From 0d37af1a4db4a0a47d5e672fbc3928e5425f5e61 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 18 Mar 2026 14:46:11 +0100 Subject: [PATCH 1/3] doc: deprecate CryptoKey use in node:crypto Refs: https://github.com/nodejs/node/issues/55293 --- doc/api/deprecations.md | 51 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 85cb2f7aa9f1e6..6dc499505af5de 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -4481,6 +4481,40 @@ const server = http2.createSecureServer({ }); ``` +### DEP0203: Passing `CryptoKey` to `node:crypto` APIs + + + +Type: Documentation-only + +Passing a [`CryptoKey`][] to `node:crypto` functions is deprecated and +will throw an error in a future version. This includes +[`crypto.createPublicKey()`][], [`crypto.createPrivateKey()`][], +[`crypto.sign()`][], [`crypto.verify()`][], +[`crypto.publicEncrypt()`][], [`crypto.publicDecrypt()`][], +[`crypto.privateEncrypt()`][], [`crypto.privateDecrypt()`][], +[`Sign.prototype.sign()`][], [`Verify.prototype.verify()`][], +[`crypto.createHmac()`][], [`crypto.createCipheriv()`][], +[`crypto.createDecipheriv()`][], [`crypto.encapsulate()`][], and +[`crypto.decapsulate()`][]. + +### DEP0204: `KeyObject.from()` with non-extractable `CryptoKey` + + + +Type: Documentation-only + +Passing a non-extractable [`CryptoKey`][] to [`KeyObject.from()`][] is +deprecated and will throw an error in a future version. + [DEP0142]: #dep0142-repl_builtinlibs [NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf [RFC 6066]: https://tools.ietf.org/html/rfc6066#section-3 @@ -4518,19 +4552,36 @@ const server = http2.createSecureServer({ [`clearTimeout()`]: timers.md#cleartimeouttimeout [`console.error()`]: console.md#consoleerrordata-args [`console.log()`]: console.md#consolelogdata-args +[`CryptoKey`]: webcrypto.md#class-cryptokey [`crypto.Certificate()` constructor]: crypto.md#legacy-api [`crypto.createCipheriv()`]: crypto.md#cryptocreatecipherivalgorithm-key-iv-options [`crypto.createDecipheriv()`]: crypto.md#cryptocreatedecipherivalgorithm-key-iv-options [`crypto.createHash()`]: crypto.md#cryptocreatehashalgorithm-options [`crypto.createHmac()`]: crypto.md#cryptocreatehmacalgorithm-key-options +[`crypto.createPrivateKey()`]: crypto.md#cryptocreateprivatekeykey +[`crypto.createPublicKey()`]: crypto.md#cryptocreatepublickeykey +[`crypto.decapsulate()`]: crypto.md#cryptodecapsulatekey-ciphertext-callback +[`crypto.encapsulate()`]: crypto.md#cryptoencapsulatekey-callback [`crypto.fips`]: crypto.md#cryptofips [`crypto.pbkdf2()`]: crypto.md#cryptopbkdf2password-salt-iterations-keylen-digest-callback +[`crypto.privateDecrypt()`]: crypto.md#cryptoprivatedecryptprivatekey-buffer +[`crypto.privateEncrypt()`]: crypto.md#cryptoprivateencryptprivatekey-buffer +[`crypto.publicDecrypt()`]: crypto.md#cryptopublicdecryptkey-buffer +[`crypto.publicEncrypt()`]: crypto.md#cryptopublicencryptkey-buffer [`crypto.randomBytes()`]: crypto.md#cryptorandombytessize-callback [`crypto.scrypt()`]: crypto.md#cryptoscryptpassword-salt-keylen-options-callback [`crypto.setEngine()`]: crypto.md#cryptosetengineengine-flags +[`crypto.sign()`]: crypto.md#cryptosignalgorithm-data-key-callback +[`crypto.verify()`]: crypto.md#cryptoverifyalgorithm-data-key-signature-callback [`decipher.final()`]: crypto.md#decipherfinaloutputencoding [`decipher.setAuthTag()`]: crypto.md#deciphersetauthtagbuffer-encoding [`dirent.parentPath`]: fs.md#direntparentpath +[KeyObject]: crypto.md#class-keyobject +[`KeyObject`]: crypto.md#class-keyobject +[`KeyObject.from()`]: crypto.md#static-method-keyobjectfromkey +[`Sign.prototype.sign()`]: crypto.md#signsignprivatekey-outputencoding +[`Verify.prototype.verify()`]: crypto.md#verifyverifyobject-signature-signatureencoding +[WebCrypto API]: webcrypto.md [`dns.lookup()`]: dns.md#dnslookuphostname-options-callback [`dnsPromises.lookup()`]: dns.md#dnspromiseslookuphostname-options [`domain`]: domain.md From bfb90fc37e0e46993836e69804e273a35d5aea6b Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 18 Mar 2026 14:47:19 +0100 Subject: [PATCH 2/3] fixup! doc: deprecate CryptoKey use in node:crypto --- doc/api/deprecations.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 6dc499505af5de..661e1e90289ea3 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -4486,6 +4486,7 @@ const server = http2.createSecureServer({ @@ -4507,6 +4508,7 @@ will throw an error in a future version. This includes From dd504ba261936dcfa3fc968352e0b7fa0f2ae3f4 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 18 Mar 2026 15:00:36 +0100 Subject: [PATCH 3/3] fixup! doc: deprecate CryptoKey use in node:crypto --- doc/api/deprecations.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 661e1e90289ea3..baeabb78505c1b 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -4534,14 +4534,18 @@ deprecated and will throw an error in a future version. [`Buffer.from(buffer)`]: buffer.md#static-method-bufferfrombuffer [`Buffer.isBuffer()`]: buffer.md#static-method-bufferisbufferobj [`Cipheriv`]: crypto.md#class-cipheriv +[`CryptoKey`]: webcrypto.md#class-cryptokey [`Decipheriv`]: crypto.md#class-decipheriv [`Duplex.toWeb()`]: stream.md#streamduplextowebstreamduplex-options [`Error.isError`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error/isError +[`KeyObject.from()`]: crypto.md#static-method-keyobjectfromkey [`REPLServer.clearBufferedCommand()`]: repl.md#replserverclearbufferedcommand [`ReadStream.open()`]: fs.md#class-fsreadstream [`Server.getConnections()`]: net.md#servergetconnectionscallback [`Server.listen({fd: })`]: net.md#serverlistenhandle-backlog-callback +[`Sign.prototype.sign()`]: crypto.md#signsignprivatekey-outputencoding [`String.prototype.toWellFormed`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/toWellFormed +[`Verify.prototype.verify()`]: crypto.md#verifyverifyobject-signature-signatureencoding [`WriteStream.open()`]: fs.md#class-fswritestream [`assert`]: assert.md [`asyncResource.runInAsyncScope()`]: async_context.md#asyncresourceruninasyncscopefn-thisarg-args @@ -4554,7 +4558,6 @@ deprecated and will throw an error in a future version. [`clearTimeout()`]: timers.md#cleartimeouttimeout [`console.error()`]: console.md#consoleerrordata-args [`console.log()`]: console.md#consolelogdata-args -[`CryptoKey`]: webcrypto.md#class-cryptokey [`crypto.Certificate()` constructor]: crypto.md#legacy-api [`crypto.createCipheriv()`]: crypto.md#cryptocreatecipherivalgorithm-key-iv-options [`crypto.createDecipheriv()`]: crypto.md#cryptocreatedecipherivalgorithm-key-iv-options @@ -4578,12 +4581,6 @@ deprecated and will throw an error in a future version. [`decipher.final()`]: crypto.md#decipherfinaloutputencoding [`decipher.setAuthTag()`]: crypto.md#deciphersetauthtagbuffer-encoding [`dirent.parentPath`]: fs.md#direntparentpath -[KeyObject]: crypto.md#class-keyobject -[`KeyObject`]: crypto.md#class-keyobject -[`KeyObject.from()`]: crypto.md#static-method-keyobjectfromkey -[`Sign.prototype.sign()`]: crypto.md#signsignprivatekey-outputencoding -[`Verify.prototype.verify()`]: crypto.md#verifyverifyobject-signature-signatureencoding -[WebCrypto API]: webcrypto.md [`dns.lookup()`]: dns.md#dnslookuphostname-options-callback [`dnsPromises.lookup()`]: dns.md#dnspromiseslookuphostname-options [`domain`]: domain.md