/Web APIs

crypto global property

The global read-only crypto property returns the Crypto object associated to the global object. This object allows web pages access to certain cryptographic related services.

Although the property itself is read-only, all of its methods (and the methods of its child object, SubtleCrypto) are not read-only, and therefore vulnerable to attack by polyfill.

Although crypto is available on all windows, the returned Crypto object only has one usable feature in insecure contexts: the getRandomValues() method. In general, you should use this API only in secure contexts.


An instance of the Crypto interface, providing access to general-purpose cryptography and a strong random-number generator.


This example uses the crypto property to access the getRandomValues() method.


globalThis.genRandomNumbers = () => {
  const array = new Uint32Array(10);

  const randText = document.getElementById("myRandText");
  randText.textContent = `The random numbers are: ${array.join(" ")}`;


<p id="myRandText">The random numbers are:</p>
<button type="button" onClick="genRandomNumbers()">
  Generate 10 random numbers



Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
crypto_property 37 12 1 11 24 5 37 37 4 24 5 3.0
worker_support 37 79 48 No 24 10.1 37 37 48 24 10.3 3.0

See also

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.