createCipheriv(algorithm, key, iv, options): CipherCCM
Creates and returns a Cipher object, with the given algorithm, key and
initialization vector (iv).
The options argument controls stream behavior and is optional except when a
cipher in CCM or OCB mode (e.g. 'aes-128-ccm') is used. In that case, theauthTagLength option is required and specifies the length of the
authentication tag in bytes, see CCM mode. In GCM mode, the authTagLengthoption is not required but can be used to set the length of the authentication
tag that will be returned by getAuthTag() and defaults to 16 bytes.
For chacha20-poly1305, the authTagLength option defaults to 16 bytes.
The algorithm is dependent on OpenSSL, examples are 'aes192', etc. On
recent OpenSSL releases, openssl list -cipher-algorithms will
display the available cipher algorithms.
The key is the raw key used by the algorithm and iv is an initialization vector. Both arguments must be 'utf8' encoded
strings,Buffers, TypedArray, or DataViews. The key may optionally be
a KeyObject of type secret. If the cipher does not need
an initialization vector, iv may be null.
When passing strings for key or iv, please consider caveats when using strings as inputs to cryptographic APIs.
Initialization vectors should be unpredictable and unique; ideally, they will be
cryptographically random. They do not have to be secret: IVs are typically just
added to ciphertext messages unencrypted. It may sound contradictory that
something has to be unpredictable and unique, but does not have to be secret;
remember that an attacker must not be able to predict ahead of time what a
given IV will be.
Creates and returns a
Cipherobject, with the givenalgorithm,keyand initialization vector (iv).The
optionsargument controls stream behavior and is optional except when a cipher in CCM or OCB mode (e.g.'aes-128-ccm') is used. In that case, theauthTagLengthoption is required and specifies the length of the authentication tag in bytes, seeCCM mode. In GCM mode, theauthTagLengthoption is not required but can be used to set the length of the authentication tag that will be returned bygetAuthTag()and defaults to 16 bytes. Forchacha20-poly1305, theauthTagLengthoption defaults to 16 bytes.The
algorithmis dependent on OpenSSL, examples are'aes192', etc. On recent OpenSSL releases,openssl list -cipher-algorithmswill display the available cipher algorithms.The
keyis the raw key used by thealgorithmandivis an initialization vector. Both arguments must be'utf8'encoded strings,Buffers,TypedArray, orDataViews. Thekeymay optionally be aKeyObjectof typesecret. If the cipher does not need an initialization vector,ivmay benull.When passing strings for
keyoriv, please considercaveats when using strings as inputs to cryptographic APIs.Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; remember that an attacker must not be able to predict ahead of time what a given IV will be.