Usage in Deno
import { type webcrypto } from "node:crypto"; type { SubtleCrypto } = webcrypto;
decrypt(): Promise<ArrayBuffer>
Using the method and parameters specified in algorithm
and the keying material provided by key
,
subtle.decrypt()
attempts to decipher the provided data
. If successful,
the returned promise will be resolved with an <ArrayBuffer>
containing the plaintext result.
The algorithms currently supported include:
'RSA-OAEP'
'AES-CTR'
'AES-CBC'
'AES-GCM'
deriveBits(): Promise<ArrayBuffer>
Using the method and parameters specified in algorithm
and the keying material provided by baseKey
,
subtle.deriveBits()
attempts to generate length
bits.
The Node.js implementation requires that when length
is a number it must be multiple of 8
.
When length
is null
the maximum number of bits for a given algorithm is generated. This is allowed
for the 'ECDH'
, 'X25519'
, and 'X448'
algorithms.
If successful, the returned promise will be resolved with an <ArrayBuffer>
containing the generated data.
The algorithms currently supported include:
'ECDH'
'X25519'
'X448'
'HKDF'
'PBKDF2'
deriveBits(): Promise<ArrayBuffer>
Using the method and parameters specified in algorithm
, and the keying material provided by baseKey
,
subtle.deriveKey()
attempts to generate a new based on the method and parameters in
derivedKeyAlgorithm`.
Calling subtle.deriveKey()
is equivalent to calling subtle.deriveBits()
to generate raw keying material,
then passing the result into the subtle.importKey()
method using the deriveKeyAlgorithm
, extractable
, and keyUsages
parameters as input.
The algorithms currently supported include:
'ECDH'
'X25519'
'X448'
'HKDF'
'PBKDF2'
digest(algorithm: AlgorithmIdentifier,data: BufferSource,): Promise<ArrayBuffer>
Using the method identified by algorithm
, subtle.digest()
attempts to generate a digest of data
.
If successful, the returned promise is resolved with an <ArrayBuffer>
containing the computed digest.
If algorithm
is provided as a <string>
, it must be one of:
'SHA-1'
'SHA-256'
'SHA-384'
'SHA-512'
If algorithm
is provided as an <Object>
, it must have a name
property whose value is one of the above.
encrypt(): Promise<ArrayBuffer>
Using the method and parameters specified by algorithm
and the keying material provided by key
,
subtle.encrypt()
attempts to encipher data
. If successful,
the returned promise is resolved with an <ArrayBuffer>
containing the encrypted result.
The algorithms currently supported include:
'RSA-OAEP'
'AES-CTR'
'AES-CBC'
'AES-GCM'
exportKey(format: "jwk",key: CryptoKey,): Promise<JsonWebKey>
Exports the given key into the specified format, if supported.
If the <CryptoKey>
is not extractable, the returned promise will reject.
When format
is either 'pkcs8'
or 'spki'
and the export is successful,
the returned promise will be resolved with an <ArrayBuffer>
containing the exported key data.
When format
is 'jwk'
and the export is successful, the returned promise will be resolved with a
JavaScript object conforming to the JSON Web Key specification.
generateKey(algorithm: RsaHashedKeyGenParams | EcKeyGenParams,extractable: boolean,keyUsages: readonly KeyUsage[],): Promise<CryptoKeyPair>
Using the method and parameters provided in algorithm
,
subtle.generateKey()
attempts to generate new keying material.
Depending the method used, the method may generate either a single <CryptoKey>
or a <CryptoKeyPair>
.
The <CryptoKeyPair>
(public and private key) generating algorithms supported include:
-
'RSASSA-PKCS1-v1_5'
-
'RSA-PSS'
-
'RSA-OAEP'
-
'ECDSA'
-
'Ed25519'
-
'Ed448'
-
'ECDH'
-
'X25519'
-
'X448'
The<CryptoKey>
(secret key) generating algorithms supported include: -
'HMAC'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
-
'AES-KW'
generateKey(): Promise<CryptoKey>
generateKey(): Promise<CryptoKeyPair | CryptoKey>
importKey(): Promise<CryptoKey>
The subtle.importKey()
method attempts to interpret the provided keyData
as the given format
to create a <CryptoKey>
instance using the provided algorithm
, extractable
, and keyUsages
arguments.
If the import is successful, the returned promise will be resolved with the created <CryptoKey>
.
If importing a 'PBKDF2'
key, extractable
must be false
.
importKey(format: Exclude<KeyFormat, "jwk">,keyData: BufferSource,algorithm: ,extractable: boolean,keyUsages: KeyUsage[],): Promise<CryptoKey>
sign(): Promise<ArrayBuffer>
Using the method and parameters given by algorithm
and the keying material provided by key
,
subtle.sign()
attempts to generate a cryptographic signature of data
. If successful,
the returned promise is resolved with an <ArrayBuffer>
containing the generated signature.
The algorithms currently supported include:
'RSASSA-PKCS1-v1_5'
'RSA-PSS'
'ECDSA'
'Ed25519'
'Ed448'
'HMAC'
In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
The subtle.unwrapKey()
method attempts to decrypt a wrapped key and create a <CryptoKey>
instance.
It is equivalent to calling subtle.decrypt()
first on the encrypted key data (using the wrappedKey
, unwrapAlgo
, and unwrappingKey
arguments as input)
then passing the results in to the subtle.importKey()
method using the unwrappedKeyAlgo
, extractable
, and keyUsages
arguments as inputs.
If successful, the returned promise is resolved with a <CryptoKey>
object.
The wrapping algorithms currently supported include:
'RSA-OAEP'
'AES-CTR'
'AES-CBC'
'AES-GCM'
'AES-KW'
The unwrapped key algorithms supported include:
'RSASSA-PKCS1-v1_5'
'RSA-PSS'
'RSA-OAEP'
'ECDSA'
'Ed25519'
'Ed448'
'ECDH'
'X25519'
'X448'
'HMAC'
'AES-CTR'
'AES-CBC'
'AES-GCM'
'AES-KW'
verify(): Promise<boolean>
Using the method and parameters given in algorithm
and the keying material provided by key
,
subtle.verify()
attempts to verify that signature
is a valid cryptographic signature of data
.
The returned promise is resolved with either true
or false
.
The algorithms currently supported include:
'RSASSA-PKCS1-v1_5'
'RSA-PSS'
'ECDSA'
'Ed25519'
'Ed448'
'HMAC'
In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material.
The subtle.wrapKey()
method exports the keying material into the format identified by format
,
then encrypts it using the method and parameters specified by wrapAlgo
and the keying material provided by wrappingKey
.
It is the equivalent to calling subtle.exportKey()
using format
and key
as the arguments,
then passing the result to the subtle.encrypt()
method using wrappingKey
and wrapAlgo
as inputs.
If successful, the returned promise will be resolved with an <ArrayBuffer>
containing the encrypted key data.
The wrapping algorithms currently supported include:
'RSA-OAEP'
'AES-CTR'
'AES-CBC'
'AES-GCM'
'AES-KW'