Different algorithms are supported for the different functions provided by the Web Crypto API. Also, depending of the context, these algorithms needs parameters or they will raise a SyntaxError
. This pages lists the context, the available algorithms and the required parameters.
Key generation algorithms
AES-CBC
-
It represents AES in Cipher Block Chaining mode. For key generation, it uses PKCS #7 as the padding method.
Key usages for keys generated with this method are restricted to
"encrypt"
,"decrypt"
,"wrapKey"
or"unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKey
.The
AES-CBC
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"AES-CBC"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not128
, 192 or 256, anOperationError
is thrown.
AES-CTR
-
It represents AES in Counter Mode.
Key usages for keys generated with this method are restricted to
"encrypt"
,"decrypt"
,"wrapKey"
or"unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKey
.The
AES-CBC
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"AES-CTR"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not128
, 192 or 256, anOperationError
is thrown.
AES-GCM
-
It represents AES in Galois/Counter Mode.
Key usages for keys generated with this method are restricted to
"encrypt"
,"decrypt"
,"wrapKey"
or"unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKey
.The
AES-GCM
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"AES-GCM"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not128
, 192 or 256, anOperationError
is thrown.
RSA-OAEP
-
It represents RSAES-OAEP algorithm, using a SHA hash functions and a MGF1 mask generating function.
Key usages for keys generated with this method are restricted to
"encrypt"
,"decrypt"
,"wrapKey"
or"unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKeyPair
.The
RSA-OAEP
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"RSA-OAEP"
."hash"
, aHashAlgorithmIdentifier
with the hash algorithm to use.
AES-KW
-
It represents the key wrapping in AES algorithm.
Key usages for keys generated with this method are restricted to
"wrapKey"
or"unwrapKey"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKey
.The
AES-KW
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"AES-KW"
."length"
, an unsigned integer containing the length of the key (in bits). If the value is not128
, 192 or 256, anOperationError
is thrown.
HMAC
-
It represents the hash-based message authentication method using SHA hash functions.
Key usages for keys generated with this method are restricted to
"sign"
or"verify"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKey
.The
HMAC
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"HMAC"
."hash"
, aHashAlgorithmIdentifier
, the hash algorithm to use.- "
length"
, an optional positive integer indicating the size of the key to generate. If not provided, the size of the block of the hash function is used.
RSASSA-PKCS1-v1_5
-
It represents RSASA-PKCS1_v1_5 algorithm, using a SHA hash function.
Key usages for keys generated with this method are restricted to
"sign"
,"verify"
. If any other usage is requested for the key generated with this method, the key generation aborts with aSyntaxError
.The returned key is a
CryptoKeyPair
.The
RSASA-PKCS1-v1_5
algorithm must be described using a dictionary with the following parameters:"name"
, aDOMString
containing"RSASA-PKCS-v1_5"
."hash"
, aHashAlgorithmIdentifier
with the hash algorithm to use.
ECDSA
ECDH
DH