From 1924f25dde6cf1e28dcb503968e6c8ccc993c648 Mon Sep 17 00:00:00 2001 From: kovan Date: Wed, 11 Mar 2026 11:34:56 +0100 Subject: [PATCH] doc: clarify diffieHellman.generateKeys recomputes same key Clarify that calling generateKeys() after a private key has been set recomputes the same public key deterministically, rather than implying the public key changes. The public key is fully determined by the private key, so the result is identical unless the private key was changed via setPrivateKey(). Fixes: https://github.com/nodejs/node/issues/56990 Co-Authored-By: Claude Opus 4.6 --- doc/api/crypto.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 65b61292e70891..49a2cb3b21fa0b 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1121,8 +1121,10 @@ If `encoding` is provided a string is returned; otherwise a [`Buffer`][] is returned. This function is a thin wrapper around [`DH_generate_key()`][]. In particular, -once a private key has been generated or set, calling this function only updates -the public key but does not generate a new private key. +once a private key has been generated or set, calling this function only +recomputes the public key from the existing private key. Since the public key is +determined by the private key, the result will be the same unless the private key +has been changed via [`diffieHellman.setPrivateKey()`][]. ### `diffieHellman.getGenerator([encoding])` @@ -6572,6 +6574,7 @@ See the [list of SSL OP Flags][] for details. [`decipher.final()`]: #decipherfinaloutputencoding [`decipher.update()`]: #decipherupdatedata-inputencoding-outputencoding [`diffieHellman.generateKeys()`]: #diffiehellmangeneratekeysencoding +[`diffieHellman.setPrivateKey()`]: #diffiehellmansetprivatekeyprivatekey-encoding [`diffieHellman.setPublicKey()`]: #diffiehellmansetpublickeypublickey-encoding [`ecdh.generateKeys()`]: #ecdhgeneratekeysencoding-format [`ecdh.setPrivateKey()`]: #ecdhsetprivatekeyprivatekey-encoding