Web Crypto
Background
The Web Crypto API provides a set of low-level functions for common cryptographic tasks. The Workers Runtime implements the full surface of this API, but with some differences in the supported algorithms compared to those implemented in most browsers.
Performing cryptographic operations using the Web Crypto API is significantly faster than performing them purely in JavaScript. If you want to perform CPU-intensive cryptographic operations, you should consider using the Web Crypto API.
The Web Crypto API is implemented through the SubtleCrypto
interface, accessible via the global crypto.subtle
binding. A simple example of calculating a digest (also known as a hash) is:
const myText = new TextEncoder().encode('Hello world!');const myDigest = await crypto.subtle.digest({name: 'SHA-256',},myText // The data you want to hash as an ArrayBuffer);console.log(new Uint8Array(myDigest));
Some common uses include signing requests.
Constructors
crypto.DigestStream(algorithm)
DigestStream
- A non-standard extension to the
crypto
API that supports generating a hash digest from streaming data. TheDigestStream
itself is aWritableStream
that does not retain the data written into it. Instead, it generates a hash digest automatically when the flow of data has ended.
- A non-standard extension to the
Parameters
algorithm
string | object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
Usage
export default {async fetch(req) {// Fetch from originconst res = await fetch(req);// We need to read the body twice so we `tee` it (get two instances)const [bodyOne, bodyTwo] = res.body.tee();// Make a new response so we can set the headers (responses from `fetch` are immutable)const newRes = new Response(bodyOne, res);// Create a SHA-256 digest stream and pipe the body into itconst digestStream = new crypto.DigestStream("SHA-256");bodyTwo.pipeTo(digestStream);// Get the final resultconst digest = await digestStream.digest;// Turn it into a hex stringconst hexString = [...new Uint8Array(digest)].map(b => b.toString(16).padStart(2, '0')).join('')// Set a header with the SHA-256 hash and return the responsenewRes.headers.set("x-content-digest", `SHA-256=${hexString}`);return newRes;}}
const handler: ExportedHandler = {async fetch(req) {// Fetch from originconst res = await fetch(req);// We need to read the body twice so we `tee` it (get two instances)const [bodyOne, bodyTwo] = res.body.tee();// Make a new response so we can set the headers (responses from `fetch` are immutable)const newRes = new Response(bodyOne, res);// Create a SHA-256 digest stream and pipe the body into itconst digestStream = new crypto.DigestStream("SHA-256");bodyTwo.pipeTo(digestStream);// Get the final resultconst digest = await digestStream.digest;// Turn it into a hex stringconst hexString = [...new Uint8Array(digest)].map(b => b.toString(16).padStart(2, '0')).join('')// Set a header with the SHA-256 hash and return the responsenewRes.headers.set("x-content-digest", `SHA-256=${hexString}`);return newRes;}}export default handler;
Methods
crypto.randomUUID()
:string
- Generates a new random (version 4) UUID as defined in RFC 4122.
crypto.getRandomValues(bufferArrayBufferView)
:ArrayBufferView
- Fills the passed
ArrayBufferView
with cryptographically sound random values and returns thebuffer
.
- Fills the passed
Parameters
buffer
ArrayBufferView- Must be an
Int8Array
|Uint8Array
|Uint8ClampedArray
|Int16Array
|Uint16Array
|Int32Array
|Uint32Array
|BigInt64Array
|BigUint64Array
.
- Must be an
SubtleCrypto Methods
These methods are all accessed via crypto.subtle
, which is also documented in detail on MDN.
encrypt
encrypt(algorithm, key, data)
:Promise<ArrayBuffer>
- Returns a Promise that fulfills with the encrypted data corresponding to the clear text, algorithm, and key given as parameters.
Parameters
algorithm
object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
key
CryptoKeydata
BufferSource
decrypt
decrypt(algorithm, key, data)
:Promise<ArrayBuffer>
- Returns a Promise that fulfills with the clear data corresponding to the ciphertext, algorithm, and key given as parameters.
Parameters
algorithm
object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
key
CryptoKeydata
BufferSource
sign
sign(algorithm, key, data)
:Promise<ArrayBuffer>
- Returns a Promise that fulfills with the signature corresponding to the text, algorithm, and key given as parameters.
Parameters
algorithm
string | object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
key
CryptoKeydata
ArrayBuffer
verify
verify(algorithm, key, signature, data)
:Promise<boolean>
- Returns a Promise that fulfills with a Boolean value indicating if the signature given as a parameter matches the text, algorithm, and key that are also given as parameters.
Parameters
algorithm
string | object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
key
CryptoKeysignature
ArrayBufferdata
ArrayBuffer
digest
digest(algorithm, data)
:Promise<ArrayBuffer>
- Returns a Promise that fulfills with a digest generated from the algorithm and text given as parameters.
Parameters
algorithm
string | object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
data
ArrayBuffer
generateKey
generateKey(algorithm, extractable, keyUsages)
:Promise<CryptoKey> | Promise<CryptoKeyPair>
- Returns a Promise that fulfills with a newly-generated
CryptoKey
, for symmetrical algorithms, or aCryptoKeyPair
, containing two newly generated keys, for asymmetrical algorithms. For example, to generate a new AES-GCM key:
let keyPair = await crypto.subtle.generateKey({name: 'AES-GCM',length: 256,},true,['encrypt', 'decrypt']);- Returns a Promise that fulfills with a newly-generated
Parameters
algorithm
object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
extractable
boolkeyUsages
Array- An Array of strings indicating the possible usages of the new key.
deriveKey
deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)
:Promise<CryptoKey>
- Returns a Promise that fulfills with a newly generated
CryptoKey
derived from the base key and specific algorithm given as parameters.
- Returns a Promise that fulfills with a newly generated
Parameters
algorithm
object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
baseKeyCryptoKey
derivedKeyAlgorithmobject
- Defines the algorithm the derived key will be used for in an algorithm-specific format.
extractablebool
keyUsagesArray
- An Array of strings indicating the possible usages of the new key
deriveBits
deriveBits(algorithm, baseKey, length)
:Promise<ArrayBuffer>
- Returns a Promise that fulfills with a newly generated buffer of pseudo-random bits derived from the base key and specific algorithm given as parameters. It returns a Promise which will be fulfilled with an
ArrayBuffer
containing the derived bits. This method is very similar toderiveKey()
, except thatderiveKey()
returns aCryptoKey
object rather than anArrayBuffer
. Essentially,deriveKey()
is composed ofderiveBits()
followed byimportKey()
.
- Returns a Promise that fulfills with a newly generated buffer of pseudo-random bits derived from the base key and specific algorithm given as parameters. It returns a Promise which will be fulfilled with an
Parameters
algorithm
object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
baseKey
CryptoKeylength
int- Length of the bit string to derive.
importKey
importKey(format, keyData, algorithm, extractable, keyUsages)
:Promise<CryptoKey>
- Transform a key from some external, portable format into a
CryptoKey
for use with the Web Crypto API.
- Transform a key from some external, portable format into a
Parameters
format
string- Describes the format of the key to be imported.
keyData
ArrayBufferalgorithm
object- Describes the algorithm to be used, including any required parameters, in an algorithm-specific format.
extractable
boolkeyUsages
Array- An Array of strings indicating the possible usages of the new key
exportKey
exportKey(formatstring, keyCryptoKey)
:Promise<ArrayBuffer>
- Transform a
CryptoKey
into a portable format, if theCryptoKey
isextractable
.
- Transform a
Parameters
format
string- Describes the format in which the key will be exported.
key
CryptoKey
wrapKey
wrapKey(format, key, wrappingKey, wrapAlgo)
:Promise<ArrayBuffer>
- Transform a
CryptoKey
into a portable format, and then encrypt it with another key. This renders theCryptoKey
suitable for storage or transmission in untrusted environments.
- Transform a
Parameters
format
string- Describes the format in which the key will be exported before being encrypted.
key
CryptoKeywrappingKey
CryptoKeywrapAlgo
object- Describes the algorithm to be used to encrypt the exported key, including any required parameters, in an algorithm-specific format.
unwrapKey
unwrapKey(format, key, unwrappingKey, unwrapAlgo,
:
unwrappedKeyAlgo, extractable, keyUsages)Promise<CryptoKey>
- Transform a key that was wrapped by
wrapKey()
back into aCryptoKey
.
- Transform a key that was wrapped by
Parameters
format
string- Described the data format of the key to be unwrapped.
key
CryptoKeyunwrappingKey
CryptoKeyunwrapAlgo
object- Describes the algorithm that was used to encrypt the wrapped key, in an algorithm-specific format.
unwrappedKeyAlgo
object- Describes the key to be unwrapped, in an algorithm-specific format.
extractable
boolkeyUsages
Array- An Array of strings indicating the possible usages of the new key
timingSafeEqual
timingSafeEqual(a, b)
:bool
- Compare two buffers in a way that is resistant to timing attacks. This is a non-standard extension to the Web Crypto API.
Parameters
a
ArrayBuffer | TypedArrayb
ArrayBuffer | TypedArray
Supported algorithms
Workers implements all operations of the WebCrypto standard, as shown in the following table.
A checkmark (✓) indicates that this feature is believed to be fully supported according to the spec.
An x (✘) indicates that this feature is part of the specification but not implemented.
If a feature only implements the operation partially, details are listed.
Algorithm | sign() verify() | encrypt() decrypt() | digest() | deriveBits() deriveKey() | generateKey() | wrapKey() unwrapKey() | exportKey() | importKey() |
---|---|---|---|---|---|---|---|---|
RSASSA PKCS1 v1.5 | ✓ | ✓ | ✓ | ✓ | ||||
RSA PSS | ✓ | ✓ | ✓ | ✓ | ||||
RSA OAEP | ✓ | ✓ | ✓ | ✓ | ✓ | |||
ECDSA | ✓ | ✓ | ✓ | ✓ | ||||
ECDH | ✓ | ✓ | ✓ | ✓ | ||||
Ed255191 | ✓ | ✓ | ✓ | ✓ | ||||
X255191 | ✓ | ✓ | ✓ | ✓ | ||||
NODE ED255192 | ✓ | ✓ | ✓ | ✓ | ||||
AES CTR | ✓ | ✓ | ✓ | ✓ | ✓ | |||
AES CBC | ✓ | ✓ | ✓ | ✓ | ✓ | |||
AES GCM | ✓ | ✓ | ✓ | ✓ | ✓ | |||
AES KW | ✓ | ✓ | ✓ | ✓ | ||||
HMAC | ✓ | ✓ | ✓ | ✓ | ||||
SHA 1 | ✓ | |||||||
SHA 256 | ✓ | |||||||
SHA 384 | ✓ | |||||||
SHA 512 | ✓ | |||||||
MD53 | ✓ | |||||||
HKDF | ✓ | ✓ | ||||||
PBKDF2 | ✓ | ✓ |
Footnotes:
Algorithms as specified in the Secure Curves API.
Legacy non-standard EdDSA is supported for the Ed25519 curve in addition to the Secure Curves version. Since this algorithm is non-standard, note the following while using it:
- Use
NODE-ED25519
as the algorithm andnamedCurve
parameters. - Unlike NodeJS, Cloudflare will not support raw import of private keys.
- The algorithm implementation may change over time. While Cloudflare cannot guarantee it at this time, Cloudflare will strive to maintain backward compatibility and compatibility with NodeJS’s behavior. Any notable compatibility notes will be communicated in release notes and via this developer documentation.
- Use
MD5 is not part of the WebCrypto standard but is supported in Cloudflare Workers for interacting with legacy systems that require MD5. MD5 is considered a weak algorithm. Do not rely upon MD5 for security.