W3cubDocs

/DOM

Web Crypto API: Supported algorithms

Different algorithms are supported for the different functions provided by the Web Crypto API. Also, depending of the context, these algorithms needs parameters or they will raise a SyntaxError. This pages lists the context, the available algorithms and the required parameters.

Key generation algorithms

AES-CBC

It represents AES in Cipher Block Chaining mode. For key generation, it uses PKCS #7 as the padding method.

Key usages for keys generated with this method are restricted to "encrypt", "decrypt", "wrapKey" or "unwrapKey". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKey.

The AES-CBC algorithm must be described using a dictionary with the following parameters:

  • "name", a DOMString containing "AES-CBC".
  • "length", an unsigned integer containing the length of the key (in bits). If the value is not 128, 192 or 256, an OperationError is thrown.
AES-CTR

It represents AES in Counter Mode.

Key usages for keys generated with this method are restricted to "encrypt", "decrypt", "wrapKey" or "unwrapKey". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKey.

The AES-CTR algorithm must be described using a dictionary with the following parameters:

  • "name", a DOMString containing "AES-CTR".
  • "length", an unsigned integer containing the length of the key (in bits). If the value is not 128, 192 or 256, an OperationError is thrown.
AES-GCM

It represents AES in Galois/Counter Mode.

Key usages for keys generated with this method are restricted to "encrypt", "decrypt", "wrapKey" or "unwrapKey". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKey.

The AES-GCM algorithm must be described using a dictionary with the following parameters:

  • "name", a DOMString containing "AES-GCM".
  • "length", an unsigned integer containing the length of the key (in bits). If the value is not 128, 192 or 256, an OperationError is thrown.
RSA-OAEP

It represents RSAES-OAEP algorithm, using a SHA hash functions and a MGF1 mask generating function.

Key usages for keys generated with this method are restricted to "encrypt", "decrypt", "wrapKey" or "unwrapKey". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKeyPair.

The RSA-OAEP algorithm must be described using a dictionary with the following parameters:

AES-KW

It represents the key wrapping in AES algorithm.

Key usages for keys generated with this method are restricted to "wrapKey" or "unwrapKey". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKey.

The AES-KW algorithm must be described using a dictionary with the following parameters:

  • "name", a DOMString containing "AES-KW".
  • "length", an unsigned integer containing the length of the key (in bits). If the value is not 128, 192 or 256, an OperationError is thrown.
HMAC

It represents the hash-based message authentication method using SHA hash functions.

Key usages for keys generated with this method are restricted to "sign" or "verify". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKey.

The HMAC algorithm must be described using a dictionary with the following parameters:

  • "name", a DOMString containing "HMAC".
  • "hash", a HashAlgorithmIdentifier, the hash algorithm to use.
  • "length", an optional positive integer indicating the size of the key to generate. If not provided, the size of the block of the hash function is used.
RSASSA-PKCS1-v1_5

It represents RSASSA-PKCS1-v1_5 algorithm, using a SHA hash function.

Key usages for keys generated with this method are restricted to "sign", "verify". If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError.

The returned key is a CryptoKeyPair.

The RSASSA-PKCS1-v1_5 algorithm must be described using a dictionary with the following parameters:

ECDSA
It represents the Elliptic Curve Digital Signature Algorithm.
Key usages for keys generated with this method are restricted to "sign", "verify".
The returned key is a CryptoKeyPair.

The ECDSA must be described using a dictionary with the following parameters:

  • "name", a DOMString containing "ECDSA".
  • "namedCurve", a DOMString containing either"P-256", "P-384", or "P-521".
ECDH
DH

Edit this page on MDN

© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API/Supported_algorithms