1# Web Crypto API 2 3<!-- YAML 4changes: 5 - version: v18.17.0 6 pr-url: https://github.com/nodejs/node/pull/46067 7 description: Arguments are now coerced and validated as per their WebIDL 8 definitions like in other Web Crypto API implementations. 9 - version: v18.4.0 10 pr-url: https://github.com/nodejs/node/pull/43310 11 description: Removed proprietary `'node.keyObject'` import/export format. 12 - version: v18.4.0 13 pr-url: https://github.com/nodejs/node/pull/43310 14 description: Removed proprietary `'NODE-DSA'`, `'NODE-DH'`, 15 and `'NODE-SCRYPT'` algorithms. 16 - version: v18.4.0 17 pr-url: https://github.com/nodejs/node/pull/42507 18 description: Added `'Ed25519'`, `'Ed448'`, `'X25519'`, and `'X448'` 19 algorithms. 20 - version: v18.4.0 21 pr-url: https://github.com/nodejs/node/pull/42507 22 description: Removed proprietary `'NODE-ED25519'` and `'NODE-ED448'` 23 algorithms. 24 - version: v18.4.0 25 pr-url: https://github.com/nodejs/node/pull/42507 26 description: Removed proprietary `'NODE-X25519'` and `'NODE-X448'` named 27 curves from the `'ECDH'` algorithm. 28--> 29 30<!-- introduced_in=v15.0.0 --> 31 32> Stability: 1 - Experimental 33 34Node.js provides an implementation of the standard [Web Crypto API][]. 35 36Use `require('node:crypto').webcrypto` to access this module. 37 38```js 39const { subtle } = require('node:crypto').webcrypto; 40 41(async function() { 42 43 const key = await subtle.generateKey({ 44 name: 'HMAC', 45 hash: 'SHA-256', 46 length: 256, 47 }, true, ['sign', 'verify']); 48 49 const enc = new TextEncoder(); 50 const message = enc.encode('I love cupcakes'); 51 52 const digest = await subtle.sign({ 53 name: 'HMAC', 54 }, key, message); 55 56})(); 57``` 58 59## Examples 60 61### Generating keys 62 63The {SubtleCrypto} class can be used to generate symmetric (secret) keys 64or asymmetric key pairs (public key and private key). 65 66#### AES keys 67 68```js 69const { subtle } = require('node:crypto').webcrypto; 70 71async function generateAesKey(length = 256) { 72 const key = await subtle.generateKey({ 73 name: 'AES-CBC', 74 length, 75 }, true, ['encrypt', 'decrypt']); 76 77 return key; 78} 79``` 80 81#### ECDSA key pairs 82 83```js 84const { subtle } = require('node:crypto').webcrypto; 85 86async function generateEcKey(namedCurve = 'P-521') { 87 const { 88 publicKey, 89 privateKey, 90 } = await subtle.generateKey({ 91 name: 'ECDSA', 92 namedCurve, 93 }, true, ['sign', 'verify']); 94 95 return { publicKey, privateKey }; 96} 97``` 98 99#### Ed25519/Ed448/X25519/X448 key pairs 100 101> Stability: 1 - Experimental 102 103```js 104const { subtle } = require('node:crypto').webcrypto; 105 106async function generateEd25519Key() { 107 return subtle.generateKey({ 108 name: 'Ed25519', 109 }, true, ['sign', 'verify']); 110} 111 112async function generateX25519Key() { 113 return subtle.generateKey({ 114 name: 'X25519', 115 }, true, ['deriveKey']); 116} 117``` 118 119#### HMAC keys 120 121```js 122const { subtle } = require('node:crypto').webcrypto; 123 124async function generateHmacKey(hash = 'SHA-256') { 125 const key = await subtle.generateKey({ 126 name: 'HMAC', 127 hash, 128 }, true, ['sign', 'verify']); 129 130 return key; 131} 132``` 133 134#### RSA key pairs 135 136```js 137const { subtle } = require('node:crypto').webcrypto; 138const publicExponent = new Uint8Array([1, 0, 1]); 139 140async function generateRsaKey(modulusLength = 2048, hash = 'SHA-256') { 141 const { 142 publicKey, 143 privateKey, 144 } = await subtle.generateKey({ 145 name: 'RSASSA-PKCS1-v1_5', 146 modulusLength, 147 publicExponent, 148 hash, 149 }, true, ['sign', 'verify']); 150 151 return { publicKey, privateKey }; 152} 153``` 154 155### Encryption and decryption 156 157```js 158const crypto = require('node:crypto').webcrypto; 159 160async function aesEncrypt(plaintext) { 161 const ec = new TextEncoder(); 162 const key = await generateAesKey(); 163 const iv = crypto.getRandomValues(new Uint8Array(16)); 164 165 const ciphertext = await crypto.subtle.encrypt({ 166 name: 'AES-CBC', 167 iv, 168 }, key, ec.encode(plaintext)); 169 170 return { 171 key, 172 iv, 173 ciphertext, 174 }; 175} 176 177async function aesDecrypt(ciphertext, key, iv) { 178 const dec = new TextDecoder(); 179 const plaintext = await crypto.subtle.decrypt({ 180 name: 'AES-CBC', 181 iv, 182 }, key, ciphertext); 183 184 return dec.decode(plaintext); 185} 186``` 187 188### Exporting and importing keys 189 190```js 191const { subtle } = require('node:crypto').webcrypto; 192 193async function generateAndExportHmacKey(format = 'jwk', hash = 'SHA-512') { 194 const key = await subtle.generateKey({ 195 name: 'HMAC', 196 hash, 197 }, true, ['sign', 'verify']); 198 199 return subtle.exportKey(format, key); 200} 201 202async function importHmacKey(keyData, format = 'jwk', hash = 'SHA-512') { 203 const key = await subtle.importKey(format, keyData, { 204 name: 'HMAC', 205 hash, 206 }, true, ['sign', 'verify']); 207 208 return key; 209} 210``` 211 212### Wrapping and unwrapping keys 213 214```js 215const { subtle } = require('node:crypto').webcrypto; 216 217async function generateAndWrapHmacKey(format = 'jwk', hash = 'SHA-512') { 218 const [ 219 key, 220 wrappingKey, 221 ] = await Promise.all([ 222 subtle.generateKey({ 223 name: 'HMAC', hash, 224 }, true, ['sign', 'verify']), 225 subtle.generateKey({ 226 name: 'AES-KW', 227 length: 256, 228 }, true, ['wrapKey', 'unwrapKey']), 229 ]); 230 231 const wrappedKey = await subtle.wrapKey(format, key, wrappingKey, 'AES-KW'); 232 233 return { wrappedKey, wrappingKey }; 234} 235 236async function unwrapHmacKey( 237 wrappedKey, 238 wrappingKey, 239 format = 'jwk', 240 hash = 'SHA-512') { 241 242 const key = await subtle.unwrapKey( 243 format, 244 wrappedKey, 245 wrappingKey, 246 'AES-KW', 247 { name: 'HMAC', hash }, 248 true, 249 ['sign', 'verify']); 250 251 return key; 252} 253``` 254 255### Sign and verify 256 257```js 258const { subtle } = require('node:crypto').webcrypto; 259 260async function sign(key, data) { 261 const ec = new TextEncoder(); 262 const signature = 263 await subtle.sign('RSASSA-PKCS1-v1_5', key, ec.encode(data)); 264 return signature; 265} 266 267async function verify(key, signature, data) { 268 const ec = new TextEncoder(); 269 const verified = 270 await subtle.verify( 271 'RSASSA-PKCS1-v1_5', 272 key, 273 signature, 274 ec.encode(data)); 275 return verified; 276} 277``` 278 279### Deriving bits and keys 280 281```js 282const { subtle } = require('node:crypto').webcrypto; 283 284async function pbkdf2(pass, salt, iterations = 1000, length = 256) { 285 const ec = new TextEncoder(); 286 const key = await subtle.importKey( 287 'raw', 288 ec.encode(pass), 289 'PBKDF2', 290 false, 291 ['deriveBits']); 292 const bits = await subtle.deriveBits({ 293 name: 'PBKDF2', 294 hash: 'SHA-512', 295 salt: ec.encode(salt), 296 iterations, 297 }, key, length); 298 return bits; 299} 300 301async function pbkdf2Key(pass, salt, iterations = 1000, length = 256) { 302 const ec = new TextEncoder(); 303 const keyMaterial = await subtle.importKey( 304 'raw', 305 ec.encode(pass), 306 'PBKDF2', 307 false, 308 ['deriveKey']); 309 const key = await subtle.deriveKey({ 310 name: 'PBKDF2', 311 hash: 'SHA-512', 312 salt: ec.encode(salt), 313 iterations, 314 }, keyMaterial, { 315 name: 'AES-GCM', 316 length: 256, 317 }, true, ['encrypt', 'decrypt']); 318 return key; 319} 320``` 321 322### Digest 323 324```js 325const { subtle } = require('node:crypto').webcrypto; 326 327async function digest(data, algorithm = 'SHA-512') { 328 const ec = new TextEncoder(); 329 const digest = await subtle.digest(algorithm, ec.encode(data)); 330 return digest; 331} 332``` 333 334## Algorithm matrix 335 336The table details the algorithms supported by the Node.js Web Crypto API 337implementation and the APIs supported for each: 338 339| Algorithm | `generateKey` | `exportKey` | `importKey` | `encrypt` | `decrypt` | `wrapKey` | `unwrapKey` | `deriveBits` | `deriveKey` | `sign` | `verify` | `digest` | 340| --------------------------------------------------------- | ------------- | ----------- | ----------- | --------- | --------- | --------- | ----------- | ------------ | ----------- | ------ | -------- | -------- | 341| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | 342| `'RSA-PSS'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | 343| `'RSA-OAEP'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | 344| `'ECDSA'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | 345| `'Ed25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | 346| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | 347| `'ECDH'` | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | 348| `'X25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | 349| `'X448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | | | | | ✔ | ✔ | | | | 350| `'AES-CTR'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | 351| `'AES-CBC'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | 352| `'AES-GCM'` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | | | | 353| `'AES-KW'` | ✔ | ✔ | ✔ | | | ✔ | ✔ | | | | | | 354| `'HMAC'` | ✔ | ✔ | ✔ | | | | | | | ✔ | ✔ | | 355| `'HKDF'` | | ✔ | ✔ | | | | | ✔ | ✔ | | | | 356| `'PBKDF2'` | | ✔ | ✔ | | | | | ✔ | ✔ | | | | 357| `'SHA-1'` | | | | | | | | | | | | ✔ | 358| `'SHA-256'` | | | | | | | | | | | | ✔ | 359| `'SHA-384'` | | | | | | | | | | | | ✔ | 360| `'SHA-512'` | | | | | | | | | | | | ✔ | 361 362## Class: `Crypto` 363 364<!-- YAML 365added: v15.0.0 366--> 367 368Calling `require('node:crypto').webcrypto` returns an instance of the `Crypto` 369class. `Crypto` is a singleton that provides access to the remainder of the 370crypto API. 371 372### `crypto.subtle` 373 374<!-- YAML 375added: v15.0.0 376--> 377 378* Type: {SubtleCrypto} 379 380Provides access to the `SubtleCrypto` API. 381 382### `crypto.getRandomValues(typedArray)` 383 384<!-- YAML 385added: v15.0.0 386--> 387 388* `typedArray` {Buffer|TypedArray} 389* Returns: {Buffer|TypedArray} 390 391Generates cryptographically strong random values. The given `typedArray` is 392filled with random values, and a reference to `typedArray` is returned. 393 394The given `typedArray` must be an integer-based instance of {TypedArray}, 395i.e. `Float32Array` and `Float64Array` are not accepted. 396 397An error will be thrown if the given `typedArray` is larger than 65,536 bytes. 398 399### `crypto.randomUUID()` 400 401<!-- YAML 402added: v16.7.0 403--> 404 405* Returns: {string} 406 407Generates a random [RFC 4122][] version 4 UUID. The UUID is generated using a 408cryptographic pseudorandom number generator. 409 410## Class: `CryptoKey` 411 412<!-- YAML 413added: v15.0.0 414--> 415 416### `cryptoKey.algorithm` 417 418<!-- YAML 419added: v15.0.0 420--> 421 422<!--lint disable maximum-line-length remark-lint--> 423 424* Type: {AesKeyGenParams|RsaHashedKeyGenParams|EcKeyGenParams|HmacKeyGenParams} 425 426<!--lint enable maximum-line-length remark-lint--> 427 428An object detailing the algorithm for which the key can be used along with 429additional algorithm-specific parameters. 430 431Read-only. 432 433### `cryptoKey.extractable` 434 435<!-- YAML 436added: v15.0.0 437--> 438 439* Type: {boolean} 440 441When `true`, the {CryptoKey} can be extracted using either 442`subtleCrypto.exportKey()` or `subtleCrypto.wrapKey()`. 443 444Read-only. 445 446### `cryptoKey.type` 447 448<!-- YAML 449added: v15.0.0 450--> 451 452* Type: {string} One of `'secret'`, `'private'`, or `'public'`. 453 454A string identifying whether the key is a symmetric (`'secret'`) or 455asymmetric (`'private'` or `'public'`) key. 456 457### `cryptoKey.usages` 458 459<!-- YAML 460added: v15.0.0 461--> 462 463* Type: {string\[]} 464 465An array of strings identifying the operations for which the 466key may be used. 467 468The possible usages are: 469 470* `'encrypt'` - The key may be used to encrypt data. 471* `'decrypt'` - The key may be used to decrypt data. 472* `'sign'` - The key may be used to generate digital signatures. 473* `'verify'` - The key may be used to verify digital signatures. 474* `'deriveKey'` - The key may be used to derive a new key. 475* `'deriveBits'` - The key may be used to derive bits. 476* `'wrapKey'` - The key may be used to wrap another key. 477* `'unwrapKey'` - The key may be used to unwrap another key. 478 479Valid key usages depend on the key algorithm (identified by 480`cryptokey.algorithm.name`). 481 482| Key Type | `'encrypt'` | `'decrypt'` | `'sign'` | `'verify'` | `'deriveKey'` | `'deriveBits'` | `'wrapKey'` | `'unwrapKey'` | 483| --------------------------------------------------------- | ----------- | ----------- | -------- | ---------- | ------------- | -------------- | ----------- | ------------- | 484| `'AES-CBC'` | ✔ | ✔ | | | | | ✔ | ✔ | 485| `'AES-CTR'` | ✔ | ✔ | | | | | ✔ | ✔ | 486| `'AES-GCM'` | ✔ | ✔ | | | | | ✔ | ✔ | 487| `'AES-KW'` | | | | | | | ✔ | ✔ | 488| `'ECDH'` | | | | | ✔ | ✔ | | | 489| `'X25519'` <span class="experimental-inline"></span>[^1] | | | | | ✔ | ✔ | | | 490| `'X448'` <span class="experimental-inline"></span>[^1] | | | | | ✔ | ✔ | | | 491| `'ECDSA'` | | | ✔ | ✔ | | | | | 492| `'Ed25519'` <span class="experimental-inline"></span>[^1] | | | ✔ | ✔ | | | | | 493| `'Ed448'` <span class="experimental-inline"></span>[^1] | | | ✔ | ✔ | | | | | 494| `'HDKF'` | | | | | ✔ | ✔ | | | 495| `'HMAC'` | | | ✔ | ✔ | | | | | 496| `'PBKDF2'` | | | | | ✔ | ✔ | | | 497| `'RSA-OAEP'` | ✔ | ✔ | | | | | ✔ | ✔ | 498| `'RSA-PSS'` | | | ✔ | ✔ | | | | | 499| `'RSASSA-PKCS1-v1_5'` | | | ✔ | ✔ | | | | | 500 501## Class: `CryptoKeyPair` 502 503<!-- YAML 504added: v15.0.0 505--> 506 507The `CryptoKeyPair` is a simple dictionary object with `publicKey` and 508`privateKey` properties, representing an asymmetric key pair. 509 510### `cryptoKeyPair.privateKey` 511 512<!-- YAML 513added: v15.0.0 514--> 515 516* Type: {CryptoKey} A {CryptoKey} whose `type` will be `'private'`. 517 518### `cryptoKeyPair.publicKey` 519 520<!-- YAML 521added: v15.0.0 522--> 523 524* Type: {CryptoKey} A {CryptoKey} whose `type` will be `'public'`. 525 526## Class: `SubtleCrypto` 527 528<!-- YAML 529added: v15.0.0 530--> 531 532### `subtle.decrypt(algorithm, key, data)` 533 534<!-- YAML 535added: v15.0.0 536--> 537 538* `algorithm`: {RsaOaepParams|AesCtrParams|AesCbcParams|AesGcmParams} 539* `key`: {CryptoKey} 540* `data`: {ArrayBuffer|TypedArray|DataView|Buffer} 541* Returns: {Promise} containing {ArrayBuffer} 542 543Using the method and parameters specified in `algorithm` and the keying 544material provided by `key`, `subtle.decrypt()` attempts to decipher the 545provided `data`. If successful, the returned promise will be resolved with 546an {ArrayBuffer} containing the plaintext result. 547 548The algorithms currently supported include: 549 550* `'RSA-OAEP'` 551* `'AES-CTR'` 552* `'AES-CBC'` 553* `'AES-GCM`' 554 555### `subtle.deriveBits(algorithm, baseKey, length)` 556 557<!-- YAML 558added: v15.0.0 559changes: 560 - version: v18.4.0 561 pr-url: https://github.com/nodejs/node/pull/42507 562 description: Added `'X25519'`, and `'X448'` algorithms. 563--> 564 565<!--lint disable maximum-line-length remark-lint--> 566 567* `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params} 568* `baseKey`: {CryptoKey} 569* `length`: {number|null} 570* Returns: {Promise} containing {ArrayBuffer} 571 572<!--lint enable maximum-line-length remark-lint--> 573 574Using the method and parameters specified in `algorithm` and the keying 575material provided by `baseKey`, `subtle.deriveBits()` attempts to generate 576`length` bits. 577 578The Node.js implementation requires that when `length` is a 579number it must be multiple of `8`. 580 581When `length` is `null` the maximum number of bits for a given algorithm is 582generated. This is allowed for the `'ECDH'`, `'X25519'`, and `'X448'` 583algorithms. 584 585If successful, the returned promise will be resolved with an {ArrayBuffer} 586containing the generated data. 587 588The algorithms currently supported include: 589 590* `'ECDH'` 591* `'X25519'` <span class="experimental-inline"></span>[^1] 592* `'X448'` <span class="experimental-inline"></span>[^1] 593* `'HKDF'` 594* `'PBKDF2'` 595 596### `subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)` 597 598<!-- YAML 599added: v15.0.0 600changes: 601 - version: v18.4.0 602 pr-url: https://github.com/nodejs/node/pull/42507 603 description: Added `'X25519'`, and `'X448'` algorithms. 604--> 605 606<!--lint disable maximum-line-length remark-lint--> 607 608* `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params} 609* `baseKey`: {CryptoKey} 610* `derivedKeyAlgorithm`: {HmacKeyGenParams|AesKeyGenParams} 611* `extractable`: {boolean} 612* `keyUsages`: {string\[]} See [Key usages][]. 613* Returns: {Promise} containing {CryptoKey} 614 615<!--lint enable maximum-line-length remark-lint--> 616 617Using the method and parameters specified in `algorithm`, and the keying 618material provided by `baseKey`, `subtle.deriveKey()` attempts to generate 619a new {CryptoKey} based on the method and parameters in `derivedKeyAlgorithm`. 620 621Calling `subtle.deriveKey()` is equivalent to calling `subtle.deriveBits()` to 622generate raw keying material, then passing the result into the 623`subtle.importKey()` method using the `deriveKeyAlgorithm`, `extractable`, and 624`keyUsages` parameters as input. 625 626The algorithms currently supported include: 627 628* `'ECDH'` 629* `'X25519'` <span class="experimental-inline"></span>[^1] 630* `'X448'` <span class="experimental-inline"></span>[^1] 631* `'HKDF'` 632* `'PBKDF2'` 633 634### `subtle.digest(algorithm, data)` 635 636<!-- YAML 637added: v15.0.0 638--> 639 640* `algorithm`: {string|Object} 641* `data`: {ArrayBuffer|TypedArray|DataView|Buffer} 642* Returns: {Promise} containing {ArrayBuffer} 643 644Using the method identified by `algorithm`, `subtle.digest()` attempts to 645generate a digest of `data`. If successful, the returned promise is resolved 646with an {ArrayBuffer} containing the computed digest. 647 648If `algorithm` is provided as a {string}, it must be one of: 649 650* `'SHA-1'` 651* `'SHA-256'` 652* `'SHA-384'` 653* `'SHA-512'` 654 655If `algorithm` is provided as an {Object}, it must have a `name` property 656whose value is one of the above. 657 658### `subtle.encrypt(algorithm, key, data)` 659 660<!-- YAML 661added: v15.0.0 662--> 663 664* `algorithm`: {RsaOaepParams|AesCtrParams|AesCbcParams|AesGcmParams} 665* `key`: {CryptoKey} 666* Returns: {Promise} containing {ArrayBuffer} 667 668Using the method and parameters specified by `algorithm` and the keying 669material provided by `key`, `subtle.encrypt()` attempts to encipher `data`. 670If successful, the returned promise is resolved with an {ArrayBuffer} 671containing the encrypted result. 672 673The algorithms currently supported include: 674 675* `'RSA-OAEP'` 676* `'AES-CTR'` 677* `'AES-CBC'` 678* `'AES-GCM`' 679 680### `subtle.exportKey(format, key)` 681 682<!-- YAML 683added: v15.0.0 684changes: 685 - version: v18.4.0 686 pr-url: https://github.com/nodejs/node/pull/42507 687 description: Added `'Ed25519'`, `'Ed448'`, `'X25519'`, and `'X448'` 688 algorithms. 689 - version: v15.9.0 690 pr-url: https://github.com/nodejs/node/pull/37203 691 description: Removed `'NODE-DSA'` JWK export. 692--> 693 694* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. 695* `key`: {CryptoKey} 696* Returns: {Promise} containing {ArrayBuffer|Object}. 697 698Exports the given key into the specified format, if supported. 699 700If the {CryptoKey} is not extractable, the returned promise will reject. 701 702When `format` is either `'pkcs8'` or `'spki'` and the export is successful, 703the returned promise will be resolved with an {ArrayBuffer} containing the 704exported key data. 705 706When `format` is `'jwk'` and the export is successful, the returned promise 707will be resolved with a JavaScript object conforming to the [JSON Web Key][] 708specification. 709 710| Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | 711| --------------------------------------------------------- | -------- | --------- | ------- | ------- | 712| `'AES-CBC'` | | | ✔ | ✔ | 713| `'AES-CTR'` | | | ✔ | ✔ | 714| `'AES-GCM'` | | | ✔ | ✔ | 715| `'AES-KW'` | | | ✔ | ✔ | 716| `'ECDH'` | ✔ | ✔ | ✔ | ✔ | 717| `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | 718| `'Ed25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | 719| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | 720| `'HDKF'` | | | | | 721| `'HMAC'` | | | ✔ | ✔ | 722| `'PBKDF2'` | | | | | 723| `'RSA-OAEP'` | ✔ | ✔ | ✔ | | 724| `'RSA-PSS'` | ✔ | ✔ | ✔ | | 725| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | 726 727### `subtle.generateKey(algorithm, extractable, keyUsages)` 728 729<!-- YAML 730added: v15.0.0 731--> 732 733<!--lint disable maximum-line-length remark-lint--> 734 735* `algorithm`: {AlgorithmIdentifier|RsaHashedKeyGenParams|EcKeyGenParams|HmacKeyGenParams|AesKeyGenParams} 736 737<!--lint enable maximum-line-length remark-lint--> 738 739* `extractable`: {boolean} 740* `keyUsages`: {string\[]} See [Key usages][]. 741* Returns: {Promise} containing {CryptoKey|CryptoKeyPair} 742 743Using the method and parameters provided in `algorithm`, `subtle.generateKey()` 744attempts to generate new keying material. Depending the method used, the method 745may generate either a single {CryptoKey} or a {CryptoKeyPair}. 746 747The {CryptoKeyPair} (public and private key) generating algorithms supported 748include: 749 750* `'RSASSA-PKCS1-v1_5'` 751* `'RSA-PSS'` 752* `'RSA-OAEP'` 753* `'ECDSA'` 754* `'Ed25519'` <span class="experimental-inline"></span>[^1] 755* `'Ed448'` <span class="experimental-inline"></span>[^1] 756* `'ECDH'` 757* `'X25519'` <span class="experimental-inline"></span>[^1] 758* `'X448'` <span class="experimental-inline"></span>[^1] 759 760The {CryptoKey} (secret key) generating algorithms supported include: 761 762* `'HMAC'` 763* `'AES-CTR'` 764* `'AES-CBC'` 765* `'AES-GCM'` 766* `'AES-KW'` 767 768### `subtle.importKey(format, keyData, algorithm, extractable, keyUsages)` 769 770<!-- YAML 771added: v15.0.0 772changes: 773 - version: v18.4.0 774 pr-url: https://github.com/nodejs/node/pull/42507 775 description: Added `'Ed25519'`, `'Ed448'`, `'X25519'`, and `'X448'` 776 algorithms. 777 - version: v15.9.0 778 pr-url: https://github.com/nodejs/node/pull/37203 779 description: Removed `'NODE-DSA'` JWK import. 780--> 781 782* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. 783* `keyData`: {ArrayBuffer|TypedArray|DataView|Buffer|Object} 784 785<!--lint disable maximum-line-length remark-lint--> 786 787* `algorithm`: {AlgorithmIdentifier|RsaHashedImportParams|EcKeyImportParams|HmacImportParams} 788 789<!--lint enable maximum-line-length remark-lint--> 790 791* `extractable`: {boolean} 792* `keyUsages`: {string\[]} See [Key usages][]. 793* Returns: {Promise} containing {CryptoKey} 794 795The `subtle.importKey()` method attempts to interpret the provided `keyData` 796as the given `format` to create a {CryptoKey} instance using the provided 797`algorithm`, `extractable`, and `keyUsages` arguments. If the import is 798successful, the returned promise will be resolved with the created {CryptoKey}. 799 800If importing a `'PBKDF2'` key, `extractable` must be `false`. 801 802The algorithms currently supported include: 803 804| Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | 805| --------------------------------------------------------- | -------- | --------- | ------- | ------- | 806| `'AES-CBC'` | | | ✔ | ✔ | 807| `'AES-CTR'` | | | ✔ | ✔ | 808| `'AES-GCM'` | | | ✔ | ✔ | 809| `'AES-KW'` | | | ✔ | ✔ | 810| `'ECDH'` | ✔ | ✔ | ✔ | ✔ | 811| `'X25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | 812| `'X448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | 813| `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | 814| `'Ed25519'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | 815| `'Ed448'` <span class="experimental-inline"></span>[^1] | ✔ | ✔ | ✔ | ✔ | 816| `'HDKF'` | | | | ✔ | 817| `'HMAC'` | | | ✔ | ✔ | 818| `'PBKDF2'` | | | | ✔ | 819| `'RSA-OAEP'` | ✔ | ✔ | ✔ | | 820| `'RSA-PSS'` | ✔ | ✔ | ✔ | | 821| `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | 822 823### `subtle.sign(algorithm, key, data)` 824 825<!-- YAML 826added: v15.0.0 827changes: 828 - version: v18.4.0 829 pr-url: https://github.com/nodejs/node/pull/42507 830 description: Added `'Ed25519'`, and `'Ed448'` algorithms. 831--> 832 833<!--lint disable maximum-line-length remark-lint--> 834 835* `algorithm`: {AlgorithmIdentifier|RsaPssParams|EcdsaParams|Ed448Params} 836* `key`: {CryptoKey} 837* `data`: {ArrayBuffer|TypedArray|DataView|Buffer} 838* Returns: {Promise} containing {ArrayBuffer} 839 840<!--lint enable maximum-line-length remark-lint--> 841 842Using the method and parameters given by `algorithm` and the keying material 843provided by `key`, `subtle.sign()` attempts to generate a cryptographic 844signature of `data`. If successful, the returned promise is resolved with 845an {ArrayBuffer} containing the generated signature. 846 847The algorithms currently supported include: 848 849* `'RSASSA-PKCS1-v1_5'` 850* `'RSA-PSS'` 851* `'ECDSA'` 852* `'Ed25519'` <span class="experimental-inline"></span>[^1] 853* `'Ed448'` <span class="experimental-inline"></span>[^1] 854* `'HMAC'` 855 856### `subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)` 857 858<!-- YAML 859added: v15.0.0 860--> 861 862* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. 863* `wrappedKey`: {ArrayBuffer|TypedArray|DataView|Buffer} 864* `unwrappingKey`: {CryptoKey} 865 866<!--lint disable maximum-line-length remark-lint--> 867 868* `unwrapAlgo`: {AlgorithmIdentifier|RsaOaepParams|AesCtrParams|AesCbcParams|AesGcmParams} 869* `unwrappedKeyAlgo`: {AlgorithmIdentifier|RsaHashedImportParams|EcKeyImportParams|HmacImportParams} 870 871<!--lint enable maximum-line-length remark-lint--> 872 873* `extractable`: {boolean} 874* `keyUsages`: {string\[]} See [Key usages][]. 875* Returns: {Promise} containing {CryptoKey} 876 877In cryptography, "wrapping a key" refers to exporting and then encrypting the 878keying material. The `subtle.unwrapKey()` method attempts to decrypt a wrapped 879key and create a {CryptoKey} instance. It is equivalent to calling 880`subtle.decrypt()` first on the encrypted key data (using the `wrappedKey`, 881`unwrapAlgo`, and `unwrappingKey` arguments as input) then passing the results 882in to the `subtle.importKey()` method using the `unwrappedKeyAlgo`, 883`extractable`, and `keyUsages` arguments as inputs. If successful, the returned 884promise is resolved with a {CryptoKey} object. 885 886The wrapping algorithms currently supported include: 887 888* `'RSA-OAEP'` 889* `'AES-CTR'` 890* `'AES-CBC'` 891* `'AES-GCM'` 892* `'AES-KW'` 893 894The unwrapped key algorithms supported include: 895 896* `'RSASSA-PKCS1-v1_5'` 897* `'RSA-PSS'` 898* `'RSA-OAEP'` 899* `'ECDSA'` 900* `'Ed25519'` <span class="experimental-inline"></span>[^1] 901* `'Ed448'` <span class="experimental-inline"></span>[^1] 902* `'ECDH'` 903* `'X25519'` <span class="experimental-inline"></span>[^1] 904* `'X448'` <span class="experimental-inline"></span>[^1] 905* `'HMAC'` 906* `'AES-CTR'` 907* `'AES-CBC'` 908* `'AES-GCM'` 909* `'AES-KW'` 910 911### `subtle.verify(algorithm, key, signature, data)` 912 913<!-- YAML 914added: v15.0.0 915changes: 916 - version: v18.4.0 917 pr-url: https://github.com/nodejs/node/pull/42507 918 description: Added `'Ed25519'`, and `'Ed448'` algorithms. 919--> 920 921<!--lint disable maximum-line-length remark-lint--> 922 923* `algorithm`: {AlgorithmIdentifier|RsaPssParams|EcdsaParams|Ed448Params} 924* `key`: {CryptoKey} 925* `signature`: {ArrayBuffer|TypedArray|DataView|Buffer} 926* `data`: {ArrayBuffer|TypedArray|DataView|Buffer} 927* Returns: {Promise} containing {boolean} 928 929<!--lint enable maximum-line-length remark-lint--> 930 931Using the method and parameters given in `algorithm` and the keying material 932provided by `key`, `subtle.verify()` attempts to verify that `signature` is 933a valid cryptographic signature of `data`. The returned promise is resolved 934with either `true` or `false`. 935 936The algorithms currently supported include: 937 938* `'RSASSA-PKCS1-v1_5'` 939* `'RSA-PSS'` 940* `'ECDSA'` 941* `'Ed25519'` <span class="experimental-inline"></span>[^1] 942* `'Ed448'` <span class="experimental-inline"></span>[^1] 943* `'HMAC'` 944 945### `subtle.wrapKey(format, key, wrappingKey, wrapAlgo)` 946 947<!-- YAML 948added: v15.0.0 949--> 950 951<!--lint disable maximum-line-length remark-lint--> 952 953* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. 954* `key`: {CryptoKey} 955* `wrappingKey`: {CryptoKey} 956* `wrapAlgo`: {AlgorithmIdentifier|RsaOaepParams|AesCtrParams|AesCbcParams|AesGcmParams} 957* Returns: {Promise} containing {ArrayBuffer} 958 959<!--lint enable maximum-line-length remark-lint--> 960 961In cryptography, "wrapping a key" refers to exporting and then encrypting the 962keying material. The `subtle.wrapKey()` method exports the keying material into 963the format identified by `format`, then encrypts it using the method and 964parameters specified by `wrapAlgo` and the keying material provided by 965`wrappingKey`. It is the equivalent to calling `subtle.exportKey()` using 966`format` and `key` as the arguments, then passing the result to the 967`subtle.encrypt()` method using `wrappingKey` and `wrapAlgo` as inputs. If 968successful, the returned promise will be resolved with an {ArrayBuffer} 969containing the encrypted key data. 970 971The wrapping algorithms currently supported include: 972 973* `'RSA-OAEP'` 974* `'AES-CTR'` 975* `'AES-CBC'` 976* `'AES-GCM'` 977* `'AES-KW'` 978 979## Algorithm parameters 980 981The algorithm parameter objects define the methods and parameters used by 982the various {SubtleCrypto} methods. While described here as "classes", they 983are simple JavaScript dictionary objects. 984 985### Class: `AlgorithmIdentifier` 986 987<!-- YAML 988added: v18.4.0 989--> 990 991#### `algorithmIdentifier.name` 992 993<!-- YAML 994added: v18.4.0 995--> 996 997* Type: {string} 998 999### Class: `AesCbcParams` 1000 1001<!-- YAML 1002added: v15.0.0 1003--> 1004 1005#### `aesCbcParams.iv` 1006 1007<!-- YAML 1008added: v15.0.0 1009--> 1010 1011* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1012 1013Provides the initialization vector. It must be exactly 16-bytes in length 1014and should be unpredictable and cryptographically random. 1015 1016#### `aesCbcParams.name` 1017 1018<!-- YAML 1019added: v15.0.0 1020--> 1021 1022* Type: {string} Must be `'AES-CBC'`. 1023 1024### Class: `AesCtrParams` 1025 1026<!-- YAML 1027added: v15.0.0 1028--> 1029 1030#### `aesCtrParams.counter` 1031 1032<!-- YAML 1033added: v15.0.0 1034--> 1035 1036* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1037 1038The initial value of the counter block. This must be exactly 16 bytes long. 1039 1040The `AES-CTR` method uses the rightmost `length` bits of the block as the 1041counter and the remaining bits as the nonce. 1042 1043#### `aesCtrParams.length` 1044 1045<!-- YAML 1046added: v15.0.0 1047--> 1048 1049* Type: {number} The number of bits in the `aesCtrParams.counter` that are 1050 to be used as the counter. 1051 1052#### `aesCtrParams.name` 1053 1054<!-- YAML 1055added: v15.0.0 1056--> 1057 1058* Type: {string} Must be `'AES-CTR'`. 1059 1060### Class: `AesGcmParams` 1061 1062<!-- YAML 1063added: v15.0.0 1064--> 1065 1066#### `aesGcmParams.additionalData` 1067 1068<!-- YAML 1069added: v15.0.0 1070--> 1071 1072* Type: {ArrayBuffer|TypedArray|DataView|Buffer|undefined} 1073 1074With the AES-GCM method, the `additionalData` is extra input that is not 1075encrypted but is included in the authentication of the data. The use of 1076`additionalData` is optional. 1077 1078#### `aesGcmParams.iv` 1079 1080<!-- YAML 1081added: v15.0.0 1082--> 1083 1084* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1085 1086The initialization vector must be unique for every encryption operation using a 1087given key. 1088 1089Ideally, this is a deterministic 12-byte value that is computed in such a way 1090that it is guaranteed to be unique across all invocations that use the same key. 1091Alternatively, the initialization vector may consist of at least 12 1092cryptographically random bytes. For more information on constructing 1093initialization vectors for AES-GCM, refer to Section 8 of [NIST SP 800-38D][]. 1094 1095#### `aesGcmParams.name` 1096 1097<!-- YAML 1098added: v15.0.0 1099--> 1100 1101* Type: {string} Must be `'AES-GCM'`. 1102 1103#### `aesGcmParams.tagLength` 1104 1105<!-- YAML 1106added: v15.0.0 1107--> 1108 1109* Type: {number} The size in bits of the generated authentication tag. 1110 This values must be one of `32`, `64`, `96`, `104`, `112`, `120`, or 1111 `128`. **Default:** `128`. 1112 1113### Class: `AesKeyGenParams` 1114 1115<!-- YAML 1116added: v15.0.0 1117--> 1118 1119#### `aesKeyGenParams.length` 1120 1121<!-- YAML 1122added: v15.0.0 1123--> 1124 1125* Type: {number} 1126 1127The length of the AES key to be generated. This must be either `128`, `192`, 1128or `256`. 1129 1130#### `aesKeyGenParams.name` 1131 1132<!-- YAML 1133added: v15.0.0 1134--> 1135 1136* Type: {string} Must be one of `'AES-CBC'`, `'AES-CTR'`, `'AES-GCM'`, or 1137 `'AES-KW'` 1138 1139### Class: `EcdhKeyDeriveParams` 1140 1141<!-- YAML 1142added: v15.0.0 1143--> 1144 1145#### `ecdhKeyDeriveParams.name` 1146 1147<!-- YAML 1148added: v15.0.0 1149--> 1150 1151* Type: {string} Must be `'ECDH'`, `'X25519'`, or `'X448'`. 1152 1153#### `ecdhKeyDeriveParams.public` 1154 1155<!-- YAML 1156added: v15.0.0 1157--> 1158 1159* Type: {CryptoKey} 1160 1161ECDH key derivation operates by taking as input one parties private key and 1162another parties public key -- using both to generate a common shared secret. 1163The `ecdhKeyDeriveParams.public` property is set to the other parties public 1164key. 1165 1166### Class: `EcdsaParams` 1167 1168<!-- YAML 1169added: v15.0.0 1170--> 1171 1172#### `ecdsaParams.hash` 1173 1174<!-- YAML 1175added: v15.0.0 1176--> 1177 1178* Type: {string|Object} 1179 1180If represented as a {string}, the value must be one of: 1181 1182* `'SHA-1'` 1183* `'SHA-256'` 1184* `'SHA-384'` 1185* `'SHA-512'` 1186 1187If represented as an {Object}, the object must have a `name` property 1188whose value is one of the above listed values. 1189 1190#### `ecdsaParams.name` 1191 1192<!-- YAML 1193added: v15.0.0 1194--> 1195 1196* Type: {string} Must be `'ECDSA'`. 1197 1198### Class: `EcKeyGenParams` 1199 1200<!-- YAML 1201added: v15.0.0 1202--> 1203 1204#### `ecKeyGenParams.name` 1205 1206<!-- YAML 1207added: v15.0.0 1208--> 1209 1210* Type: {string} Must be one of `'ECDSA'` or `'ECDH'`. 1211 1212#### `ecKeyGenParams.namedCurve` 1213 1214<!-- YAML 1215added: v15.0.0 1216--> 1217 1218* Type: {string} Must be one of `'P-256'`, `'P-384'`, `'P-521'`. 1219 1220### Class: `EcKeyImportParams` 1221 1222<!-- YAML 1223added: v15.0.0 1224--> 1225 1226#### `ecKeyImportParams.name` 1227 1228<!-- YAML 1229added: v15.0.0 1230--> 1231 1232* Type: {string} Must be one of `'ECDSA'` or `'ECDH'`. 1233 1234#### `ecKeyImportParams.namedCurve` 1235 1236<!-- YAML 1237added: v15.0.0 1238--> 1239 1240* Type: {string} Must be one of `'P-256'`, `'P-384'`, `'P-521'`. 1241 1242### Class: `Ed448Params` 1243 1244<!-- YAML 1245added: v15.0.0 1246--> 1247 1248#### `ed448Params.name` 1249 1250<!-- YAML 1251added: v18.4.0 1252--> 1253 1254* Type: {string} Must be `'Ed448'`. 1255 1256#### `ed448Params.context` 1257 1258<!-- YAML 1259added: v18.4.0 1260--> 1261 1262* Type: {ArrayBuffer|TypedArray|DataView|Buffer|undefined} 1263 1264The `context` member represents the optional context data to associate with 1265the message. 1266The Node.js Web Crypto API implementation only supports zero-length context 1267which is equivalent to not providing context at all. 1268 1269### Class: `HkdfParams` 1270 1271<!-- YAML 1272added: v15.0.0 1273--> 1274 1275#### `hkdfParams.hash` 1276 1277<!-- YAML 1278added: v15.0.0 1279--> 1280 1281* Type: {string|Object} 1282 1283If represented as a {string}, the value must be one of: 1284 1285* `'SHA-1'` 1286* `'SHA-256'` 1287* `'SHA-384'` 1288* `'SHA-512'` 1289 1290If represented as an {Object}, the object must have a `name` property 1291whose value is one of the above listed values. 1292 1293#### `hkdfParams.info` 1294 1295<!-- YAML 1296added: v15.0.0 1297--> 1298 1299* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1300 1301Provides application-specific contextual input to the HKDF algorithm. 1302This can be zero-length but must be provided. 1303 1304#### `hkdfParams.name` 1305 1306<!-- YAML 1307added: v15.0.0 1308--> 1309 1310* Type: {string} Must be `'HKDF'`. 1311 1312#### `hkdfParams.salt` 1313 1314<!-- YAML 1315added: v15.0.0 1316--> 1317 1318* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1319 1320The salt value significantly improves the strength of the HKDF algorithm. 1321It should be random or pseudorandom and should be the same length as the 1322output of the digest function (for instance, if using `'SHA-256'` as the 1323digest, the salt should be 256-bits of random data). 1324 1325### Class: `HmacImportParams` 1326 1327<!-- YAML 1328added: v15.0.0 1329--> 1330 1331#### `hmacImportParams.hash` 1332 1333<!-- YAML 1334added: v15.0.0 1335--> 1336 1337* Type: {string|Object} 1338 1339If represented as a {string}, the value must be one of: 1340 1341* `'SHA-1'` 1342* `'SHA-256'` 1343* `'SHA-384'` 1344* `'SHA-512'` 1345 1346If represented as an {Object}, the object must have a `name` property 1347whose value is one of the above listed values. 1348 1349#### `hmacImportParams.length` 1350 1351<!-- YAML 1352added: v15.0.0 1353--> 1354 1355* Type: {number} 1356 1357The optional number of bits in the HMAC key. This is optional and should 1358be omitted for most cases. 1359 1360#### `hmacImportParams.name` 1361 1362<!-- YAML 1363added: v15.0.0 1364--> 1365 1366* Type: {string} Must be `'HMAC'`. 1367 1368### Class: `HmacKeyGenParams` 1369 1370<!-- YAML 1371added: v15.0.0 1372--> 1373 1374#### `hmacKeyGenParams.hash` 1375 1376<!-- YAML 1377added: v15.0.0 1378--> 1379 1380* Type: {string|Object} 1381 1382If represented as a {string}, the value must be one of: 1383 1384* `'SHA-1'` 1385* `'SHA-256'` 1386* `'SHA-384'` 1387* `'SHA-512'` 1388 1389If represented as an {Object}, the object must have a `name` property 1390whose value is one of the above listed values. 1391 1392#### `hmacKeyGenParams.length` 1393 1394<!-- YAML 1395added: v15.0.0 1396--> 1397 1398* Type: {number} 1399 1400The number of bits to generate for the HMAC key. If omitted, 1401the length will be determined by the hash algorithm used. 1402This is optional and should be omitted for most cases. 1403 1404#### `hmacKeyGenParams.name` 1405 1406<!-- YAML 1407added: v15.0.0 1408--> 1409 1410* Type: {string} Must be `'HMAC'`. 1411 1412### Class: `Pbkdf2Params` 1413 1414<!-- YAML 1415added: v15.0.0 1416--> 1417 1418#### `pbkdb2Params.hash` 1419 1420<!-- YAML 1421added: v15.0.0 1422--> 1423 1424* Type: {string|Object} 1425 1426If represented as a {string}, the value must be one of: 1427 1428* `'SHA-1'` 1429* `'SHA-256'` 1430* `'SHA-384'` 1431* `'SHA-512'` 1432 1433If represented as an {Object}, the object must have a `name` property 1434whose value is one of the above listed values. 1435 1436#### `pbkdf2Params.iterations` 1437 1438<!-- YAML 1439added: v15.0.0 1440--> 1441 1442* Type: {number} 1443 1444The number of iterations the PBKDF2 algorithm should make when deriving bits. 1445 1446#### `pbkdf2Params.name` 1447 1448<!-- YAML 1449added: v15.0.0 1450--> 1451 1452* Type: {string} Must be `'PBKDF2'`. 1453 1454#### `pbkdf2Params.salt` 1455 1456<!-- YAML 1457added: v15.0.0 1458--> 1459 1460* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1461 1462Should be at least 16 random or pseudorandom bytes. 1463 1464### Class: `RsaHashedImportParams` 1465 1466<!-- YAML 1467added: v15.0.0 1468--> 1469 1470#### `rsaHashedImportParams.hash` 1471 1472<!-- YAML 1473added: v15.0.0 1474--> 1475 1476* Type: {string|Object} 1477 1478If represented as a {string}, the value must be one of: 1479 1480* `'SHA-1'` 1481* `'SHA-256'` 1482* `'SHA-384'` 1483* `'SHA-512'` 1484 1485If represented as an {Object}, the object must have a `name` property 1486whose value is one of the above listed values. 1487 1488#### `rsaHashedImportParams.name` 1489 1490<!-- YAML 1491added: v15.0.0 1492--> 1493 1494* Type: {string} Must be one of `'RSASSA-PKCS1-v1_5'`, `'RSA-PSS'`, or 1495 `'RSA-OAEP'`. 1496 1497### Class: `RsaHashedKeyGenParams` 1498 1499<!-- YAML 1500added: v15.0.0 1501--> 1502 1503#### `rsaHashedKeyGenParams.hash` 1504 1505<!-- YAML 1506added: v15.0.0 1507--> 1508 1509* Type: {string|Object} 1510 1511If represented as a {string}, the value must be one of: 1512 1513* `'SHA-1'` 1514* `'SHA-256'` 1515* `'SHA-384'` 1516* `'SHA-512'` 1517 1518If represented as an {Object}, the object must have a `name` property 1519whose value is one of the above listed values. 1520 1521#### `rsaHashedKeyGenParams.modulusLength` 1522 1523<!-- YAML 1524added: v15.0.0 1525--> 1526 1527* Type: {number} 1528 1529The length in bits of the RSA modulus. As a best practice, this should be 1530at least `2048`. 1531 1532#### `rsaHashedKeyGenParams.name` 1533 1534<!-- YAML 1535added: v15.0.0 1536--> 1537 1538* Type: {string} Must be one of `'RSASSA-PKCS1-v1_5'`, `'RSA-PSS'`, or 1539 `'RSA-OAEP'`. 1540 1541#### `rsaHashedKeyGenParams.publicExponent` 1542 1543<!-- YAML 1544added: v15.0.0 1545--> 1546 1547* Type: {Uint8Array} 1548 1549The RSA public exponent. This must be a {Uint8Array} containing a big-endian, 1550unsigned integer that must fit within 32-bits. The {Uint8Array} may contain an 1551arbitrary number of leading zero-bits. The value must be a prime number. Unless 1552there is reason to use a different value, use `new Uint8Array([1, 0, 1])` 1553(65537) as the public exponent. 1554 1555### Class: `RsaOaepParams` 1556 1557<!-- YAML 1558added: v15.0.0 1559--> 1560 1561#### `rsaOaepParams.label` 1562 1563<!-- YAML 1564added: v15.0.0 1565--> 1566 1567* Type: {ArrayBuffer|TypedArray|DataView|Buffer} 1568 1569An additional collection of bytes that will not be encrypted, but will be bound 1570to the generated ciphertext. 1571 1572The `rsaOaepParams.label` parameter is optional. 1573 1574#### `rsaOaepParams.name` 1575 1576<!-- YAML 1577added: v15.0.0 1578--> 1579 1580* Type: {string} must be `'RSA-OAEP'`. 1581 1582### Class: `RsaPssParams` 1583 1584<!-- YAML 1585added: v15.0.0 1586--> 1587 1588#### `rsaPssParams.name` 1589 1590<!-- YAML 1591added: v15.0.0 1592--> 1593 1594* Type: {string} Must be `'RSA-PSS'`. 1595 1596#### `rsaPssParams.saltLength` 1597 1598<!-- YAML 1599added: v15.0.0 1600--> 1601 1602* Type: {number} 1603 1604The length (in bytes) of the random salt to use. 1605 1606[^1]: An experimental implementation of 1607 [Secure Curves in the Web Cryptography API][] as of 05 May 2022 1608 1609[JSON Web Key]: https://tools.ietf.org/html/rfc7517 1610[Key usages]: #cryptokeyusages 1611[NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf 1612[RFC 4122]: https://www.rfc-editor.org/rfc/rfc4122.txt 1613[Secure Curves in the Web Cryptography API]: https://wicg.github.io/webcrypto-secure-curves/ 1614[Web Crypto API]: https://www.w3.org/TR/WebCryptoAPI/ 1615