Search the reference...
/
interface
A message recipient uses their asymmetric private key to decrypt an "encapsulated key" (ciphertext), thereby recovering a temporary symmetric key (represented as ArrayBuffer) which is then used to decrypt a message.
The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'Fulfills with ArrayBuffer upon success.
A message recipient uses their asymmetric private key to decrypt an "encapsulated key" (ciphertext), thereby recovering a temporary symmetric key (represented as CryptoKey) which is then used to decrypt a message.
The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'See Key usages.
Fulfills with CryptoKey upon success.
Using the method and parameters specified in algorithm and the keying material provided by key, this method attempts to decipher the provided data. If successful, the returned promise will be resolved with an <ArrayBuffer> containing the plaintext result.
The algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'Using the method and parameters specified in algorithm and the keying material provided by baseKey, this method attempts to generate length bits. The Node.js implementation requires that when length is a number it must be multiple of 8. When length is null the maximum number of bits for a given algorithm is generated. This is allowed for the 'ECDH', 'X25519', and 'X448' algorithms. If successful, the returned promise will be resolved with an <ArrayBuffer> containing the generated data.
The algorithms currently supported include:
'Argon2d''Argon2i''Argon2id''ECDH''HKDF''PBKDF2''X25519''X448'Using the method and parameters specified in algorithm, and the keying material provided by baseKey, this method attempts to generate a new <CryptoKey>based on the method and parameters inderivedKeyAlgorithm`.
Calling subtle.deriveKey() is equivalent to calling subtle.deriveBits() to generate raw keying material, then passing the result into the subtle.importKey() method using the deriveKeyAlgorithm, extractable, and keyUsages parameters as input.
The algorithms currently supported include:
'Argon2d''Argon2i''Argon2id''ECDH''HKDF''PBKDF2''X25519''X448'See Key usages.
Using the method identified by algorithm, subtle.digest() attempts to generate a digest of data. If successful, the returned promise is resolved with an <ArrayBuffer> containing the computed digest.
If algorithm is provided as a <string>, it must be one of:
'cSHAKE128''cSHAKE256''SHA-1''SHA-256''SHA-384''SHA-512''SHA3-256''SHA3-384''SHA3-512'If algorithm is provided as an <Object>, it must have a name property whose value is one of the above.
Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key. This encrypted key is the "encapsulated key" represented as EncapsulatedBits.
The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'Fulfills with EncapsulatedBits upon success.
Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key. This encrypted key is the "encapsulated key" represented as EncapsulatedKey.
The algorithms currently supported include:
'ML-KEM-512''ML-KEM-768''ML-KEM-1024'See Key usages.
Fulfills with EncapsulatedKey upon success.
Using the method and parameters specified by algorithm and the keying material provided by key, this method attempts to encipher data. If successful, the returned promise is resolved with an <ArrayBuffer> containing the encrypted result.
The algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'Exports the given key into the specified format, if supported.
If the <CryptoKey> is not extractable, the returned promise will reject.
When format is either 'pkcs8' or 'spki' and the export is successful, the returned promise will be resolved with an <ArrayBuffer> containing the exported key data.
When format is 'jwk' and the export is successful, the returned promise will be resolved with a JavaScript object conforming to the JSON Web Key specification.
Must be one of 'raw', 'pkcs8', 'spki', 'jwk', 'raw-secret', 'raw-public', or 'raw-seed'.
<Promise> containing <ArrayBuffer>.
Using the parameters provided in algorithm, this method attempts to generate new keying material. Depending on the algorithm used either a single CryptoKey or a CryptoKeyPair is generated.
The CryptoKeyPair (public and private key) generating algorithms supported include:
'ECDH''ECDSA''Ed25519''Ed448''ML-DSA-44''ML-DSA-65''ML-DSA-87''ML-KEM-512''ML-KEM-768''ML-KEM-1024''RSA-OAEP''RSA-PSS''RSASSA-PKCS1-v1_5''X25519''X448'The CryptoKey (secret key) generating algorithms supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''HMAC''KMAC128''KMAC256'See Key usages.
Derives the public key from a given private key.
A private key from which to derive the corresponding public key.
See Key usages.
Fulfills with a CryptoKey upon success.
This method attempts to interpret the provided keyData as the given format to create a CryptoKey instance using the provided algorithm, extractable, and keyUsages arguments. If the import is successful, the returned promise will be resolved with a {CryptoKey} representation of the key material.
If importing KDF algorithm keys, extractable must be false.
Must be one of 'raw', 'pkcs8', 'spki', 'jwk', 'raw-secret', 'raw-public', or 'raw-seed'.
See Key usages.
Using the method and parameters given by algorithm and the keying material provided by key, this method attempts to generate a cryptographic signature of data. If successful, the returned promise is resolved with an <ArrayBuffer> containing the generated signature.
The algorithms currently supported include:
'ECDSA''Ed25519''Ed448''HMAC''KMAC128''KMAC256''ML-DSA-44''ML-DSA-65''ML-DSA-87''RSA-PSS''RSASSA-PKCS1-v1_5'In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. This method attempts to decrypt a wrapped key and create a <CryptoKey> instance. It is equivalent to calling subtle.decrypt() first on the encrypted key data (using the wrappedKey, unwrapAlgo, and unwrappingKey arguments as input) then passing the results in to the subtle.importKey() method using the unwrappedKeyAlgo, extractable, and keyUsages arguments as inputs. If successful, the returned promise is resolved with a <CryptoKey> object.
The wrapping algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'The unwrapped key algorithms supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''ECDH''ECDSA''Ed25519''Ed448''HMAC''KMAC128''KMAC256''ML-DSA-44''ML-DSA-65''ML-DSA-87''ML-KEM-512''ML-KEM-768''ML-KEM-1024''RSA-OAEP''RSA-PSS''RSASSA-PKCS1-v1_5''X25519''X448'Must be one of 'raw', 'pkcs8', 'spki', 'jwk', 'raw-secret', 'raw-public', or 'raw-seed'.
See Key usages.
Using the method and parameters given in algorithm and the keying material provided by key, This method attempts to verify that signature is a valid cryptographic signature of data. The returned promise is resolved with either true or false.
The algorithms currently supported include:
'ECDSA''Ed25519''Ed448''HMAC''KMAC128''KMAC256''ML-DSA-44''ML-DSA-65''ML-DSA-87''RSA-PSS''RSASSA-PKCS1-v1_5'In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. This method exports the keying material into the format identified by format, then encrypts it using the method and parameters specified by wrapAlgo and the keying material provided by wrappingKey. It is the equivalent to calling subtle.exportKey() using format and key as the arguments, then passing the result to the subtle.encrypt() method using wrappingKey and wrapAlgo as inputs. If successful, the returned promise will be resolved with an <ArrayBuffer> containing the encrypted key data.
The wrapping algorithms currently supported include:
'AES-CBC''AES-CTR''AES-GCM''AES-KW''AES-OCB''ChaCha20-Poly1305''RSA-OAEP'Must be one of 'raw', 'pkcs8', 'spki', 'jwk', 'raw-secret', 'raw-public', or 'raw-seed'.