type HashingAlgorithm = 'md4' | 'md5' | 'ripemd160' | 'sha1' | 'sha224' | 'sha256' | 'sha384' | 'sha512'; interface CryptoBackend { readonly name: 'node' | 'web'; randomBytes(n: number): Uint8Array; digest(alg: HashingAlgorithm, data: Uint8Array): Uint8Array; supportsHash(alg: HashingAlgorithm): boolean; } type MaskGenerationFunction = (seed: Uint8Array, maskLength: number, hash: HashingAlgorithm) => Uint8Array; interface EncryptionSchemeOptions { /** RSA padding constant (PKCS#1 = 1, OAEP = 4, RSA_NO_PADDING = 3). */ padding?: number; /** Hash to use for OAEP (default sha1). */ hash?: HashingAlgorithm; /** Label byte string for OAEP (default empty). */ label?: Uint8Array; /** Custom MGF (default MGF1). */ mgf?: MaskGenerationFunction; } interface SigningSchemeOptions { /** Hash to use (default sha256 for PKCS#1, sha1 for PSS). */ hash?: HashingAlgorithm; /** Salt length for PSS (default 20). */ saltLength?: number; /** Custom MGF for PSS (default MGF1). */ mgf?: MaskGenerationFunction; } interface SchemeOptions { signingScheme: 'pkcs1' | 'pss'; encryptionScheme: 'pkcs1' | 'pkcs1_oaep'; signingSchemeOptions: SigningSchemeOptions; encryptionSchemeOptions: EncryptionSchemeOptions; environment: 'node' | 'browser'; backend: CryptoBackend; } /** Encryption-padding side of a scheme (PKCS#1 v1.5 type 2, or OAEP). */ interface EncryptionSchemeImpl { maxMessageLength(): number; encPad(buffer: Uint8Array, opts?: { type?: number; }): Uint8Array; encUnPad(buffer: Uint8Array, opts?: { type?: number; }): Uint8Array | null; } /** Signing side of a scheme (PKCS#1 v1.5 type 1 with DigestInfo, or PSS). */ interface SignatureScheme { sign(buffer: Uint8Array): Uint8Array; verify(buffer: Uint8Array, signature: Uint8Array): boolean; } declare class BigInteger$1 { static ZERO: BigInteger$1; static ONE: BigInteger$1; constructor(a?: number | Uint8Array | number[] | string | null, b?: number | string, unsigned?: boolean); isEven(): boolean; toString(b?: number): string; abs(): BigInteger$1; compareTo(a: BigInteger$1): number; bitLength(): number; mod(a: BigInteger$1): BigInteger$1; modPowInt(e: number, m: BigInteger$1): BigInteger$1; signum(): number; /** * Return a Uint8Array of this integer in big-endian unsigned form. * * - `trimOrSize === true`: drop a leading 0x00 sign byte if present. * - `trimOrSize` is a positive integer: left-pad or trim leading zeros to * produce exactly `trimOrSize` bytes. Returns null if trimming would * discard a non-zero byte (i.e., the value doesn't fit). * - Otherwise: return the raw two's-complement byte array with possible * leading 0x00 sign byte. */ toBuffer(trimOrSize?: boolean | number): Uint8Array | null; shiftLeft(n: number): BigInteger$1; shiftRight(n: number): BigInteger$1; testBit(n: number): boolean; add(a: BigInteger$1): BigInteger$1; subtract(a: BigInteger$1): BigInteger$1; multiply(a: BigInteger$1): BigInteger$1; square(): BigInteger$1; divideAndRemainder(a: BigInteger$1): [BigInteger$1, BigInteger$1]; modPow(e: BigInteger$1, m: BigInteger$1): BigInteger$1; gcd(a: BigInteger$1): BigInteger$1; modInverse(m: BigInteger$1): BigInteger$1; isProbablePrime(t: number): boolean; } type BigInteger = BigInteger$1; declare let BigInteger: typeof BigInteger$1; /** * Asymmetric RSA key (public or private). * * Field semantics (RFC 3447): * n — modulus * e — public exponent * d — private exponent * p, q — prime factors of n (n = p * q) * dmp1 — d mod (p - 1) * dmq1 — d mod (q - 1) * coeff — (q^-1) mod p, used by CRT decryption */ declare class RSAKey { n: BigInteger | null; e: number; d: BigInteger | null; p: BigInteger | null; q: BigInteger | null; dmp1: BigInteger | null; dmq1: BigInteger | null; coeff: BigInteger | null; cache: { keyBitLength: number; keyByteLength: number; }; encryptionScheme: EncryptionSchemeImpl; signingScheme: SignatureScheme; options: SchemeOptions; /** OpenSSH key comment field (preserved across import/export). */ sshcomment?: string; /** * BigInteger constructor that owns this key's components. Read off * `n.constructor` so a later `setBigIntegerImpl()` swap by another * NodeRSA instance can't corrupt operations on this key — fresh * BigIntegers spawned during sign/encrypt/blinding stay the same class * as `n`, `d`, `p`, `q` etc. */ get BI(): typeof BigInteger; /** * Bind encryption + signing scheme instances to this key. If both schemes * resolve to the same provider (PKCS#1 v1.5 covers both), one instance is * shared so internal padding state stays consistent. Throws on unknown * scheme names. */ setOptions(options: SchemeOptions, schemes: Record): void; /** * Generate a fresh `B`-bit private key with public exponent E (hex string). * Matches v1's algorithm and RNG call pattern exactly. */ generate(B: number, E: string): void; /** * Install private-key components (raw big-endian bytes; E may be a number). * If any CRT field (P/Q/DP/DQ/C) is omitted the key works without CRT — * slower decrypt but valid. Throws if N/E/D are missing or if CRT fields * are present but mathematically inconsistent (Boneh-DeMillo-Lipton * fault-attack guard). */ setPrivate(N: Uint8Array, E: number | Uint8Array, D: Uint8Array, P?: Uint8Array, Q?: Uint8Array, DP?: Uint8Array, DQ?: Uint8Array, C?: Uint8Array): void; /** Install public-key components (raw big-endian bytes; E may be a number). Throws if N/E are missing or E is invalid. */ setPublic(N: Uint8Array, E: number | Uint8Array): void; /** * RFC 8017 §3.1 requires 1 < e < n with e odd. e=1 makes ciphertext == * plaintext; even e breaks RSA invertibility entirely. The e < n side * is implicit (n ≥ 2^512 ≫ any JS-number-encodable e). */ private validateExponent; /** * Cross-check CRT invariants for an imported private key. Inconsistent * components (n ≠ p·q, mismatched dp/dq, bad coeff) don't just produce * garbage on decrypt — they enable Boneh-DeMillo-Lipton fault attacks * where a single faulted signature reveals gcd(s_correct − s_faulted, n) * and factors n. Skipped when CRT components are absent (basic n, e, d * key still works, just without CRT). */ private validatePrivateConsistency; /** x^d mod n, using CRT if p/q are available, otherwise direct. */ $doPrivate(x: BigInteger): BigInteger; /** * Produce a fresh blinding pair (r^e mod n, r^-1 mod n) for one private * operation. Returns null only in the astronomically rare case that the * RNG keeps producing r with gcd(r, n) ≠ 1 — probability ≈ 2/√n per * attempt; 10 attempts is overkill safety. * * Returns null also if there's no backend yet (e.g., key without * setOptions() — only happens in some test setups). */ private makeBlinding; /** x^e mod n. */ $doPublic(x: BigInteger): BigInteger; /** True iff `d` is loaded (n, e implied). */ isPrivate(): boolean; /** True iff `n` and `e` are set. With `strict=true` additionally requires `d` to be absent. */ isPublic(strict?: boolean): boolean; /** Modulus size in bits (0 if no key loaded). */ get keySize(): number; /** Ciphertext block size in bytes. */ get encryptedDataLength(): number; /** Largest single-chunk plaintext the configured encryption scheme will accept. */ get maxMessageLength(): number; /** Recompute cached key-size metrics. */ recalculateCache(): void; /** * Clear all key material from this instance. Call when the key is no * longer needed to reduce the window in which private components are * reachable from the JS heap (heap snapshots, core dumps, swap). * * JavaScript has no guaranteed deterministic memory zeroing — GC-managed * BigInteger internals may linger until collected. This method removes * references as early as possible, which is the strongest guarantee the * language offers. */ destroy(): void; /** Convenience: get the backend bound via setOptions. */ get backend(): CryptoBackend; } type Environment = 'node' | 'browser'; type EncryptionScheme = 'pkcs1' | 'pkcs1_oaep'; type SigningScheme = 'pkcs1' | 'pss'; /** * Shorthand scheme-hash combinations accepted by `signingScheme`. * Parsed at runtime as `-`. */ type SigningSchemeHash = 'pkcs1-ripemd160' | 'pkcs1-md4' | 'pkcs1-md5' | 'pkcs1-sha' | 'pkcs1-sha1' | 'pkcs1-sha224' | 'pkcs1-sha256' | 'pkcs1-sha384' | 'pkcs1-sha512' | 'pss-ripemd160' | 'pss-md4' | 'pss-md5' | 'pss-sha' | 'pss-sha1' | 'pss-sha224' | 'pss-sha256' | 'pss-sha384' | 'pss-sha512'; /** PEM-encoded key format identifiers (string output / input). */ type FormatPem = 'private' | 'public' | 'pkcs1' | 'pkcs1-pem' | 'pkcs1-private' | 'pkcs1-private-pem' | 'pkcs1-public' | 'pkcs1-public-pem' | 'pkcs8' | 'pkcs8-pem' | 'pkcs8-private' | 'pkcs8-private-pem' | 'pkcs8-public' | 'pkcs8-public-pem' | 'openssh-public' | 'openssh-private'; /** DER-encoded key format identifiers (Uint8Array output / input). */ type FormatDer = 'pkcs1-der' | 'pkcs1-private-der' | 'pkcs1-public-der' | 'pkcs8-der' | 'pkcs8-private-der' | 'pkcs8-public-der'; /** Raw private components format identifiers. */ type FormatComponentsPrivate = 'components' | 'components-pem' | 'components-der' | 'components-private' | 'components-private-pem' | 'components-private-der'; /** Raw public components format identifiers. */ type FormatComponentsPublic = 'components-public' | 'components-public-pem' | 'components-public-der'; /** Any supported key format identifier. */ type Format = FormatPem | FormatDer | FormatComponentsPrivate | FormatComponentsPublic; interface KeyComponentsPrivate { n: Uint8Array; e: Uint8Array | number; d: Uint8Array; p: Uint8Array; q: Uint8Array; dmp1: Uint8Array; dmq1: Uint8Array; coeff: Uint8Array; } interface KeyComponentsPublic { n: Uint8Array; e: Uint8Array | number; } /** Key material accepted by `importKey` / the constructor. */ type Key = string | Uint8Array | KeyComponentsPrivate | KeyComponentsPublic; /** Plaintext data accepted by `encrypt` / `sign`. */ type Data = string | object | unknown[]; /** `{ b: bits }` shorthand for `new NodeRSA({ b: 2048 })`. */ interface KeyBits { b: number; } /** * Encoding tags accepted by encrypt/decrypt/sign/verify for converting * between strings and bytes. `'json'` is a decrypt-only sentinel and is * declared separately on `decrypt` / `decryptPublic` overloads, not here. * * Note: legacy v1 accepted `'ascii'`, `'utf16le'`, `'ucs2'` by name but * routed them through `Buffer.from` aliases that v2 no longer wires; only * the encodings below are implemented end-to-end. */ type Encoding = 'buffer' | 'binary' | 'latin1' | 'hex' | 'base64' | 'utf8'; interface AdvancedEncryptionSchemePKCS1 { scheme: 'pkcs1'; /** OpenSSL RSA padding constant (currently informational; runtime uses scheme name). */ padding?: number; } interface AdvancedEncryptionSchemePKCS1OAEP { scheme: 'pkcs1_oaep'; hash?: HashingAlgorithm; label?: Uint8Array; mgf?: MaskGenerationFunction; } type AdvancedEncryptionScheme = AdvancedEncryptionSchemePKCS1 | AdvancedEncryptionSchemePKCS1OAEP; interface AdvancedSigningSchemePSS { scheme: 'pss'; hash?: HashingAlgorithm; saltLength?: number; mgf?: MaskGenerationFunction; } interface AdvancedSigningSchemePKCS1 { scheme: 'pkcs1'; hash?: HashingAlgorithm; } type AdvancedSigningScheme = AdvancedSigningSchemePSS | AdvancedSigningSchemePKCS1; interface NodeRSAGenerateOptions { /** Bits in the modulus. */ b?: number; /** Public exponent. */ e?: number; } /** Which BigInteger implementation NodeRSA should use under the hood. */ type BigIntegerImpl = 'jsbn' | 'native'; interface NodeRSAOptions { signingScheme?: SigningScheme | SigningSchemeHash | AdvancedSigningScheme | (SigningSchemeOptions & { scheme?: SigningScheme; }); encryptionScheme?: EncryptionScheme | AdvancedEncryptionScheme | (EncryptionSchemeOptions & { scheme?: EncryptionScheme; }); environment?: Environment; /** * Switch the BigInteger backend. Browser bundle defaults to `'native'`, * Node bundle defaults to `'jsbn'`. `'native'` silently falls back to * `'jsbn'` on runtimes without `globalThis.BigInt`. * * Must be set BEFORE the key is imported/generated — i.e. as part of the * constructor's options or before any importKey/generateKeyPair call. * Calling `setOptions({ bigIntImpl })` on a NodeRSA whose `keyPair` * already has components throws, because the existing BigInteger objects * carry the old implementation's class identity and can't interoperate. */ bigIntImpl?: BigIntegerImpl; /** Used for tests; not part of the public API surface. */ key?: unknown; } interface ResolvedOptions { signingScheme: SigningScheme; signingSchemeOptions: SigningSchemeOptions; encryptionScheme: EncryptionScheme; encryptionSchemeOptions: EncryptionSchemeOptions; environment: Environment; bigIntImpl: BigIntegerImpl; } declare class NodeRSA { $options: ResolvedOptions; keyPair: RSAKey; private engine; private $cache; constructor(key?: KeyBits); constructor(key: Key, format?: Format, options?: NodeRSAOptions); constructor(key: null | undefined, format?: NodeRSAOptions); setOptions(options: NodeRSAOptions): this; generateKeyPair(bits?: number, exp?: number): this; importKey(keyData: Key, format?: Format | string): this; exportKey(format?: FormatPem): string; exportKey(format: FormatDer): Uint8Array; exportKey(format: FormatComponentsPrivate): KeyComponentsPrivate; exportKey(format: FormatComponentsPublic): KeyComponentsPublic; exportKey(format?: string): Uint8Array | string | object; isPrivate(): boolean; isPublic(strict?: boolean): boolean; isEmpty(): boolean; getKeySize(): number; getMaxMessageSize(): number; encrypt(data: Data | Uint8Array, encoding?: 'buffer', sourceEncoding?: Encoding): Uint8Array; encrypt(data: Data | Uint8Array, encoding: Encoding, sourceEncoding?: Encoding): string; decrypt(data: Uint8Array | string, encoding?: 'buffer'): Uint8Array; decrypt(data: Uint8Array | string, encoding: Encoding): string; decrypt(data: Uint8Array | string, encoding: 'json'): T; encryptPrivate(data: Data | Uint8Array, encoding?: 'buffer', sourceEncoding?: Encoding): Uint8Array; encryptPrivate(data: Data | Uint8Array, encoding: Encoding, sourceEncoding?: Encoding): string; decryptPublic(data: Uint8Array | string, encoding?: 'buffer'): Uint8Array; decryptPublic(data: Uint8Array | string, encoding: Encoding): string; decryptPublic(data: Uint8Array | string, encoding: 'json'): T; sign(data: Data | Uint8Array, encoding?: 'buffer', sourceEncoding?: Encoding): Uint8Array; sign(data: Data | Uint8Array, encoding: Encoding, sourceEncoding?: Encoding): string; verify(data: Data | Uint8Array, signature: Uint8Array, sourceEncoding?: Encoding): boolean; verify(data: Data | Uint8Array, signature: string, sourceEncoding: Encoding | undefined, signatureEncoding: Encoding): boolean; $$encryptKey(usePrivate: boolean, buffer: unknown, encoding?: Encoding, sourceEncoding?: string): Uint8Array | string; $$decryptKey(usePublic: boolean, buffer: Uint8Array | string, encoding?: Encoding): Uint8Array | string | object; $getDataForEncrypt(buffer: unknown, encoding?: string): Uint8Array; $getDecryptedData(bytes: Uint8Array, encoding?: Encoding | 'json'): Uint8Array | string | object; private rewireScheme; private ensureEngine; } export { type AdvancedEncryptionScheme, type AdvancedEncryptionSchemePKCS1, type AdvancedEncryptionSchemePKCS1OAEP, type AdvancedSigningScheme, type AdvancedSigningSchemePKCS1, type AdvancedSigningSchemePSS, type BigIntegerImpl, type Data, type Encoding, type EncryptionScheme, type EncryptionSchemeOptions, type Environment, type Format, type FormatComponentsPrivate, type FormatComponentsPublic, type FormatDer, type FormatPem, type HashingAlgorithm, type Key, type KeyBits, type KeyComponentsPrivate, type KeyComponentsPublic, type MaskGenerationFunction, NodeRSA, type NodeRSAGenerateOptions, type NodeRSAOptions, type ResolvedOptions, type SigningScheme, type SigningSchemeHash, type SigningSchemeOptions, NodeRSA as default };