fixup! crypto: add raw key formats support to the KeyObject APIs

panva · panva · commit 261b64af8ae5 · 2026-03-13T16:02:40.000+01:00
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
@@ -75,37 +75,161 @@ try {
 
 ## Asymmetric key types
 
-The following table lists the asymmetric key types recognized by the [`KeyObject`][] API:
-
-| Key Type                           | Description        | OID                     |
-| ---------------------------------- | ------------------ | ----------------------- |
-| `'dh'`                             | Diffie-Hellman     | 1.2.840.113549.1.3.1    |
-| `'dsa'`                            | DSA                | 1.2.840.10040.4.1       |
-| `'ec'`                             | Elliptic curve     | 1.2.840.10045.2.1       |
-| `'ed25519'`                        | Ed25519            | 1.3.101.112             |
-| `'ed448'`                          | Ed448              | 1.3.101.113             |
-| `'ml-dsa-44'`[^openssl35]          | ML-DSA-44          | 2.16.840.1.101.3.4.3.17 |
-| `'ml-dsa-65'`[^openssl35]          | ML-DSA-65          | 2.16.840.1.101.3.4.3.18 |
-| `'ml-dsa-87'`[^openssl35]          | ML-DSA-87          | 2.16.840.1.101.3.4.3.19 |
-| `'ml-kem-512'`[^openssl35]         | ML-KEM-512         | 2.16.840.1.101.3.4.4.1  |
-| `'ml-kem-768'`[^openssl35]         | ML-KEM-768         | 2.16.840.1.101.3.4.4.2  |
-| `'ml-kem-1024'`[^openssl35]        | ML-KEM-1024        | 2.16.840.1.101.3.4.4.3  |
-| `'rsa-pss'`                        | RSA PSS            | 1.2.840.113549.1.1.10   |
-| `'rsa'`                            | RSA                | 1.2.840.113549.1.1.1    |
-| `'slh-dsa-sha2-128f'`[^openssl35]  | SLH-DSA-SHA2-128f  | 2.16.840.1.101.3.4.3.21 |
-| `'slh-dsa-sha2-128s'`[^openssl35]  | SLH-DSA-SHA2-128s  | 2.16.840.1.101.3.4.3.20 |
-| `'slh-dsa-sha2-192f'`[^openssl35]  | SLH-DSA-SHA2-192f  | 2.16.840.1.101.3.4.3.23 |
-| `'slh-dsa-sha2-192s'`[^openssl35]  | SLH-DSA-SHA2-192s  | 2.16.840.1.101.3.4.3.22 |
-| `'slh-dsa-sha2-256f'`[^openssl35]  | SLH-DSA-SHA2-256f  | 2.16.840.1.101.3.4.3.25 |
-| `'slh-dsa-sha2-256s'`[^openssl35]  | SLH-DSA-SHA2-256s  | 2.16.840.1.101.3.4.3.24 |
-| `'slh-dsa-shake-128f'`[^openssl35] | SLH-DSA-SHAKE-128f | 2.16.840.1.101.3.4.3.27 |
-| `'slh-dsa-shake-128s'`[^openssl35] | SLH-DSA-SHAKE-128s | 2.16.840.1.101.3.4.3.26 |
-| `'slh-dsa-shake-192f'`[^openssl35] | SLH-DSA-SHAKE-192f | 2.16.840.1.101.3.4.3.29 |
-| `'slh-dsa-shake-192s'`[^openssl35] | SLH-DSA-SHAKE-192s | 2.16.840.1.101.3.4.3.28 |
-| `'slh-dsa-shake-256f'`[^openssl35] | SLH-DSA-SHAKE-256f | 2.16.840.1.101.3.4.3.31 |
-| `'slh-dsa-shake-256s'`[^openssl35] | SLH-DSA-SHAKE-256s | 2.16.840.1.101.3.4.3.30 |
-| `'x25519'`                         | X25519             | 1.3.101.110             |
-| `'x448'`                           | X448               | 1.3.101.111             |
+The following table lists the asymmetric key types recognized by the [`KeyObject`][] API
+and the export/import formats supported for each key type.
+
+| Key Type                           | Description        | OID                     | `'pem'` | `'der'` | `'jwk'` | `'raw-public'` | `'raw-private'` | `'raw-seed'` |
+| ---------------------------------- | ------------------ | ----------------------- | ------- | ------- | ------- | -------------- | --------------- | ------------ |
+| `'dh'`                             | Diffie-Hellman     | 1.2.840.113549.1.3.1    | ✔       | ✔       |         |                |                 |              |
+| `'dsa'`                            | DSA                | 1.2.840.10040.4.1       | ✔       | ✔       |         |                |                 |              |
+| `'ec'`                             | Elliptic curve     | 1.2.840.10045.2.1       | ✔       | ✔       | ✔       | ✔              | ✔               |              |
+| `'ed25519'`                        | Ed25519            | 1.3.101.112             | ✔       | ✔       | ✔       | ✔              | ✔               |              |
+| `'ed448'`                          | Ed448              | 1.3.101.113             | ✔       | ✔       | ✔       | ✔              | ✔               |              |
+| `'ml-dsa-44'`[^openssl35]          | ML-DSA-44          | 2.16.840.1.101.3.4.3.17 | ✔       | ✔       | ✔       | ✔              |                 | ✔            |
+| `'ml-dsa-65'`[^openssl35]          | ML-DSA-65          | 2.16.840.1.101.3.4.3.18 | ✔       | ✔       | ✔       | ✔              |                 | ✔            |
+| `'ml-dsa-87'`[^openssl35]          | ML-DSA-87          | 2.16.840.1.101.3.4.3.19 | ✔       | ✔       | ✔       | ✔              |                 | ✔            |
+| `'ml-kem-512'`[^openssl35]         | ML-KEM-512         | 2.16.840.1.101.3.4.4.1  | ✔       | ✔       |         | ✔              |                 | ✔            |
+| `'ml-kem-768'`[^openssl35]         | ML-KEM-768         | 2.16.840.1.101.3.4.4.2  | ✔       | ✔       |         | ✔              |                 | ✔            |
+| `'ml-kem-1024'`[^openssl35]        | ML-KEM-1024        | 2.16.840.1.101.3.4.4.3  | ✔       | ✔       |         | ✔              |                 | ✔            |
+| `'rsa-pss'`                        | RSA PSS            | 1.2.840.113549.1.1.10   | ✔       | ✔       |         |                |                 |              |
+| `'rsa'`                            | RSA                | 1.2.840.113549.1.1.1    | ✔       | ✔       | ✔       |                |                 |              |
+| `'slh-dsa-sha2-128f'`[^openssl35]  | SLH-DSA-SHA2-128f  | 2.16.840.1.101.3.4.3.21 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-sha2-128s'`[^openssl35]  | SLH-DSA-SHA2-128s  | 2.16.840.1.101.3.4.3.20 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-sha2-192f'`[^openssl35]  | SLH-DSA-SHA2-192f  | 2.16.840.1.101.3.4.3.23 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-sha2-192s'`[^openssl35]  | SLH-DSA-SHA2-192s  | 2.16.840.1.101.3.4.3.22 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-sha2-256f'`[^openssl35]  | SLH-DSA-SHA2-256f  | 2.16.840.1.101.3.4.3.25 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-sha2-256s'`[^openssl35]  | SLH-DSA-SHA2-256s  | 2.16.840.1.101.3.4.3.24 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-shake-128f'`[^openssl35] | SLH-DSA-SHAKE-128f | 2.16.840.1.101.3.4.3.27 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-shake-128s'`[^openssl35] | SLH-DSA-SHAKE-128s | 2.16.840.1.101.3.4.3.26 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-shake-192f'`[^openssl35] | SLH-DSA-SHAKE-192f | 2.16.840.1.101.3.4.3.29 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-shake-192s'`[^openssl35] | SLH-DSA-SHAKE-192s | 2.16.840.1.101.3.4.3.28 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-shake-256f'`[^openssl35] | SLH-DSA-SHAKE-256f | 2.16.840.1.101.3.4.3.31 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'slh-dsa-shake-256s'`[^openssl35] | SLH-DSA-SHAKE-256s | 2.16.840.1.101.3.4.3.30 | ✔       | ✔       |         | ✔              | ✔               |              |
+| `'x25519'`                         | X25519             | 1.3.101.110             | ✔       | ✔       | ✔       | ✔              | ✔               |              |
+| `'x448'`                           | X448               | 1.3.101.111             | ✔       | ✔       | ✔       | ✔              | ✔               |              |
+
+### Raw key formats
+
+<!-- YAML
+added: REPLACEME
+-->
+
+> Stability: 1.1 - Active development
+
+The `'raw-public'`, `'raw-private'`, and `'raw-seed'` key formats allow
+importing and exporting raw key material without any encoding wrapper.
+See [`keyObject.export()`][], [`crypto.createPublicKey()`][], and
+[`crypto.createPrivateKey()`][] for usage details.
+
+Example: Exporting raw keys and importing them:
+
+```mjs
+const crypto = await import('node:crypto');
+
+const { publicKey, privateKey } = crypto.generateKeyPairSync('ed25519');
+
+// Export the raw public key (32 bytes for Ed25519).
+const rawPublicKey = publicKey.export({ format: 'raw-public' });
+
+// Export the raw private key (32 bytes for Ed25519).
+const rawPrivateKey = privateKey.export({ format: 'raw-private' });
+
+// Import the raw public key
+const importedPublicKey = crypto.createPublicKey({
+  key: rawPublicKey,
+  format: 'raw-public',
+  asymmetricKeyType: 'ed25519',
+});
+
+// Import the raw private key
+const importedPrivateKey = crypto.createPrivateKey({
+  key: rawPrivateKey,
+  format: 'raw-private',
+  asymmetricKeyType: 'ed25519',
+});
+
+// Raw keys can also be used directly with sign() and verify()
+// without explicitly importing them first.
+const data = new TextEncoder().encode('some data to sign');
+const signature = crypto.sign(null, data, {
+  key: rawPrivateKey,
+  format: 'raw-private',
+  asymmetricKeyType: 'ed25519',
+});
+console.log(crypto.verify(null, data, {
+  key: rawPublicKey,
+  format: 'raw-public',
+  asymmetricKeyType: 'ed25519',
+}, signature));
+// Prints: true
+```
+
+Example: For EC keys, the `namedCurve` option is required when importing:
+
+```mjs
+const crypto = await import('node:crypto');
+
+const { publicKey } = crypto.generateKeyPairSync('ec', { namedCurve: 'P-256' });
+
+// Export the raw EC public key (compressed by default).
+const rawPublicKey = publicKey.export({ format: 'raw-public' });
+
+// The following is equivalent.
+const rawPublicKeyCompressed = publicKey.export({
+  format: 'raw-public',
+  type: 'compressed',
+});
+
+// Export uncompressed point format.
+const rawPublicKeyUncompressed = publicKey.export({
+  format: 'raw-public',
+  type: 'uncompressed',
+});
+
+// Import the raw EC public key
+// Both compressed and uncompressed point formats are accepted.
+const importedPublicKey = crypto.createPublicKey({
+  key: rawPublicKey,
+  format: 'raw-public',
+  asymmetricKeyType: 'ec',
+  namedCurve: 'P-256',
+});
+```
+
+Example: Exporting raw seeds and importing them:
+
+```mjs
+const crypto = await import('node:crypto');
+
+const { publicKey, privateKey } = crypto.generateKeyPairSync('ml-kem-768');
+
+// Export the raw seed (32 bytes for ML-KEM).
+const seed = privateKey.export({ format: 'raw-seed' });
+
+// Import the raw seed
+const importedPrivateKey = crypto.createPrivateKey({
+  key: seed,
+  format: 'raw-seed',
+  asymmetricKeyType: 'ml-kem-768',
+});
+
+// Export the raw public key.
+const rawPublicKey = publicKey.export({ format: 'raw-public' });
+
+// Raw keys can also be used directly with encapsulate() and decapsulate()
+// without explicitly importing them first.
+const { ciphertext, sharedKey } = crypto.encapsulate({
+  key: rawPublicKey,
+  format: 'raw-public',
+  asymmetricKeyType: 'ml-kem-768',
+});
+console.log(crypto.decapsulate({
+  key: seed,
+  format: 'raw-seed',
+  asymmetricKeyType: 'ml-kem-768',
+}, ciphertext).equals(sharedKey));
+// Prints: true
+```
 
 ## Class: `Certificate`
 
@@ -2121,6 +2245,10 @@ type, value, and parameters. This method is not
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/62240
+    description: Added support for `'raw-public'`, `'raw-private'`,
+                 and `'raw-seed'` formats.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/62178
     description: ML-KEM and ML-DSA private key `'pkcs8'` export now
@@ -2140,36 +2268,39 @@ For symmetric keys, the following encoding options can be used:
 
 For public keys, the following encoding options can be used:
 
-* `type` {string} Must be one of `'pkcs1'` (RSA only) or `'spki'`.
-* `format` {string} Must be `'pem'`, `'der'`, or `'jwk'`.
+* `format` {string} Must be `'pem'`, `'der'`, `'jwk'`, or `'raw-public'`.
+  See [asymmetric key types][] for format support.
+* `type` {string} When `format` is `'pem'` or `'der'`, must be `'pkcs1'`
+  (RSA only) or `'spki'`. For EC keys with `'raw-public'` format, may be
+  `'compressed'` (default) or `'uncompressed'`. Ignored when `format` is
+  `'jwk'`.
 
 For private keys, the following encoding options can be used:
 
-* `type` {string} Must be one of `'pkcs1'` (RSA only), `'pkcs8'` or
-  `'sec1'` (EC only).
-* `format` {string} Must be `'pem'`, `'der'`, or `'jwk'`.
+* `format` {string} Must be `'pem'`, `'der'`, `'jwk'`, `'raw-private'`,
+  or `'raw-seed'`. See [asymmetric key types][] for format support.
+* `type` {string} When `format` is `'pem'` or `'der'`, must be `'pkcs1'`
+  (RSA only), `'pkcs8'`, or `'sec1'` (EC only). Ignored when `format` is
+  `'jwk'`, `'raw-private'`, or `'raw-seed'`.
 * `cipher` {string} If specified, the private key will be encrypted with
   the given `cipher` and `passphrase` using PKCS#5 v2.0 password based
-  encryption.
-* `passphrase` {string | Buffer} The passphrase to use for encryption, see
-  `cipher`.
+  encryption. Ignored when `format` is `'jwk'`, `'raw-private'`, or
+  `'raw-seed'`.
+* `passphrase` {string | Buffer} The passphrase to use for encryption.
+  Required when `cipher` is specified.
 
 The result type depends on the selected encoding format, when PEM the
 result is a string, when DER it will be a buffer containing the data
-encoded as DER, when [JWK][] it will be an object.
-
-When [JWK][] encoding format was selected, all other encoding options are
-ignored.
+encoded as DER, when [JWK][] it will be an object. Raw formats return a
+{Buffer} containing the raw key material.
 
-PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of
-the `cipher` and `format` options. The PKCS#8 `type` can be used with any
-`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a
-`cipher`. PKCS#1 and SEC1 can only be encrypted by specifying a `cipher`
-when the PEM `format` is used. For maximum compatibility, use PKCS#8 for
-encrypted private keys. Since PKCS#8 defines its own
-encryption mechanism, PEM-level encryption is not supported when encrypting
-a PKCS#8 key. See [RFC 5208][] for PKCS#8 encryption and [RFC 1421][] for
-PKCS#1 and SEC1 encryption.
+Private keys can be encrypted by specifying a `cipher` and `passphrase`.
+The PKCS#8 `type` supports encryption with both PEM and DER `format` for any
+key algorithm. PKCS#1 and SEC1 can only be encrypted when the PEM `format` is
+used. For maximum compatibility, use PKCS#8 for encrypted private keys. Since
+PKCS#8 defines its own encryption mechanism, PEM-level encryption is not
+supported when encrypting a PKCS#8 key. See [RFC 5208][] for PKCS#8 encryption
+and [RFC 1421][] for PKCS#1 and SEC1 encryption.
 
 ### `keyObject.symmetricKeySize`
 
@@ -3634,6 +3765,10 @@ input.on('readable', () => {
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/62240
+    description: Added support for `'raw-private'` and `'raw-seed'`
+                 formats.
   - version: v24.6.0
     pr-url: https://github.com/nodejs/node/pull/59259
     description: Add support for ML-DSA keys.
@@ -3651,12 +3786,17 @@ changes:
 * `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView}
   * `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|Object} The key
     material, either in PEM, DER, or JWK format.
-  * `format` {string} Must be `'pem'`, `'der'`, or '`'jwk'`.
-    **Default:** `'pem'`.
+  * `format` {string} Must be `'pem'`, `'der'`, `'jwk'`, `'raw-private'`,
+    or `'raw-seed'`. **Default:** `'pem'`.
   * `type` {string} Must be `'pkcs1'`, `'pkcs8'` or `'sec1'`. This option is
     required only if the `format` is `'der'` and ignored otherwise.
   * `passphrase` {string | Buffer} The passphrase to use for decryption.
   * `encoding` {string} The string encoding to use when `key` is a string.
+  * `asymmetricKeyType` {string} Required when `format` is `'raw-private'`
+    or `'raw-seed'` and ignored otherwise.
+    Must be a [supported key type][asymmetric key types].
+  * `namedCurve` {string} Name of the curve to use. Required when
+    `asymmetricKeyType` is `'ec'` and ignored otherwise.
 * Returns: {KeyObject}
 
 <!--lint enable maximum-line-length remark-lint-->
@@ -3673,6 +3813,9 @@ of the passphrase is limited to 1024 bytes.
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/62240
+    description: Added support for `'raw-public'` format.
   - version: v24.6.0
     pr-url: https://github.com/nodejs/node/pull/59259
     description: Add support for ML-DSA keys.
@@ -3697,11 +3840,16 @@ changes:
 * `key` {Object|string|ArrayBuffer|Buffer|TypedArray|DataView}
   * `key` {string|ArrayBuffer|Buffer|TypedArray|DataView|Object} The key
     material, either in PEM, DER, or JWK format.
-  * `format` {string} Must be `'pem'`, `'der'`, or `'jwk'`.
+  * `format` {string} Must be `'pem'`, `'der'`, `'jwk'`, or `'raw-public'`.
     **Default:** `'pem'`.
   * `type` {string} Must be `'pkcs1'` or `'spki'`. This option is
     required only if the `format` is `'der'` and ignored otherwise.
   * `encoding` {string} The string encoding to use when `key` is a string.
+  * `asymmetricKeyType` {string} Required when `format` is `'raw-public'`
+    and ignored otherwise.
+    Must be a [supported key type][asymmetric key types].
+  * `namedCurve` {string} Name of the curve to use. Required when
+    `asymmetricKeyType` is `'ec'` and ignored otherwise.
 * Returns: {KeyObject}
 
 <!--lint enable maximum-line-length remark-lint-->
