Different algorithms are supported for the different functions provided by the Web Crypto API. Also, depending of the context, these algorithms needs parameters or they will raise a SyntaxError
. This pages lists the context, the available algorithms and the required parameters.
AES-CBC
It represents AES in Cipher Block Chaining mode. For key generation, it uses PKCS #7 as the padding method.
Key usages for keys generated with this method are restricted to "encrypt"
, "decrypt"
, "wrapKey"
or "unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKey
.
The AES-CBC
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "AES-CBC"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not 128
, 192 or 256, an OperationError
is thrown.AES-CTR
It represents AES in Counter Mode.
Key usages for keys generated with this method are restricted to "encrypt"
, "decrypt"
, "wrapKey"
or "unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKey
.
The AES-CTR
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "AES-CTR"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not 128
, 192 or 256, an OperationError
is thrown.AES-GCM
It represents AES in Galois/Counter Mode.
Key usages for keys generated with this method are restricted to "encrypt"
, "decrypt"
, "wrapKey"
or "unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKey
.
The AES-GCM
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "AES-GCM"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not 128
, 192 or 256, an OperationError
is thrown.RSA-OAEP
It represents RSAES-OAEP algorithm, using a SHA hash functions and a MGF1 mask generating function.
Key usages for keys generated with this method are restricted to "encrypt"
, "decrypt"
, "wrapKey"
or "unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKeyPair
.
The RSA-OAEP
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "RSA-OAEP"
."hash"
, a HashAlgorithmIdentifier
with the hash algorithm to use.AES-KW
It represents the key wrapping in AES algorithm.
Key usages for keys generated with this method are restricted to "wrapKey"
or "unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKey
.
The AES-KW
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "AES-KW"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not 128
, 192 or 256, an OperationError
is thrown.HMAC
It represents the hash-based message authentication method using SHA hash functions.
Key usages for keys generated with this method are restricted to "sign"
or "verify"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKey
.
The HMAC
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "HMAC"
."hash"
, a HashAlgorithmIdentifier
, the hash algorithm to use.length"
, an optional positive integer indicating the size of the key to generate. If not provided, the size of the block of the hash function is used.RSASSA-PKCS1-v1_5
It represents RSASSA-PKCS1-v1_5 algorithm, using a SHA hash function.
Key usages for keys generated with this method are restricted to "sign"
, "verify"
. If any other usage is requested for the key generated with this method, the key generation aborts with a SyntaxError
.
The returned key is a CryptoKeyPair
.
The RSASSA-PKCS1-v1_5
algorithm must be described using a dictionary with the following parameters:
"name"
, a DOMString
containing "RSASSA-PKCS1-v1_5"
."hash"
, a HashAlgorithmIdentifier
with the hash algorithm to use.ECDSA
"sign"
, "verify"
.CryptoKeyPair
.The ECDSA
must be described using a dictionary with the following parameters:
ECDH
DH
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API/Supported_algorithms