Node.js provides an implementation of the Web Crypto API standard.

Use globalThis.crypto or require('node:crypto').webcrypto to access this\nmodule.

const { subtle } = globalThis.crypto;\n\n(async function() {\n\n  const key = await subtle.generateKey({\n    name: 'HMAC',\n    hash: 'SHA-256',\n    length: 256,\n  }, true, ['sign', 'verify']);\n\n  const enc = new TextEncoder();\n  const message = enc.encode('I love cupcakes');\n\n  const digest = await subtle.sign({\n    name: 'HMAC',\n  }, key, message);\n\n})();\n

Node.js provides an implementation of the following features from the\nModern Algorithms in the Web Cryptography API\nWICG proposal:

Algorithms:

\n
• 'AES-OCB'¹
\n
• 'Argon2d'²
\n
• 'Argon2i'²
\n
• 'Argon2id'²
\n
• 'ChaCha20-Poly1305'
\n
• 'cSHAKE128'
\n
• 'cSHAKE256'
\n
• 'KMAC128'¹
\n
• 'KMAC256'¹
\n
• 'ML-DSA-44'³
\n
• 'ML-DSA-65'³
\n
• 'ML-DSA-87'³
\n
• 'ML-KEM-512'³
\n
• 'ML-KEM-768'³
\n
• 'ML-KEM-1024'³
\n
• 'SHA3-256'
\n
• 'SHA3-384'
\n
• 'SHA3-512'
\n

Key Formats:

\n
• 'raw-public'
\n
• 'raw-secret'
\n
• 'raw-seed'
\n

Methods:

\n
• subtle.decapsulateBits()
\n
• subtle.decapsulateKey()
\n
• subtle.encapsulateBits()
\n
• subtle.encapsulateKey()
\n
• subtle.getPublicKey()
\n
• SubtleCrypto.supports()
\n

Node.js provides an implementation of the following features from the\nSecure Curves in the Web Cryptography API\nWICG proposal:

Algorithms:

\n
• 'Ed448'
\n
• 'X448'
\n

The <SubtleCrypto> class can be used to generate symmetric (secret) keys\nor asymmetric key pairs (public key and private key).

const { subtle } = globalThis.crypto;\n\nasync function generateAesKey(length = 256) {\n  const key = await subtle.generateKey({\n    name: 'AES-CBC',\n    length,\n  }, true, ['encrypt', 'decrypt']);\n\n  return key;\n}\n

const { subtle } = globalThis.crypto;\n\nasync function generateEcKey(namedCurve = 'P-521') {\n  const {\n    publicKey,\n    privateKey,\n  } = await subtle.generateKey({\n    name: 'ECDSA',\n    namedCurve,\n  }, true, ['sign', 'verify']);\n\n  return { publicKey, privateKey };\n}\n

const { subtle } = globalThis.crypto;\n\nasync function generateEd25519Key() {\n  return subtle.generateKey({\n    name: 'Ed25519',\n  }, true, ['sign', 'verify']);\n}\n\nasync function generateX25519Key() {\n  return subtle.generateKey({\n    name: 'X25519',\n  }, true, ['deriveKey']);\n}\n

const { subtle } = globalThis.crypto;\n\nasync function generateHmacKey(hash = 'SHA-256') {\n  const key = await subtle.generateKey({\n    name: 'HMAC',\n    hash,\n  }, true, ['sign', 'verify']);\n\n  return key;\n}\n

const { subtle } = globalThis.crypto;\nconst publicExponent = new Uint8Array([1, 0, 1]);\n\nasync function generateRsaKey(modulusLength = 2048, hash = 'SHA-256') {\n  const {\n    publicKey,\n    privateKey,\n  } = await subtle.generateKey({\n    name: 'RSASSA-PKCS1-v1_5',\n    modulusLength,\n    publicExponent,\n    hash,\n  }, true, ['sign', 'verify']);\n\n  return { publicKey, privateKey };\n}\n

const crypto = globalThis.crypto;\n\nasync function aesEncrypt(plaintext) {\n  const ec = new TextEncoder();\n  const key = await generateAesKey();\n  const iv = crypto.getRandomValues(new Uint8Array(16));\n\n  const ciphertext = await crypto.subtle.encrypt({\n    name: 'AES-CBC',\n    iv,\n  }, key, ec.encode(plaintext));\n\n  return {\n    key,\n    iv,\n    ciphertext,\n  };\n}\n\nasync function aesDecrypt(ciphertext, key, iv) {\n  const dec = new TextDecoder();\n  const plaintext = await crypto.subtle.decrypt({\n    name: 'AES-CBC',\n    iv,\n  }, key, ciphertext);\n\n  return dec.decode(plaintext);\n}\n

const { subtle } = globalThis.crypto;\n\nasync function generateAndExportHmacKey(format = 'jwk', hash = 'SHA-512') {\n  const key = await subtle.generateKey({\n    name: 'HMAC',\n    hash,\n  }, true, ['sign', 'verify']);\n\n  return subtle.exportKey(format, key);\n}\n\nasync function importHmacKey(keyData, format = 'jwk', hash = 'SHA-512') {\n  const key = await subtle.importKey(format, keyData, {\n    name: 'HMAC',\n    hash,\n  }, true, ['sign', 'verify']);\n\n  return key;\n}\n

const { subtle } = globalThis.crypto;\n\nasync function generateAndWrapHmacKey(format = 'jwk', hash = 'SHA-512') {\n  const [\n    key,\n    wrappingKey,\n  ] = await Promise.all([\n    subtle.generateKey({\n      name: 'HMAC', hash,\n    }, true, ['sign', 'verify']),\n    subtle.generateKey({\n      name: 'AES-KW',\n      length: 256,\n    }, true, ['wrapKey', 'unwrapKey']),\n  ]);\n\n  const wrappedKey = await subtle.wrapKey(format, key, wrappingKey, 'AES-KW');\n\n  return { wrappedKey, wrappingKey };\n}\n\nasync function unwrapHmacKey(\n  wrappedKey,\n  wrappingKey,\n  format = 'jwk',\n  hash = 'SHA-512') {\n\n  const key = await subtle.unwrapKey(\n    format,\n    wrappedKey,\n    wrappingKey,\n    'AES-KW',\n    { name: 'HMAC', hash },\n    true,\n    ['sign', 'verify']);\n\n  return key;\n}\n

const { subtle } = globalThis.crypto;\n\nasync function sign(key, data) {\n  const ec = new TextEncoder();\n  const signature =\n    await subtle.sign('RSASSA-PKCS1-v1_5', key, ec.encode(data));\n  return signature;\n}\n\nasync function verify(key, signature, data) {\n  const ec = new TextEncoder();\n  const verified =\n    await subtle.verify(\n      'RSASSA-PKCS1-v1_5',\n      key,\n      signature,\n      ec.encode(data));\n  return verified;\n}\n

const { subtle } = globalThis.crypto;\n\nasync function pbkdf2(pass, salt, iterations = 1000, length = 256) {\n  const ec = new TextEncoder();\n  const key = await subtle.importKey(\n    'raw',\n    ec.encode(pass),\n    'PBKDF2',\n    false,\n    ['deriveBits']);\n  const bits = await subtle.deriveBits({\n    name: 'PBKDF2',\n    hash: 'SHA-512',\n    salt: ec.encode(salt),\n    iterations,\n  }, key, length);\n  return bits;\n}\n\nasync function pbkdf2Key(pass, salt, iterations = 1000, length = 256) {\n  const ec = new TextEncoder();\n  const keyMaterial = await subtle.importKey(\n    'raw',\n    ec.encode(pass),\n    'PBKDF2',\n    false,\n    ['deriveKey']);\n  const key = await subtle.deriveKey({\n    name: 'PBKDF2',\n    hash: 'SHA-512',\n    salt: ec.encode(salt),\n    iterations,\n  }, keyMaterial, {\n    name: 'AES-GCM',\n    length,\n  }, true, ['encrypt', 'decrypt']);\n  return key;\n}\n

const { subtle } = globalThis.crypto;\n\nasync function digest(data, algorithm = 'SHA-512') {\n  const ec = new TextEncoder();\n  const digest = await subtle.digest(algorithm, ec.encode(data));\n  return digest;\n}\n

SubtleCrypto.supports() allows feature detection in Web Crypto API,\nwhich can be used to detect whether a given algorithm identifier\n(including its parameters) is supported for the given operation.

This example derives a key from a password using Argon2, if available,\nor PBKDF2, otherwise; and then encrypts and decrypts some text with it\nusing AES-OCB, if available, and AES-GCM, otherwise.

const { SubtleCrypto, crypto } = globalThis;\n\nconst password = 'correct horse battery staple';\nconst derivationAlg =\n  SubtleCrypto.supports?.('importKey', 'Argon2id') ?\n    'Argon2id' :\n    'PBKDF2';\nconst encryptionAlg =\n  SubtleCrypto.supports?.('importKey', 'AES-OCB') ?\n    'AES-OCB' :\n    'AES-GCM';\nconst passwordKey = await crypto.subtle.importKey(\n  derivationAlg === 'Argon2id' ? 'raw-secret' : 'raw',\n  new TextEncoder().encode(password),\n  derivationAlg,\n  false,\n  ['deriveKey'],\n);\nconst nonce = crypto.getRandomValues(new Uint8Array(16));\nconst derivationParams =\n  derivationAlg === 'Argon2id' ?\n    {\n      nonce,\n      parallelism: 4,\n      memory: 2 ** 21,\n      passes: 1,\n    } :\n    {\n      salt: nonce,\n      iterations: 100_000,\n      hash: 'SHA-256',\n    };\nconst key = await crypto.subtle.deriveKey(\n  {\n    name: derivationAlg,\n    ...derivationParams,\n  },\n  passwordKey,\n  {\n    name: encryptionAlg,\n    length: 256,\n  },\n  false,\n  ['encrypt', 'decrypt'],\n);\nconst plaintext = 'Hello, world!';\nconst iv = crypto.getRandomValues(new Uint8Array(16));\nconst encrypted = await crypto.subtle.encrypt(\n  { name: encryptionAlg, iv },\n  key,\n  new TextEncoder().encode(plaintext),\n);\nconst decrypted = new TextDecoder().decode(await crypto.subtle.decrypt(\n  { name: encryptionAlg, iv },\n  key,\n  encrypted,\n));\n

The tables details the algorithms supported by the Node.js Web Crypto API\nimplementation and the APIs supported for each:

Column Legend:

\n
• Encryption: subtle.encrypt() / subtle.decrypt()
\n
• Signatures and MAC: subtle.sign() / subtle.verify()
\n
• Key or Bits Derivation: subtle.deriveBits() / subtle.deriveKey()
\n
• Key Wrapping: subtle.wrapKey() / subtle.unwrapKey()
\n
• Key Encapsulation: subtle.encapsulateBits() / subtle.decapsulateBits() /\nsubtle.encapsulateKey() / subtle.decapsulateKey()
\n
• Digest: subtle.digest()
\n

The algorithm parameter objects define the methods and parameters used by\nthe various <SubtleCrypto> methods. While described here as \"classes\", they\nare simple JavaScript dictionary objects.

Extra input that is not encrypted but is included in the authentication\nof the data. The use of additionalData is optional.

The initialization vector must be unique for every encryption operation using a\ngiven key.

The length of the AES key to be derived. This must be either 128, 192,\nor 256.

Provides the initialization vector. It must be exactly 16-bytes in length\nand should be unpredictable and cryptographically random.

The initial value of the counter block. This must be exactly 16 bytes long.

The AES-CTR method uses the rightmost length bits of the block as the\ncounter and the remaining bits as the nonce.

The length of the AES key in bits.

The length of the AES key to be generated. This must be either 128, 192,\nor 256.

Represents the optional associated data.

Represents the memory size in kibibytes. It must be at least 8 times the degree of parallelism.

Represents the nonce, which is a salt for password hashing applications.

Represents the degree of parallelism.

Represents the number of passes.

Represents the optional secret value.

Represents the Argon2 version number. The default and currently only defined version is 19 (0x13).

The context member represents the optional context data to associate with\nthe message.

The customization member represents the customization string.\nThe Node.js Web Crypto API implementation only supports zero-length customization\nwhich is equivalent to not providing customization at all.

The functionName member represents represents the function name, used by NIST to define\nfunctions based on cSHAKE.\nThe Node.js Web Crypto API implementation only supports zero-length functionName\nwhich is equivalent to not providing functionName at all.

ECDH key derivation operates by taking as input one parties private key and\nanother parties public key -- using both to generate a common shared secret.\nThe ecdhKeyDeriveParams.public property is set to the other parties public\nkey.

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

A temporary symmetric secret key (represented as <ArrayBuffer>) for message encryption\nand the ciphertext (that can be transmitted to the message recipient along with the\nmessage) encrypted by this shared key. The recipient uses their private key to determine\nwhat the shared key is which then allows them to decrypt the message.

A temporary symmetric secret key (represented as <CryptoKey>) for message encryption\nand the ciphertext (that can be transmitted to the message recipient along with the\nmessage) encrypted by this shared key. The recipient uses their private key to determine\nwhat the shared key is which then allows them to decrypt the message.

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

Provides application-specific contextual input to the HKDF algorithm.\nThis can be zero-length but must be provided.

The salt value significantly improves the strength of the HKDF algorithm.\nIt should be random or pseudorandom and should be the same length as the\noutput of the digest function (for instance, if using 'SHA-256' as the\ndigest, the salt should be 256-bits of random data).

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

The optional number of bits in the HMAC key. This is optional and should\nbe omitted for most cases.

The length of the HMAC key in bits.

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

The number of bits to generate for the HMAC key. If omitted,\nthe length will be determined by the hash algorithm used.\nThis is optional and should be omitted for most cases.

The optional number of bits in the KMAC key. This is optional and should\nbe omitted for most cases.

The length of the KMAC key in bits.

The number of bits to generate for the KMAC key. If omitted,\nthe length will be determined by the KMAC algorithm used.\nThis is optional and should be omitted for most cases.

The customization member represents the optional customization string.

The length of the output in bytes. This must be a positive integer.

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

The number of iterations the PBKDF2 algorithm should make when deriving bits.

Should be at least 16 random or pseudorandom bytes.

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

The length in bits of the RSA modulus.

The RSA public exponent.

If represented as a <string>, the value must be one of:

\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If represented as an <Algorithm>, the object's name property\nmust be one of the above listed values.

The length in bits of the RSA modulus. As a best practice, this should be\nat least 2048.

The RSA public exponent. This must be a <Uint8Array> containing a big-endian,\nunsigned integer that must fit within 32-bits. The <Uint8Array> may contain an\narbitrary number of leading zero-bits. The value must be a prime number. Unless\nthere is reason to use a different value, use new Uint8Array([1, 0, 1])\n(65537) as the public exponent.

An additional collection of bytes that will not be encrypted, but will be bound\nto the generated ciphertext.

The rsaOaepParams.label parameter is optional.

The length (in bytes) of the random salt to use.

globalThis.crypto is an instance of the Crypto\nclass. Crypto is a singleton that provides access to the remainder of the\ncrypto API.

Provides access to the SubtleCrypto API.

Generates cryptographically strong random values. The given typedArray is\nfilled with random values, and a reference to typedArray is returned.

The given typedArray must be an integer-based instance of <TypedArray>,\ni.e. Float32Array and Float64Array are not accepted.

An error will be thrown if the given typedArray is larger than 65,536 bytes.

Generates a random RFC 4122 version 4 UUID. The UUID is generated using a\ncryptographic pseudorandom number generator.

An object detailing the algorithm for which the key can be used along with\nadditional algorithm-specific parameters.

Read-only.

When true, the <CryptoKey> can be extracted using either subtle.exportKey() or subtle.wrapKey().

Read-only.

A string identifying whether the key is a symmetric ('secret') or\nasymmetric ('private' or 'public') key.

An array of strings identifying the operations for which the\nkey may be used.

The possible usages are:

\n
• 'encrypt' - Enable using the key with subtle.encrypt()
\n
• 'decrypt' - Enable using the key with subtle.decrypt()
\n
• 'sign' - Enable using the key with subtle.sign()
\n
• 'verify' - Enable using the key with subtle.verify()
\n
• 'deriveKey' - Enable using the key with subtle.deriveKey()
\n
• 'deriveBits' - Enable using the key with subtle.deriveBits()
\n
• 'encapsulateBits' - Enable using the key with subtle.encapsulateBits()
\n
• 'decapsulateBits' - Enable using the key with subtle.decapsulateBits()
\n
• 'encapsulateKey' - Enable using the key with subtle.encapsulateKey()
\n
• 'decapsulateKey' - Enable using the key with subtle.decapsulateKey()
\n
• 'wrapKey' - Enable using the key with subtle.wrapKey()
\n
• 'unwrapKey' - Enable using the key with subtle.unwrapKey()
\n

Valid key usages depend on the key algorithm (identified by\ncryptokey.algorithm.name).

Column Legend:

\n
• Encryption: subtle.encrypt() / subtle.decrypt()
\n
• Signatures and MAC: subtle.sign() / subtle.verify()
\n
• Key or Bits Derivation: subtle.deriveBits() / subtle.deriveKey()
\n
• Key Wrapping: subtle.wrapKey() / subtle.unwrapKey()
\n
• Key Encapsulation: subtle.encapsulateBits() / subtle.decapsulateBits() /\nsubtle.encapsulateKey() / subtle.decapsulateKey()
\n

The CryptoKeyPair is a simple dictionary object with publicKey and\nprivateKey properties, representing an asymmetric key pair.

Allows feature detection in Web Crypto API,\nwhich can be used to detect whether a given algorithm identifier\n(including its parameters) is supported for the given operation.

See Checking for runtime algorithm support for an example use of this method.

A message recipient uses their asymmetric private key to decrypt an\n\"encapsulated key\" (ciphertext), thereby recovering a temporary symmetric\nkey (represented as <ArrayBuffer>) which is then used to decrypt a message.

The algorithms currently supported include:

\n
• 'ML-KEM-512'¹
\n
• 'ML-KEM-768'¹
\n
• 'ML-KEM-1024'¹
\n

A message recipient uses their asymmetric private key to decrypt an\n\"encapsulated key\" (ciphertext), thereby recovering a temporary symmetric\nkey (represented as <CryptoKey>) which is then used to decrypt a message.

The algorithms currently supported include:

\n
• 'ML-KEM-512'¹
\n
• 'ML-KEM-768'¹
\n
• 'ML-KEM-1024'¹
\n

Using the method and parameters specified in algorithm and the keying\nmaterial provided by key, this method attempts to decipher the\nprovided data. If successful, the returned promise will be resolved with\nan <ArrayBuffer> containing the plaintext result.

The algorithms currently supported include:

\n
• 'AES-CBC'
\n
• 'AES-CTR'
\n
• 'AES-GCM'
\n
• 'AES-OCB'¹
\n
• 'ChaCha20-Poly1305'¹
\n
• 'RSA-OAEP'
\n

Using the method and parameters specified in algorithm and the keying\nmaterial provided by baseKey, this method attempts to generate\nlength bits.

When length is not provided or null the maximum number of bits for a given\nalgorithm is generated. This is allowed for the 'ECDH', 'X25519', and 'X448'¹\nalgorithms, for other algorithms length is required to be a number.

If successful, the returned promise will be resolved with an <ArrayBuffer>\ncontaining the generated data.

The algorithms currently supported include:

\n
• 'Argon2d'²
\n
• 'Argon2i'²
\n
• 'Argon2id'²
\n
• 'ECDH'
\n
• 'HKDF'
\n
• 'PBKDF2'
\n
• 'X25519'
\n
• 'X448'¹
\n

Using the method and parameters specified in algorithm, and the keying\nmaterial provided by baseKey, this method attempts to generate\na new <CryptoKey> based on the method and parameters in derivedKeyAlgorithm.

Calling this method is equivalent to calling subtle.deriveBits() to\ngenerate raw keying material, then passing the result into the\nsubtle.importKey() method using the deriveKeyAlgorithm, extractable, and\nkeyUsages parameters as input.

The algorithms currently supported include:

\n
• 'Argon2d'¹
\n
• 'Argon2i'¹
\n
• 'Argon2id'¹
\n
• 'ECDH'
\n
• 'HKDF'
\n
• 'PBKDF2'
\n
• 'X25519'
\n
• 'X448'²
\n

Using the method identified by algorithm, this method attempts to\ngenerate a digest of data. If successful, the returned promise is resolved\nwith an <ArrayBuffer> containing the computed digest.

If algorithm is provided as a <string>, it must be one of:

\n
• 'cSHAKE128'¹
\n
• 'cSHAKE256'¹
\n
• 'SHA-1'
\n
• 'SHA-256'
\n
• 'SHA-384'
\n
• 'SHA-512'
\n
• 'SHA3-256'¹
\n
• 'SHA3-384'¹
\n
• 'SHA3-512'¹
\n

If algorithm is provided as an <Object>, it must have a name property\nwhose value is one of the above.

Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key.\nThis encrypted key is the \"encapsulated key\" represented as {EncapsulatedBits}.

The algorithms currently supported include:

\n
• 'ML-KEM-512'¹
\n
• 'ML-KEM-768'¹
\n
• 'ML-KEM-1024'¹
\n

Uses a message recipient's asymmetric public key to encrypt a temporary symmetric key.\nThis encrypted key is the \"encapsulated key\" represented as {EncapsulatedKey}.

The algorithms currently supported include:

\n
• 'ML-KEM-512'¹
\n
• 'ML-KEM-768'¹
\n
• 'ML-KEM-1024'¹
\n

Using the method and parameters specified by algorithm and the keying\nmaterial provided by key, this method attempts to encipher data.\nIf successful, the returned promise is resolved with an <ArrayBuffer>\ncontaining the encrypted result.

The algorithms currently supported include:

\n
• 'AES-CBC'
\n
• 'AES-CTR'
\n
• 'AES-GCM'
\n
• 'AES-OCB'¹
\n
• 'ChaCha20-Poly1305'¹
\n
• 'RSA-OAEP'
\n

Exports the given key into the specified format, if supported.

If the <CryptoKey> is not extractable, the returned promise will reject.

When format is either 'pkcs8' or 'spki' and the export is successful,\nthe returned promise will be resolved with an <ArrayBuffer> containing the\nexported key data.

When format is 'jwk' and the export is successful, the returned promise\nwill be resolved with a JavaScript object conforming to the JSON Web Key\nspecification.

Derives the public key from a given private key.

\n
• extractable <boolean>
\n
• keyUsages <string[]> See Key usages.
\n
• Returns: <Promise> Fulfills with a <CryptoKey> | <CryptoKeyPair> upon success.
\n

Using the parameters provided in algorithm, this method\nattempts to generate new keying material. Depending on the algorithm used\neither a single <CryptoKey> or a <CryptoKeyPair> is generated.

The <CryptoKeyPair> (public and private key) generating algorithms supported\ninclude:

\n
• 'ECDH'
\n
• 'ECDSA'
\n
• 'Ed25519'
\n
• 'Ed448'¹
\n
• 'ML-DSA-44'²
\n
• 'ML-DSA-65'²
\n
• 'ML-DSA-87'²
\n
• 'ML-KEM-512'²
\n
• 'ML-KEM-768'²
\n
• 'ML-KEM-1024'²
\n
• 'RSA-OAEP'
\n
• 'RSA-PSS'
\n
• 'RSASSA-PKCS1-v1_5'
\n
• 'X25519'
\n
• 'X448'¹
\n

The <CryptoKey> (secret key) generating algorithms supported include:

\n
• 'AES-CBC'
\n
• 'AES-CTR'
\n
• 'AES-GCM'
\n
• 'AES-KW'
\n
• 'AES-OCB'²
\n
• 'ChaCha20-Poly1305'²
\n
• 'HMAC'
\n
• 'KMAC128'²
\n
• 'KMAC256'²
\n

\n
• algorithm <string> | <Algorithm> | <RsaHashedImportParams> | <EcKeyImportParams> | <HmacImportParams>
\n

\n
• extractable <boolean>
\n
• keyUsages <string[]> See Key usages.
\n
• Returns: <Promise> Fulfills with a <CryptoKey> upon success.
\n

This method attempts to interpret the provided keyData\nas the given format to create a <CryptoKey> instance using the provided algorithm, extractable, and keyUsages arguments. If the import is\nsuccessful, the returned promise will be resolved with a <CryptoKey>\nrepresentation of the key material.

If importing KDF algorithm keys, extractable must be false.

The algorithms currently supported include:

Using the method and parameters given by algorithm and the keying material\nprovided by key, this method attempts to generate a cryptographic\nsignature of data. If successful, the returned promise is resolved with\nan <ArrayBuffer> containing the generated signature.

The algorithms currently supported include:

\n
• 'ECDSA'
\n
• 'Ed25519'
\n
• 'Ed448'¹
\n
• 'HMAC'
\n
• 'KMAC128'²
\n
• 'KMAC256'²
\n
• 'ML-DSA-44'²
\n
• 'ML-DSA-65'²
\n
• 'ML-DSA-87'²
\n
• 'RSA-PSS'
\n
• 'RSASSA-PKCS1-v1_5'
\n

\n
• unwrapAlgo <string> | <Algorithm> | <RsaOaepParams> | <AesCtrParams> | <AesCbcParams>
\n
• unwrappedKeyAlgo <string> | <Algorithm> | <RsaHashedImportParams> | <EcKeyImportParams> | <HmacImportParams>
\n

\n
• extractable <boolean>
\n
• keyUsages <string[]> See Key usages.
\n
• Returns: <Promise> Fulfills with a <CryptoKey> upon success.
\n

In cryptography, \"wrapping a key\" refers to exporting and then encrypting the\nkeying material. This method attempts to decrypt a wrapped\nkey and create a <CryptoKey> instance. It is equivalent to calling subtle.decrypt() first on the encrypted key data (using the wrappedKey,\nunwrapAlgo, and unwrappingKey arguments as input) then passing the results\nto the subtle.importKey() method using the unwrappedKeyAlgo,\nextractable, and keyUsages arguments as inputs. If successful, the returned\npromise is resolved with a <CryptoKey> object.

The wrapping algorithms currently supported include:

\n
• 'AES-CBC'
\n
• 'AES-CTR'
\n
• 'AES-GCM'
\n
• 'AES-KW'
\n
• 'AES-OCB'¹
\n
• 'ChaCha20-Poly1305'¹
\n
• 'RSA-OAEP'
\n

The unwrapped key algorithms supported include:

\n
• 'AES-CBC'
\n
• 'AES-CTR'
\n
• 'AES-GCM'
\n
• 'AES-KW'
\n
• 'AES-OCB'¹
\n
• 'ChaCha20-Poly1305'¹
\n
• 'ECDH'
\n
• 'ECDSA'
\n
• 'Ed25519'
\n
• 'Ed448'²
\n
• 'HMAC'
\n
• 'KMAC128'²
\n
• 'KMAC256'²
\n
• 'ML-DSA-44'¹
\n
• 'ML-DSA-65'¹
\n
• 'ML-DSA-87'¹
\n
• 'ML-KEM-512'¹
\n
• 'ML-KEM-768'¹
\n
• 'ML-KEM-1024'¹v
\n
• 'RSA-OAEP'
\n
• 'RSA-PSS'
\n
• 'RSASSA-PKCS1-v1_5'
\n
• 'X25519'
\n
• 'X448'²
\n

Using the method and parameters given in algorithm and the keying material\nprovided by key, this method attempts to verify that signature is\na valid cryptographic signature of data. The returned promise is resolved\nwith either true or false.

The algorithms currently supported include:

\n
• 'ECDSA'
\n
• 'Ed25519'
\n
• 'Ed448'¹
\n
• 'HMAC'
\n
• 'KMAC128'¹
\n
• 'KMAC256'¹
\n
• 'ML-DSA-44'²
\n
• 'ML-DSA-65'²
\n
• 'ML-DSA-87'²
\n
• 'RSA-PSS'
\n
• 'RSASSA-PKCS1-v1_5'
\n

In cryptography, \"wrapping a key\" refers to exporting and then encrypting the\nkeying material. This method exports the keying material into\nthe format identified by format, then encrypts it using the method and\nparameters specified by wrapAlgo and the keying material provided by\nwrappingKey. It is the equivalent to calling subtle.exportKey() using\nformat and key as the arguments, then passing the result to the\nsubtle.encrypt() method using wrappingKey and wrapAlgo as inputs. If\nsuccessful, the returned promise will be resolved with an <ArrayBuffer>\ncontaining the encrypted key data.

The wrapping algorithms currently supported include:

\n
• 'AES-CBC'
\n
• 'AES-CTR'
\n
• 'AES-GCM'
\n
• 'AES-KW'
\n
• 'AES-OCB'¹
\n
• 'ChaCha20-Poly1305'¹
\n
• 'RSA-OAEP'
\n