Skip to content
Browse files

doc: document key encryption options

PR-URL: #23632
Reviewed-By: Sam Roberts <>
  • Loading branch information...
tniessen authored and addaleax committed Oct 12, 2018
1 parent 465d02b commit b9b2ba22ec0b3dd0a31463bcfe133428de813d26
Showing with 12 additions and 0 deletions.
  1. +12 −0 doc/api/
@@ -1157,6 +1157,16 @@ For private keys, the following encoding options can be used:
When PEM encoding was selected, the result will be a string, otherwise it will
be a buffer containing the data encoded as DER.

PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of
the `cipher` and `format` options. The PKCS#8 `type` can be used with any
`format` to encrypt any key algorithm (RSA, EC, or DH) by specifying a
`cipher`. PKCS#1 and SEC1 can only be encrypted by specifying a `cipher`
when the PEM `format` is used. For maximum compatibility, use PKCS#8 for
encrypted private keys. Since PKCS#8 defines its own
encryption mechanism, PEM-level encryption is not supported when encrypting
a PKCS#8 key. See [RFC 5208][] for PKCS#8 encryption and [RFC 1421][] for
PKCS#1 and SEC1 encryption.

### keyObject.symmetricSize
<!-- YAML
added: v11.6.0
@@ -3127,10 +3137,12 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
[NIST SP 800-38D]:
[Nonce-Disrespecting Adversaries]:
[OpenSSL's SPKAC implementation]:
[RFC 1421]:
[RFC 2412]:
[RFC 3526]:
[RFC 3610]:
[RFC 4055]:
[RFC 5208]:
[encoding]: buffer.html#buffer_buffers_and_character_encodings
[initialization vector]:

0 comments on commit b9b2ba2

Please sign in to comment.
You can’t perform that action at this time.