function

crypto.getDiffieHellman

groupName: string

Creates a predefined DiffieHellmanGroup key exchange object. The supported groups are listed in the documentation for DiffieHellmanGroup.

The returned object mimics the interface of objects created by createDiffieHellman, but will not allow changing the keys (with diffieHellman.setPublicKey(), for example). The advantage of using this method is that the parties do not have to generate nor exchange a group modulus beforehand, saving both processor and communication time.

Example (obtaining a shared secret):

const {
  getDiffieHellman,
} = await import('node:crypto');
const alice = getDiffieHellman('modp14');
const bob = getDiffieHellman('modp14');

alice.generateKeys();
bob.generateKeys();

const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');

// aliceSecret and bobSecret should be the same
console.log(aliceSecret === bobSecret);

Referenced types

class DiffieHellmanGroup

The DiffieHellmanGroup class takes a well-known modp group as its argument. It works the same as DiffieHellman, except that it does not allow changing its keys after creation. In other words, it does not implement setPublicKey() or setPrivateKey() methods.

const { createDiffieHellmanGroup } = await import('node:crypto');
const dh = createDiffieHellmanGroup('modp1');

The name (e.g. 'modp1') is taken from RFC 2412 (modp1 and 2) and RFC 3526:

perl -ne 'print "$1\n" if /"(modp\d+)"/' src/node_crypto_groups.h
modp1  #  768 bits
modp2  # 1024 bits
modp5  # 1536 bits
modp14 # 2048 bits
modp15 # etc.
modp16
modp17
modp18

verifyError: number
A bit field containing any warnings and/or errors resulting from a check performed during initialization of the DiffieHellman object.
The following values are valid for this property (as defined in node:constants module):
DH_CHECK_P_NOT_SAFE_PRIME
DH_CHECK_P_NOT_PRIME
DH_UNABLE_TO_CHECK_GENERATOR
DH_NOT_SUITABLE_GENERATOR
computeSecret(
otherPublicKey: BinaryLike,
inputEncoding?: BufferEncoding
): NonSharedBuffer;
Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using the specified inputEncoding, and secret is encoded using specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.
If outputEncoding is given a string is returned; otherwise, a Buffer is returned.
@param inputEncoding
The encoding of an otherPublicKey string.
computeSecret(
otherPublicKey: BinaryLike,
inputEncoding: undefined | null | BufferEncoding,
outputEncoding: BufferEncoding
): string;
Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using the specified inputEncoding, and secret is encoded using specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.
If outputEncoding is given a string is returned; otherwise, a Buffer is returned.
@param inputEncoding
The encoding of an otherPublicKey string.
@param outputEncoding
The encoding of the return value.
generateKeys(): NonSharedBuffer;
Generates private and public Diffie-Hellman key values unless they have been generated or computed already, and returns the public key in the specified encoding. This key should be transferred to the other party. If encoding is provided a string is returned; otherwise a Buffer is returned.
This function is a thin wrapper around DH_generate_key(). In particular, once a private key has been generated or set, calling this function only updates the public key but does not generate a new private key.
generateKeys(
encoding: BufferEncoding
): string;
Generates private and public Diffie-Hellman key values unless they have been generated or computed already, and returns the public key in the specified encoding. This key should be transferred to the other party. If encoding is provided a string is returned; otherwise a Buffer is returned.
This function is a thin wrapper around DH_generate_key(). In particular, once a private key has been generated or set, calling this function only updates the public key but does not generate a new private key.
@param encoding
The encoding of the return value.
getGenerator(): NonSharedBuffer;
Returns the Diffie-Hellman generator in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
getGenerator(
encoding: BufferEncoding
): string;
Returns the Diffie-Hellman generator in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
@param encoding
The encoding of the return value.
getPrime(): NonSharedBuffer;
Returns the Diffie-Hellman prime in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
getPrime(
encoding: BufferEncoding
): string;
Returns the Diffie-Hellman prime in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
@param encoding
The encoding of the return value.
getPrivateKey(): NonSharedBuffer;
Returns the Diffie-Hellman private key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
getPrivateKey(
encoding: BufferEncoding
): string;
Returns the Diffie-Hellman private key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
@param encoding
The encoding of the return value.
getPublicKey(): NonSharedBuffer;
Returns the Diffie-Hellman public key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
getPublicKey(
encoding: BufferEncoding
): string;
Returns the Diffie-Hellman public key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.
@param encoding
The encoding of the return value.