crypto.generateKeyPair(type, options, callback)

版本历史

版本	变更
v13.9.0	添加对 Diffie-Hellman 的支持。
v12.0.0	添加生成 X25519 和 X448 密钥对的功能。
v12.0.0	添加生成 Ed25519 和 Ed448 密钥对的功能。
v11.6.0	如果未指定编码，`generateKeyPair` 和 `generateKeyPairSync` 函数现在会生成关键对象。
v10.12.0	新增于: v10.12.0

type: <string> 必须是 'rsa'、'dsa'、'ec'、'ed25519'、'ed448'、'x25519'、'x448' 或 'dh'。
options: <Object>
- modulusLength: <number> 以位为单位的密钥大小（RSA、DSA）。
- publicExponent: <number> 公共指数 (RSA)。 默认值: 0x10001。
- divisorLength: <number> q 的比特大小 (DSA)。
- namedCurve: <string> 要使用的曲线名称 (EC)。
- prime: <Buffer> 素数参数 (DH)。
- primeLength: <number> 以比特为单位的质数长度 (DH)。
- generator: <number> 自定义生成器 (DH)。 默认值: 2。
- groupName: <string> Diffie-Hellman 组名 (DH)。参见 crypto.getDiffieHellman()。
- publicKeyEncoding: <Object> 参见 keyObject.export()。
- privateKeyEncoding: <Object> 参见 keyObject.export()。
callback: <Function>
- err: <Error>
- publicKey: <string> | <Buffer> | <KeyObject>
- privateKey: <string> | <Buffer> | <KeyObject>

生成给定 type 的新非对称密钥对。目前支持 RSA、DSA、EC、Ed25519、Ed448、X25519、X448 和 DH。

如果指定了 publicKeyEncoding 或 privateKeyEncoding，则此函数的行为就像对其结果调用了 keyObject.export()。否则，密钥的相应部分将作为 KeyObject 返回。

建议将公钥编码为 'spki'，私钥编码为 'pkcs8'，并加密以进行长期存储：

const { generateKeyPair } = require('crypto');
generateKeyPair('rsa', {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
    cipher: 'aes-256-cbc',
    passphrase: 'top secret'
  }
}, (err, publicKey, privateKey) => {
  // 处理错误并使用生成的密钥对。
});

完成后，callback 将被调用，err 设置为 undefined，publicKey / privateKey 代表生成的密钥对。

如果此方法作为其 util.promisify() 版本被调用，则其将为具有 publicKey 和 privateKey 属性的 Object 返回 Promise。

History

Version	Changes
v13.9.0	Add support for Diffie-Hellman.
v12.0.0	Add ability to generate X25519 and X448 key pairs.
v12.0.0	Add ability to generate Ed25519 and Ed448 key pairs.
v11.6.0	The `generateKeyPair` and `generateKeyPairSync` functions now produce key objects if no encoding was specified.
v10.12.0	Added in: v10.12.0

type: <string> Must be 'rsa', 'dsa', 'ec', 'ed25519', 'ed448', 'x25519', 'x448', or 'dh'.
options: <Object>
- modulusLength: <number> Key size in bits (RSA, DSA).
- publicExponent: <number> Public exponent (RSA). Default: 0x10001.
- divisorLength: <number> Size of q in bits (DSA).
- namedCurve: <string> Name of the curve to use (EC).
- prime: <Buffer> The prime parameter (DH).
- primeLength: <number> Prime length in bits (DH).
- generator: <number> Custom generator (DH). Default: 2.
- groupName: <string> Diffie-Hellman group name (DH). See crypto.getDiffieHellman().
- publicKeyEncoding: <Object> See keyObject.export().
- privateKeyEncoding: <Object> See keyObject.export().
callback: <Function>
- err: <Error>
- publicKey: <string> | <Buffer> | <KeyObject>
- privateKey: <string> | <Buffer> | <KeyObject>

Generates a new asymmetric key pair of the given type. RSA, DSA, EC, Ed25519, Ed448, X25519, X448, and DH are currently supported.

If a publicKeyEncoding or privateKeyEncoding was specified, this function behaves as if keyObject.export() had been called on its result. Otherwise, the respective part of the key is returned as a KeyObject.

It is recommended to encode public keys as 'spki' and private keys as 'pkcs8' with encryption for long-term storage:

const { generateKeyPair } = require('crypto');
generateKeyPair('rsa', {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
    cipher: 'aes-256-cbc',
    passphrase: 'top secret'
  }
}, (err, publicKey, privateKey) => {
  // Handle errors and use the generated key pair.
});

On completion, callback will be called with err set to undefined and publicKey / privateKey representing the generated key pair.

If this method is invoked as its util.promisify()ed version, it returns a Promise for an Object with publicKey and privateKey properties.