exportKey method

Exports the given key material of the Key object as specified by the key parameter.



var retVal = SubtleCrypto.exportKey(format, key);


format [in]

Type: DOMString

A DOM string specifying the format of the exported key material, such as raw, pkcs8, spki, or jwk. For details, see the below remarks section.

key [in]

Type: Key

The key to export.

Return value

Type: KeyOperation

An asynchronous operation that will return the exported key material.


With respect to supported cryptographic algorithms, any key which can be generated can be imported and exported.

The supported formats for both importKey and exportKey are as follows:

  • raw - An unformatted sequence of bytes. Intended for secret keys.
  • pkcs8 - The DER encoding of the PrivateKeyInfo structure from RFC 5208.
  • spki - The DER encoding of the SubjectPublicKeyInfo structure from RFC 5280.
  • jwk - The key is represented as JSON according to the JSON Web Key format.

Note  This method exports the key material in unencrypted form (in the clear). Exported key material must be handled in accordance with good security practices.


<!DOCTYPE html>


  <h1>exportKey Method</h1>
    Open <a href="http://msdn.microsoft.com/en-us/library/ie/gg589512(v=vs.85).aspx">F12 Tools</a> (press F12) to see the
    results of this demo in the <a href="http://msdn.microsoft.com/en-us/library/ie/dn255006(v=vs.85).aspx">Console</a>.
    "use strict";

    var pubkey, privkey, privKeyData, importedPrivKey;
    var crypto = window.msCrypto;

    if (crypto.subtle) {
      var op = crypto.subtle.generateKey({ 
        name: "RSAES-PKCS1-v1_5", 
        modulusLength: 2048, 
        publicExponent: new Uint8Array([0x01, 0x00, 0x01])
      }, true, ["encrypt", "decrypt"]);

      op.onerror = function (evt) { console.error("op.onerror event handler fired (generateKey)."); };
      op.oncomplete = function (evt) {
        pubkey = evt.target.result.publicKey;
        privkey = evt.target.result.privateKey;

        if (pubkey.extractable && privkey.extractable) {
          console.log("GenerateKey with RSAES-PKCS1-v1_5:  PASS");
        else {
          console.error("GenerateKey with RSAES-PKCS1-v1_5: FAIL");

        var op = crypto.subtle.exportKey("jwk", privkey);

        op.onerror = function (evt) { console.error("op.onerror event handler fired (exportKey)."); }
        op.oncomplete = function (evt) {
          privKeyData = new Uint8Array(evt.target.result);
          if (privKeyData) {
            console.log("ExportKey with JWK:  PASS");
          else {
            console.error("ExportKey with JWK: FAIL");

          var op = crypto.subtle.importKey("jwk", privKeyData, { name: "RSAES-PKCS1-v1_5" }, true, []);
          op.onerror = function (e) {
            console.error("op.onerror event handler fired (importKey).");
          op.oncomplete = function (e) {
            importedPrivKey = e.target.result;

            if (importedPrivKey.type == "private") {
              console.log("Import key of RSAES-PKCS1-v1_5 with JWK: PASS");
            else {
              console.error("Import of RSAES-PKCS1-v1_5 with JWK: FAIL");
    else {
      document.getElementsByTagName('body')[0].innerHTML = "<h2>Web Cryptography API not supported - please update your browser.</h2>";

See also




© 2014 Microsoft