Class “SubtleCrypto”

Object > SubtleCrypto

Provides a subset of the cryptographic functions in the SubtleCrypto W3C standard.

Type: SubtleCrypto extends Object
Constructor: private
Singleton: No
Namespace: global
Direct subclasses: None
JSX Support: No

Methods

decrypt(algorithm, key, data)

Decrypts the given raw data. Currently only supports the AES-GCM algorithm.

Parameter Type Description
algorithm {
  name: 'AES-GCM',
  iv:
ArrayBuffer | TypedArray,
  tagLength: number // optional
}
 
key CryptoKey  
data ArrayBuffer | TypedArray  

Returns: Promise<ArrayBuffer>

deriveBits(algorithm, baseKey, length, options?)

Takes a base key and derives an array of bits from it using the Elliptic Curve Diffie-Hellman (ECDH) algorithm.

Parameter Type Description
algorithm {
  name: 'ECDH',
  namedCurve: 'P-256',
  public: CryptoKey
}
 
baseKey CryptoKey  
length number  
options {
  authPromptTitle: string, // optional
  authPromptMessage: string // optional
}
Optional.

Returns: Promise<ArrayBuffer>

deriveBits(algorithm, baseKey, length)

Takes a base key and derives an array of bits from it using the HKDF algorithm.

Parameter Type Description
algorithm {
  name: 'HKDF',
  hash:
    'SHA-1'
    | 'SHA-256'
    | 'SHA-384'
    | 'SHA-512',
  salt:
ArrayBuffer | TypedArray,
  info:
ArrayBuffer | TypedArray
}
 
baseKey CryptoKey  
length number  

Returns: Promise<ArrayBuffer>

deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages, options?)

Takes a base key and derives a secret key from it using the Elliptic Curve Diffie-Hellman (ECDH) algorithm.

Parameter Type Description
algorithm {
  name: 'ECDH',
  namedCurve: 'P-256',
  public: CryptoKey
}
 
baseKey CryptoKey  
derivedKeyAlgorithm {name: 'AES-GCM', length: number}  
extractable boolean  
keyUsages string[]  
options {
  authPromptTitle: string, // optional
  authPromptMessage: string // optional
}
Optional.

Returns: Promise<CryptoKey>

deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)

Takes a base key and derives a secret key from it using the HKDF algorithm.

Parameter Type Description
algorithm {
  name: 'HKDF',
  hash:
    'SHA-1'
    | 'SHA-256'
    | 'SHA-384'
    | 'SHA-512',
  salt:
ArrayBuffer | TypedArray,
  info:
ArrayBuffer | TypedArray
}
 
baseKey CryptoKey  
derivedKeyAlgorithm {name: 'AES-GCM', length: number}  
extractable boolean  
keyUsages string[]  

Returns: Promise<CryptoKey>

digest(algorithm, data)

Provides the digest value of the given data as an ArrayBuffer. Fo this the method uses the hashing algorithms provided by the operating system.

Parameter Type Description
algorithm 'SHA-1'
| 'SHA-256'
| 'SHA-384'
| 'SHA-512'
A string defining the hash function to use.
data TypedArray | ArrayBuffer The data to be digested.

Returns: Promise<ArrayBuffer>

encrypt(algorithm, key, data)

Encrypts the given raw data. Currently only supports the AES-GCM algorithm.

Parameter Type Description
algorithm {
  name: 'AES-GCM',
  iv:
ArrayBuffer | TypedArray,
  tagLength: number // optional
}
 
key CryptoKey  
data ArrayBuffer | TypedArray  

Returns: Promise<ArrayBuffer>

exportKey(format, key)

Converts CryptoKey instances into a portable format. If the key’s extractable is set to true, returns the raw key material in SPKI format or as raw bytes. If the key’s extractable is set to false, for ECDSA and ECDH keys returns an opaque handle to the key in the device’s trusted execution environment, and throws for other key formats.

Parameter Type Description
format 'raw' | 'spki'  
key CryptoKey  

Returns: Promise<ArrayBuffer>

generateKey(algorithm, extractable, keyUsages, options?)

Generates new keys. Currently only supports the Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) algorithms to generate key pairs. When extractable is set to true, the raw key material can be exported using exportKey. When extractable is set to false, for ECDSA and ECDH keys exportKey returns an opaque handle to the key in the device’s trusted execution environment, and throws for other key formats.

Parameter Type Description
algorithm {name: 'ECDH' | 'ECDSA', namedCurve: 'P-256'}  
extractable boolean  
keyUsages string[]  
options {
  usageRequiresAuth: boolean // optional
}
Optional.

Returns: Promise<{privateKey: CryptoKey, publicKey: CryptoKey}>

importKey(format, keyData, algorithm, extractable, keyUsages)

Takes an external key in a portable format and returns a CryptoKey object that can be used with the SubtleCrypto API. Keys may be in spki or pkcs8 format.

Parameter Type Description
format 'spki'
| 'pkcs8'
| 'raw'
 
keyData ArrayBuffer | TypedArray  
algorithm {name: 'ECDH' | 'ECDSA', namedCurve: 'P-256'}
| {name: 'AES-GCM'}
| 'HKDF'
| 'AES-GCM'
 
extractable boolean  
keyUsages string[]  

Returns: Promise<CryptoKey>

sign(algorithm, key, data, options?)

Signs the given data. Currently only supports creating ECDSA signatures in DER format.

Parameter Type Description
algorithm {name: 'ECDSAinDERFormat', hash: 'SHA-256'}  
key CryptoKey  
data ArrayBuffer | TypedArray  
options {
  authPromptTitle: string, // optional
  authPromptMessage: string // optional
}
Optional.

Returns: Promise<ArrayBuffer>

verify(algorithm, key, signature, data)

Verifies the given signature against the data. Currently only supports verifying ECDSA signatures in DER format.

Parameter Type Description
algorithm {name: 'ECDSAinDERFormat', hash: 'SHA-256'}  
key CryptoKey  
signature ArrayBuffer | TypedArray  
data ArrayBuffer | TypedArray  

Returns: Promise<boolean>