class

crypto.Sign

class Sign

The Sign class is a utility for generating signatures. It can be used in one of two ways:

As a writable stream, where data to be signed is written and the sign.sign() method is used to generate and return the signature, or
Using the sign.update() and sign.sign() methods to produce the signature.

The createSign method is used to create Sign instances. The argument is the string name of the hash function to use. Sign objects are not to be created directly using the new keyword.

Example: Using Sign and Verify objects as streams:

const {
  generateKeyPairSync,
  createSign,
  createVerify,
} = await import('node:crypto');

const { privateKey, publicKey } = generateKeyPairSync('ec', {
  namedCurve: 'sect239k1',
});

const sign = createSign('SHA256');
sign.write('some data to sign');
sign.end();
const signature = sign.sign(privateKey, 'hex');

const verify = createVerify('SHA256');
verify.write('some data to sign');
verify.end();
console.log(verify.verify(publicKey, signature, 'hex'));
// Prints: true

Example: Using the sign.update() and verify.update() methods:

const {
  generateKeyPairSync,
  createSign,
  createVerify,
} = await import('node:crypto');

const { privateKey, publicKey } = generateKeyPairSync('rsa', {
  modulusLength: 2048,
});

const sign = createSign('SHA256');
sign.update('some data to sign');
sign.end();
const signature = sign.sign(privateKey);

const verify = createVerify('SHA256');
verify.update('some data to sign');
verify.end();
console.log(verify.verify(publicKey, signature));
// Prints: true

readonly closed: boolean
Is true after 'close' has been emitted.
destroyed: boolean
Is true after writable.destroy() has been called.
readonly errored: null | Error
Returns error if the stream has been destroyed with an error.
writable: boolean
Is true if it is safe to call writable.write(), which means the stream has not been destroyed, errored, or ended.
readonly writableAborted: boolean
Returns whether the stream was destroyed or errored before emitting 'finish'.
readonly writableCorked: number
Number of times writable.uncork() needs to be called in order to fully uncork the stream.
readonly writableEnded: boolean
Is true after writable.end() has been called. This property does not indicate whether the data has been flushed, for this use writable.writableFinished instead.
readonly writableFinished: boolean
Is set to true immediately before the 'finish' event is emitted.
readonly writableHighWaterMark: number
Return the value of highWaterMark passed when creating this Writable.
readonly writableLength: number
This property contains the number of bytes (or objects) in the queue ready to be written. The value provides introspection data regarding the status of the highWaterMark.
readonly writableNeedDrain: boolean
Is true if the stream's buffer has been full and stream will emit 'drain'.
readonly writableObjectMode: boolean
Getter for the property objectMode of a given Writable stream.
_construct(
callback: (error?: null | Error) => void
): void;
_destroy(
error: null | Error,
callback: (error?: null | Error) => void
): void;
_final(
callback: (error?: null | Error) => void
): void;
_write(
chunk: any,
encoding: BufferEncoding,
callback: (error?: null | Error) => void
): void;
_writev(
chunks: { chunk: any; encoding: BufferEncoding }[],
callback: (error?: null | Error) => void
): void;
[Symbol.asyncDispose](): Promise<void>;
Calls writable.destroy() with an AbortError and returns a promise that fulfills when the stream is finished.
[events.captureRejectionSymbol](
error: Error,
event: string | symbol,
...args: any[]
): void;
The Symbol.for('nodejs.rejection') method is called in case a promise rejection happens when emitting an event and captureRejections is enabled on the emitter. It is possible to use events.captureRejectionSymbol in place of Symbol.for('nodejs.rejection').
import { EventEmitter, captureRejectionSymbol } from 'node:events'; class MyClass extends EventEmitter { constructor() { super({ captureRejections: true }); } [captureRejectionSymbol](err, event, ...args) { console.log('rejection happened for', event, 'with', err, ...args); this.destroy(err); } destroy(err) { // Tear the resource down here. } }
addListener<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Alias for emitter.on(eventName, listener).
addListener(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;
cork(): void;
The writable.cork() method forces all written data to be buffered in memory. The buffered data will be flushed when either the uncork or end methods are called.
The primary intent of writable.cork() is to accommodate a situation in which several small chunks are written to the stream in rapid succession. Instead of immediately forwarding them to the underlying destination, writable.cork() buffers all the chunks until writable.uncork() is called, which will pass them all to writable._writev(), if present. This prevents a head-of-line blocking situation where data is being buffered while waiting for the first small chunk to be processed. However, use of writable.cork() without implementing writable._writev() may have an adverse effect on throughput.
See also: writable.uncork(), writable._writev().
destroy(
error?: Error
): this;
Destroy the stream. Optionally emit an 'error' event, and emit a 'close' event (unless emitClose is set to false). After this call, the writable stream has ended and subsequent calls to write() or end() will result in an ERR_STREAM_DESTROYED error. This is a destructive and immediate way to destroy a stream. Previous calls to write() may not have drained, and may trigger an ERR_STREAM_DESTROYED error. Use end() instead of destroy if data should flush before close, or wait for the 'drain' event before destroying the stream.
Once destroy() has been called any further calls will be a no-op and no further errors except from _destroy() may be emitted as 'error'.
Implementors should not override this method, but instead implement writable._destroy().
@param error
Optional, an error to emit with 'error' event.

emit<E extends keyof WritableEventMap>(

eventName: E,

...args: WritableEventMap[E]

): boolean;

Synchronously calls each of the listeners registered for the event named eventName, in the order they were registered, passing the supplied arguments to each.

Returns true if the event had listeners, false otherwise.

import { EventEmitter } from 'node:events';
const myEmitter = new EventEmitter();

// First listener
myEmitter.on('event', function firstListener() {
  console.log('Helloooo! first listener');
});
// Second listener
myEmitter.on('event', function secondListener(arg1, arg2) {
  console.log(`event with parameters ${arg1}, ${arg2} in second listener`);
});
// Third listener
myEmitter.on('event', function thirdListener(...args) {
  const parameters = args.join(', ');
  console.log(`event with parameters ${parameters} in third listener`);
});

console.log(myEmitter.listeners('event'));

myEmitter.emit('event', 1, 2, 3, 4, 5);

// Prints:
// [
//   [Function: firstListener],
//   [Function: secondListener],
//   [Function: thirdListener]
// ]
// Helloooo! first listener
// event with parameters 1, 2 in second listener
// event with parameters 1, 2, 3, 4, 5 in third listener

emit(

eventName: string | symbol,

...args: any[]

): boolean;

end(
cb?: () => void
): this;
Calling the writable.end() method signals that no more data will be written to the Writable. The optional chunk and encoding arguments allow one final additional chunk of data to be written immediately before closing the stream.
Calling the write method after calling end will raise an error.
// Write 'hello, ' and then end with 'world!'. import fs from 'node:fs'; const file = fs.createWriteStream('example.txt'); file.write('hello, '); file.end('world!'); // Writing more now is not allowed!
end(
chunk: any,
cb?: () => void
): this;
Calling the writable.end() method signals that no more data will be written to the Writable. The optional chunk and encoding arguments allow one final additional chunk of data to be written immediately before closing the stream.
Calling the write method after calling end will raise an error.
// Write 'hello, ' and then end with 'world!'. import fs from 'node:fs'; const file = fs.createWriteStream('example.txt'); file.write('hello, '); file.end('world!'); // Writing more now is not allowed!
@param chunk
Optional data to write. For streams not operating in object mode, chunk must be a {string}, {Buffer}, {TypedArray} or {DataView}. For object mode streams, chunk may be any JavaScript value other than null.
end(
chunk: any,
encoding: BufferEncoding,
cb?: () => void
): this;
Calling the writable.end() method signals that no more data will be written to the Writable. The optional chunk and encoding arguments allow one final additional chunk of data to be written immediately before closing the stream.
Calling the write method after calling end will raise an error.
// Write 'hello, ' and then end with 'world!'. import fs from 'node:fs'; const file = fs.createWriteStream('example.txt'); file.write('hello, '); file.end('world!'); // Writing more now is not allowed!
@param chunk
Optional data to write. For streams not operating in object mode, chunk must be a {string}, {Buffer}, {TypedArray} or {DataView}. For object mode streams, chunk may be any JavaScript value other than null.
@param encoding
The encoding if chunk is a string
eventNames(): string | symbol[];
Returns an array listing the events for which the emitter has registered listeners.
import { EventEmitter } from 'node:events'; const myEE = new EventEmitter(); myEE.on('foo', () => {}); myEE.on('bar', () => {}); const sym = Symbol('symbol'); myEE.on(sym, () => {}); console.log(myEE.eventNames()); // Prints: [ 'foo', 'bar', Symbol(symbol) ]
getMaxListeners(): number;
Returns the current max listener value for the EventEmitter which is either set by emitter.setMaxListeners(n) or defaults to events.defaultMaxListeners.
listenerCount<E extends keyof WritableEventMap>(
eventName: E,
listener?: (...args: WritableEventMap[E]) => void
): number;
Returns the number of listeners listening for the event named eventName. If listener is provided, it will return how many times the listener is found in the list of the listeners of the event.
@param eventName
The name of the event being listened for
@param listener
The event handler function
listenerCount(
eventName: string | symbol,
listener?: (...args: any[]) => void
): number;
listeners<E extends keyof WritableEventMap>(
eventName: E
): (...args: WritableEventMap[E]) => void[];
Returns a copy of the array of listeners for the event named eventName.
server.on('connection', (stream) => { console.log('someone connected!'); }); console.log(util.inspect(server.listeners('connection'))); // Prints: [ [Function] ]
listeners(
eventName: string | symbol
): (...args: any[]) => void[];
off<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Alias for emitter.removeListener().
off(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;
on<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Adds the listener function to the end of the listeners array for the event named eventName. No checks are made to see if the listener has already been added. Multiple calls passing the same combination of eventName and listener will result in the listener being added, and called, multiple times.
server.on('connection', (stream) => { console.log('someone connected!'); });
Returns a reference to the EventEmitter, so that calls can be chained.
By default, event listeners are invoked in the order they are added. The emitter.prependListener() method can be used as an alternative to add the event listener to the beginning of the listeners array.
import { EventEmitter } from 'node:events'; const myEE = new EventEmitter(); myEE.on('foo', () => console.log('a')); myEE.prependListener('foo', () => console.log('b')); myEE.emit('foo'); // Prints: // b // a
@param eventName
The name of the event.
@param listener
The callback function
on(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;
once<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Adds a one-time listener function for the event named eventName. The next time eventName is triggered, this listener is removed and then invoked.
server.once('connection', (stream) => { console.log('Ah, we have our first user!'); });
Returns a reference to the EventEmitter, so that calls can be chained.
By default, event listeners are invoked in the order they are added. The emitter.prependOnceListener() method can be used as an alternative to add the event listener to the beginning of the listeners array.
import { EventEmitter } from 'node:events'; const myEE = new EventEmitter(); myEE.once('foo', () => console.log('a')); myEE.prependOnceListener('foo', () => console.log('b')); myEE.emit('foo'); // Prints: // b // a
@param eventName
The name of the event.
@param listener
The callback function
once(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;
pipe<T extends WritableStream>(
destination: T,
options?: PipeOptions
): T;
prependListener<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Adds the listener function to the beginning of the listeners array for the event named eventName. No checks are made to see if the listener has already been added. Multiple calls passing the same combination of eventName and listener will result in the listener being added, and called, multiple times.
server.prependListener('connection', (stream) => { console.log('someone connected!'); });
Returns a reference to the EventEmitter, so that calls can be chained.
@param eventName
The name of the event.
@param listener
The callback function
prependListener(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;
prependOnceListener<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Adds a one-time listener function for the event named eventName to the beginning of the listeners array. The next time eventName is triggered, this listener is removed, and then invoked.
server.prependOnceListener('connection', (stream) => { console.log('Ah, we have our first user!'); });
Returns a reference to the EventEmitter, so that calls can be chained.
@param eventName
The name of the event.
@param listener
The callback function
prependOnceListener(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;

rawListeners<E extends keyof WritableEventMap>(

eventName: E

): (...args: WritableEventMap[E]) => void[];

Returns a copy of the array of listeners for the event named eventName, including any wrappers (such as those created by .once()).

import { EventEmitter } from 'node:events';
const emitter = new EventEmitter();
emitter.once('log', () => console.log('log once'));

// Returns a new Array with a function `onceWrapper` which has a property
// `listener` which contains the original listener bound above
const listeners = emitter.rawListeners('log');
const logFnWrapper = listeners[0];

// Logs "log once" to the console and does not unbind the `once` event
logFnWrapper.listener();

// Logs "log once" to the console and removes the listener
logFnWrapper();

emitter.on('log', () => console.log('log persistently'));
// Will return a new Array with a single function bound by `.on()` above
const newListeners = emitter.rawListeners('log');

// Logs "log persistently" twice
newListeners[0]();
emitter.emit('log');

rawListeners(

eventName: string | symbol

): (...args: any[]) => void[];

removeAllListeners<E extends keyof WritableEventMap>(
eventName?: E
): this;
Removes all listeners, or those of the specified eventName.
It is bad practice to remove listeners added elsewhere in the code, particularly when the EventEmitter instance was created by some other component or module (e.g. sockets or file streams).
Returns a reference to the EventEmitter, so that calls can be chained.
removeAllListeners(
eventName?: string | symbol
): this;
removeListener<E extends keyof WritableEventMap>(
eventName: E,
listener: (...args: WritableEventMap[E]) => void
): this;
Removes the specified listener from the listener array for the event named eventName.
const callback = (stream) => { console.log('someone connected!'); }; server.on('connection', callback); // ... server.removeListener('connection', callback);
removeListener() will remove, at most, one instance of a listener from the listener array. If any single listener has been added multiple times to the listener array for the specified eventName, then removeListener() must be called multiple times to remove each instance.
Once an event is emitted, all listeners attached to it at the time of emitting are called in order. This implies that any removeListener() or removeAllListeners() calls after emitting and before the last listener finishes execution will not remove them from emit() in progress. Subsequent events behave as expected.
import { EventEmitter } from 'node:events'; class MyEmitter extends EventEmitter {} const myEmitter = new MyEmitter(); const callbackA = () => { console.log('A'); myEmitter.removeListener('event', callbackB); }; const callbackB = () => { console.log('B'); }; myEmitter.on('event', callbackA); myEmitter.on('event', callbackB); // callbackA removes listener callbackB but it will still be called. // Internal listener array at time of emit [callbackA, callbackB] myEmitter.emit('event'); // Prints: // A // B // callbackB is now removed. // Internal listener array [callbackA] myEmitter.emit('event'); // Prints: // A
Because listeners are managed using an internal array, calling this will change the position indexes of any listener registered after the listener being removed. This will not impact the order in which listeners are called, but it means that any copies of the listener array as returned by the emitter.listeners() method will need to be recreated.
When a single function has been added as a handler multiple times for a single event (as in the example below), removeListener() will remove the most recently added instance. In the example the once('ping') listener is removed:
import { EventEmitter } from 'node:events'; const ee = new EventEmitter(); function pong() { console.log('pong'); } ee.on('ping', pong); ee.once('ping', pong); ee.removeListener('ping', pong); ee.emit('ping'); ee.emit('ping');
Returns a reference to the EventEmitter, so that calls can be chained.
removeListener(
eventName: string | symbol,
listener: (...args: any[]) => void
): this;
setDefaultEncoding(
encoding: BufferEncoding
): this;
The writable.setDefaultEncoding() method sets the default encoding for a Writable stream.
@param encoding
The new default encoding
setMaxListeners(
n: number
): this;
By default EventEmitters will print a warning if more than 10 listeners are added for a particular event. This is a useful default that helps finding memory leaks. The emitter.setMaxListeners() method allows the limit to be modified for this specific EventEmitter instance. The value can be set to Infinity (or 0) to indicate an unlimited number of listeners.
Returns a reference to the EventEmitter, so that calls can be chained.
sign(
privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput
): NonSharedBuffer;
Calculates the signature on all the data passed through using either sign.update() or sign.write().
If privateKey is not a KeyObject, this function behaves as if privateKey had been passed to createPrivateKey. If it is an object, the following additional properties can be passed:
If outputEncoding is provided a string is returned; otherwise a Buffer is returned.
The Sign object can not be again used after sign.sign() method has been called. Multiple calls to sign.sign() will result in an error being thrown.
sign(
privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
outputFormat: BinaryToTextEncoding
): string;
Calculates the signature on all the data passed through using either sign.update() or sign.write().
If privateKey is not a KeyObject, this function behaves as if privateKey had been passed to createPrivateKey. If it is an object, the following additional properties can be passed:
If outputEncoding is provided a string is returned; otherwise a Buffer is returned.
The Sign object can not be again used after sign.sign() method has been called. Multiple calls to sign.sign() will result in an error being thrown.
uncork(): void;
The writable.uncork() method flushes all data buffered since cork was called.
When using writable.cork() and writable.uncork() to manage the buffering of writes to a stream, defer calls to writable.uncork() using process.nextTick(). Doing so allows batching of all writable.write() calls that occur within a given Node.js event loop phase.
stream.cork(); stream.write('some '); stream.write('data '); process.nextTick(() => stream.uncork());
If the writable.cork() method is called multiple times on a stream, the same number of calls to writable.uncork() must be called to flush the buffered data.
stream.cork(); stream.write('some '); stream.cork(); stream.write('data '); process.nextTick(() => { stream.uncork(); // The data will not be flushed until uncork() is called a second time. stream.uncork(); });
See also: writable.cork().
update(
data: BinaryLike
): this;
Updates the Sign content with the given data, the encoding of which is given in inputEncoding. If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced. If data is a Buffer, TypedArray, orDataView, then inputEncoding is ignored.
This can be called many times with new data as it is streamed.
update(
data: string,
inputEncoding: Encoding
): this;
Updates the Sign content with the given data, the encoding of which is given in inputEncoding. If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced. If data is a Buffer, TypedArray, orDataView, then inputEncoding is ignored.
This can be called many times with new data as it is streamed.
@param inputEncoding
The encoding of the data string.
write(
chunk: any,
callback?: (error: undefined | null | Error) => void
): boolean;
The writable.write() method writes some data to the stream, and calls the supplied callback once the data has been fully handled. If an error occurs, the callback will be called with the error as its first argument. The callback is called asynchronously and before 'error' is emitted.
The return value is true if the internal buffer is less than the highWaterMark configured when the stream was created after admitting chunk. If false is returned, further attempts to write data to the stream should stop until the 'drain' event is emitted.
While a stream is not draining, calls to write() will buffer chunk, and return false. Once all currently buffered chunks are drained (accepted for delivery by the operating system), the 'drain' event will be emitted. Once write() returns false, do not write more chunks until the 'drain' event is emitted. While calling write() on a stream that is not draining is allowed, Node.js will buffer all written chunks until maximum memory usage occurs, at which point it will abort unconditionally. Even before it aborts, high memory usage will cause poor garbage collector performance and high RSS (which is not typically released back to the system, even after the memory is no longer required). Since TCP sockets may never drain if the remote peer does not read the data, writing a socket that is not draining may lead to a remotely exploitable vulnerability.
Writing data while the stream is not draining is particularly problematic for a Transform, because the Transform streams are paused by default until they are piped or a 'data' or 'readable' event handler is added.
If the data to be written can be generated or fetched on demand, it is recommended to encapsulate the logic into a Readable and use pipe. However, if calling write() is preferred, it is possible to respect backpressure and avoid memory issues using the 'drain' event:
function write(data, cb) { if (!stream.write(data)) { stream.once('drain', cb); } else { process.nextTick(cb); } } // Wait for cb to be called before doing any other write. write('hello', () => { console.log('Write completed, do more writes now.'); });
A Writable stream in object mode will always ignore the encoding argument.
@param chunk
Optional data to write. For streams not operating in object mode, chunk must be a {string}, {Buffer}, {TypedArray} or {DataView}. For object mode streams, chunk may be any JavaScript value other than null.
@param callback
Callback for when this chunk of data is flushed.
@returns
false if the stream wishes for the calling code to wait for the 'drain' event to be emitted before continuing to write additional data; otherwise true.
write(
chunk: any,
encoding: BufferEncoding,
callback?: (error: undefined | null | Error) => void
): boolean;
The writable.write() method writes some data to the stream, and calls the supplied callback once the data has been fully handled. If an error occurs, the callback will be called with the error as its first argument. The callback is called asynchronously and before 'error' is emitted.
The return value is true if the internal buffer is less than the highWaterMark configured when the stream was created after admitting chunk. If false is returned, further attempts to write data to the stream should stop until the 'drain' event is emitted.
While a stream is not draining, calls to write() will buffer chunk, and return false. Once all currently buffered chunks are drained (accepted for delivery by the operating system), the 'drain' event will be emitted. Once write() returns false, do not write more chunks until the 'drain' event is emitted. While calling write() on a stream that is not draining is allowed, Node.js will buffer all written chunks until maximum memory usage occurs, at which point it will abort unconditionally. Even before it aborts, high memory usage will cause poor garbage collector performance and high RSS (which is not typically released back to the system, even after the memory is no longer required). Since TCP sockets may never drain if the remote peer does not read the data, writing a socket that is not draining may lead to a remotely exploitable vulnerability.
Writing data while the stream is not draining is particularly problematic for a Transform, because the Transform streams are paused by default until they are piped or a 'data' or 'readable' event handler is added.
If the data to be written can be generated or fetched on demand, it is recommended to encapsulate the logic into a Readable and use pipe. However, if calling write() is preferred, it is possible to respect backpressure and avoid memory issues using the 'drain' event:
function write(data, cb) { if (!stream.write(data)) { stream.once('drain', cb); } else { process.nextTick(cb); } } // Wait for cb to be called before doing any other write. write('hello', () => { console.log('Write completed, do more writes now.'); });
A Writable stream in object mode will always ignore the encoding argument.
@param chunk
Optional data to write. For streams not operating in object mode, chunk must be a {string}, {Buffer}, {TypedArray} or {DataView}. For object mode streams, chunk may be any JavaScript value other than null.
@param encoding
The encoding, if chunk is a string.
@param callback
Callback for when this chunk of data is flushed.
@returns
false if the stream wishes for the calling code to wait for the 'drain' event to be emitted before continuing to write additional data; otherwise true.
static fromWeb(
writableStream: WritableStream,
options?: Pick<WritableOptions<Writable>, 'signal' | 'decodeStrings' | 'highWaterMark' | 'objectMode'>
): Writable;
A utility method for creating a Writable from a web WritableStream.
static toWeb(
streamWritable: WritableStream
): WritableStream;
A utility method for creating a web WritableStream from a Writable.