BuildDocsReferenceGuidesBlog
Discord logo
Discord
GitHub logo
Bun

class

SubtleCrypto

class SubtleCrypto

This Web Crypto API interface provides a number of low-level cryptographic functions. It is accessed via the Crypto.subtle properties available in a window context (via Window.crypto). Available only in secure contexts.

MDN Reference

  • decapsulationAlgorithm: AlgorithmIdentifier,
    decapsulationKey: CryptoKey,
    ciphertext: BufferSource
    ): Promise<ArrayBuffer>;

    A message recipient uses their asymmetric private key to decrypt an "encapsulated key" (ciphertext), thereby recovering a temporary symmetric key (represented as ArrayBuffer) which is then used to decrypt a message.

    The algorithms currently supported include:

    • 'ML-KEM-512'
    • 'ML-KEM-768'
    • 'ML-KEM-1024'
    @returns

    Fulfills with ArrayBuffer upon success.

  • decapsulationAlgorithm: AlgorithmIdentifier,
    decapsulationKey: CryptoKey,
    ciphertext: BufferSource,
    sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,
    extractable: boolean,
    usages: KeyUsage[]
    ): Promise<CryptoKey>;

    A message recipient uses their asymmetric private key to decrypt an "encapsulated key" (ciphertext), thereby recovering a temporary symmetric key (represented as CryptoKey) which is then used to decrypt a message.

    The algorithms currently supported include:

    • 'ML-KEM-512'
    • 'ML-KEM-768'
    • 'ML-KEM-1024'
    @param usages
    @returns

    Fulfills with CryptoKey upon success.

  • algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
    key: CryptoKey,
    data: BufferSource
    ): Promise<ArrayBuffer>;
  • algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
    baseKey: CryptoKey,
    length?: null | number
    ): Promise<ArrayBuffer>;
  • algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
    baseKey: CryptoKey,
    derivedKeyType: AlgorithmIdentifier | HkdfParams | Pbkdf2Params | AesDerivedKeyParams | HmacImportParams,
    extractable: boolean,
    keyUsages: KeyUsage[]
    ): Promise<CryptoKey>;
    algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params,
    baseKey: CryptoKey,
    derivedKeyType: AlgorithmIdentifier | HkdfParams | Pbkdf2Params | AesDerivedKeyParams | HmacImportParams,
    extractable: boolean,
    keyUsages: Iterable<KeyUsage>
    ): Promise<CryptoKey>;
  • algorithm: AlgorithmIdentifier,
    data: BufferSource
    ): Promise<ArrayBuffer>;
  • encapsulationAlgorithm: AlgorithmIdentifier,
    encapsulationKey: CryptoKey
    ): Promise<EncapsulatedBits>;

    Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key. This encrypted key is the "encapsulated key" represented as EncapsulatedBits.

    The algorithms currently supported include:

    • 'ML-KEM-512'
    • 'ML-KEM-768'
    • 'ML-KEM-1024'
    @returns

    Fulfills with EncapsulatedBits upon success.

  • encapsulationAlgorithm: AlgorithmIdentifier,
    encapsulationKey: CryptoKey,
    sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,
    extractable: boolean,
    usages: KeyUsage[]
    ): Promise<EncapsulatedKey>;

    Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key. This encrypted key is the "encapsulated key" represented as EncapsulatedKey.

    The algorithms currently supported include:

    • 'ML-KEM-512'
    • 'ML-KEM-768'
    • 'ML-KEM-1024'
    @param usages
    @returns

    Fulfills with EncapsulatedKey upon success.

  • algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
    key: CryptoKey,
    data: BufferSource
    ): Promise<ArrayBuffer>;
  • format: 'jwk',
    key: CryptoKey
    ): Promise<JsonWebKey>;
    format: 'spki' | 'pkcs8' | 'raw',
    key: CryptoKey
    ): Promise<ArrayBuffer>;
    format: KeyFormat,
    key: CryptoKey
    ): Promise<ArrayBuffer | JsonWebKey>;
  • algorithm: 'Ed25519' | { name: 'Ed25519' },
    extractable: boolean,
    keyUsages: readonly 'sign' | 'verify'[]
    ): Promise<CryptoKeyPair>;
    algorithm: RsaHashedKeyGenParams | EcKeyGenParams,
    extractable: boolean,
    keyUsages: readonly KeyUsage[]
    ): Promise<CryptoKeyPair>;
    algorithm: Pbkdf2Params | AesKeyGenParams | HmacKeyGenParams,
    extractable: boolean,
    keyUsages: readonly KeyUsage[]
    ): Promise<CryptoKey>;
    algorithm: AlgorithmIdentifier,
    extractable: boolean,
    keyUsages: KeyUsage[]
    ): Promise<CryptoKeyPair | CryptoKey>;
    algorithm: AlgorithmIdentifier,
    extractable: boolean,
    keyUsages: Iterable<KeyUsage>
    ): Promise<CryptoKeyPair | CryptoKey>;
  • key: CryptoKey,
    keyUsages: KeyUsage[]
    ): Promise<CryptoKey>;

    Derives the public key from a given private key.

    @param key

    A private key from which to derive the corresponding public key.

    @param keyUsages
    @returns

    Fulfills with a CryptoKey upon success.

  • format: 'jwk',
    keyData: JsonWebKey,
    algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams | EcKeyImportParams | AesKeyAlgorithm,
    extractable: boolean,
    keyUsages: readonly KeyUsage[]
    ): Promise<CryptoKey>;
    format: 'spki' | 'pkcs8' | 'raw',
    keyData: BufferSource,
    algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams | EcKeyImportParams | AesKeyAlgorithm,
    extractable: boolean,
    keyUsages: KeyUsage[]
    ): Promise<CryptoKey>;
    format: 'spki' | 'pkcs8' | 'raw',
    keyData: BufferSource,
    algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams | EcKeyImportParams | AesKeyAlgorithm,
    extractable: boolean,
    keyUsages: Iterable<KeyUsage>
    ): Promise<CryptoKey>;
  • algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams,
    key: CryptoKey,
    data: BufferSource
    ): Promise<ArrayBuffer>;
  • format: KeyFormat,
    wrappedKey: BufferSource,
    unwrappingKey: CryptoKey,
    unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
    unwrappedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams | EcKeyImportParams | AesKeyAlgorithm,
    extractable: boolean,
    keyUsages: KeyUsage[]
    ): Promise<CryptoKey>;
    format: KeyFormat,
    wrappedKey: BufferSource,
    unwrappingKey: CryptoKey,
    unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams,
    unwrappedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams | EcKeyImportParams | AesKeyAlgorithm,
    extractable: boolean,
    keyUsages: Iterable<KeyUsage>
    ): Promise<CryptoKey>;
  • algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams,
    key: CryptoKey,
    signature: BufferSource,
    data: BufferSource
    ): Promise<boolean>;
  • format: KeyFormat,
    key: CryptoKey,
    wrappingKey: CryptoKey,
    wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams
    ): Promise<ArrayBuffer>;