nodejs
diff --git a/Collapse file
‎doc/api/crypto.md‎
Copy file name to clipboardExpand all lines: doc/api/crypto.md
+9-14Lines changed: 9 additions & 14 deletions
Display the source diff
Display the rich diff b/Collapse file
‎doc/api/crypto.md‎
Copy file name to clipboardExpand all lines: doc/api/crypto.md
+9-14Lines changed: 9 additions & 14 deletions
Display the source diff
Display the rich diff
diff --git a/Collapse file
‎lib/internal/crypto/keygen.js‎
Copy file name to clipboardExpand all lines: lib/internal/crypto/keygen.js
+5-1Lines changed: 5 additions & 1 deletion b/Collapse file
‎lib/internal/crypto/keygen.js‎
Copy file name to clipboardExpand all lines: lib/internal/crypto/keygen.js
+5-1Lines changed: 5 additions & 1 deletion
diff --git a/Collapse file
‎test/parallel/test-crypto-keygen.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-crypto-keygen.js
+15Lines changed: 15 additions & 0 deletions b/Collapse file
‎test/parallel/test-crypto-keygen.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-crypto-keygen.js
+15Lines changed: 15 additions & 0 deletions
@@ -1951,27 +1951,22 @@ changes:
   - `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
   - `divisorLength`: {number} Size of `q` in bits (DSA).
   - `namedCurve`: {string} Name of the curve to use (EC).
-  - `publicKeyEncoding`: {Object}
-    - `type`: {string} Must be one of `'pkcs1'` (RSA only) or `'spki'`.
-    - `format`: {string} Must be `'pem'` or `'der'`.
-  - `privateKeyEncoding`: {Object}
-    - `type`: {string} Must be one of `'pkcs1'` (RSA only), `'pkcs8'` or
-      `'sec1'` (EC only).
-    - `format`: {string} Must be `'pem'` or `'der'`.
-    - `cipher`: {string} If specified, the private key will be encrypted with
-      the given `cipher` and `passphrase` using PKCS#5 v2.0 password based
-      encryption.
-    - `passphrase`: {string | Buffer} The passphrase to use for encryption, see
-      `cipher`.
+  - `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
+  - `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
 * Returns: {Object}
   - `publicKey`: {string | Buffer | KeyObject}
   - `privateKey`: {string | Buffer | KeyObject}
 
 Generates a new asymmetric key pair of the given `type`. Only RSA, DSA and EC
 are currently supported.
 
-It is recommended to encode public keys as `'spki'` and private keys as
-`'pkcs8'` with encryption:
+If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
+behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
+the respective part of the key is returned as a [`KeyObject`].
+
+When encoding public keys, it is recommended to use `'spki'`. When encoding
+private keys, it is recommended to use `'pks8'` with a strong passphrase, and to
+keep the passphrase confidential.
 
 ```js
 const { generateKeyPairSync } = require('crypto');
 
@@ -74,7 +74,11 @@ function handleError(impl, wrap) {
   if (err !== undefined)
     throw err;
 
-  return { publicKey, privateKey };
+  // If no encoding was chosen, return key objects instead.
+  return {
+    publicKey: wrapKey(publicKey, PublicKeyObject),
+    privateKey: wrapKey(privateKey, PrivateKeyObject)
+  };
 }
 
 function parseKeyEncoding(keyType, options) {
 
@@ -95,6 +95,21 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
   testSignVerify(publicKey, privateKey);
 }
 
+{
+  // Test sync key generation with key objects.
+  const { publicKey, privateKey } = generateKeyPairSync('rsa', {
+    modulusLength: 512
+  });
+
+  assert.strictEqual(typeof publicKey, 'object');
+  assert.strictEqual(publicKey.type, 'public');
+  assert.strictEqual(publicKey.asymmetricKeyType, 'rsa');
+
+  assert.strictEqual(typeof privateKey, 'object');
+  assert.strictEqual(privateKey.type, 'private');
+  assert.strictEqual(privateKey.asymmetricKeyType, 'rsa');
+}
+
 {
   const publicKeyEncoding = {
     type: 'pkcs1',