检查运行时算法支持
¥Checking for runtime algorithm support
SubtleCrypto.supports() 允许在 Web Crypto API 中进行功能检测,可用于检测给定操作是否支持给定算法标识符(包括其参数)。
¥SubtleCrypto.supports() allows feature detection in Web Crypto API,
which can be used to detect whether a given algorithm identifier
(including its parameters) is supported for the given operation.
此示例使用 Argon2(如果可用)或 PBKDF2(否则)从密码派生密钥;然后使用 AES-OCB(如果可用)或 AES-GCM(否则)对文本进行加密和解密。
¥This example derives a key from a password using Argon2, if available, or PBKDF2, otherwise; and then encrypts and decrypts some text with it using AES-OCB, if available, and AES-GCM, otherwise.
const { SubtleCrypto, crypto } = globalThis;
const password = 'correct horse battery staple';
const derivationAlg =
SubtleCrypto.supports?.('importKey', 'Argon2id') ?
'Argon2id' :
'PBKDF2';
const encryptionAlg =
SubtleCrypto.supports?.('importKey', 'AES-OCB') ?
'AES-OCB' :
'AES-GCM';
const passwordKey = await crypto.subtle.importKey(
derivationAlg === 'Argon2id' ? 'raw-secret' : 'raw',
new TextEncoder().encode(password),
derivationAlg,
false,
['deriveKey'],
);
const nonce = crypto.getRandomValues(new Uint8Array(16));
const derivationParams =
derivationAlg === 'Argon2id' ?
{
nonce,
parallelism: 4,
memory: 2 ** 21,
passes: 1,
} :
{
salt: nonce,
iterations: 100_000,
hash: 'SHA-256',
};
const key = await crypto.subtle.deriveKey(
{
name: derivationAlg,
...derivationParams,
},
passwordKey,
{
name: encryptionAlg,
length: 256,
},
false,
['encrypt', 'decrypt'],
);
const plaintext = 'Hello, world!';
const iv = crypto.getRandomValues(new Uint8Array(16));
const encrypted = await crypto.subtle.encrypt(
{ name: encryptionAlg, iv },
key,
new TextEncoder().encode(plaintext),
);
const decrypted = new TextDecoder().decode(await crypto.subtle.decrypt(
{ name: encryptionAlg, iv },
key,
encrypted,
));