Skip to main content
webcrypto.SubtleCrypto - node__crypto.d.ts - Node documentation
interface webcrypto.SubtleCrypto

Usage in Deno

```typescript import { webcrypto } from "node:node__crypto.d.ts"; ```

Methods

Using the method and parameters specified in `algorithm` and the keying material provided by `key`, `subtle.decrypt()` attempts to decipher the provided `data`. If successful, the returned promise will be resolved with an `` containing the plaintext result. The algorithms currently supported include: - `'RSA-OAEP'` - `'AES-CTR'` - `'AES-CBC'` - `'AES-GCM'`
deriveBits(
baseKey: CryptoKey,
length: number | null,
): Promise<ArrayBuffer>
Using the method and parameters specified in `algorithm` and the keying material provided by `baseKey`, `subtle.deriveBits()` attempts to generate `length` bits. The Node.js implementation requires that when `length` is a number it must be multiple of `8`. When `length` is `null` the maximum number of bits for a given algorithm is generated. This is allowed for the `'ECDH'`, `'X25519'`, and `'X448'` algorithms. If successful, the returned promise will be resolved with an `` containing the generated data. The algorithms currently supported include: - `'ECDH'` - `'X25519'` - `'X448'` - `'HKDF'` - `'PBKDF2'`
deriveBits(
baseKey: CryptoKey,
length: number,
): Promise<ArrayBuffer>
deriveKey(
baseKey: CryptoKey,
extractable: boolean,
keyUsages: readonly KeyUsage[],
): Promise<CryptoKey>
Using the method and parameters specified in `algorithm`, and the keying material provided by `baseKey`, `subtle.deriveKey()` attempts to generate a new ` based on the method and parameters in `derivedKeyAlgorithm`. Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to generate raw keying material, then passing the result into the `subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and `keyUsages` parameters as input. The algorithms currently supported include: - `'ECDH'` - `'X25519'` - `'X448'` - `'HKDF'` - `'PBKDF2'`
digest(
): Promise<ArrayBuffer>
Using the method identified by `algorithm`, `subtle.digest()` attempts to generate a digest of `data`. If successful, the returned promise is resolved with an `` containing the computed digest. If `algorithm` is provided as a ``, it must be one of: - `'SHA-1'` - `'SHA-256'` - `'SHA-384'` - `'SHA-512'` If `algorithm` is provided as an ``, it must have a `name` property whose value is one of the above.
Using the method and parameters specified by `algorithm` and the keying material provided by `key`, `subtle.encrypt()` attempts to encipher `data`. If successful, the returned promise is resolved with an `` containing the encrypted result. The algorithms currently supported include: - `'RSA-OAEP'` - `'AES-CTR'` - `'AES-CBC'` - `'AES-GCM'`
exportKey(
format: "jwk",
key: CryptoKey,
): Promise<JsonWebKey>
Exports the given key into the specified format, if supported. If the `` is not extractable, the returned promise will reject. When `format` is either `'pkcs8'` or `'spki'` and the export is successful, the returned promise will be resolved with an `` containing the exported key data. When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a JavaScript object conforming to the [JSON Web Key](https://tools.ietf.org/html/rfc7517) specification.
exportKey(
format: Exclude<KeyFormat, "jwk">,
key: CryptoKey,
): Promise<ArrayBuffer>
generateKey(
extractable: boolean,
keyUsages: readonly KeyUsage[],
): Promise<CryptoKeyPair>
Using the method and parameters provided in `algorithm`, `subtle.generateKey()` attempts to generate new keying material. Depending the method used, the method may generate either a single `` or a ``. The `` (public and private key) generating algorithms supported include: - `'RSASSA-PKCS1-v1_5'` - `'RSA-PSS'` - `'RSA-OAEP'` - `'ECDSA'` - `'Ed25519'` - `'Ed448'` - `'ECDH'` - `'X25519'` - `'X448'` The `` (secret key) generating algorithms supported include: - `'HMAC'` - `'AES-CTR'` - `'AES-CBC'` - `'AES-GCM'` - `'AES-KW'`
generateKey(
extractable: boolean,
keyUsages: readonly KeyUsage[],
): Promise<CryptoKey>
generateKey(
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKeyPair | CryptoKey>
importKey(
format: "jwk",
keyData: JsonWebKey,
extractable: boolean,
keyUsages: readonly KeyUsage[],
): Promise<CryptoKey>
The `subtle.importKey()` method attempts to interpret the provided `keyData` as the given `format` to create a `` instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments. If the import is successful, the returned promise will be resolved with the created ``. If importing a `'PBKDF2'` key, `extractable` must be `false`.
importKey(
format: Exclude<KeyFormat, "jwk">,
keyData: BufferSource,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>
sign(
key: CryptoKey,
): Promise<ArrayBuffer>
Using the method and parameters given by `algorithm` and the keying material provided by `key`, `subtle.sign()` attempts to generate a cryptographic signature of `data`. If successful, the returned promise is resolved with an `` containing the generated signature. The algorithms currently supported include: - `'RSASSA-PKCS1-v1_5'` - `'RSA-PSS'` - `'ECDSA'` - `'Ed25519'` - `'Ed448'` - `'HMAC'`
unwrapKey(
format: KeyFormat,
wrappedKey: BufferSource,
unwrappingKey: CryptoKey,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>
In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. The `subtle.unwrapKey()` method attempts to decrypt a wrapped key and create a `` instance. It is equivalent to calling `subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, `unwrapAlgo`, and `unwrappingKey` arguments as input) then passing the results in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, `extractable`, and `keyUsages` arguments as inputs. If successful, the returned promise is resolved with a `` object. The wrapping algorithms currently supported include: - `'RSA-OAEP'` - `'AES-CTR'` - `'AES-CBC'` - `'AES-GCM'` - `'AES-KW'` The unwrapped key algorithms supported include: - `'RSASSA-PKCS1-v1_5'` - `'RSA-PSS'` - `'RSA-OAEP'` - `'ECDSA'` - `'Ed25519'` - `'Ed448'` - `'ECDH'` - `'X25519'` - `'X448'` - `'HMAC'` - `'AES-CTR'` - `'AES-CBC'` - `'AES-GCM'` - `'AES-KW'`
verify(
key: CryptoKey,
signature: BufferSource,
): Promise<boolean>
Using the method and parameters given in `algorithm` and the keying material provided by `key`, `subtle.verify()` attempts to verify that `signature` is a valid cryptographic signature of `data`. The returned promise is resolved with either `true` or `false`. The algorithms currently supported include: - `'RSASSA-PKCS1-v1_5'` - `'RSA-PSS'` - `'ECDSA'` - `'Ed25519'` - `'Ed448'` - `'HMAC'`
wrapKey(
format: KeyFormat,
key: CryptoKey,
wrappingKey: CryptoKey,
): Promise<ArrayBuffer>
In cryptography, "wrapping a key" refers to exporting and then encrypting the keying material. The `subtle.wrapKey()` method exports the keying material into the format identified by `format`, then encrypts it using the method and parameters specified by `wrapAlgo` and the keying material provided by `wrappingKey`. It is the equivalent to calling `subtle.exportKey()` using `format` and `key` as the arguments, then passing the result to the `subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs. If successful, the returned promise will be resolved with an `` containing the encrypted key data. The wrapping algorithms currently supported include: - `'RSA-OAEP'` - `'AES-CTR'` - `'AES-CBC'` - `'AES-GCM'` - `'AES-KW'`