crypto: expose KeyObject class

PR-URL: https://github.com/nodejs/node/pull/26438
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

doc/api/crypto.md

@@ -1109,14 +1109,18 @@ This can be called many times with new data as it is streamed.
 ## Class: KeyObject
 <!-- YAML
 added: v11.6.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/26438
+    description: This class is now exported.
 -->
 
-Node.js uses an internal `KeyObject` class which should not be accessed
-directly. Instead, factory functions exist to create instances of this class
-in a secure manner, see [`crypto.createSecretKey()`][],
-[`crypto.createPublicKey()`][] and [`crypto.createPrivateKey()`][]. A
-`KeyObject` can represent a symmetric or asymmetric key, and each kind of key
-exposes different functions.
+Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key,
+and each kind of key exposes different functions. The
+[`crypto.createSecretKey()`][], [`crypto.createPublicKey()`][] and
+[`crypto.createPrivateKey()`][] methods are used to create `KeyObject`
+instances. `KeyObject` objects are not to be created directly using the `new`
+keyword.
 
 Most applications should consider using the new `KeyObject` API instead of
 passing keys as strings or `Buffer`s due to improved security features.

lib/crypto.js

@@ -60,7 +60,8 @@ const {
 const {
   createSecretKey,
   createPublicKey,
-  createPrivateKey
+  createPrivateKey,
+  KeyObject,
 } = require('internal/crypto/keys');
 const {
   DiffieHellman,
@@ -191,6 +192,7 @@ module.exports = exports = {
   ECDH,
   Hash,
   Hmac,
+  KeyObject,
   Sign,
   Verify
 };

lib/internal/crypto/keys.js

@@ -333,6 +333,7 @@ module.exports = {
   createSecretKey,
   createPublicKey,
   createPrivateKey,
+  KeyObject,
 
   // These are designed for internal use only and should not be exposed.
   parsePublicKeyEncoding,