diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 1b30633221d895..0653fcedaad1f1 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1109,14 +1109,18 @@ This can be called many times with new data as it is streamed. ## Class: KeyObject -Node.js uses an internal `KeyObject` class which should not be accessed -directly. Instead, factory functions exist to create instances of this class -in a secure manner, see [`crypto.createSecretKey()`][], -[`crypto.createPublicKey()`][] and [`crypto.createPrivateKey()`][]. A -`KeyObject` can represent a symmetric or asymmetric key, and each kind of key -exposes different functions. +Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key, +and each kind of key exposes different functions. The +[`crypto.createSecretKey()`][], [`crypto.createPublicKey()`][] and +[`crypto.createPrivateKey()`][] methods are used to create `KeyObject` +instances. `KeyObject` objects are not to be created directly using the `new` +keyword. Most applications should consider using the new `KeyObject` API instead of passing keys as strings or `Buffer`s due to improved security features. diff --git a/lib/crypto.js b/lib/crypto.js index 8f26ac6c136fb5..673a198466ec5c 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -60,7 +60,8 @@ const { const { createSecretKey, createPublicKey, - createPrivateKey + createPrivateKey, + KeyObject, } = require('internal/crypto/keys'); const { DiffieHellman, @@ -191,6 +192,7 @@ module.exports = exports = { ECDH, Hash, Hmac, + KeyObject, Sign, Verify }; diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js index a0c2148b305b88..1eb4a6f7be7006 100644 --- a/lib/internal/crypto/keys.js +++ b/lib/internal/crypto/keys.js @@ -333,6 +333,7 @@ module.exports = { createSecretKey, createPublicKey, createPrivateKey, + KeyObject, // These are designed for internal use only and should not be exposed. parsePublicKeyEncoding,