Generating keys#

The<SubtleCrypto> class can be used to generate symmetric (secret) keysor asymmetric key pairs (public key and private key).

const { subtle } = globalThis.crypto;asyncfunctiongenerateAesKey(length =256) {const key =await subtle.generateKey({name:'AES-CBC',    length,  },true, ['encrypt','decrypt']);return key;}copy

const { subtle } = globalThis.crypto;asyncfunctiongenerateEcKey(namedCurve ='P-521') {const {    publicKey,    privateKey,  } =await subtle.generateKey({name:'ECDSA',    namedCurve,  },true, ['sign','verify']);return { publicKey, privateKey };}copy

const { subtle } = globalThis.crypto;asyncfunctiongenerateEd25519Key() {return subtle.generateKey({name:'Ed25519',  },true, ['sign','verify']);}asyncfunctiongenerateX25519Key() {return subtle.generateKey({name:'X25519',  },true, ['deriveKey']);}copy

const { subtle } = globalThis.crypto;asyncfunctiongenerateHmacKey(hash ='SHA-256') {const key =await subtle.generateKey({name:'HMAC',    hash,  },true, ['sign','verify']);return key;}copy

const { subtle } = globalThis.crypto;const publicExponent =newUint8Array([1,0,1]);asyncfunctiongenerateRsaKey(modulusLength =2048, hash ='SHA-256') {const {    publicKey,    privateKey,  } =await subtle.generateKey({name:'RSASSA-PKCS1-v1_5',    modulusLength,    publicExponent,    hash,  },true, ['sign','verify']);return { publicKey, privateKey };}copy

Encryption and decryption#

const crypto = globalThis.crypto;asyncfunctionaesEncrypt(plaintext) {const ec =newTextEncoder();const key =awaitgenerateAesKey();const iv = crypto.getRandomValues(newUint8Array(16));const ciphertext =await crypto.subtle.encrypt({name:'AES-CBC',    iv,  }, key, ec.encode(plaintext));return {    key,    iv,    ciphertext,  };}asyncfunctionaesDecrypt(ciphertext, key, iv) {const dec =newTextDecoder();const plaintext =await crypto.subtle.decrypt({name:'AES-CBC',    iv,  }, key, ciphertext);return dec.decode(plaintext);}copy

Exporting and importing keys#

const { subtle } = globalThis.crypto;asyncfunctiongenerateAndExportHmacKey(format ='jwk', hash ='SHA-512') {const key =await subtle.generateKey({name:'HMAC',    hash,  },true, ['sign','verify']);return subtle.exportKey(format, key);}asyncfunctionimportHmacKey(keyData, format ='jwk', hash ='SHA-512') {const key =await subtle.importKey(format, keyData, {name:'HMAC',    hash,  },true, ['sign','verify']);return key;}copy

Wrapping and unwrapping keys#

const { subtle } = globalThis.crypto;asyncfunctiongenerateAndWrapHmacKey(format ='jwk', hash ='SHA-512') {const [    key,    wrappingKey,  ] =awaitPromise.all([    subtle.generateKey({name:'HMAC', hash,    },true, ['sign','verify']),    subtle.generateKey({name:'AES-KW',length:256,    },true, ['wrapKey','unwrapKey']),  ]);const wrappedKey =await subtle.wrapKey(format, key, wrappingKey,'AES-KW');return { wrappedKey, wrappingKey };}asyncfunctionunwrapHmacKey(  wrappedKey,  wrappingKey,  format ='jwk',  hash ='SHA-512') {const key =await subtle.unwrapKey(    format,    wrappedKey,    wrappingKey,'AES-KW',    {name:'HMAC', hash },true,    ['sign','verify']);return key;}copy

Sign and verify#

const { subtle } = globalThis.crypto;asyncfunctionsign(key, data) {const ec =newTextEncoder();const signature =await subtle.sign('RSASSA-PKCS1-v1_5', key, ec.encode(data));return signature;}asyncfunctionverify(key, signature, data) {const ec =newTextEncoder();const verified =await subtle.verify('RSASSA-PKCS1-v1_5',      key,      signature,      ec.encode(data));return verified;}copy

Deriving bits and keys#

const { subtle } = globalThis.crypto;asyncfunctionpbkdf2(pass, salt, iterations =1000, length =256) {const ec =newTextEncoder();const key =await subtle.importKey('raw',    ec.encode(pass),'PBKDF2',false,    ['deriveBits']);const bits =await subtle.deriveBits({name:'PBKDF2',hash:'SHA-512',salt: ec.encode(salt),    iterations,  }, key, length);return bits;}asyncfunctionpbkdf2Key(pass, salt, iterations =1000, length =256) {const ec =newTextEncoder();const keyMaterial =await subtle.importKey('raw',    ec.encode(pass),'PBKDF2',false,    ['deriveKey']);const key =await subtle.deriveKey({name:'PBKDF2',hash:'SHA-512',salt: ec.encode(salt),    iterations,  }, keyMaterial, {name:'AES-GCM',    length,  },true, ['encrypt','decrypt']);return key;}copy

Digest#

const { subtle } = globalThis.crypto;asyncfunctiondigest(data, algorithm ='SHA-512') {const ec =newTextEncoder();const digest =await subtle.digest(algorithm, ec.encode(data));return digest;}copy

Checking for runtime algorithm support#

SubtleCrypto.supports() allows feature detection in Web Crypto API,which can be used to detect whether a given algorithm identifier(including its parameters) is supported for the given operation.

This example derives a key from a password using Argon2, if available,or PBKDF2, otherwise; and then encrypts and decrypts some text with itusing AES-OCB, if available, and AES-GCM, otherwise.

const {SubtleCrypto, crypto } = globalThis;const password ='correct horse battery staple';const derivationAlg =SubtleCrypto.supports?.('importKey','Argon2id') ?'Argon2id' :'PBKDF2';const encryptionAlg =SubtleCrypto.supports?.('importKey','AES-OCB') ?'AES-OCB' :'AES-GCM';const passwordKey =await crypto.subtle.importKey(  derivationAlg ==='Argon2id' ?'raw-secret' :'raw',newTextEncoder().encode(password),  derivationAlg,false,  ['deriveKey'],);const nonce = crypto.getRandomValues(newUint8Array(16));const derivationParams =  derivationAlg ==='Argon2id' ?    {      nonce,parallelism:4,memory:2 **21,passes:1,    } :    {salt: nonce,iterations:100_000,hash:'SHA-256',    };const key =await crypto.subtle.deriveKey(  {name: derivationAlg,    ...derivationParams,  },  passwordKey,  {name: encryptionAlg,length:256,  },false,  ['encrypt','decrypt'],);const plaintext ='Hello, world!';const iv = crypto.getRandomValues(newUint8Array(16));const encrypted =await crypto.subtle.encrypt(  {name: encryptionAlg, iv },  key,newTextEncoder().encode(plaintext),);const decrypted =newTextDecoder().decode(await crypto.subtle.decrypt(  {name: encryptionAlg, iv },  key,  encrypted,));copy

Key Management APIs#

Crypto Operation APIs#

Column Legend:

• Encryption:subtle.encrypt() /subtle.decrypt()
• Signatures and MAC:subtle.sign() /subtle.verify()
• Key or Bits Derivation:subtle.deriveBits() /subtle.deriveKey()
• Key Wrapping:subtle.wrapKey() /subtle.unwrapKey()
• Key Encapsulation:subtle.encapsulateBits() /subtle.decapsulateBits() /subtle.encapsulateKey() /subtle.decapsulateKey()
• Digest:subtle.digest()

crypto.subtle#

• Type:<SubtleCrypto>

Provides access to theSubtleCrypto API.

crypto.getRandomValues(typedArray)#

• typedArray<Buffer> |<TypedArray>
• Returns:<Buffer> |<TypedArray>

Generates cryptographically strong random values. The giventypedArray isfilled with random values, and a reference totypedArray is returned.

The giventypedArray must be an integer-based instance of<TypedArray>,i.e.Float32Array andFloat64Array are not accepted.

An error will be thrown if the giventypedArray is larger than 65,536 bytes.

crypto.randomUUID()#

• Returns:<string>

Generates a randomRFC 4122 version 4 UUID. The UUID is generated using acryptographic pseudorandom number generator.

cryptoKey.algorithm#

• Type:<KeyAlgorithm> |<RsaHashedKeyAlgorithm> |<EcKeyAlgorithm> |<AesKeyAlgorithm> |<HmacKeyAlgorithm> |<KmacKeyAlgorithm>

An object detailing the algorithm for which the key can be used along withadditional algorithm-specific parameters.

Read-only.

cryptoKey.extractable#

• Type:<boolean>

Whentrue, the<CryptoKey> can be extracted using eithersubtle.exportKey() orsubtle.wrapKey().

Read-only.

cryptoKey.type#

• Type:<string> One of'secret','private', or'public'.

A string identifying whether the key is a symmetric ('secret') orasymmetric ('private' or'public') key.

cryptoKey.usages#

• Type:<string[]>

An array of strings identifying the operations for which thekey may be used.

The possible usages are:

• 'encrypt' - Enable using the key withsubtle.encrypt()
• 'decrypt' - Enable using the key withsubtle.decrypt()
• 'sign' - Enable using the key withsubtle.sign()
• 'verify' - Enable using the key withsubtle.verify()
• 'deriveKey' - Enable using the key withsubtle.deriveKey()
• 'deriveBits' - Enable using the key withsubtle.deriveBits()
• 'encapsulateBits' - Enable using the key withsubtle.encapsulateBits()
• 'decapsulateBits' - Enable using the key withsubtle.decapsulateBits()
• 'encapsulateKey' - Enable using the key withsubtle.encapsulateKey()
• 'decapsulateKey' - Enable using the key withsubtle.decapsulateKey()
• 'wrapKey' - Enable using the key withsubtle.wrapKey()
• 'unwrapKey' - Enable using the key withsubtle.unwrapKey()

Valid key usages depend on the key algorithm (identified bycryptokey.algorithm.name).

Column Legend:

• Encryption:subtle.encrypt() /subtle.decrypt()
• Signatures and MAC:subtle.sign() /subtle.verify()
• Key or Bits Derivation:subtle.deriveBits() /subtle.deriveKey()
• Key Wrapping:subtle.wrapKey() /subtle.unwrapKey()
• Key Encapsulation:subtle.encapsulateBits() /subtle.decapsulateBits() /subtle.encapsulateKey() /subtle.decapsulateKey()

cryptoKeyPair.privateKey#

• Type:<CryptoKey> A<CryptoKey> whosetype will be'private'.

cryptoKeyPair.publicKey#

• Type:<CryptoKey> A<CryptoKey> whosetype will be'public'.

Static method:SubtleCrypto.supports(operation, algorithm[, lengthOrAdditionalAlgorithm])#

• operation<string> "encrypt", "decrypt", "sign", "verify", "digest", "generateKey", "deriveKey", "deriveBits", "importKey", "exportKey", "getPublicKey", "wrapKey", "unwrapKey", "encapsulateBits", "encapsulateKey", "decapsulateBits", or "decapsulateKey"
• algorithm<string> |<Algorithm>
• lengthOrAdditionalAlgorithm<null> |<number> |<string> |<Algorithm> |<undefined> Depending on the operation this is either ignored, the value of the length argument when operation is "deriveBits", the algorithm of key to be derived when operation is "deriveKey", the algorithm of key to be exported before wrapping when operation is "wrapKey", the algorithm of key to be imported after unwrapping when operation is "unwrapKey", or the algorithm of key to be imported after en/decapsulating a key when operation is "encapsulateKey" or "decapsulateKey".Default:null when operation is "deriveBits",undefined otherwise.
• Returns:<boolean> Indicating whether the implementation supports the given operation

Allows feature detection in Web Crypto API,which can be used to detect whether a given algorithm identifier(including its parameters) is supported for the given operation.

SeeChecking for runtime algorithm support for an example use of this method.

subtle.decapsulateBits(decapsulationAlgorithm, decapsulationKey, ciphertext)#

• decapsulationAlgorithm<string> |<Algorithm>
• decapsulationKey<CryptoKey>
• ciphertext<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• Returns:<Promise> Fulfills with<ArrayBuffer> upon success.

A message recipient uses their asymmetric private key to decrypt an"encapsulated key" (ciphertext), thereby recovering a temporary symmetrickey (represented as<ArrayBuffer>) which is then used to decrypt a message.

The algorithms currently supported include:

• 'ML-KEM-512'⁴
• 'ML-KEM-768'⁴
• 'ML-KEM-1024'⁴

subtle.decapsulateKey(decapsulationAlgorithm, decapsulationKey, ciphertext, sharedKeyAlgorithm, extractable, usages)#

• decapsulationAlgorithm<string> |<Algorithm>
• decapsulationKey<CryptoKey>
• ciphertext<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• sharedKeyAlgorithm<string> |<Algorithm> |<HmacImportParams> |<AesDerivedKeyParams> |<KmacImportParams>
• extractable<boolean>
• usages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with<CryptoKey> upon success.

A message recipient uses their asymmetric private key to decrypt an"encapsulated key" (ciphertext), thereby recovering a temporary symmetrickey (represented as<CryptoKey>) which is then used to decrypt a message.

The algorithms currently supported include:

• 'ML-KEM-512'⁴
• 'ML-KEM-768'⁴
• 'ML-KEM-1024'⁴

subtle.decrypt(algorithm, key, data)#

• algorithm<RsaOaepParams> |<AesCtrParams> |<AesCbcParams> |<AeadParams>
• key<CryptoKey>
• data<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• Returns:<Promise> Fulfills with an<ArrayBuffer> upon success.

Using the method and parameters specified inalgorithm and the keyingmaterial provided bykey, this method attempts to decipher theprovideddata. If successful, the returned promise will be resolved withan<ArrayBuffer> containing the plaintext result.

The algorithms currently supported include:

• 'AES-CBC'
• 'AES-CTR'
• 'AES-GCM'
• 'AES-OCB'⁴
• 'ChaCha20-Poly1305'⁴
• 'RSA-OAEP'

subtle.deriveBits(algorithm, baseKey[, length])#

• algorithm<EcdhKeyDeriveParams> |<HkdfParams> |<Pbkdf2Params> |<Argon2Params>
• baseKey<CryptoKey>
• length<number> |<null>Default:null
• Returns:<Promise> Fulfills with an<ArrayBuffer> upon success.

Using the method and parameters specified inalgorithm and the keyingmaterial provided bybaseKey, this method attempts to generatelength bits.

Whenlength is not provided ornull the maximum number of bits for a givenalgorithm is generated. This is allowed for the'ECDH','X25519', and'X448'⁵algorithms, for other algorithmslength is required to be a number.

If successful, the returned promise will be resolved with an<ArrayBuffer>containing the generated data.

The algorithms currently supported include:

• 'Argon2d'⁴
• 'Argon2i'⁴
• 'Argon2id'⁴
• 'ECDH'
• 'HKDF'
• 'PBKDF2'
• 'X25519'
• 'X448'⁵

subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)#

• algorithm<EcdhKeyDeriveParams> |<HkdfParams> |<Pbkdf2Params> |<Argon2Params>
• baseKey<CryptoKey>
• derivedKeyAlgorithm<string> |<Algorithm> |<HmacImportParams> |<AesDerivedKeyParams> |<KmacImportParams>
• extractable<boolean>
• keyUsages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with a<CryptoKey> upon success.

Using the method and parameters specified inalgorithm, and the keyingmaterial provided bybaseKey, this method attempts to generatea new<CryptoKey> based on the method and parameters inderivedKeyAlgorithm.

Calling this method is equivalent to callingsubtle.deriveBits() togenerate raw keying material, then passing the result into thesubtle.importKey() method using thederiveKeyAlgorithm,extractable, andkeyUsages parameters as input.

The algorithms currently supported include:

• 'Argon2d'⁴
• 'Argon2i'⁴
• 'Argon2id'⁴
• 'ECDH'
• 'HKDF'
• 'PBKDF2'
• 'X25519'
• 'X448'⁵

subtle.digest(algorithm, data)#

• algorithm<string> |<Algorithm> |<CShakeParams>
• data<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• Returns:<Promise> Fulfills with an<ArrayBuffer> upon success.

Using the method identified byalgorithm, this method attempts togenerate a digest ofdata. If successful, the returned promise is resolvedwith an<ArrayBuffer> containing the computed digest.

Ifalgorithm is provided as a<string>, it must be one of:

• 'cSHAKE128'⁴
• 'cSHAKE256'⁴
• 'SHA-1'
• 'SHA-256'
• 'SHA-384'
• 'SHA-512'
• 'SHA3-256'⁴
• 'SHA3-384'⁴
• 'SHA3-512'⁴

Ifalgorithm is provided as an<Object>, it must have aname propertywhose value is one of the above.

subtle.encapsulateBits(encapsulationAlgorithm, encapsulationKey)#

• encapsulationAlgorithm<string> |<Algorithm>
• encapsulationKey<CryptoKey>
• Returns:<Promise> Fulfills with<EncapsulatedBits> upon success.

Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key.This encrypted key is the "encapsulated key" represented as<EncapsulatedBits>.

The algorithms currently supported include:

• 'ML-KEM-512'⁴
• 'ML-KEM-768'⁴
• 'ML-KEM-1024'⁴

subtle.encapsulateKey(encapsulationAlgorithm, encapsulationKey, sharedKeyAlgorithm, extractable, usages)#

• encapsulationAlgorithm<string> |<Algorithm>
• encapsulationKey<CryptoKey>
• sharedKeyAlgorithm<string> |<Algorithm> |<HmacImportParams> |<AesDerivedKeyParams> |<KmacImportParams>
• extractable<boolean>
• usages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with<EncapsulatedKey> upon success.

Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key.This encrypted key is the "encapsulated key" represented as<EncapsulatedKey>.

The algorithms currently supported include:

• 'ML-KEM-512'⁴
• 'ML-KEM-768'⁴
• 'ML-KEM-1024'⁴

subtle.encrypt(algorithm, key, data)#

• algorithm<RsaOaepParams> |<AesCtrParams> |<AesCbcParams> |<AeadParams>
• key<CryptoKey>
• data<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• Returns:<Promise> Fulfills with an<ArrayBuffer> upon success.

Using the method and parameters specified byalgorithm and the keyingmaterial provided bykey, this method attempts to encipherdata.If successful, the returned promise is resolved with an<ArrayBuffer>containing the encrypted result.

The algorithms currently supported include:

• 'AES-CBC'
• 'AES-CTR'
• 'AES-GCM'
• 'AES-OCB'⁴
• 'ChaCha20-Poly1305'⁴
• 'RSA-OAEP'

subtle.exportKey(format, key)#

• format<string> Must be one of'raw','pkcs8','spki','jwk','raw-secret'⁴,'raw-public'⁴, or'raw-seed'⁴.
• key<CryptoKey>
• Returns:<Promise> Fulfills with an<ArrayBuffer> |<Object> upon success.

Exports the given key into the specified format, if supported.

If the<CryptoKey> is not extractable, the returned promise will reject.

Whenformat is either'pkcs8' or'spki' and the export is successful,the returned promise will be resolved with an<ArrayBuffer> containing theexported key data.

Whenformat is'jwk' and the export is successful, the returned promisewill be resolved with a JavaScript object conforming to theJSON Web Keyspecification.

subtle.getPublicKey(key, keyUsages)#

• key<CryptoKey> A private key from which to derive the corresponding public key.
• keyUsages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with a<CryptoKey> upon success.

Derives the public key from a given private key.

subtle.generateKey(algorithm, extractable, keyUsages)#

• algorithm<string> |<Algorithm> |<RsaHashedKeyGenParams> |<EcKeyGenParams> |<HmacKeyGenParams> |<AesKeyGenParams> |<KmacKeyGenParams>

• extractable<boolean>
• keyUsages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with a<CryptoKey> |<CryptoKeyPair> upon success.

Using the parameters provided inalgorithm, this methodattempts to generate new keying material. Depending on the algorithm usedeither a single<CryptoKey> or a<CryptoKeyPair> is generated.

The<CryptoKeyPair> (public and private key) generating algorithms supportedinclude:

• 'ECDH'
• 'ECDSA'
• 'Ed25519'
• 'Ed448'⁵
• 'ML-DSA-44'⁴
• 'ML-DSA-65'⁴
• 'ML-DSA-87'⁴
• 'ML-KEM-512'⁴
• 'ML-KEM-768'⁴
• 'ML-KEM-1024'⁴
• 'RSA-OAEP'
• 'RSA-PSS'
• 'RSASSA-PKCS1-v1_5'
• 'X25519'
• 'X448'⁵

The<CryptoKey> (secret key) generating algorithms supported include:

• 'AES-CBC'
• 'AES-CTR'
• 'AES-GCM'
• 'AES-KW'
• 'AES-OCB'⁴
• 'ChaCha20-Poly1305'⁴
• 'HMAC'
• 'KMAC128'⁴
• 'KMAC256'⁴

subtle.importKey(format, keyData, algorithm, extractable, keyUsages)#

• format<string> Must be one of'raw','pkcs8','spki','jwk','raw-secret'⁴,'raw-public'⁴, or'raw-seed'⁴.
• keyData<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer> |<Object>

• algorithm<string> |<Algorithm> |<RsaHashedImportParams> |<EcKeyImportParams> |<HmacImportParams> |<KmacImportParams>

• extractable<boolean>
• keyUsages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with a<CryptoKey> upon success.

This method attempts to interpret the providedkeyDataas the givenformat to create a<CryptoKey> instance using the providedalgorithm,extractable, andkeyUsages arguments. If the import issuccessful, the returned promise will be resolved with a<CryptoKey>representation of the key material.

If importing KDF algorithm keys,extractable must befalse.

The algorithms currently supported include:

subtle.sign(algorithm, key, data)#

• algorithm<string> |<Algorithm> |<RsaPssParams> |<EcdsaParams> |<ContextParams> |<KmacParams>
• key<CryptoKey>
• data<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• Returns:<Promise> Fulfills with an<ArrayBuffer> upon success.

Using the method and parameters given byalgorithm and the keying materialprovided bykey, this method attempts to generate a cryptographicsignature ofdata. If successful, the returned promise is resolved withan<ArrayBuffer> containing the generated signature.

The algorithms currently supported include:

• 'ECDSA'
• 'Ed25519'
• 'Ed448'⁵
• 'HMAC'
• 'KMAC128'⁴
• 'KMAC256'⁴
• 'ML-DSA-44'⁴
• 'ML-DSA-65'⁴
• 'ML-DSA-87'⁴
• 'RSA-PSS'
• 'RSASSA-PKCS1-v1_5'

subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)#

• format<string> Must be one of'raw','pkcs8','spki','jwk','raw-secret'⁴,'raw-public'⁴, or'raw-seed'⁴.
• wrappedKey<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• unwrappingKey<CryptoKey>

• unwrapAlgo<string> |<Algorithm> |<RsaOaepParams> |<AesCtrParams> |<AesCbcParams> |<AeadParams>
• unwrappedKeyAlgo<string> |<Algorithm> |<RsaHashedImportParams> |<EcKeyImportParams> |<HmacImportParams> |<KmacImportParams>

• extractable<boolean>
• keyUsages<string[]> SeeKey usages.
• Returns:<Promise> Fulfills with a<CryptoKey> upon success.

In cryptography, "wrapping a key" refers to exporting and then encrypting thekeying material. This method attempts to decrypt a wrappedkey and create a<CryptoKey> instance. It is equivalent to callingsubtle.decrypt() first on the encrypted key data (using thewrappedKey,unwrapAlgo, andunwrappingKey arguments as input) then passing the resultsto thesubtle.importKey() method using theunwrappedKeyAlgo,extractable, andkeyUsages arguments as inputs. If successful, the returnedpromise is resolved with a<CryptoKey> object.

The wrapping algorithms currently supported include:

• 'AES-CBC'
• 'AES-CTR'
• 'AES-GCM'
• 'AES-KW'
• 'AES-OCB'⁴
• 'ChaCha20-Poly1305'⁴
• 'RSA-OAEP'

The unwrapped key algorithms supported include:

• 'AES-CBC'
• 'AES-CTR'
• 'AES-GCM'
• 'AES-KW'
• 'AES-OCB'⁴
• 'ChaCha20-Poly1305'⁴
• 'ECDH'
• 'ECDSA'
• 'Ed25519'
• 'Ed448'⁵
• 'HMAC'
• 'KMAC128'⁵
• 'KMAC256'⁵
• 'ML-DSA-44'⁴
• 'ML-DSA-65'⁴
• 'ML-DSA-87'⁴
• 'ML-KEM-512'⁴
• 'ML-KEM-768'⁴
• 'ML-KEM-1024'⁴v
• 'RSA-OAEP'
• 'RSA-PSS'
• 'RSASSA-PKCS1-v1_5'
• 'X25519'
• 'X448'⁵

subtle.verify(algorithm, key, signature, data)#

• algorithm<string> |<Algorithm> |<RsaPssParams> |<EcdsaParams> |<ContextParams> |<KmacParams>
• key<CryptoKey>
• signature<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• data<ArrayBuffer> |<TypedArray> |<DataView> |<Buffer>
• Returns:<Promise> Fulfills with a<boolean> upon success.

Using the method and parameters given inalgorithm and the keying materialprovided bykey, this method attempts to verify thatsignature isa valid cryptographic signature ofdata. The returned promise is resolvedwith eithertrue orfalse.

The algorithms currently supported include:

• 'ECDSA'
• 'Ed25519'
• 'Ed448'⁵
• 'HMAC'
• 'KMAC128'⁵
• 'KMAC256'⁵
• 'ML-DSA-44'⁴
• 'ML-DSA-65'⁴
• 'ML-DSA-87'⁴
• 'RSA-PSS'
• 'RSASSA-PKCS1-v1_5'

subtle.wrapKey(format, key, wrappingKey, wrapAlgo)#

• format<string> Must be one of'raw','pkcs8','spki','jwk','raw-secret'⁴,'raw-public'⁴, or'raw-seed'⁴.
• key<CryptoKey>
• wrappingKey<CryptoKey>
• wrapAlgo<string> |<Algorithm> |<RsaOaepParams> |<AesCtrParams> |<AesCbcParams> |<AeadParams>
• Returns:<Promise> Fulfills with an<ArrayBuffer> upon success.

In cryptography, "wrapping a key" refers to exporting and then encrypting thekeying material. This method exports the keying material intothe format identified byformat, then encrypts it using the method andparameters specified bywrapAlgo and the keying material provided bywrappingKey. It is the equivalent to callingsubtle.exportKey() usingformat andkey as the arguments, then passing the result to thesubtle.encrypt() method usingwrappingKey andwrapAlgo as inputs. Ifsuccessful, the returned promise will be resolved with an<ArrayBuffer>containing the encrypted key data.

The wrapping algorithms currently supported include:

• 'AES-CBC'
• 'AES-CTR'
• 'AES-GCM'
• 'AES-KW'
• 'AES-OCB'⁴
• 'ChaCha20-Poly1305'⁴
• 'RSA-OAEP'

Class:Algorithm#

Class:AeadParams#

Class:AesDerivedKeyParams#

Class:AesCbcParams#

Class:AesCtrParams#

Class:AesKeyAlgorithm#

Class:AesKeyGenParams#

Class:Argon2Params#

Class:ContextParams#

Class:CShakeParams#

Class:EcdhKeyDeriveParams#

Class:EcdsaParams#

Class:EcKeyAlgorithm#

Class:EcKeyGenParams#

Class:EcKeyImportParams#

Class:EncapsulatedBits#

A temporary symmetric secret key (represented as<ArrayBuffer>) for message encryptionand the ciphertext (that can be transmitted to the message recipient along with themessage) encrypted by this shared key. The recipient uses their private key to determinewhat the shared key is which then allows them to decrypt the message.

Class:EncapsulatedKey#

A temporary symmetric secret key (represented as<CryptoKey>) for message encryptionand the ciphertext (that can be transmitted to the message recipient along with themessage) encrypted by this shared key. The recipient uses their private key to determinewhat the shared key is which then allows them to decrypt the message.

Class:HkdfParams#

Class:HmacImportParams#

Class:HmacKeyAlgorithm#

Class:HmacKeyGenParams#

Class:KeyAlgorithm#

Class:KmacImportParams#

Class:KmacKeyAlgorithm#

Class:KmacKeyGenParams#

Class:KmacParams#

Class:Pbkdf2Params#

Class:RsaHashedImportParams#

Class:RsaHashedKeyAlgorithm#

Class:RsaHashedKeyGenParams#

Class:RsaOaepParams#

Class:RsaPssParams#