This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
Note: This feature is available in Web Workers.
The read-only type property of the CryptoKey interface indicates which kind of key is represented by the object. It can have the following values:
"secret": This key is a secret key for use with a symmetric algorithm."private": This key is the private half of an asymmetric algorithm's CryptoKeyPair."public": This key is the public half of an asymmetric algorithm's CryptoKeyPair.One of the following strings: "secret", "private", or "public".
This function verifies a message using SubtleCrypto.verify() and a public key given in the parameter. If the key is not a public key, it always returns "invalid", as such verification is fundamentally insecure.
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(
".rsassa-pkcs1 .signature-value",
);
signatureValue.classList.remove("valid", "invalid");
let result = false; // By default, it is invalid
if (publicKey.type === "public") {
const encoded = getMessageEncoding();
result = await window.crypto.subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encoded,
);
}
signatureValue.classList.add(result ? "valid" : "invalid");
}
| Specification |
|---|
| Web Cryptography Level 2> # dom-cryptokey-type> |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Opera | Safari | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | WebView Android | WebView on iOS | |
type |
37 | 12 | 34 | 24 | 7 | 37 | 34 | 24 | 7 | 3.0 | 37 | 7 |
© 2005–2025 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey/type