PKI-Lite - v1.2.1
    Preparing search index...

    Class WebCryptoProvider

    Cryptographic provider implementation using the Web Crypto API.

    This provider leverages the browser's native Web Crypto API for cryptographic operations, offering excellent performance and security. It supports modern algorithms including RSA, ECDSA, AES, and SHA hashes. The Web Crypto API is available in both browsers and Node.js (16+), making this provider suitable for cross-platform applications.

    Supported operations:

    • Hashing: SHA-1, SHA-256, SHA-384, SHA-512 (MD5 not supported)
    • Asymmetric: RSA-PKCS1, RSA-PSS, RSA-OAEP, ECDSA, ECDH
    • Symmetric: AES-GCM, AES-CBC, AES-CTR
    • Key derivation: PBKDF2, HKDF
    const provider = new WebCryptoProvider()

    // Hash data
    const hash = await provider.digest(data, 'SHA-256')

    // Sign data with RSA-PSS
    const signature = await provider.sign(
        data,
        privateKeyInfo,
        { type: 'RSA_PSS', params: { hash: 'SHA-256', saltLength: 32 } }
    )

    // Encrypt with AES-GCM
    const encrypted = await provider.encryptSymmetric(
        plaintext,
        key,
        { type: 'AES_GCM', params: { iv: iv, tagLength: 16 } }
    )

    Hierarchy (View Summary)

    Implements

    Index

    Constructors

    constructor

    Properties

    crypto

    Methods

    contentEncryptionAlgorithm decrypt decryptSymmetric deriveCryptoKey deriveKey derivePkcs12Key digest digestAlgorithm encrypt encryptSymmetric generateKeyPair generateSymmetricKey getEcCurveParameters getEcNamedCurve getKeyMaterial getRandomValues getWebCryptoAlgorithm getWebCryptoDerivationAlgorithm getWebCryptoSymmetricAlgorithm getWebCryptoSymmetricKeyGenAlgorithm hmac keyEncryptionAlgorithm sign signatureAlgorithm toAsymmetricEncryptionAlgorithmParams toDerivationAlgorithmParams toHashAlgorithm toPbeAlgorithmParams toSymmetricEncryptionAlgorithmParams verify

    Constructors

    Properties

    crypto: { subtle: SubtleCrypto } = globalThis.crypto

    Reference to the Web Crypto API interface. Protected to allow testing with mock implementations.

    Methods

    • Derives a cryptographic key from a password using the specified algorithm.

      Parameters

      • password: string | Uint8Array<ArrayBuffer> | CryptoKey

        The password or key material to derive from

      • algorithm: PbeAlgorithmParams

        The key derivation algorithm parameters

      Returns Promise<Uint8Array<ArrayBuffer>>

      Promise resolving to the derived key as a Uint8Array

    • Derives key material using PKCS#12 password-based KDF (RFC 7292 Appendix B). Supports modern hash algorithms for improved security while maintaining OpenSSL compatibility.

      Parameters

      • password: string | Uint8Array<ArrayBuffer>

        The password (string or bytes, will be converted to BMPString format)

      • salt: Uint8Array<ArrayBuffer>

        Salt value for key derivation

      • iterationCount: number

        Number of iterations for key strengthening

      • keyLength: number

        Desired key length in bytes

      • purpose: "encryption" | "iv" | "mac" = 'encryption'

        Key purpose: 'encryption' (id=1), 'iv' (id=2), or 'mac' (id=3)

      • hash: HashAlgorithm = 'SHA-1'

        Hash algorithm to use (default: SHA-1 for legacy compatibility)

      Returns Promise<Uint8Array<ArrayBuffer>>

      Promise resolving to the derived key bytes

      // Derive a MAC key with SHA-256
      const macKey = await provider.derivePkcs12Key(
          password,
          salt,
          100000,
          32,
          'mac',
          'SHA-256'
      )

    • Generates an asymmetric key pair for the specified algorithm and options.

      Parameters

      • options: {
            algorithm: "RSA" | "EC";
            hash?: string;
            keySize?: number;
            namedCurve?: string;
            publicExponent?: Uint8Array<ArrayBuffer>;
        }

        Configuration options including algorithm, key size, and other parameters

      Returns Promise<
          {
              privateKey: Uint8Array<ArrayBuffer>;
              publicKey: Uint8Array<ArrayBuffer>;
          },
      >

      A Promise that resolves to an object containing the public and private keys

    • Parameters

      • algorithm: {
            params: {
                hash: HashAlgorithm;
                iterationCount: number;
                keyLength?: number;
                salt: Uint8Array<ArrayBuffer>;
            };
            type: "PBKDF2";
        }

      Returns Pbkdf2Params

    • Parameters

      • algorithm:
            | "PBES2"
            | "AES_128_GCM"
            | "AES_192_GCM"
            | "AES_256_GCM"
            | "AES_128_CCM"
            | "AES_192_CCM"
            | "AES_256_CCM"
            | "AES_128_CBC"
            | "AES_192_CBC"
            | "AES_256_CBC"
            | "AES_128_ECB"
            | "AES_192_ECB"
            | "AES_256_ECB"
            | "PKCS12_SHA1_RC4_128"
            | "PKCS12_SHA1_RC4_40"
            | "PKCS12_SHA1_3DES_3KEY"
            | "PKCS12_SHA1_3DES_2KEY"
            | "PKCS12_SHA1_RC2_128"
            | "PKCS12_SHA1_RC2_40"

      Returns AesDerivedKeyParams

    • Computes an HMAC (Hash-based Message Authentication Code) of the input data.

      Parameters

      • key: Uint8Array<ArrayBuffer>

        The secret key for HMAC

      • data: Uint8Array<ArrayBuffer>

        The data to authenticate

      • hash: HashAlgorithm

        The hash algorithm to use

      Returns Promise<Uint8Array<ArrayBuffer>>

      The computed HMAC bytes

      UnsupportedCryptoAlgorithmError if the algorithm is not supported

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods