BuildDocsReferenceGuidesBlog
Discord logo
Discord
GitHub logo
FcreateECDH
Bun

function

crypto.createECDH

function createECDH(
curveName: string
): ECDH;

Creates an Elliptic Curve Diffie-Hellman (ECDH) key exchange object using a predefined curve specified by the curveName string. Use getCurves to obtain a list of available curve names. On recent OpenSSL releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.

Referenced types

class ECDH

The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) key exchanges.

Instances of the ECDH class can be created using the createECDH function.

import assert from 'node:assert';

const {
  createECDH,
} = await import('node:crypto');

// Generate Alice's keys...
const alice = createECDH('secp521r1');
const aliceKey = alice.generateKeys();

// Generate Bob's keys...
const bob = createECDH('secp521r1');
const bobKey = bob.generateKeys();

// Exchange and generate the secret...
const aliceSecret = alice.computeSecret(bobKey);
const bobSecret = bob.computeSecret(aliceKey);

assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
// OK
  • otherPublicKey: ArrayBufferView
    ): NonSharedBuffer;

    Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using specified inputEncoding, and the returned secret is encoded using the specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.

    If outputEncoding is given a string will be returned; otherwise a Buffer is returned.

    ecdh.computeSecret will throw anERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error when otherPublicKey lies outside of the elliptic curve. Since otherPublicKey is usually supplied from a remote user over an insecure network, be sure to handle this exception accordingly.

    otherPublicKey: string,
    inputEncoding: BinaryToTextEncoding
    ): NonSharedBuffer;

    Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using specified inputEncoding, and the returned secret is encoded using the specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.

    If outputEncoding is given a string will be returned; otherwise a Buffer is returned.

    ecdh.computeSecret will throw anERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error when otherPublicKey lies outside of the elliptic curve. Since otherPublicKey is usually supplied from a remote user over an insecure network, be sure to handle this exception accordingly.

    @param inputEncoding

    The encoding of the otherPublicKey string.

    otherPublicKey: ArrayBufferView,
    outputEncoding: BinaryToTextEncoding
    ): string;

    Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using specified inputEncoding, and the returned secret is encoded using the specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.

    If outputEncoding is given a string will be returned; otherwise a Buffer is returned.

    ecdh.computeSecret will throw anERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error when otherPublicKey lies outside of the elliptic curve. Since otherPublicKey is usually supplied from a remote user over an insecure network, be sure to handle this exception accordingly.

    @param outputEncoding

    The encoding of the return value.

    otherPublicKey: string,
    inputEncoding: BinaryToTextEncoding,
    outputEncoding: BinaryToTextEncoding
    ): string;

    Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using specified inputEncoding, and the returned secret is encoded using the specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.

    If outputEncoding is given a string will be returned; otherwise a Buffer is returned.

    ecdh.computeSecret will throw anERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error when otherPublicKey lies outside of the elliptic curve. Since otherPublicKey is usually supplied from a remote user over an insecure network, be sure to handle this exception accordingly.

    @param inputEncoding

    The encoding of the otherPublicKey string.

    @param outputEncoding

    The encoding of the return value.

  • generateKeys(): NonSharedBuffer;

    Generates private and public EC Diffie-Hellman key values, and returns the public key in the specified format and encoding. This key should be transferred to the other party.

    The format argument specifies point encoding and can be 'compressed' or 'uncompressed'. If format is not specified, the point will be returned in'uncompressed' format.

    If encoding is provided a string is returned; otherwise a Buffer is returned.

    encoding: BinaryToTextEncoding,
    format?: ECDHKeyFormat
    ): string;

    Generates private and public EC Diffie-Hellman key values, and returns the public key in the specified format and encoding. This key should be transferred to the other party.

    The format argument specifies point encoding and can be 'compressed' or 'uncompressed'. If format is not specified, the point will be returned in'uncompressed' format.

    If encoding is provided a string is returned; otherwise a Buffer is returned.

    @param encoding

    The encoding of the return value.

  • getPrivateKey(): NonSharedBuffer;

    If encoding is specified, a string is returned; otherwise a Buffer is returned.

    @returns

    The EC Diffie-Hellman in the specified encoding.

    encoding: BinaryToTextEncoding
    ): string;

    If encoding is specified, a string is returned; otherwise a Buffer is returned.

    @param encoding

    The encoding of the return value.

    @returns

    The EC Diffie-Hellman in the specified encoding.

  • encoding?: null,
    format?: ECDHKeyFormat
    ): NonSharedBuffer;

    The format argument specifies point encoding and can be 'compressed' or 'uncompressed'. If format is not specified the point will be returned in'uncompressed' format.

    If encoding is specified, a string is returned; otherwise a Buffer is returned.

    @param encoding

    The encoding of the return value.

    @returns

    The EC Diffie-Hellman public key in the specified encoding and format.

    encoding: BinaryToTextEncoding,
    format?: ECDHKeyFormat
    ): string;

    The format argument specifies point encoding and can be 'compressed' or 'uncompressed'. If format is not specified the point will be returned in'uncompressed' format.

    If encoding is specified, a string is returned; otherwise a Buffer is returned.

    @param encoding

    The encoding of the return value.

    @returns

    The EC Diffie-Hellman public key in the specified encoding and format.

  • privateKey: ArrayBufferView
    ): void;

    Sets the EC Diffie-Hellman private key. If encoding is provided, privateKey is expected to be a string; otherwise privateKey is expected to be a Buffer, TypedArray, or DataView.

    If privateKey is not valid for the curve specified when the ECDH object was created, an error is thrown. Upon setting the private key, the associated public point (key) is also generated and set in the ECDH object.

    privateKey: string,
    encoding: BinaryToTextEncoding
    ): void;

    Sets the EC Diffie-Hellman private key. If encoding is provided, privateKey is expected to be a string; otherwise privateKey is expected to be a Buffer, TypedArray, or DataView.

    If privateKey is not valid for the curve specified when the ECDH object was created, an error is thrown. Upon setting the private key, the associated public point (key) is also generated and set in the ECDH object.

    @param encoding

    The encoding of the privateKey string.

  • static convertKey(
    key: BinaryLike,
    curve: string,
    inputEncoding?: BinaryToTextEncoding,
    outputEncoding?: 'latin1' | 'base64' | 'base64url' | 'hex',
    format?: 'uncompressed' | 'compressed' | 'hybrid'
    ): string | NonSharedBuffer;

    Converts the EC Diffie-Hellman public key specified by key and curve to the format specified by format. The format argument specifies point encoding and can be 'compressed', 'uncompressed' or 'hybrid'. The supplied key is interpreted using the specified inputEncoding, and the returned key is encoded using the specified outputEncoding.

    Use getCurves to obtain a list of available curve names. On recent OpenSSL releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.

    If format is not specified the point will be returned in 'uncompressed' format.

    If the inputEncoding is not provided, key is expected to be a Buffer, TypedArray, or DataView.

    Example (uncompressing a key):

    const {
  createECDH,
  ECDH,
} = await import('node:crypto');

const ecdh = createECDH('secp256k1');
ecdh.generateKeys();

const compressedKey = ecdh.getPublicKey('hex', 'compressed');

const uncompressedKey = ECDH.convertKey(compressedKey,
                                        'secp256k1',
                                        'hex',
                                        'hex',
                                        'uncompressed');

// The converted key and the uncompressed public key should be the same
console.log(uncompressedKey === ecdh.getPublicKey('hex'));
    @param inputEncoding

    The encoding of the key string.

    @param outputEncoding

    The encoding of the return value.