diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 72d4bc78df9dde..7bb67fdb282b52 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1813,11 +1813,15 @@ must be an object with the properties described above. -* `key` {Object | string | Buffer} +* `key` {Object | string | Buffer | KeyObject} - `key`: {string | Buffer} - `format`: {string} Must be `'pem'` or `'der'`. **Default:** `'pem'`. - `type`: {string} Must be `'pkcs1'` or `'spki'`. This option is required @@ -1825,16 +1829,19 @@ changes: * Returns: {KeyObject} Creates and returns a new key object containing a public key. If `key` is a -string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key` -must be an object with the properties described above. +string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject` +with type `'private'`, the public key is derived from the given private key; +otherwise, `key` must be an object with the properties described above. If the format is `'pem'`, the `'key'` may also be an X.509 certificate. Because public keys can be derived from private keys, a private key may be passed instead of a public key. In that case, this function behaves as if [`crypto.createPrivateKey()`][] had been called, except that the type of the -returned `KeyObject` will be `public` and that the private key cannot be -extracted from the returned `KeyObject`. +returned `KeyObject` will be `'public'` and that the private key cannot be +extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type +`'private'` is given, a new `KeyObject` with type `'public'` will be returned +and it will be impossible to extract the private key from the returned object. ### crypto.createSecretKey(key)