An implementation of the Web Crypto API standard.
See the Web Crypto API documentation for details.
namespace
crypto.webcrypto
namespace webcrypto
interface AeadParams
interface AesCbcParams
interface AesCtrParams
interface AesDerivedKeyParams
interface AesKeyAlgorithm
interface AesKeyGenParams
interface Argon2Params
interface ContextParams
interface Crypto
Importing the
webcryptoobject (import { webcrypto } from 'node:crypto') gives an instance of theCryptoclass.Cryptois a singleton that provides access to the remainder of the crypto API.- getRandomValues<T extends Uint8Array<ArrayBufferLike> | Uint8ClampedArray<ArrayBufferLike> | Uint16Array<ArrayBufferLike> | Uint32Array<ArrayBufferLike> | Int8Array<ArrayBufferLike> | Int16Array<ArrayBufferLike> | Int32Array<ArrayBufferLike> | BigUint64Array<ArrayBufferLike> | BigInt64Array<ArrayBufferLike>>(typedArray: T): T;
Generates cryptographically strong random values. The given
typedArrayis filled with random values, and a reference totypedArrayis returned.The given
typedArraymust be an integer-based instance of NodeJS.TypedArray, i.e.Float32ArrayandFloat64Arrayare not accepted.An error will be thrown if the given
typedArrayis larger than 65,536 bytes. Generates a random RFC 4122 version 4 UUID. The UUID is generated using a cryptographic pseudorandom number generator.
interface CryptoKey
- readonly algorithm: KeyAlgorithm
An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters.
- readonly extractable: boolean
When
true, the CryptoKey can be extracted using eithersubtleCrypto.exportKey()orsubtleCrypto.wrapKey(). - readonly usages: KeyUsage[]
An array of strings identifying the operations for which the key may be used.
The possible usages are:
'encrypt'- The key may be used to encrypt data.'decrypt'- The key may be used to decrypt data.'sign'- The key may be used to generate digital signatures.'verify'- The key may be used to verify digital signatures.'deriveKey'- The key may be used to derive a new key.'deriveBits'- The key may be used to derive bits.'wrapKey'- The key may be used to wrap another key.'unwrapKey'- The key may be used to unwrap another key.
Valid key usages depend on the key algorithm (identified by
cryptokey.algorithm.name).
interface CryptoKeyPair
The
CryptoKeyPairis a simple dictionary object withpublicKeyandprivateKeyproperties, representing an asymmetric key pair.interface CShakeParams
interface EcdhKeyDeriveParams
interface EcdsaParams
interface EcKeyAlgorithm
interface EcKeyGenParams
interface EcKeyImportParams
interface EncapsulatedBits
interface EncapsulatedKey
interface HkdfParams
interface HmacImportParams
interface HmacKeyAlgorithm
interface HmacKeyGenParams
interface KeyAlgorithm
interface KmacImportParams
interface KmacKeyAlgorithm
interface KmacKeyGenParams
interface KmacParams
interface Pbkdf2Params
interface RsaHashedImportParams
interface RsaHashedKeyAlgorithm
interface RsaHashedKeyGenParams
interface RsaKeyAlgorithm
interface RsaKeyGenParams
interface RsaOaepParams
interface RsaOtherPrimesInfo
interface RsaPssParams
interface SubtleCrypto
A message recipient uses their asymmetric private key to decrypt an "encapsulated key" (ciphertext), thereby recovering a temporary symmetric key (represented as
ArrayBuffer) which is then used to decrypt a message.The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'
@returnsFulfills with
ArrayBufferupon success.- sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,extractable: boolean,
A message recipient uses their asymmetric private key to decrypt an "encapsulated key" (ciphertext), thereby recovering a temporary symmetric key (represented as
CryptoKey) which is then used to decrypt a message.The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'
@param usagesSee Key usages.
@returnsFulfills with
CryptoKeyupon success. Using the method and parameters specified in
algorithmand the keying material provided bykey, this method attempts to decipher the provideddata. If successful, the returned promise will be resolved with an<ArrayBuffer>containing the plaintext result.The algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'
- length?: null | number
Using the method and parameters specified in
algorithmand the keying material provided bybaseKey, this method attempts to generatelengthbits. The Node.js implementation requires that whenlengthis a number it must be multiple of8. Whenlengthisnullthe maximum number of bits for a given algorithm is generated. This is allowed for the'ECDH','X25519', and'X448'algorithms. If successful, the returned promise will be resolved with an<ArrayBuffer>containing the generated data.The algorithms currently supported include:
'Argon2d''Argon2i''Argon2id''ECDH''HKDF''PBKDF2''X25519''X448'
length: number - derivedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,extractable: boolean,
Using the method and parameters specified in
algorithm, and the keying material provided bybaseKey, this method attempts to generate a new <CryptoKey>based on the method and parameters inderivedKeyAlgorithm`.Calling
subtle.deriveKey()is equivalent to callingsubtle.deriveBits()to generate raw keying material, then passing the result into thesubtle.importKey()method using thederiveKeyAlgorithm,extractable, andkeyUsagesparameters as input.The algorithms currently supported include:
'Argon2d''Argon2i''Argon2id''ECDH''HKDF''PBKDF2''X25519''X448'
@param keyUsagesSee Key usages.
Using the method identified by
algorithm,subtle.digest()attempts to generate a digest ofdata. If successful, the returned promise is resolved with an<ArrayBuffer>containing the computed digest.If
algorithmis provided as a<string>, it must be one of:'cSHAKE128''cSHAKE256''SHA-1''SHA-256''SHA-384''SHA-512''SHA3-256''SHA3-384''SHA3-512'
If
algorithmis provided as an<Object>, it must have anameproperty whose value is one of the above.Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key. This encrypted key is the "encapsulated key" represented as
EncapsulatedBits.The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'
@returnsFulfills with
EncapsulatedBitsupon success.- sharedKeyAlgorithm: AlgorithmIdentifier | HmacImportParams | AesDerivedKeyParams | KmacImportParams,extractable: boolean,
Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key. This encrypted key is the "encapsulated key" represented as
EncapsulatedKey.The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'
@param usagesSee Key usages.
@returnsFulfills with
EncapsulatedKeyupon success. Using the method and parameters specified by
algorithmand the keying material provided bykey, this method attempts to encipherdata. If successful, the returned promise is resolved with an<ArrayBuffer>containing the encrypted result.The algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'
- format: 'jwk',
Exports the given key into the specified format, if supported.
If the
<CryptoKey>is not extractable, the returned promise will reject.When
formatis either'pkcs8'or'spki'and the export is successful, the returned promise will be resolved with an<ArrayBuffer>containing the exported key data.When
formatis'jwk'and the export is successful, the returned promise will be resolved with a JavaScript object conforming to the JSON Web Key specification.@param formatMust be one of
'raw','pkcs8','spki','jwk','raw-secret','raw-public', or'raw-seed'.@returns<Promise>containing<ArrayBuffer>.format: 'spki' | 'pkcs8' | 'raw' | 'raw-public' | 'raw-secret' | 'raw-seed', - extractable: boolean,
Using the parameters provided in
algorithm, this method attempts to generate new keying material. Depending on the algorithm used either a singleCryptoKeyor aCryptoKeyPairis generated.The
CryptoKeyPair(public and private key) generating algorithms supported include:'ECDH''ECDSA''Ed25519''Ed448''ML-DSA-44''ML-DSA-65''ML-DSA-87''ML-KEM-512''ML-KEM-768''ML-KEM-1024''RSA-OAEP''RSA-PSS''RSASSA-PKCS1-v1_5''X25519''X448'
The
CryptoKey(secret key) generating algorithms supported include:'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''HMAC''KMAC128''KMAC256'
@param keyUsagesSee Key usages.
extractable: boolean,extractable: boolean, Derives the public key from a given private key.
@param keyA private key from which to derive the corresponding public key.
@param keyUsagesSee Key usages.
@returnsFulfills with a
CryptoKeyupon success.- format: 'jwk',algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm | KmacImportParams,extractable: boolean,
This method attempts to interpret the provided
keyDataas the givenformatto create aCryptoKeyinstance using the providedalgorithm,extractable, andkeyUsagesarguments. If the import is successful, the returned promise will be resolved with a {CryptoKey} representation of the key material.If importing KDF algorithm keys,
extractablemust befalse.@param formatMust be one of
'raw','pkcs8','spki','jwk','raw-secret','raw-public', or'raw-seed'.@param keyUsagesSee Key usages.
format: 'spki' | 'pkcs8' | 'raw' | 'raw-public' | 'raw-secret' | 'raw-seed',algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm | KmacImportParams,extractable: boolean, - sign(
Using the method and parameters given by
algorithmand the keying material provided bykey, this method attempts to generate a cryptographic signature ofdata. If successful, the returned promise is resolved with an<ArrayBuffer>containing the generated signature.The algorithms currently supported include:
'ECDSA''Ed25519''Ed448''HMAC''KMAC128''KMAC256''ML-DSA-44''ML-DSA-65''ML-DSA-87''RSA-PSS''RSASSA-PKCS1-v1_5'
- unwrappedKeyAlgorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm | KmacImportParams,extractable: boolean,
In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. This method attempts to decrypt a wrapped key and create a
<CryptoKey>instance. It is equivalent to callingsubtle.decrypt()first on the encrypted key data (using thewrappedKey,unwrapAlgo, andunwrappingKeyarguments as input) then passing the results in to thesubtle.importKey()method using theunwrappedKeyAlgo,extractable, andkeyUsagesarguments as inputs. If successful, the returned promise is resolved with a<CryptoKey>object.The wrapping algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'
The unwrapped key algorithms supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''ECDH''ECDSA''Ed25519''Ed448''HMAC''KMAC128''KMAC256''ML-DSA-44''ML-DSA-65''ML-DSA-87''ML-KEM-512''ML-KEM-768''ML-KEM-1024''RSA-OAEP''RSA-PSS''RSASSA-PKCS1-v1_5''X25519''X448'
@param formatMust be one of
'raw','pkcs8','spki','jwk','raw-secret','raw-public', or'raw-seed'.@param keyUsagesSee Key usages.
- ): Promise<boolean>;
Using the method and parameters given in
algorithmand the keying material provided bykey, This method attempts to verify thatsignatureis a valid cryptographic signature ofdata. The returned promise is resolved with eithertrueorfalse.The algorithms currently supported include:
'ECDSA''Ed25519''Ed448''HMAC''KMAC128''KMAC256''ML-DSA-44''ML-DSA-65''ML-DSA-87''RSA-PSS''RSASSA-PKCS1-v1_5'
In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. This method exports the keying material into the format identified by
format, then encrypts it using the method and parameters specified bywrapAlgoand the keying material provided bywrappingKey. It is the equivalent to callingsubtle.exportKey()usingformatandkeyas the arguments, then passing the result to thesubtle.encrypt()method usingwrappingKeyandwrapAlgoas inputs. If successful, the returned promise will be resolved with an<ArrayBuffer>containing the encrypted key data.The wrapping algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'
@param formatMust be one of
'raw','pkcs8','spki','jwk','raw-secret','raw-public', or'raw-seed'.
- type AlgorithmIdentifier = Algorithm | string
- type BigInteger = Uint8Array
- type BufferSource = ArrayBufferView | ArrayBuffer
- type KeyFormat = 'jwk' | 'pkcs8' | 'raw' | 'raw-public' | 'raw-secret' | 'raw-seed' | 'spki'
- type KeyType = 'private' | 'public' | 'secret'
- type KeyUsage = 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'encapsulateBits' | 'decapsulateBits' | 'encapsulateKey' | 'decapsulateKey' | 'wrapKey' | 'unwrapKey'
- type NamedCurve = string