEME
5310+
pr-url: https://github.com/nodejs/node/pull/63188
5311+
description: Passing a CryptoKey as `privateKey` is no longer supported.
52815312
- version: v15.0.0
52825313
pr-url: https://github.com/nodejs/node/pull/35093
52835314
description: Added string, ArrayBuffer, and CryptoKey as allowable key
@@ -5291,8 +5322,8 @@ changes:
52915322

52925323
<!--lint disable maximum-line-length remark-lint-->
52935324

5294-
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
5295-
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
5325+
* `privateKey` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
5326+
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
52965327
A PEM encoded private key.
52975328
* `passphrase` {string|ArrayBuffer|Buffer|TypedArray|DataView} An optional
52985329
passphrase for the private key.
@@ -5319,6 +5350,9 @@ object, the `padding` property can be passed. Otherwise, this function uses
53195350
<!-- YAML
53205351
added: v1.1.0
53215352
changes:
5353+
- version: REPLACEME
5354+
pr-url: https://github.com/nodejs/node/pull/63188
5355+
description: Passing a CryptoKey as `key` is no longer supported.
53225356
- version: v15.0.0
53235357
pr-url: https://github.com/nodejs/node/pull/35093
53245358
description: Added string, ArrayBuffer, and CryptoKey as allowable key
@@ -5332,7 +5366,7 @@ changes:
53325366

53335367
<!--lint disable maximum-line-length remark-lint-->
53345368

5335-
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
5369+
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
53365370
* `passphrase` {string|ArrayBuffer|Buffer|TypedArray|DataView} An optional
53375371
passphrase for the private key.
53385372
* `padding` {crypto.constants} An optional padding value defined in
@@ -5361,6 +5395,9 @@ be passed instead of a public key.
53615395
<!-- YAML
53625396
added: v0.11.14
53635397
changes:
5398+
- version: REPLACEME
5399+
pr-url: https://github.com/nodejs/node/pull/63188
5400+
description: Passing a CryptoKey as `key` is no longer supported.
53645401
- version: v15.0.0
53655402
pr-url: https://github.com/nodejs/node/pull/35093
53665403
description: Added string, ArrayBuffer, and CryptoKey as allowable key
@@ -5380,9 +5417,9 @@ changes:
53805417

53815418
<!--lint disable maximum-line-length remark-lint-->
53825419

5383-
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
5384-
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
5385-
A PEM encoded public or private key, {KeyObject}, or {CryptoKey}.
5420+
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
5421+
* `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
5422+
A PEM encoded public or private key, or {KeyObject}.
53865423
* `oaepHash` {string} The hash function to use for OAEP padding and MGF1.
53875424
**Default:** `'sha1'`
53885425
* `oaepLabel` {string|ArrayBuffer|Buffer|TypedArray|DataView} The label to
@@ -6104,6 +6141,9 @@ Throws an error if FIPS mode is not available.
61046141
<!-- YAML
61056142
added: v12.0.0
61066143
changes:
6144+
- version: REPLACEME
6145+
pr-url: https://github.com/nodejs/node/pull/63188
6146+
description: Passing a CryptoKey as `key` is no longer supported.
61076147
- version:
61086148
- v26.1.0
61096149
- v24.16.0
@@ -6137,7 +6177,7 @@ changes:
61376177

61386178
* `algorithm` {string | null | undefined}
61396179
* `data` {ArrayBuffer|Buffer|SharedArrayBuffer|TypedArray|DataView|string}
6140-
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
6180+
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
61416181
* `callback` {Function}
61426182
* `err` {Error}
61436183
* `signature` {Buffer}
@@ -6235,6 +6275,9 @@ not introduce timing vulnerabilities.
62356275
<!-- YAML
62366276
added: v12.0.0
62376277
changes:
6278+
- version: REPLACEME
6279+
pr-url: https://github.com/nodejs/node/pull/63188
6280+
description: Passing a CryptoKey as `key` is no longer supported.
62386281
- version:
62396282
- v26.1.0
62406283
- v24.16.0
@@ -6271,7 +6314,7 @@ changes:
62716314

62726315
* `algorithm` {string|null|undefined}
62736316
* `data` {ArrayBuffer|Buffer|SharedArrayBuffer|TypedArray|DataView|string}
6274-
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject|CryptoKey}
6317+
* `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView|KeyObject}
62756318
* `signature` {ArrayBuffer|Buffer|SharedArrayBuffer|TypedArray|DataView}
62766319
* `callback` {Function}
62776320
* `err` {Error}

doc/api/deprecations.md

Lines changed: 10 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -4489,6 +4489,9 @@ const server = http2.createSecureServer({
44894489
44904490
<!-- YAML
44914491
changes:
4492+
- version: REPLACEME
4493+
pr-url: https://github.com/nodejs/node/pull/63188
4494+
description: End-of-Life.
44924495
- version: v26.0.0
44934496
pr-url: https://github.com/nodejs/node/pull/62453
44944497
description: Runtime deprecation.
@@ -4499,23 +4502,17 @@ changes:
44994502
description: Documentation-only deprecation.
45004503
-->
45014504
4502-
Type: Runtime
4505+
Type: End-of-Life
45034506
4504-
Passing a [`CryptoKey`][] to `node:crypto` functions is deprecated and
4505-
will throw an error in a future version. This includes
4506-
[`crypto.createPublicKey()`][], [`crypto.createPrivateKey()`][],
4507-
[`crypto.sign()`][], [`crypto.verify()`][],
4508-
[`crypto.publicEncrypt()`][], [`crypto.publicDecrypt()`][],
4509-
[`crypto.privateEncrypt()`][], [`crypto.privateDecrypt()`][],
4510-
[`Sign.prototype.sign()`][], [`Verify.prototype.verify()`][],
4511-
[`crypto.createHmac()`][], [`crypto.createCipheriv()`][],
4512-
[`crypto.createDecipheriv()`][], [`crypto.encapsulate()`][], and
4513-
[`crypto.decapsulate()`][].
4507+
Passing a [`CryptoKey`][] to `node:crypto` functions is no longer supported.
45144508
45154509
### DEP0204: `KeyObject.from()` with non-extractable `CryptoKey`
45164510
45174511
<!-- YAML
45184512
changes:
4513+
- version: REPLACEME
4514+
pr-url: https://github.com/nodejs/node/pull/63188
4515+
description: End-of-Life.
45194516
- version: v26.0.0
45204517
pr-url: https://github.com/nodejs/node/pull/62453
45214518
description: Runtime deprecation.
@@ -4526,10 +4523,10 @@ changes:
45264523
description: Documentation-only deprecation.
45274524
-->
45284525
4529-
Type: Runtime
4526+
Type: End-of-Life
45304527
45314528
Passing a non-extractable [`CryptoKey`][] to [`KeyObject.from()`][] is
4532-
deprecated and will throw an error in a future version.
4529+
no longer supported.
45334530
45344531
### DEP0205: `module.register()`
45354532
@@ -4655,9 +4652,7 @@ successfully before the response closed.
46554652
[`ReadStream.open()`]: fs.md#class-fsreadstream
46564653
[`Server.getConnections()`]: net.md#servergetconnectionscallback
46574654
[`Server.listen({fd: <number>})`]: net.md#serverlistenhandle-backlog-callback
4658-
[`Sign.prototype.sign()`]: crypto.md#signsignprivatekey-outputencoding
46594655
[`String.prototype.toWellFormed`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/toWellFormed
4660-
[`Verify.prototype.verify()`]: crypto.md#verifyverifyobject-signature-signatureencoding
46614656
[`WriteStream.open()`]: fs.md#class-fswritestream
46624657
[`assert`]: assert.md
46634658
[`asyncResource.runInAsyncScope()`]: async_context.md#asyncresourceruninasyncscopefn-thisarg-args
@@ -4675,21 +4670,11 @@ successfully before the response closed.
46754670
[`crypto.createDecipheriv()`]: crypto.md#cryptocreatedecipherivalgorithm-key-iv-options
46764671
[`crypto.createHash()`]: crypto.md#cryptocreatehashalgorithm-options
46774672
[`crypto.createHmac()`]: crypto.md#cryptocreatehmacalgorithm-key-options
4678-
[`crypto.createPrivateKey()`]: crypto.md#cryptocreateprivatekeykey
4679-
[`crypto.createPublicKey()`]: crypto.md#cryptocreatepublickeykey
4680-
[`crypto.decapsulate()`]: crypto.md#cryptodecapsulatekey-ciphertext-callback
4681-
[`crypto.encapsulate()`]: crypto.md#cryptoencapsulatekey-callback
46824673
[`crypto.fips`]: crypto.md#cryptofips
46834674
[`crypto.pbkdf2()`]: crypto.md#cryptopbkdf2password-salt-iterations-keylen-digest-callback
4684-
[`crypto.privateDecrypt()`]: crypto.md#cryptoprivatedecryptprivatekey-buffer
4685-
[`crypto.privateEncrypt()`]: crypto.md#cryptoprivateencryptprivatekey-buffer
4686-
[`crypto.publicDecrypt()`]: crypto.md#cryptopublicdecryptkey-buffer
4687-
[`crypto.publicEncrypt()`]: crypto.md#cryptopublicencryptkey-buffer
46884675
[`crypto.randomBytes()`]: crypto.md#cryptorandombytessize-callback
46894676
[`crypto.scrypt()`]: crypto.md#cryptoscryptpassword-salt-keylen-options-callback
46904677
[`crypto.setEngine()`]: crypto.md#cryptosetengineengine-flags
4691-
[`crypto.sign()`]: crypto.md#cryptosignalgorithm-data-key-callback
4692-
[`crypto.verify()`]: crypto.md#cryptoverifyalgorithm-data-key-signature-callback
46934678
[`decipher.final()`]: crypto.md#decipherfinaloutputencoding
46944679
[`decipher.setAuthTag()`]: crypto.md#deciphersetauthtagbuffer-encoding
46954680
[`dirent.parentPath`]: fs.md#direntparentpath

0 commit comments

Comments
 (0)