deno.com
interface SubtleCrypto

This Web Crypto API interface provides a number of low-level cryptographic functions. It is accessed via the Crypto.subtle properties available in a window context (via globalThis.crypto).

Methods #

#generateKey(
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKeyPair>

Generates an asymmetric cryptographic key pair for encryption, signing, or key exchange.

This overload is used for generating key pairs with RSA or elliptic curve algorithms.

#generateKey(
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>

Generates a symmetric cryptographic key for encryption, authentication, or hashing.

This overload is used for algorithms such as AES and HMAC.

#generateKey(
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKeyPair | CryptoKey>

Generates a cryptographic key or key pair for a given algorithm.

This generic overload handles any key generation request, returning either a symmetric key or an asymmetric key pair based on the provided algorithm.

#importKey(
format: "jwk",
keyData: JsonWebKey,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>

Imports a cryptographic key in JSON Web Key (JWK) format.

This method is used to import an asymmetric key (e.g., RSA or ECDSA) from a JWK object. JWK allows structured representation of keys, making them portable across different systems.

#importKey(
format: Exclude<KeyFormat, "jwk">,
keyData: BufferSource,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>

Imports a cryptographic key in raw, PKCS8, or SPKI format.

This method is used to import symmetric keys (e.g., AES), private keys (PKCS8), or public keys (SPKI).

#exportKey(
format: "jwk",
key: CryptoKey,
): Promise<JsonWebKey>

Exports a cryptographic key in JSON Web Key (JWK) format.

This method allows exporting an asymmetric key (e.g., RSA, ECDSA) into a JSON-based representation, making it easy to store and transfer across systems.

#exportKey(
format: Exclude<KeyFormat, "jwk">,
key: CryptoKey,
): Promise<ArrayBuffer>

Exports a cryptographic key in raw, PKCS8, or SPKI format.

This method is used to export symmetric keys (AES), private keys (PKCS8), or public keys (SPKI) in binary form.

#sign(
key: CryptoKey,
): Promise<ArrayBuffer>

Generates a digital signature using a private cryptographic key.

This method is used to sign data with an asymmetric key (e.g., RSA-PSS, ECDSA).

#verify(
key: CryptoKey,
signature: BufferSource,
): Promise<boolean>

Verifies a digital signature using a public cryptographic key.

This method checks whether a signature is valid for the given data.

#digest(
): Promise<ArrayBuffer>

Computes a cryptographic hash (digest) of the given data.

This method is commonly used for verifying data integrity.

Encrypts data using a cryptographic key.

This method is used with both symmetric (AES) and asymmetric (RSA) encryption.

Decrypts previously encrypted data using a cryptographic key.

#deriveBits(
baseKey: CryptoKey,
length: number,
): Promise<ArrayBuffer>

This method is used to derive a key from a base key using a cryptographic algorithm.

This method is used to derive a secret key from a base or master key using a cryptographic algorithm. It returns a Promise which fulfils with an object of the new key.

#wrapKey(
format: KeyFormat,
key: CryptoKey,
wrappingKey: CryptoKey,
): Promise<ArrayBuffer>

Wraps (encrypts) a cryptographic key for secure storage or transmission

#unwrapKey(
format: KeyFormat,
wrappedKey: BufferSource,
unwrappingKey: CryptoKey,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>

Unwraps (decrypts) a previously wrapped key.