SubtleCrypto: decrypt() method
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since January 2020.
Secure context: This feature is available only insecure contexts (HTTPS), in some or allsupporting browsers.
Note: This feature is available inWeb Workers.
Thedecrypt() method of theSubtleCrypto interface decrypts some encrypted data.It takes as arguments akey to decrypt with, some optional extra parameters, and the data to decrypt (also known as "ciphertext").It returns aPromise which will be fulfilled with the decrypted data (also known as "plaintext").
Syntax
decrypt(algorithm, key, data)Parameters
algorithmAn object specifying thealgorithm to be used, and any extra parameters as required.The values given for the extra parameters must match those passed into the corresponding
encrypt()call.- To useRSA-OAEP, pass an
RsaOaepParamsobject. - To useAES-CTR, pass an
AesCtrParamsobject. - To useAES-CBC, pass an
AesCbcParamsobject. - To useAES-GCM, pass an
AesGcmParamsobject.
- To useRSA-OAEP, pass an
keyA
CryptoKeycontaining the key to be used for decryption.If using RSA-OAEP, this is theprivateKeyproperty of theCryptoKeyPairobject.dataAn
ArrayBuffer, aTypedArray, or aDataViewcontaining the data to be decrypted (also known asciphertext).
Return value
APromise that fulfills with anArrayBuffer containing the plaintext.
Exceptions
The promise is rejected when the following exceptions are encountered:
InvalidAccessErrorDOMExceptionRaised when the requested operation is not valid for the provided key (e.g., invalid encryption algorithm, or invalid key for the specified encryption algorithm).
OperationErrorDOMExceptionRaised when the operation failed for an operation-specific reason (e.g., algorithm parameters of invalid sizes, or there was an error decrypting the ciphertext).
Supported algorithms
Thedecrypt() method supports the same algorithms as theencrypt() method.
Examples
Note:You cantry the working examples on GitHub.
RSA-OAEP
This code decryptsciphertext using RSA-OAEP.See the complete code on GitHub.
function decryptMessage(privateKey, ciphertext) { return window.crypto.subtle.decrypt( { name: "RSA-OAEP" }, privateKey, ciphertext, );}AES-CTR
This code decryptsciphertext using AES in CTR mode.Note thatcounter must match the value that was used for encryption.See the complete code on GitHub.
function decryptMessage(key, ciphertext) { return window.crypto.subtle.decrypt( { name: "AES-CTR", counter, length: 64 }, key, ciphertext, );}AES-CBC
This code decryptsciphertext using AES in CBC mode. Note thativ must match the value that was used for encryption.See the complete code on GitHub.
function decryptMessage(key, ciphertext) { // The iv value is the same as that used for encryption return window.crypto.subtle.decrypt({ name: "AES-CBC", iv }, key, ciphertext);}AES-GCM
This code decryptsciphertext using AES in GCM mode. Note thativ must match the value that was used for encryption.See the complete code on GitHub.
function decryptMessage(key, ciphertext) { // The iv value is the same as that used for encryption return window.crypto.subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext);}Specifications
| Specification |
|---|
| Web Cryptography Level 2 # SubtleCrypto-method-decrypt |
Browser compatibility
See also
SubtleCrypto.encrypt().- RFC 3447 specifies RSAOAEP.
- NIST SP800-38A specifies CTR mode.
- NIST SP800-38A specifies CBC mode.
- NIST SP800-38D specifies GCM mode.
- FIPS 198-1 specifies HMAC.