Node.js v0.10.18 手册 & 文档

加密（Crypto）#

稳定度: 2 - 不稳定；正在讨论未来版本的API变动。会尽量减少重大变动的发生。详见下文。

Use require('crypto') to access this module.

使用 require('crypto') 来调用该模块。

The crypto module offers a way of encapsulating secure credentials to be used as part of a secure HTTPS net or http connection.

crypto模块提供在HTTPS或HTTP连接中封装安全凭证的方法.

It also offers a set of wrappers for OpenSSL's hash, hmac, cipher, decipher, sign and verify methods.

它提供OpenSSL中的一系列哈希方法，包括hmac、cipher、decipher、签名和验证等方法的封装。

crypto.getCiphers()#

Returns an array with the names of the supported ciphers.

返回一个数组，包含支持的加密算法的名字。

Example:

示例：

var ciphers = crypto.getCiphers();
console.log(ciphers); // ['AES-128-CBC', 'AES-128-CBC-HMAC-SHA1', ...]

crypto.getHashes()#

Returns an array with the names of the supported hash algorithms.

返回一个包含所支持的哈希算法的数组。

Example:

示例：

var hashes = crypto.getHashes();
console.log(hashes); // ['sha', 'sha1', 'sha1WithRSAEncryption', ...]

crypto.createCredentials(details)#

Creates a credentials object, with the optional details being a dictionary with keys:

创建一个加密凭证对象，接受一个可选的参数对象：

pfx : A string or buffer holding the PFX or PKCS12 encoded private key, certificate and CA certificates
key : A string holding the PEM encoded private key
passphrase : A string of passphrase for the private key or pfx
cert : A string holding the PEM encoded certificate
ca : Either a string or list of strings of PEM encoded CA certificates to trust.
crl : Either a string or list of strings of PEM encoded CRLs (Certificate Revocation List)
ciphers: A string describing the ciphers to use or exclude. Consult http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT for details on the format.
pfx : 一个字符串或者buffer对象，代表经PFX或者PKCS12编码产生的私钥、证书以及CA证书
key : 一个字符串，代表经PEM编码产生的私钥
passphrase : 私钥或者pfx的密码
cert : 一个字符串，代表经PEM编码产生的证书
ca : 一个字符串或者字符串数组，表示可信任的经PEM编码产生的CA证书列表
crl : 一个字符串或者字符串数组，表示经PEM编码产生的CRL（证书吊销列表 Certificate Revocation List）
ciphers: 一个字符串，表示需要使用或者排除的加密算法可以在 http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT 查看更多关于加密算法格式的资料。

If no 'ca' details are given, then node.js will use the default publicly trusted list of CAs as given in

http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt.

如果没有指定ca，node.js会使用http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt提供的公共可信任的CA列表。

crypto.createHash(algorithm)#

Creates and returns a hash object, a cryptographic hash with the given algorithm which can be used to generate hash digests.

创建并返回一个哈希对象，一个使用所给算法的用于生成摘要的加密哈希。

algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha1', 'md5', 'sha256', 'sha512', etc. On recent releases, openssl list-message-digest-algorithms will display the available digest algorithms.

algorithm 取决与平台上所安装的 OpenSSL 版本所支持的算法。比如 'sha1'、'md5'、'sha256'、'sha512' 等等。在最近的发行版本中，openssl list-message-digest-algorithms 会显示可用的摘要算法。

Example: this program that takes the sha1 sum of a file

例子：这段程序会计算出一个文件的 sha1 摘要值。

s.on('end', function() {
  var d = shasum.digest('hex');
  console.log(d + '  ' + filename);
});

类: Hash#

The class for creating hash digests of data.

创建数据哈希摘要的类。

It is a stream that is both readable and writable. The written data is used to compute the hash. Once the writable side of the stream is ended, use the read() method to get the computed hash digest. The legacy update and digest methods are also supported.

它是一个既可读又可写的流。所写入的数据会被用作计算哈希。当流的可写端终止后，使用 read() 方法来获取计算得的哈希摘要。同时也支持旧有的 update 和 digest 方法。

Returned by crypto.createHash.

通过 crypto.createHash 返回。

hash.update(data, [input_encoding])#

Updates the hash content with the given data, the encoding of which is given in input_encoding and can be 'utf8', 'ascii' or 'binary'. If no encoding is provided, then a buffer is expected.

通过提供的数据更新哈希对象，可以通过input_encoding指定编码为'utf8'、'ascii'或者 'binary'。如果没有指定编码，将作为二进制数据（buffer）处理。

This can be called many times with new data as it is streamed.

因为它是流式数据，所以可以使用不同的数据调用很多次。

hash.digest([encoding])#

Calculates the digest of all of the passed data to be hashed. The encoding can be 'hex', 'binary' or 'base64'. If no encoding is provided, then a buffer is returned.

计算传入的所有数据的摘要值。encoding可以是'hex'、'binary'或者'base64'，如果没有指定，会返回一个buffer对象。

Note: hash object can not be used after digest() method has been called.

注意：hash 对象在 digest() 方法被调用后将不可用。

crypto.createHmac(algorithm, key)#

Creates and returns a hmac object, a cryptographic hmac with the given algorithm and key.

创建并返回一个hmac对象，也就是通过给定的加密算法和密钥生成的加密图谱（cryptographic）。

It is a stream that is both readable and writable. The written data is used to compute the hmac. Once the writable side of the stream is ended, use the read() method to get the computed digest. The legacy update and digest methods are also supported.

它是一个既可读又可写的流（stream）。写入的数据会被用于计算hmac。写入终止后，可以使用read()方法获取计算后的摘要值。之前版本的update和digest方法仍然支持。

algorithm is dependent on the available algorithms supported by OpenSSL - see createHash above. key is the hmac key to be used.

algorithm在OpenSSL支持的算法列表中被抛弃了——见上方createHash部分。key是hmac算法用到的密钥。

Class: Hmac#

Class for creating cryptographic hmac content.

用于创建hmac加密图谱（cryptographic）的类。

Returned by crypto.createHmac.

由crypto.createHmac返回。

hmac.update(data)#

Update the hmac content with the given data. This can be called many times with new data as it is streamed.

通过提供的数据更新hmac对象。因为它是流式数据，所以可以使用新数据调用很多次。

hmac.digest([encoding])#

Calculates the digest of all of the passed data to the hmac. The encoding can be 'hex', 'binary' or 'base64'. If no encoding is provided, then a buffer is returned.

计算传入的所有数据的hmac摘要值。encoding可以是'hex'、'binary'或者'base64'，如果没有指定，会返回一个buffer对象。

Note: hmac object can not be used after digest() method has been called.

注意： hmac对象在调用digest()之后就不再可用了。

crypto.createCipher(algorithm, password)#

Creates and returns a cipher object, with the given algorithm and password.

用给定的算法和密码，创建并返回一个cipher加密算法的对象。（译者：cipher 就是加密算法的意思， ssl 的 cipher 主要是对称加密算法和不对称加密算法的组合。）

algorithm is dependent on OpenSSL, examples are 'aes192', etc. On recent releases, openssl list-cipher-algorithms will display the available cipher algorithms. password is used to derive key and IV, which must be a 'binary' encoded string or a buffer.

algorithm算法是依赖OpenSSL库的, 例如: 'aes192'算法等。在最近发布的版本，执行命令 openssl list-cipher-algorithms 就会显示出所有可用的加密算法，password是用来派生key和IV的，它必须是一个 'binary' 2进制格式的字符串或者是一个buffer。（译者：key表示密钥，IV表示向量在加密过程和解密过程都要使用）

crypto.createCipheriv(algorithm, key, iv)#

Creates and returns a cipher object, with the given algorithm, key and iv.

用给定的算法、密码和向量，创建并返回一个cipher加密算法的对象。

algorithm is the same as the argument to createCipher(). key is the raw key used by the algorithm. iv is an initialization vector.

algorithm算法和createCipher() 方法的参数相同. key密钥是一个被算法使用的原始密钥，iv是一个初始化向量。

key and iv must be 'binary' encoded strings or buffers.

key密钥和iv向量必须是'binary'2进制格式的字符串或buffers.

Class: Cipher#

Class for encrypting data.

这个类是用来加密数据的。

Returned by crypto.createCipher and crypto.createCipheriv.

这个类由 crypto.createCipher 和 crypto.createCipheriv 返回。

Cipher objects are streams that are both readable and writable. The written plain text data is used to produce the encrypted data on the readable side. The legacy update and final methods are also supported.

Cipher加密对象是 streams，他是具有 readable 可读和 writable 可写的。写入的纯文本数据是用来在可读流一侧加密数据的。以前版本的update 和final方法也还是支持的。

cipher.update(data, [input_encoding], [output_encoding])#

Updates the cipher with data, the encoding of which is given in input_encoding and can be 'utf8', 'ascii' or 'binary'. If no encoding is provided, then a buffer is expected.

用data参数更新cipher加密对象, 它的编码input_encoding必须是下列给定编码的 'utf8', 'ascii' or 'binary' 中一种。如果没有编码参数，那么打他参数必须是一个buffer。

The output_encoding specifies the output format of the enciphered data, and can be 'binary', 'base64' or 'hex'. If no encoding is provided, then a buffer is returned.

参数 output_encoding输出编码指定了加密数据的输出格式，可以是'binary', 'base64' 或者'hex'，如果没有提供这个参数，buffer将会返回。

Returns the enciphered contents, and can be called many times with new data as it is streamed.

返回加密内容，并且Returns the enciphered contents, 用新数据作为流的话，它可以被调用多次。

cipher.final([output_encoding])#

Returns any remaining enciphered contents, with output_encoding being one of: 'binary', 'base64' or 'hex'. If no encoding is provided, then a buffer is returned.

返回剩余的加密内容，output_encoding为'binary', 'base64' 或 'hex'中的任意一个。如果没有提供编码格式，则返回一个buffer对象。

Note: cipher object can not be used after final() method has been called.

注: 调用final()函数后cipher 对象不能被使用。

cipher.setAutoPadding(auto_padding=true)#

You can disable automatic padding of the input data to block size. If auto_padding is false, the length of the entire input data must be a multiple of the cipher's block size or final will fail. Useful for non-standard padding, e.g. using 0x0 instead of PKCS padding. You must call this before cipher.final.

对于将输入数据自动填充到块大小的功能，你可以将其禁用。如果auto_padding是false，那么整个输入数据的长度必须是加密器的块大小的整倍数，否则final会失败。这对非标准的填充很有用，例如使用0x0而不是PKCS的填充。这个函数必须在cipher.final之前调用。

crypto.createDecipher(algorithm, password)#

Creates and returns a decipher object, with the given algorithm and key. This is the mirror of the createCipher() above.

根据给定的算法和密钥，创建并返回一个解密器对象。这是上述createCipher()的一个镜像。

crypto.createDecipheriv(algorithm, key, iv)#

Creates and returns a decipher object, with the given algorithm, key and iv. This is the mirror of the createCipheriv() above.

Creates and returns a decipher object, with the given algorithm, key and iv. This is the mirror of the createCipheriv() above. 根据给定的算法，密钥和初始化向量，创建并返回一个解密器对象。这是上述createCipheriv()的一个镜像。

Class: Decipher#

Class for decrypting data.

解密数据的类。

Returned by crypto.createDecipher and crypto.createDecipheriv.

由crypto.createDecipher和crypto.createDecipheriv返回。

Decipher objects are streams that are both readable and writable. The written enciphered data is used to produce the plain-text data on the the readable side. The legacy update and final methods are also supported.

解密器对象是可读写的流对象。用被写入的加密数据生成可读的平文数据。解码器对象也支持The legacy update和 final函数。

decipher.update(data, [input_encoding], [output_encoding])#

Updates the decipher with data, which is encoded in 'binary', 'base64' or 'hex'. If no encoding is provided, then a buffer is expected.

用data来更新解密器，其中data以'binary', 'base64' 或 'hex'进行编码。如果没有指明编码方式，则默认data是一个buffer对象。

The output_decoding specifies in what format to return the deciphered plaintext: 'binary', 'ascii' or 'utf8'. If no encoding is provided, then a buffer is returned.

output_decoding指明了用以下哪种编码方式返回解密后的平文：'binary', 'ascii' 或 'utf8'。如果没有指明编码方式，则返回一个buffer对象。

decipher.final([output_encoding])#

Returns any remaining plaintext which is deciphered, with output_encoding being one of: 'binary', 'ascii' or 'utf8'. If no encoding is provided, then a buffer is returned.

返回剩余的加密内容，output_encoding为'binary', 'ascii' 或 'utf8'中的任意一个。如果没有指明编码方式，则返回一个buffer对象。

Note: decipher object can not be used after final() method has been called.

注: 调用final()函数后不能使用decipher 对象。

decipher.setAutoPadding(auto_padding=true)#

You can disable auto padding if the data has been encrypted without standard block padding to prevent decipher.final from checking and removing it. Can only work if the input data's length is a multiple of the ciphers block size. You must call this before streaming data to decipher.update.

如果数据以非标准的块填充方式被加密，那么你可以禁用自动填充来防止decipher.final对数据进行检查和移除。这只有在输入数据的长度是加密器块大小的整倍数时才有效。这个函数必须在将数据流传递给decipher.update之前调用。

crypto.createSign(algorithm)#

Creates and returns a signing object, with the given algorithm. On recent OpenSSL releases, openssl list-public-key-algorithms will display the available signing algorithms. Examples are 'RSA-SHA256'.

根据给定的算法，创建并返回一个signing对象。在最近的OpenSSL发布版本中，openssl list-public-key-algorithms会列出可用的签名算法，例如'RSA-SHA256'。

Class: Sign#

Class for generating signatures.

生成数字签名的类

Returned by crypto.createSign.

由crypto.createSign返回。

Sign objects are writable streams. The written data is used to generate the signature. Once all of the data has been written, the sign method will return the signature. The legacy update method is also supported.

Sign对象是可写的流对象。被写入的数据用来生成数字签名。当所有的数据都被写入后，sign 函数会返回数字签名。Sign对象也支持The legacy update函数。

sign.update(data)#

Updates the sign object with data. This can be called many times with new data as it is streamed.

用data来更新sign对象。 This can be called many times with new data as it is streamed.

sign.sign(private_key, [output_format])#

Calculates the signature on all the updated data passed through the sign. private_key is a string containing the PEM encoded private key for signing.

根据所有传送给sign的更新数据来计算电子签名。private_key是一个包含了签名私钥的字符串，而该私钥是用PEM编码的。

Returns the signature in output_format which can be 'binary', 'hex' or 'base64'. If no encoding is provided, then a buffer is returned.

返回一个数字签名，该签名的格式可以是'binary', 'hex'或 'base64'. 如果没有指明编码方式，则返回一个buffer对象。

Note: sign object can not be used after sign() method has been called.

注：调用sign()后不能使用sign对象。

crypto.createVerify(algorithm)#

Creates and returns a verification object, with the given algorithm. This is the mirror of the signing object above.

根据指明的算法，创建并返回一个验证器对象。这是上述签名器对象的镜像。

Class: Verify#

Class for verifying signatures.

用来验证数字签名的类。

Returned by crypto.createVerify.

由 crypto.createVerify返回。

Verify objects are writable streams. The written data is used to validate against the supplied signature. Once all of the data has been written, the verify method will return true if the supplied signature is valid. The legacy update method is also supported.

验证器对象是可写的流对象. 被写入的数据会被用来验证提供的数字签名。在所有的数据被写入后，如果提供的数字签名有效，verify函数会返回真。验证器对象也支持 The legacy update函数。

verifier.update(data)#

Updates the verifier object with data. This can be called many times with new data as it is streamed.

用数据更新验证器对象。This can be called many times with new data as it is streamed.

verifier.verify(object, signature, [signature_format])#

Verifies the signed data by using the object and signature. object is a string containing a PEM encoded object, which can be one of RSA public key, DSA public key, or X.509 certificate. signature is the previously calculated signature for the data, in the signature_format which can be 'binary', 'hex' or 'base64'. If no encoding is specified, then a buffer is expected.

用object和signature来验证被签名的数据。 object是一个字符串，这个字符串包含了一个被PEM编码的对象，这个对象可以是RSA公钥，DSA公钥或者X.509 证书。 signature是之前计算出来的数字签名，其中的 signature_format可以是'binary', 'hex' 或 'base64'. 如果没有指明编码方式，那么默认是一个buffer对象。

Returns true or false depending on the validity of the signature for the data and public key.

根据数字签名对于数据和公钥的有效性，返回true或false。

Note: verifier object can not be used after verify() method has been called.

注: 调用verify()函数后不能使用verifier对象。

crypto.createDiffieHellman(prime_length)#

Creates a Diffie-Hellman key exchange object and generates a prime of the given bit length. The generator used is 2.

创建一个迪菲－赫尔曼密钥交换(Diffie-Hellman key exchange)对象，并根据给定的位长度生成一个质数。所用的生成器是s。

crypto.createDiffieHellman(prime, [encoding])#

Creates a Diffie-Hellman key exchange object using the supplied prime. The generator used is 2. Encoding can be 'binary', 'hex', or 'base64'. If no encoding is specified, then a buffer is expected.

根据给定的质数创建一个迪菲－赫尔曼密钥交换(Diffie-Hellman key exchange)对象。所用的生成器是2。编码方式可以是'binary', 'hex'或 'base64'。如果没有指明编码方式，则默认是一个buffer对象。

Class: DiffieHellman#

The class for creating Diffie-Hellman key exchanges.

创建迪菲－赫尔曼密钥交换(Diffie-Hellman key exchanges)的类。

Returned by crypto.createDiffieHellman.

由crypto.createDiffieHellman返回。

diffieHellman.generateKeys([encoding])#

Generates private and public Diffie-Hellman key values, and returns the public key in the specified encoding. This key should be transferred to the other party. Encoding can be 'binary', 'hex', or 'base64'. If no encoding is provided, then a buffer is returned.

生成迪菲－赫尔曼(Diffie-Hellman)算法的公钥和私钥，并根据指明的编码方式返回公钥。这个公钥可以转交给第三方。编码方式可以是 'binary', 'hex'或 'base64'. 如果没有指明编码方式，则返回一个buffer对象。

diffieHellman.computeSecret(other_public_key, [input_encoding], [output_encoding])#

Computes the shared secret using other_public_key as the other party's public key and returns the computed shared secret. Supplied key is interpreted using specified input_encoding, and secret is encoded using specified output_encoding. Encodings can be 'binary', 'hex', or 'base64'. If the input encoding is not provided, then a buffer is expected.

以other_public_key作为第三方公钥来计算共享秘密，并返回这个共享秘密。参数中的密钥会以input_encoding编码方式来解读，而共享密钥则会用output_encoding进行编码。编码方式可以是'binary', 'hex'或 'base64'。如果没有提供输入的编码方式，则默认为一个buffer对象。

If no output encoding is given, then a buffer is returned.

如果没有指明输出的编码方式，则返回一个buffer对象。

diffieHellman.getPrime([encoding])#

Returns the Diffie-Hellman prime in the specified encoding, which can be 'binary', 'hex', or 'base64'. If no encoding is provided, then a buffer is returned.

根据指明的编码格式返回迪菲－赫尔曼(Diffie-Hellman)质数，其中编码方式可以是'binary', 'hex' 或 'base64'。如果没有指明编码方式，则返回一个buffer对象。

diffieHellman.getGenerator([encoding])#

Returns the Diffie-Hellman prime in the specified encoding, which can be 'binary', 'hex', or 'base64'. If no encoding is provided, then a buffer is returned.

diffieHellman.getPublicKey([encoding])#

Returns the Diffie-Hellman public key in the specified encoding, which can be 'binary', 'hex', or 'base64'. If no encoding is provided, then a buffer is returned.

根据指明的编码格式返回迪菲－赫尔曼(Diffie-Hellman)公钥，其中编码方式可以是'binary', 'hex' 或 'base64'。如果没有指明编码方式，则返回一个buffer对象。

diffieHellman.getPrivateKey([encoding])#

Returns the Diffie-Hellman private key in the specified encoding, which can be 'binary', 'hex', or 'base64'. If no encoding is provided, then a buffer is returned.

根据指明的编码格式返回迪菲－赫尔曼(Diffie-Hellman)私钥，其中编码方式可以是'binary', 'hex' 或 'base64'。如果没有指明编码方式，则返回一个buffer对象。

diffieHellman.setPublicKey(public_key, [encoding])#

Sets the Diffie-Hellman public key. Key encoding can be 'binary', 'hex' or 'base64'. If no encoding is provided, then a buffer is expected.

设置迪菲－赫尔曼(Diffie-Hellman)公钥，编码方式可以是可以是'binary', 'hex' 或 'base64'。如果没有指明编码方式，则返回一个buffer对象。

diffieHellman.setPrivateKey(private_key, [encoding])#

Sets the Diffie-Hellman private key. Key encoding can be 'binary', 'hex' or 'base64'. If no encoding is provided, then a buffer is expected.

设置迪菲－赫尔曼(Diffie-Hellman)私钥，编码方式可以是可以是'binary', 'hex' 或 'base64'。如果没有指明编码方式，则返回一个buffer对象。

crypto.getDiffieHellman(group_name)#

Creates a predefined Diffie-Hellman key exchange object. The supported groups are: 'modp1', 'modp2', 'modp5' (defined in RFC 2412) and 'modp14', 'modp15', 'modp16', 'modp17', 'modp18' (defined in RFC 3526). The returned object mimics the interface of objects created by crypto.createDiffieHellman() above, but will not allow to change the keys (with diffieHellman.setPublicKey() for example). The advantage of using this routine is that the parties don't have to generate nor exchange group modulus beforehand, saving both processor and communication time.

创建一个预定义的迪菲－赫尔曼密钥交换(Diffie-Hellman key exchanges)对象。支持以下的D-H组：'modp1', 'modp2', 'modp5' (在RFC 2412中定义) 和 'modp14', 'modp15', 'modp16', 'modp17', 'modp18' (在 RFC 3526中定义)。返回的对象模仿了上述 crypto.createDiffieHellman()方法所创建的对象的接口，但不会晕允许密钥交换 (例如像 diffieHellman.setPublicKey()那样)。执行这套流程的好处是双方不需要事先生成或交换组余数，节省了处理和通信时间。

Example (obtaining a shared secret):

例子 (获取一个共享秘密):

/* alice_secret和 bob_secret应该是一样的 */
console.log(alice_secret == bob_secret);

crypto.pbkdf2(password, salt, iterations, keylen, callback)#

Asynchronous PBKDF2 applies pseudorandom function HMAC-SHA1 to derive a key of given length from the given password, salt and iterations. The callback gets two arguments (err, derivedKey).

异步PBKDF2提供了一个伪随机函数 HMAC-SHA1，根据给定密码的长度，salt和iterations来得出一个密钥。回调函数得到两个参数 (err, derivedKey)。

crypto.pbkdf2Sync(password, salt, iterations, keylen)#

Synchronous PBKDF2 function. Returns derivedKey or throws error.

同步 PBKDF2 函数。返回derivedKey或抛出一个错误。

crypto.randomBytes(size, [callback])#

Generates cryptographically strong pseudo-random data. Usage:

生成密码学强度的伪随机数据。用法：

// 同步
try {
  var buf = crypto.randomBytes(256);
  console.log('有 %d 字节的随机数据： %s', buf.length, buf);
} catch (ex) {
  // handle error
}

crypto.pseudoRandomBytes(size, [callback])#

Generates non-cryptographically strong pseudo-random data. The data returned will be unique if it is sufficiently long, but is not necessarily unpredictable. For this reason, the output of this function should never be used where unpredictability is important, such as in the generation of encryption keys.

生成非密码学强度的伪随机数据。如果数据足够长的话会返回一个唯一的数据，但这个返回值不一定是不可预料的。基于这个原因，当不可预料性很重要时，这个函数的返回值永远都不应该被使用，例如在生成加密的密钥时。

Usage is otherwise identical to crypto.randomBytes.

用法与 crypto.randomBytes一模一样。

crypto.DEFAULT_ENCODING#

The default encoding to use for functions that can take either strings or buffers. The default value is 'buffer', which makes it default to using Buffer objects. This is here to make the crypto module more easily compatible with legacy programs that expected 'binary' to be the default encoding.

对于可以接受字符串或buffer对象的函数的默认编码方式。默认值是'buffer'，所以默认使用Buffer对象。这是为了让crypto模块与默认'binary'为编码方式的遗留程序更容易兼容。

Note that new programs will probably expect buffers, so only use this as a temporary measure.

要注意，新的程序会期待buffer对象，所以使用这个时请只作为暂时的手段。

Recent API Changes#

The Crypto module was added to Node before there was the concept of a unified Stream API, and before there were Buffer objects for handling binary data.

早在统一的流API概念出现，以及引入Buffer对象来处理二进制数据之前，Crypto模块就被添加到Node。

As such, the streaming classes don't have the typical methods found on other Node classes, and many methods accepted and returned Binary-encoded strings by default rather than Buffers. This was changed to use Buffers by default instead.

因为这样，与流有关的类中并没有其它Node类的典型函数，而且很多函数接受和返回默认的二进制编码的字符串，而不是Buffer对象。在最近的修改中，这些函数都被改成默认使用Buffer对象。

This is a breaking change for some use cases, but not all.

这对于某些(但不是全部)使用场景来讲是重大的改变。

For example, if you currently use the default arguments to the Sign class, and then pass the results to the Verify class, without ever inspecting the data, then it will continue to work as before. Where you once got a binary string and then presented the binary string to the Verify object, you'll now get a Buffer, and present the Buffer to the Verify object.

例如，如果你现在使用Sign类的默认参数，然后在没有检查数据的情况下，将结果传递给Verify类，那么程序会照常工作。在以前，你会拿到一个二进制字符串，然后它传递给Verify对象；而现在，你会得到一个Buffer对象，然后把它传递给Verify对象。

However, if you were doing things with the string data that will not work properly on Buffers (such as, concatenating them, storing in databases, etc.), or you are passing binary strings to the crypto functions without an encoding argument, then you will need to start providing encoding arguments to specify which encoding you'd like to use. To switch to the previous style of using binary strings by default, set the crypto.DEFAULT_ENCODING field to 'binary'. Note that new programs will probably expect buffers, so only use this as a temporary measure.

但是，如果你以前是使用那些在Buffer对象上不能正常工作的字符串数据，或者以默认编码方式将二进制数据传递给加密函数的话，那你就要开始提供编码方式参数来指明你想使用的编码方式了。如果想准换回旧的风格默认使用二进制字符串，那么你需要把crypto.DEFAULT_ENCODING字段设为'binary'。但请注意，因为新的程序很可能会期望buffer对象，所以仅将此当做临时手段。

目录