W3cubDocs

SubtleCrypto.encrypt

The SubtleCrypto.encrypt() method returns a Promise of the encrypted data corresponding to the plaintext data, algorithm and key given as parameters.

Syntax

var result = crypto.subtle.encrypt(algorithm, key, data);

Parameters

algorithm is an object specifying the encryption function to be used and its parameters; if there are no parameters, algorithm can be a DOMString with the algorithm name. Supported values¹ are:
- {"name": "AES-CBC", iv} where iv is a 16-byte BufferSource initialization vector (generated by RandomSource.getRandomValues()).
- {"name": "AES-CTR", counter, length} where counter is an initialised 16-byte BufferSource counter block, and length is the length (in bits) of the part of the counter block that is incremented.
- {"name": "AES-GCM", iv[, additionalData, tagLength]} where iv is a BufferSource initialization vector up to 2⁶⁴−1 bytes long; additionalData is a BufferSource authentication data and tagLength is the length of the authentication tag.
- {"name": "RSA-OAEP"[, label]} where label is an optional label to associate with the message.
key is a CryptoKey containing the key to be used for encryption.
data is a BufferSource containing the data to be encrypted, the plaintext.

Return value

result is a Promise that returns the ciphertext generated by the encryption of the plaintext as an ArrayBuffer.

Exceptions

The promise is rejected when the following exceptions are encountered:

InvalidAccessError: when the requested operation is not valid for the provided key (e.g. invalid encryption algorithm, or invalid key for specified encryption algorithm).

OperationError: when the operation failed for an operation-specific reason (e.g. algorithm parameters of invalid sizes, or AES-GCM plaintext longer than 2³⁹−256 bytes).

Example

const encryptText = async (plainText, password) => {
  const ptUtf8 = new TextEncoder().encode(plainText);

  const pwUtf8 = new TextEncoder().encode(password);
  const pwHash = await crypto.subtle.digest('SHA-256', pwUtf8); 

  const iv = crypto.getRandomValues(new Uint8Array(12));
  const alg = { name: 'AES-GCM', iv: iv };
  const key = await crypto.subtle.importKey('raw', pwHash, alg, false, ['encrypt']);

  return { iv, encBuffer: await crypto.subtle.encrypt(alg, key, ptUtf8) };
}

The password and the iv will be required for the SubtleCrypto.decrypt() operation.

Specifications

Specification	Status	Comment
Web Cryptography API The definition of 'SubtleCrypto.encrypt()' in that specification.	Recommendation	Initial definition.

Browser compatibilityUpdate compatibility data on GitHub

	Desktop
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari
Basic support	37	12	34 34 32 — 34 Disabled Disabled From version 32 until version 34 (exclusive): this feature is behind the `dom.webcrypto.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	11 11 Returns `CryptoOperation` instead of `Promise`	24	7

	Mobile
	Android webview	Chrome for Android	Edge Mobile	Firefox for Android	Opera for Android	iOS Safari	Samsung Internet
Basic support	37	37	12	34 34 32 — 34 Disabled Disabled From version 32 until version 34 (exclusive): this feature is behind the `dom.webcrypto.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	24	7	6.0