Web Cryptography API

Use the Web Cryptography API to enable or improve security in a number of key scenarios.

The Web Cryptography API allows a number of important security scenarios for web apps. These range from robust user/service authentication, document and code signing, and the confidentiality and integrity of communications all without requiring a secure connection (through SSL or similar protocol). Specifically, you can use the Web Cryptography API for:

The following example illustrates how to use this API to generate a key pair, sign a piece of data with the private key and verify the signature using the public key.


<!DOCTYPE html>

<html>
<head>
  <meta charset="utf-8" />
  <title>Web Cryptography API - Signing Data</title>
</head>

<body>
  <script>
    var pubKey;
    var privKey;
    var data = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9]); // The data to be signed.
    var encryptedData;
    var decryptedData;
    var crypto = window.crypto || window.msCrypto;

    if (crypto.subtle) {
      var genOp = crypto.subtle.generateKey(
        { name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]) },
        false,
        ["encrypt", "decrypt"]);

      genOp.onerror = function (e) { console.log("genOp.onerror event handler fired."); }
      genOp.oncomplete = function (e) {
        pubKey = e.target.result.publicKey;
        privKey = e.target.result.privateKey;

        if (pubKey && privKey) {
          console.log("generateKey RSASSA-PKCS1-v1_5: PASS");
        } else {
          console.log("generateKey RSASSA-PKCS1-v1_5: FAIL");
        } // if-else

        var signkey = crypto.subtle.sign({ name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, privKey, data);

        signkey.onerror = function (evt) {
          console.log("signkey.onerror event handler fired.");
        }

        signkey.oncomplete = function (evt) {
          signature = evt.target.result;

          if (signature) {
            console.log("Sign with RSASSA-PKCS1-v1_5 - SHA-256: PASS");
          } else {
            console.log("Sign with RSASSA-PKCS1-v1_5 - SHA-256: FAIL");
          }

          var verifysig = crypto.subtle.verify({ name: "RSASSA-PKCS1-v1_5", hash: "SHA-256"}, pubKey, signature, data);

          verifysig.onerror = function (evt) {
            console.log("Verify verifysig.onerror event handler fired.");
          }

          verifysig.oncomplete = function (evt) {
            var verified = evt.target.result;

            if (verified) {
              console.log("Verify Operation for RSASSA-PKCS1-v1_5 - SHA-256: PASS");
            } else {
              console.log("Verify Operation for RSASSA-PKCS1-v1_5 - SHA-256: FAIL");
            } // if-else
          }; // verifysig.oncomplete
        }; // signkey.oncomplete
      }; // genOp.oncomplete
    } else {
      console.log("Unable to create window.crypto object");
    } // if-else, (crypto.subtle)
  </script>
</body>
</html>

API reference

Web Cryptography

Specification

Web Cryptography API

Related topics

Encrypted Media Extensions (EME)

 

 

Show:
© 2014 Microsoft. All rights reserved.