- assert 断言
- async_hooks 异步钩子
- async_hooks/context 异步上下文
- buffer 缓冲区
- C++插件
- C/C++插件(使用 Node-API)
- C++嵌入器
- child_process 子进程
- cluster 集群
- CLI 命令行
- console 控制台
- Corepack 核心包
- crypto 加密
- crypto/webcrypto 网络加密
- debugger 调试器
- deprecation 弃用
- dgram 数据报
- diagnostics_channel 诊断通道
- dns 域名服务器
- domain 域
- Error 错误
- events 事件触发器
- fs 文件系统
- global 全局变量
- http 超文本传输协议
- http2 超文本传输协议 2.0
- https 安全超文本传输协议
- inspector 检查器
- Intl 国际化
- module 模块
- module/cjs CommonJS 模块
- module/esm ECMAScript 模块
- module/package 包模块
- module/typescript TS 模块
- net 网络
- os 操作系统
- path 路径
- perf_hooks 性能钩子
- permission 权限
- process 进程
- punycode 域名代码
- querystring 查询字符串
- readline 逐行读取
- repl 交互式解释器
- report 诊断报告
- sea 单个可执行应用程序
Node.js v22.12.0 文档
- Node.js v22.12.0
-
目录
- 网络加密 API
- 示例
- 算法矩阵
- 类:
Crypto
- 类:
CryptoKey
- 类:
CryptoKeyPair
- 类:
SubtleCrypto
subtle.decrypt(algorithm, key, data)
subtle.deriveBits(algorithm, baseKey[, length])
subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)
subtle.digest(algorithm, data)
subtle.encrypt(algorithm, key, data)
subtle.exportKey(format, key)
subtle.generateKey(algorithm, extractable, keyUsages)
subtle.importKey(format, keyData, algorithm, extractable, keyUsages)
subtle.sign(algorithm, key, data)
subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)
subtle.verify(algorithm, key, signature, data)
subtle.wrapKey(format, key, wrappingKey, wrapAlgo)
- 算法参数
- 类:
AlgorithmIdentifier
- 类:
AesCbcParams
- 类:
AesCtrParams
- 类:
AesGcmParams
- 类:
AesKeyGenParams
- 类:
EcdhKeyDeriveParams
- 类:
EcdsaParams
- 类:
EcKeyGenParams
- 类:
EcKeyImportParams
- 类:
Ed448Params
- 类:
HkdfParams
- 类:
HmacImportParams
- 类:
HmacKeyGenParams
- 类:
Pbkdf2Params
- 类:
RsaHashedImportParams
- 类:
RsaHashedKeyGenParams
- 类:
RsaOaepParams
- 类:
RsaPssParams
- 类:
- 网络加密 API
-
导航
- assert 断言
- async_hooks 异步钩子
- async_hooks/context 异步上下文
- buffer 缓冲区
- C++插件
- C/C++插件(使用 Node-API)
- C++嵌入器
- child_process 子进程
- cluster 集群
- CLI 命令行
- console 控制台
- Corepack 核心包
- crypto 加密
- crypto/webcrypto 网络加密
- debugger 调试器
- deprecation 弃用
- dgram 数据报
- diagnostics_channel 诊断通道
- dns 域名服务器
- domain 域
- Error 错误
- events 事件触发器
- fs 文件系统
- global 全局变量
- http 超文本传输协议
- http2 超文本传输协议 2.0
- https 安全超文本传输协议
- inspector 检查器
- Intl 国际化
- module 模块
- module/cjs CommonJS 模块
- module/esm ECMAScript 模块
- module/package 包模块
- module/typescript TS 模块
- net 网络
- os 操作系统
- path 路径
- perf_hooks 性能钩子
- permission 权限
- process 进程
- punycode 域名代码
- querystring 查询字符串
- readline 逐行读取
- repl 交互式解释器
- report 诊断报告
- sea 单个可执行应用程序
- 其他版本
网络加密 API#
¥Web Crypto API
¥Stability: 2 - Stable
Node.js 提供了标准 网络加密 API 的实现。
¥Node.js provides an implementation of the standard Web Crypto API.
使用 globalThis.crypto
或 require('node:crypto').webcrypto
访问此模块。
¥Use globalThis.crypto
or require('node:crypto').webcrypto
to access this
module.
const { subtle } = globalThis.crypto;
(async function() {
const key = await subtle.generateKey({
name: 'HMAC',
hash: 'SHA-256',
length: 256,
}, true, ['sign', 'verify']);
const enc = new TextEncoder();
const message = enc.encode('I love cupcakes');
const digest = await subtle.sign({
name: 'HMAC',
}, key, message);
})();
示例#
¥Examples
生成密钥#
¥Generating keys
<SubtleCrypto> 类可用于生成对称(秘密)密钥或非对称密钥对(公钥和私钥)。
¥The <SubtleCrypto> class can be used to generate symmetric (secret) keys or asymmetric key pairs (public key and private key).
AES 密钥#
¥AES keys
const { subtle } = globalThis.crypto;
async function generateAesKey(length = 256) {
const key = await subtle.generateKey({
name: 'AES-CBC',
length,
}, true, ['encrypt', 'decrypt']);
return key;
}
ECDSA 密钥对#
¥ECDSA key pairs
const { subtle } = globalThis.crypto;
async function generateEcKey(namedCurve = 'P-521') {
const {
publicKey,
privateKey,
} = await subtle.generateKey({
name: 'ECDSA',
namedCurve,
}, true, ['sign', 'verify']);
return { publicKey, privateKey };
}
Ed25519/Ed448/X25519/X448 密钥对#
¥Ed25519/Ed448/X25519/X448 key pairs
¥Stability: 1 - Experimental
const { subtle } = globalThis.crypto;
async function generateEd25519Key() {
return subtle.generateKey({
name: 'Ed25519',
}, true, ['sign', 'verify']);
}
async function generateX25519Key() {
return subtle.generateKey({
name: 'X25519',
}, true, ['deriveKey']);
}
HMAC 密钥#
¥HMAC keys
const { subtle } = globalThis.crypto;
async function generateHmacKey(hash = 'SHA-256') {
const key = await subtle.generateKey({
name: 'HMAC',
hash,
}, true, ['sign', 'verify']);
return key;
}
RSA 密钥对#
¥RSA key pairs
const { subtle } = globalThis.crypto;
const publicExponent = new Uint8Array([1, 0, 1]);
async function generateRsaKey(modulusLength = 2048, hash = 'SHA-256') {
const {
publicKey,
privateKey,
} = await subtle.generateKey({
name: 'RSASSA-PKCS1-v1_5',
modulusLength,
publicExponent,
hash,
}, true, ['sign', 'verify']);
return { publicKey, privateKey };
}
加密与解密#
¥Encryption and decryption
const crypto = globalThis.crypto;
async function aesEncrypt(plaintext) {
const ec = new TextEncoder();
const key = await generateAesKey();
const iv = crypto.getRandomValues(new Uint8Array(16));
const ciphertext = await crypto.subtle.encrypt({
name: 'AES-CBC',
iv,
}, key, ec.encode(plaintext));
return {
key,
iv,
ciphertext,
};
}
async function aesDecrypt(ciphertext, key, iv) {
const dec = new TextDecoder();
const plaintext = await crypto.subtle.decrypt({
name: 'AES-CBC',
iv,
}, key, ciphertext);
return dec.decode(plaintext);
}
导出和导入密钥#
¥Exporting and importing keys
const { subtle } = globalThis.crypto;
async function generateAndExportHmacKey(format = 'jwk', hash = 'SHA-512') {
const key = await subtle.generateKey({
name: 'HMAC',
hash,
}, true, ['sign', 'verify']);
return subtle.exportKey(format, key);
}
async function importHmacKey(keyData, format = 'jwk', hash = 'SHA-512') {
const key = await subtle.importKey(format, keyData, {
name: 'HMAC',
hash,
}, true, ['sign', 'verify']);
return key;
}
封装和解包密钥#
¥Wrapping and unwrapping keys
const { subtle } = globalThis.crypto;
async function generateAndWrapHmacKey(format = 'jwk', hash = 'SHA-512') {
const [
key,
wrappingKey,
] = await Promise.all([
subtle.generateKey({
name: 'HMAC', hash,
}, true, ['sign', 'verify']),
subtle.generateKey({
name: 'AES-KW',
length: 256,
}, true, ['wrapKey', 'unwrapKey']),
]);
const wrappedKey = await subtle.wrapKey(format, key, wrappingKey, 'AES-KW');
return { wrappedKey, wrappingKey };
}
async function unwrapHmacKey(
wrappedKey,
wrappingKey,
format = 'jwk',
hash = 'SHA-512') {
const key = await subtle.unwrapKey(
format,
wrappedKey,
wrappingKey,
'AES-KW',
{ name: 'HMAC', hash },
true,
['sign', 'verify']);
return key;
}
签名并验证#
¥Sign and verify
const { subtle } = globalThis.crypto;
async function sign(key, data) {
const ec = new TextEncoder();
const signature =
await subtle.sign('RSASSA-PKCS1-v1_5', key, ec.encode(data));
return signature;
}
async function verify(key, signature, data) {
const ec = new TextEncoder();
const verified =
await subtle.verify(
'RSASSA-PKCS1-v1_5',
key,
signature,
ec.encode(data));
return verified;
}
派生位和密钥#
¥Deriving bits and keys
const { subtle } = globalThis.crypto;
async function pbkdf2(pass, salt, iterations = 1000, length = 256) {
const ec = new TextEncoder();
const key = await subtle.importKey(
'raw',
ec.encode(pass),
'PBKDF2',
false,
['deriveBits']);
const bits = await subtle.deriveBits({
name: 'PBKDF2',
hash: 'SHA-512',
salt: ec.encode(salt),
iterations,
}, key, length);
return bits;
}
async function pbkdf2Key(pass, salt, iterations = 1000, length = 256) {
const ec = new TextEncoder();
const keyMaterial = await subtle.importKey(
'raw',
ec.encode(pass),
'PBKDF2',
false,
['deriveKey']);
const key = await subtle.deriveKey({
name: 'PBKDF2',
hash: 'SHA-512',
salt: ec.encode(salt),
iterations,
}, keyMaterial, {
name: 'AES-GCM',
length,
}, true, ['encrypt', 'decrypt']);
return key;
}
摘要#
¥Digest
const { subtle } = globalThis.crypto;
async function digest(data, algorithm = 'SHA-512') {
const ec = new TextEncoder();
const digest = await subtle.digest(algorithm, ec.encode(data));
return digest;
}
算法矩阵#
¥Algorithm matrix
该表详细说明了 Node.js Web Crypto API 实现支持的算法以及每个算法支持的 API:
¥The table details the algorithms supported by the Node.js Web Crypto API implementation and the APIs supported for each:
算法 | generateKey | exportKey | importKey | encrypt | decrypt | wrapKey | unwrapKey | deriveBits | deriveKey | sign | verify | digest |
---|---|---|---|---|---|---|---|---|---|---|---|---|
'RSASSA-PKCS1-v1_5' | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'RSA-PSS' | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'RSA-OAEP' | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |||||
'ECDSA' | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'Ed25519' 1 | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'Ed448' 1 | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'ECDH' | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'X25519' 1 | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'X448' 1 | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'AES-CTR' | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |||||
'AES-CBC' | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |||||
'AES-GCM' | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |||||
'AES-KW' | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'HMAC' | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
'HKDF' | ✔ | ✔ | ✔ | ✔ | ||||||||
'PBKDF2' | ✔ | ✔ | ✔ | ✔ | ||||||||
'SHA-1' | ✔ | |||||||||||
'SHA-256' | ✔ | |||||||||||
'SHA-384' | ✔ | |||||||||||
'SHA-512' | ✔ |
类:Crypto
#
¥Class: Crypto
globalThis.crypto
是 Crypto
类的实例。Crypto
是一个单例,它提供对其余加密 API 的访问。
¥globalThis.crypto
is an instance of the Crypto
class. Crypto
is a singleton that provides access to the remainder of the
crypto API.
crypto.subtle
#
-
¥Type: <SubtleCrypto>
提供对 SubtleCrypto
API 的访问。
¥Provides access to the SubtleCrypto
API.
crypto.getRandomValues(typedArray)
#
-
typedArray
<Buffer> | <TypedArray> -
返回:<Buffer> | <TypedArray>
¥Returns: <Buffer> | <TypedArray>
生成加密强随机值。给定的 typedArray
填充了随机值,并返回对 typedArray
的引用。
¥Generates cryptographically strong random values. The given typedArray
is
filled with random values, and a reference to typedArray
is returned.
给定的 typedArray
必须是 <TypedArray> 的基于整数的实例,即不接受 Float32Array
和 Float64Array
。
¥The given typedArray
must be an integer-based instance of <TypedArray>,
i.e. Float32Array
and Float64Array
are not accepted.
如果给定的 typedArray
大于 65,536 字节,将抛出错误。
¥An error will be thrown if the given typedArray
is larger than 65,536 bytes.
crypto.randomUUID()
#
生成一个随机的 RFC 4122 版本 4 UUID。UUID 是使用加密伪随机数生成器生成的。
¥Generates a random RFC 4122 version 4 UUID. The UUID is generated using a cryptographic pseudorandom number generator.
类:CryptoKey
#
¥Class: CryptoKey
cryptoKey.algorithm
#
-
类型:<AesKeyGenParams> | <RsaHashedKeyGenParams> | <EcKeyGenParams> | <HmacKeyGenParams>
¥Type: <AesKeyGenParams> | <RsaHashedKeyGenParams> | <EcKeyGenParams> | <HmacKeyGenParams>
一个对象,详细说明可以使用密钥的算法以及其他特定于算法的参数。
¥An object detailing the algorithm for which the key can be used along with additional algorithm-specific parameters.
只读。
¥Read-only.
cryptoKey.extractable
#
当 true
时,可以使用 subtleCrypto.exportKey()
或 subtleCrypto.wrapKey()
提取 <CryptoKey>。
¥When true
, the <CryptoKey> can be extracted using either
subtleCrypto.exportKey()
or subtleCrypto.wrapKey()
.
只读。
¥Read-only.
cryptoKey.type
#
-
类型:<string>
'secret'
、'private'
或'public'
之一。¥Type: <string> One of
'secret'
,'private'
, or'public'
.
标识密钥是对称 ('secret'
) 还是非对称('private'
或 'public'
)密钥的字符串。
¥A string identifying whether the key is a symmetric ('secret'
) or
asymmetric ('private'
or 'public'
) key.
cryptoKey.usages
#
-
类型:<string[]>
¥Type: <string[]>
标识可能使用键的操作的字符串数组。
¥An array of strings identifying the operations for which the key may be used.
可能的用法是:
¥The possible usages are:
-
'encrypt'
- 密钥可用于加密数据。¥
'encrypt'
- The key may be used to encrypt data. -
'decrypt'
- 密钥可用于解密数据。¥
'decrypt'
- The key may be used to decrypt data. -
'sign'
- 该密钥可用于生成数字签名。¥
'sign'
- The key may be used to generate digital signatures. -
'verify'
- 密钥可用于验证数字签名。¥
'verify'
- The key may be used to verify digital signatures. -
'deriveKey'
- 该密钥可用于导出新密钥。¥
'deriveKey'
- The key may be used to derive a new key. -
'deriveBits'
- 密钥可用于导出位。¥
'deriveBits'
- The key may be used to derive bits. -
'wrapKey'
- 该密钥可用于封装另一个密钥。¥
'wrapKey'
- The key may be used to wrap another key. -
'unwrapKey'
- 该密钥可用于解包另一个密钥。¥
'unwrapKey'
- The key may be used to unwrap another key.
有效的密钥用法取决于密钥算法(由 cryptokey.algorithm.name
标识)。
¥Valid key usages depend on the key algorithm (identified by
cryptokey.algorithm.name
).
密钥类型 | 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey' |
---|---|---|---|---|---|---|---|---|
'AES-CBC' | ✔ | ✔ | ✔ | ✔ | ||||
'AES-CTR' | ✔ | ✔ | ✔ | ✔ | ||||
'AES-GCM' | ✔ | ✔ | ✔ | ✔ | ||||
'AES-KW' | ✔ | ✔ | ||||||
'ECDH' | ✔ | ✔ | ||||||
'X25519' 1 | ✔ | ✔ | ||||||
'X448' 1 | ✔ | ✔ | ||||||
'ECDSA' | ✔ | ✔ | ||||||
'Ed25519' 1 | ✔ | ✔ | ||||||
'Ed448' 1 | ✔ | ✔ | ||||||
'HDKF' | ✔ | ✔ | ||||||
'HMAC' | ✔ | ✔ | ||||||
'PBKDF2' | ✔ | ✔ | ||||||
'RSA-OAEP' | ✔ | ✔ | ✔ | ✔ | ||||
'RSA-PSS' | ✔ | ✔ | ||||||
'RSASSA-PKCS1-v1_5' | ✔ | ✔ |
类:CryptoKeyPair
#
¥Class: CryptoKeyPair
CryptoKeyPair
是一个简单的字典对象,具有 publicKey
和 privateKey
属性,代表一个非对称密钥对。
¥The CryptoKeyPair
is a simple dictionary object with publicKey
and
privateKey
properties, representing an asymmetric key pair.
cryptoKeyPair.privateKey
#
-
类型:<CryptoKey> <CryptoKey> 的
type
将是'private'
。¥Type: <CryptoKey> A <CryptoKey> whose
type
will be'private'
.
cryptoKeyPair.publicKey
#
-
类型:<CryptoKey> <CryptoKey> 的
type
将是'public'
。¥Type: <CryptoKey> A <CryptoKey> whose
type
will be'public'
.
类:SubtleCrypto
#
¥Class: SubtleCrypto
subtle.decrypt(algorithm, key, data)
#
-
algorithm
:<RsaOaepParams> | <AesCtrParams> | <AesCbcParams> | <AesGcmParams> -
key
:<CryptoKey> -
data
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> -
返回:<Promise> 满足 <ArrayBuffer>
¥Returns: <Promise> Fulfills with an <ArrayBuffer>
使用 algorithm
中指定的方法和参数以及 key
提供的密钥材料,subtle.decrypt()
尝试解密提供的 data
。如果成功,返回的 promise 将使用包含明文结果的 <ArrayBuffer> 进行解析。
¥Using the method and parameters specified in algorithm
and the keying
material provided by key
, subtle.decrypt()
attempts to decipher the
provided data
. If successful, the returned promise will be resolved with
an <ArrayBuffer> containing the plaintext result.
目前支持的算法包括:
¥The algorithms currently supported include:
-
'RSA-OAEP'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
subtle.deriveBits(algorithm, baseKey[, length])
#
-
algorithm
:<AlgorithmIdentifier> | <EcdhKeyDeriveParams> | <HkdfParams> | <Pbkdf2Params> -
baseKey
:<CryptoKey> -
返回:<Promise> 满足 <ArrayBuffer>
¥Returns: <Promise> Fulfills with an <ArrayBuffer>
使用 algorithm
中指定的方法和参数以及 baseKey
提供的密钥材料,subtle.deriveBits()
尝试生成 length
位。
¥Using the method and parameters specified in algorithm
and the keying
material provided by baseKey
, subtle.deriveBits()
attempts to generate
length
bits.
Node.js 实现要求 length
(当数字时)是 8
的倍数。
¥The Node.js implementation requires that length
, when a number, is a multiple
of 8
.
当未提供 length
或 null
时,将生成给定算法的最大位数。这适用于 'ECDH'
、'X25519'
和 'X448'
算法,对于其他算法,length
必须为数字。
¥When length
is not provided or null
the maximum number of bits for a given
algorithm is generated. This is allowed for the 'ECDH'
, 'X25519'
, and 'X448'
algorithms, for other algorithms length
is required to be a number.
如果成功,返回的 promise 将使用包含生成数据的 <ArrayBuffer> 进行解析。
¥If successful, the returned promise will be resolved with an <ArrayBuffer> containing the generated data.
目前支持的算法包括:
¥The algorithms currently supported include:
subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)
#
-
algorithm
:<AlgorithmIdentifier> | <EcdhKeyDeriveParams> | <HkdfParams> | <Pbkdf2Params> -
baseKey
:<CryptoKey> -
derivedKeyAlgorithm
:<HmacKeyGenParams> | <AesKeyGenParams> -
extractable
:<boolean> -
keyUsages
:<string[]> 参见 关键用法。¥
keyUsages
: <string[]> See Key usages. -
返回:<Promise> 满足 <CryptoKey>
¥Returns: <Promise> Fulfills with a <CryptoKey>
使用 algorithm
中指定的方法和参数,以及 baseKey
提供的密钥材料,subtle.deriveKey()
尝试基于 derivedKeyAlgorithm
中的方法和参数生成新的 <CryptoKey>。
¥Using the method and parameters specified in algorithm
, and the keying
material provided by baseKey
, subtle.deriveKey()
attempts to generate
a new <CryptoKey> based on the method and parameters in derivedKeyAlgorithm
.
调用 subtle.deriveKey()
相当于调用 subtle.deriveBits()
生成原始密钥材料,然后使用 deriveKeyAlgorithm
、extractable
和 keyUsages
参数作为输入将结果传递到 subtle.importKey()
方法。
¥Calling subtle.deriveKey()
is equivalent to calling subtle.deriveBits()
to
generate raw keying material, then passing the result into the
subtle.importKey()
method using the deriveKeyAlgorithm
, extractable
, and
keyUsages
parameters as input.
目前支持的算法包括:
¥The algorithms currently supported include:
subtle.digest(algorithm, data)
#
-
data
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> -
返回:<Promise> 满足 <ArrayBuffer>
¥Returns: <Promise> Fulfills with an <ArrayBuffer>
使用 algorithm
标识的方法,subtle.digest()
尝试生成 data
的摘要。如果成功,返回的 promise 将使用包含计算摘要的 <ArrayBuffer> 进行解析。
¥Using the method identified by algorithm
, subtle.digest()
attempts to
generate a digest of data
. If successful, the returned promise is resolved
with an <ArrayBuffer> containing the computed digest.
如果 algorithm
作为 <string> 提供,则它必须是以下之一:
¥If algorithm
is provided as a <string>, it must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果 algorithm
作为 <Object> 提供,则它必须具有值为上述之一的 name
属性。
¥If algorithm
is provided as an <Object>, it must have a name
property
whose value is one of the above.
subtle.encrypt(algorithm, key, data)
#
-
algorithm
:<RsaOaepParams> | <AesCtrParams> | <AesCbcParams> | <AesGcmParams> -
key
:<CryptoKey> -
data
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> -
返回:<Promise> 满足 <ArrayBuffer>
¥Returns: <Promise> Fulfills with an <ArrayBuffer>
使用 algorithm
指定的方法和参数以及 key
提供的密钥材料,subtle.encrypt()
尝试对 data
进行加密。如果成功,返回的 promise 将使用包含加密结果的 <ArrayBuffer> 进行解析。
¥Using the method and parameters specified by algorithm
and the keying
material provided by key
, subtle.encrypt()
attempts to encipher data
.
If successful, the returned promise is resolved with an <ArrayBuffer>
containing the encrypted result.
目前支持的算法包括:
¥The algorithms currently supported include:
-
'RSA-OAEP'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
subtle.exportKey(format, key)
#
-
format
:<string> 必须是'raw'
、'pkcs8'
、'spki'
或'jwk'
之一。¥
format
: <string> Must be one of'raw'
,'pkcs8'
,'spki'
, or'jwk'
. -
key
:<CryptoKey> -
返回:<Promise> 满足 <ArrayBuffer> | <Object>。
¥Returns: <Promise> Fulfills with an <ArrayBuffer> | <Object>.
如果支持,将给定的密钥导出为指定的格式。
¥Exports the given key into the specified format, if supported.
如果 <CryptoKey> 不可提取,则返回的 promise 将被拒绝。
¥If the <CryptoKey> is not extractable, the returned promise will reject.
当 format
为 'pkcs8'
或 'spki'
且导出成功时,返回的 promise 将使用包含导出密钥数据的 <ArrayBuffer> 进行解析。
¥When format
is either 'pkcs8'
or 'spki'
and the export is successful,
the returned promise will be resolved with an <ArrayBuffer> containing the
exported key data.
当 format
为 'jwk'
且导出成功时,返回的 promise 将使用符合 JSON 网络密钥 规范的 JavaScript 对象解析。
¥When format
is 'jwk'
and the export is successful, the returned promise
will be resolved with a JavaScript object conforming to the JSON Web Key
specification.
密钥类型 | 'spki' | 'pkcs8' | 'jwk' | 'raw' |
---|---|---|---|---|
'AES-CBC' | ✔ | ✔ | ||
'AES-CTR' | ✔ | ✔ | ||
'AES-GCM' | ✔ | ✔ | ||
'AES-KW' | ✔ | ✔ | ||
'ECDH' | ✔ | ✔ | ✔ | ✔ |
'ECDSA' | ✔ | ✔ | ✔ | ✔ |
'Ed25519' 1 | ✔ | ✔ | ✔ | ✔ |
'Ed448' 1 | ✔ | ✔ | ✔ | ✔ |
'HDKF' | ||||
'HMAC' | ✔ | ✔ | ||
'PBKDF2' | ||||
'RSA-OAEP' | ✔ | ✔ | ✔ | |
'RSA-PSS' | ✔ | ✔ | ✔ | |
'RSASSA-PKCS1-v1_5' | ✔ | ✔ | ✔ |
subtle.generateKey(algorithm, extractable, keyUsages)
#
algorithm
:<AlgorithmIdentifier> | <RsaHashedKeyGenParams> | <EcKeyGenParams> | <HmacKeyGenParams> | <AesKeyGenParams>
-
extractable
:<boolean> -
keyUsages
:<string[]> 参见 关键用法。¥
keyUsages
: <string[]> See Key usages. -
返回:<Promise> 满足 <CryptoKey> | <CryptoKeyPair>
¥Returns: <Promise> Fulfills with a <CryptoKey> | <CryptoKeyPair>
使用 algorithm
中提供的方法和参数,subtle.generateKey()
尝试生成新的密钥材料。根据使用的方法,该方法可能会生成单个 <CryptoKey> 或 <CryptoKeyPair>。
¥Using the method and parameters provided in algorithm
, subtle.generateKey()
attempts to generate new keying material. Depending the method used, the method
may generate either a single <CryptoKey> or a <CryptoKeyPair>.
支持的 <CryptoKeyPair>(公钥和私钥)生成算法包括:
¥The <CryptoKeyPair> (public and private key) generating algorithms supported include:
支持的 <CryptoKey>(密钥)生成算法包括:
¥The <CryptoKey> (secret key) generating algorithms supported include:
-
'HMAC'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
-
'AES-KW'
subtle.importKey(format, keyData, algorithm, extractable, keyUsages)
#
-
format
:<string> 必须是'raw'
、'pkcs8'
、'spki'
或'jwk'
之一。¥
format
: <string> Must be one of'raw'
,'pkcs8'
,'spki'
, or'jwk'
. -
keyData
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> | <Object>
algorithm
:<AlgorithmIdentifier> | <RsaHashedImportParams> | <EcKeyImportParams> | <HmacImportParams>
-
extractable
:<boolean> -
keyUsages
:<string[]> 参见 关键用法。¥
keyUsages
: <string[]> See Key usages. -
返回:<Promise> 满足 <CryptoKey>
¥Returns: <Promise> Fulfills with a <CryptoKey>
subtle.importKey()
方法尝试将提供的 keyData
解释为给定的 format
,以使用提供的 algorithm
、extractable
和 keyUsages
参数创建 <CryptoKey> 实例。如果导入成功,返回的 promise 将使用创建的 <CryptoKey> 进行解析。
¥The subtle.importKey()
method attempts to interpret the provided keyData
as the given format
to create a <CryptoKey> instance using the provided
algorithm
, extractable
, and keyUsages
arguments. If the import is
successful, the returned promise will be resolved with the created <CryptoKey>.
如果导入 'PBKDF2'
密钥,extractable
必须是 false
。
¥If importing a 'PBKDF2'
key, extractable
must be false
.
目前支持的算法包括:
¥The algorithms currently supported include:
密钥类型 | 'spki' | 'pkcs8' | 'jwk' | 'raw' |
---|---|---|---|---|
'AES-CBC' | ✔ | ✔ | ||
'AES-CTR' | ✔ | ✔ | ||
'AES-GCM' | ✔ | ✔ | ||
'AES-KW' | ✔ | ✔ | ||
'ECDH' | ✔ | ✔ | ✔ | ✔ |
'X25519' 1 | ✔ | ✔ | ✔ | ✔ |
'X448' 1 | ✔ | ✔ | ✔ | ✔ |
'ECDSA' | ✔ | ✔ | ✔ | ✔ |
'Ed25519' 1 | ✔ | ✔ | ✔ | ✔ |
'Ed448' 1 | ✔ | ✔ | ✔ | ✔ |
'HDKF' | ✔ | |||
'HMAC' | ✔ | ✔ | ||
'PBKDF2' | ✔ | |||
'RSA-OAEP' | ✔ | ✔ | ✔ | |
'RSA-PSS' | ✔ | ✔ | ✔ | |
'RSASSA-PKCS1-v1_5' | ✔ | ✔ | ✔ |
subtle.sign(algorithm, key, data)
#
-
algorithm
:<AlgorithmIdentifier> | <RsaPssParams> | <EcdsaParams> | <Ed448Params> -
key
:<CryptoKey> -
data
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> -
返回:<Promise> 满足 <ArrayBuffer>
¥Returns: <Promise> Fulfills with an <ArrayBuffer>
使用 algorithm
给出的方法和参数以及 key
提供的密钥材料,subtle.sign()
尝试生成 data
的加密签名。如果成功,返回的 promise 将使用包含生成的签名的 <ArrayBuffer> 进行解析。
¥Using the method and parameters given by algorithm
and the keying material
provided by key
, subtle.sign()
attempts to generate a cryptographic
signature of data
. If successful, the returned promise is resolved with
an <ArrayBuffer> containing the generated signature.
目前支持的算法包括:
¥The algorithms currently supported include:
subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)
#
-
format
:<string> 必须是'raw'
、'pkcs8'
、'spki'
或'jwk'
之一。¥
format
: <string> Must be one of'raw'
,'pkcs8'
,'spki'
, or'jwk'
. -
wrappedKey
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> -
unwrappingKey
:<CryptoKey>
-
unwrapAlgo
:<AlgorithmIdentifier> | <RsaOaepParams> | <AesCtrParams> | <AesCbcParams> | <AesGcmParams> -
unwrappedKeyAlgo
:<AlgorithmIdentifier> | <RsaHashedImportParams> | <EcKeyImportParams> | <HmacImportParams>
-
extractable
:<boolean> -
keyUsages
:<string[]> 参见 关键用法。¥
keyUsages
: <string[]> See Key usages. -
返回:<Promise> 满足 <CryptoKey>
¥Returns: <Promise> Fulfills with a <CryptoKey>
在密码学中,"封装密钥" 指的是导出然后加密密钥材料。subtle.unwrapKey()
方法尝试解密封装密钥并创建 <CryptoKey> 实例。它等效于首先对加密密钥数据调用 subtle.decrypt()
(使用 wrappedKey
、unwrapAlgo
和 unwrappingKey
参数作为输入),然后使用 unwrappedKeyAlgo
、extractable
和 keyUsages
参数作为输入将结果传递给 subtle.importKey()
方法。如果成功,返回的 promise 将使用 <CryptoKey> 对象解析。
¥In cryptography, "wrapping a key" refers to exporting and then encrypting the
keying material. The subtle.unwrapKey()
method attempts to decrypt a wrapped
key and create a <CryptoKey> instance. It is equivalent to calling
subtle.decrypt()
first on the encrypted key data (using the wrappedKey
,
unwrapAlgo
, and unwrappingKey
arguments as input) then passing the results
in to the subtle.importKey()
method using the unwrappedKeyAlgo
,
extractable
, and keyUsages
arguments as inputs. If successful, the returned
promise is resolved with a <CryptoKey> object.
目前支持的环绕算法包括:
¥The wrapping algorithms currently supported include:
-
'RSA-OAEP'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
-
'AES-KW'
支持的解包密钥算法包括:
¥The unwrapped key algorithms supported include:
-
'RSASSA-PKCS1-v1_5'
-
'RSA-PSS'
-
'RSA-OAEP'
-
'ECDSA'
-
'Ed25519'
1 -
'Ed448'
1 -
'ECDH'
-
'X25519'
1 -
'X448'
1 -
'HMAC'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
-
'AES-KW'
subtle.verify(algorithm, key, signature, data)
#
-
algorithm
:<AlgorithmIdentifier> | <RsaPssParams> | <EcdsaParams> | <Ed448Params> -
key
:<CryptoKey> -
signature
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> -
data
:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
使用 algorithm
中给出的方法和参数以及 key
提供的密钥材料,subtle.verify()
尝试验证 signature
是 data
的有效密码签名。返回的 promise 通过 true
或 false
解决。
¥Using the method and parameters given in algorithm
and the keying material
provided by key
, subtle.verify()
attempts to verify that signature
is
a valid cryptographic signature of data
. The returned promise is resolved
with either true
or false
.
目前支持的算法包括:
¥The algorithms currently supported include:
subtle.wrapKey(format, key, wrappingKey, wrapAlgo)
#
-
format
:<string> 必须是'raw'
、'pkcs8'
、'spki'
或'jwk'
之一。¥
format
: <string> Must be one of'raw'
,'pkcs8'
,'spki'
, or'jwk'
. -
key
:<CryptoKey> -
wrappingKey
:<CryptoKey> -
wrapAlgo
:<AlgorithmIdentifier> | <RsaOaepParams> | <AesCtrParams> | <AesCbcParams> | <AesGcmParams> -
返回:<Promise> 满足 <ArrayBuffer>
¥Returns: <Promise> Fulfills with an <ArrayBuffer>
在密码学中,"封装密钥" 指的是导出然后加密密钥材料。subtle.wrapKey()
方法将密钥材料导出为 format
标识的格式,然后使用 wrapAlgo
指定的方法和参数以及 wrappingKey
提供的密钥材料对其进行加密。它相当于使用 format
和 key
作为参数调用 subtle.exportKey()
,然后将结果传递给使用 wrappingKey
和 wrapAlgo
作为输入的 subtle.encrypt()
方法。如果成功,将使用包含加密密钥数据的 <ArrayBuffer> 解析返回的 promise。
¥In cryptography, "wrapping a key" refers to exporting and then encrypting the
keying material. The subtle.wrapKey()
method exports the keying material into
the format identified by format
, then encrypts it using the method and
parameters specified by wrapAlgo
and the keying material provided by
wrappingKey
. It is the equivalent to calling subtle.exportKey()
using
format
and key
as the arguments, then passing the result to the
subtle.encrypt()
method using wrappingKey
and wrapAlgo
as inputs. If
successful, the returned promise will be resolved with an <ArrayBuffer>
containing the encrypted key data.
目前支持的环绕算法包括:
¥The wrapping algorithms currently supported include:
-
'RSA-OAEP'
-
'AES-CTR'
-
'AES-CBC'
-
'AES-GCM'
-
'AES-KW'
算法参数#
¥Algorithm parameters
算法参数对象定义了各种 <SubtleCrypto> 方法使用的方法和参数。虽然这里描述为 "classes",但它们是简单的 JavaScript 字典对象。
¥The algorithm parameter objects define the methods and parameters used by the various <SubtleCrypto> methods. While described here as "classes", they are simple JavaScript dictionary objects.
类:AlgorithmIdentifier
#
¥Class: AlgorithmIdentifier
algorithmIdentifier.name
#
类:AesCbcParams
#
¥Class: AesCbcParams
aesCbcParams.iv
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
提供初始化向量。它的长度必须恰好为 16 个字节,并且应该是不可预测的并且在密码学上是随机的。
¥Provides the initialization vector. It must be exactly 16-bytes in length and should be unpredictable and cryptographically random.
aesCbcParams.name
#
类:AesCtrParams
#
¥Class: AesCtrParams
aesCtrParams.counter
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
计数器块的初始值。这必须正好是 16 个字节长。
¥The initial value of the counter block. This must be exactly 16 bytes long.
AES-CTR
方法使用块的最右边的 length
位作为计数器,其余位作为随机数。
¥The AES-CTR
method uses the rightmost length
bits of the block as the
counter and the remaining bits as the nonce.
aesCtrParams.length
#
-
类型:<number>
aesCtrParams.counter
中用作计数器的位数。¥Type: <number> The number of bits in the
aesCtrParams.counter
that are to be used as the counter.
aesCtrParams.name
#
类:AesGcmParams
#
¥Class: AesGcmParams
aesGcmParams.additionalData
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> | <undefined>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> | <undefined>
使用 AES-GCM 方法时,additionalData
是未加密但包含在数据验证中的额外输入。additionalData
的使用是可选的。
¥With the AES-GCM method, the additionalData
is extra input that is not
encrypted but is included in the authentication of the data. The use of
additionalData
is optional.
aesGcmParams.iv
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
对于使用给定密钥的每个加密操作,初始化向量必须是唯一的。
¥The initialization vector must be unique for every encryption operation using a given key.
理想情况下,这是一个确定性的 12 字节值,其计算方式保证在使用相同密钥的所有调用中都是唯一的。或者,初始化向量可以由至少 12 个加密随机字节组成。有关为 AES-GCM 构造初始化向量的更多信息,请参阅 NIST SP 800-38D 的第 8 节。
¥Ideally, this is a deterministic 12-byte value that is computed in such a way that it is guaranteed to be unique across all invocations that use the same key. Alternatively, the initialization vector may consist of at least 12 cryptographically random bytes. For more information on constructing initialization vectors for AES-GCM, refer to Section 8 of NIST SP 800-38D.
aesGcmParams.name
#
aesGcmParams.tagLength
#
-
类型:<number> 生成的身份验证标记的大小(以位为单位)。此值必须是
32
、64
、96
、104
、112
、120
或128
之一。默认值:128
。¥Type: <number> The size in bits of the generated authentication tag. This values must be one of
32
,64
,96
,104
,112
,120
, or128
. Default:128
.
类:AesKeyGenParams
#
¥Class: AesKeyGenParams
aesKeyGenParams.length
#
要生成的 AES 密钥的长度。这必须是 128
、192
或 256
。
¥The length of the AES key to be generated. This must be either 128
, 192
,
or 256
.
aesKeyGenParams.name
#
-
类型:<string> 必须是
'AES-CBC'
、'AES-CTR'
、'AES-GCM'
或'AES-KW'
之一¥Type: <string> Must be one of
'AES-CBC'
,'AES-CTR'
,'AES-GCM'
, or'AES-KW'
类:EcdhKeyDeriveParams
#
¥Class: EcdhKeyDeriveParams
ecdhKeyDeriveParams.name
#
ecdhKeyDeriveParams.public
#
-
类型:<CryptoKey>
¥Type: <CryptoKey>
ECDH 密钥派生通过将一方的私钥和另一方的公钥作为输入来运行 - 使用两者来生成一个共同的共享秘密。ecdhKeyDeriveParams.public
属性设置为其他方的公钥。
¥ECDH key derivation operates by taking as input one parties private key and
another parties public key -- using both to generate a common shared secret.
The ecdhKeyDeriveParams.public
property is set to the other parties public
key.
类:EcdsaParams
#
¥Class: EcdsaParams
ecdsaParams.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
ecdsaParams.name
#
类:EcKeyGenParams
#
¥Class: EcKeyGenParams
ecKeyGenParams.name
#
ecKeyGenParams.namedCurve
#
-
类型:<string> 必须是
'P-256'
、'P-384'
、'P-521'
之一。¥Type: <string> Must be one of
'P-256'
,'P-384'
,'P-521'
.
类:EcKeyImportParams
#
¥Class: EcKeyImportParams
ecKeyImportParams.name
#
ecKeyImportParams.namedCurve
#
-
类型:<string> 必须是
'P-256'
、'P-384'
、'P-521'
之一。¥Type: <string> Must be one of
'P-256'
,'P-384'
,'P-521'
.
类:Ed448Params
#
¥Class: Ed448Params
ed448Params.name
#
ed448Params.context
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> | <undefined>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer> | <undefined>
context
成员表示与消息关联的可选上下文数据。Node.js Web Crypto API 实现仅支持零长度上下文,相当于根本不提供上下文。
¥The context
member represents the optional context data to associate with
the message.
The Node.js Web Crypto API implementation only supports zero-length context
which is equivalent to not providing context at all.
类:HkdfParams
#
¥Class: HkdfParams
hkdfParams.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
hkdfParams.info
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
为 HKDF 算法提供特定于应用的上下文输入。这可以是零长度,但必须提供。
¥Provides application-specific contextual input to the HKDF algorithm. This can be zero-length but must be provided.
hkdfParams.name
#
hkdfParams.salt
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
盐值显着提高了 HKDF 算法的强度。它应该是随机的或伪随机的,并且应该与摘要函数的输出长度相同(例如,如果使用 'SHA-256'
作为摘要,盐应该是 256 位的随机数据)。
¥The salt value significantly improves the strength of the HKDF algorithm.
It should be random or pseudorandom and should be the same length as the
output of the digest function (for instance, if using 'SHA-256'
as the
digest, the salt should be 256-bits of random data).
类:HmacImportParams
#
¥Class: HmacImportParams
hmacImportParams.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
hmacImportParams.length
#
HMAC 密钥中的可选位数。这是可选的,在大多数情况下应该省略。
¥The optional number of bits in the HMAC key. This is optional and should be omitted for most cases.
hmacImportParams.name
#
类:HmacKeyGenParams
#
¥Class: HmacKeyGenParams
hmacKeyGenParams.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
hmacKeyGenParams.length
#
为 HMAC 密钥生成的位数。如果省略,长度将由使用的散列算法确定。这是可选的,在大多数情况下应该省略。
¥The number of bits to generate for the HMAC key. If omitted, the length will be determined by the hash algorithm used. This is optional and should be omitted for most cases.
hmacKeyGenParams.name
#
类:Pbkdf2Params
#
¥Class: Pbkdf2Params
pbkdb2Params.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
pbkdf2Params.iterations
#
PBKDF2 算法在导出位时应进行的迭代次数。
¥The number of iterations the PBKDF2 algorithm should make when deriving bits.
pbkdf2Params.name
#
pbkdf2Params.salt
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
应至少为 16 个随机或伪随机字节。
¥Should be at least 16 random or pseudorandom bytes.
类:RsaHashedImportParams
#
¥Class: RsaHashedImportParams
rsaHashedImportParams.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
rsaHashedImportParams.name
#
-
类型:<string> 必须是
'RSASSA-PKCS1-v1_5'
、'RSA-PSS'
或'RSA-OAEP'
之一。¥Type: <string> Must be one of
'RSASSA-PKCS1-v1_5'
,'RSA-PSS'
, or'RSA-OAEP'
.
类:RsaHashedKeyGenParams
#
¥Class: RsaHashedKeyGenParams
rsaHashedKeyGenParams.hash
#
如果表示为 <string>,则该值必须是以下之一:
¥If represented as a <string>, the value must be one of:
-
'SHA-1'
-
'SHA-256'
-
'SHA-384'
-
'SHA-512'
如果表示为 <Object>,则对象必须具有 name
属性,其值是上面列出的值之一。
¥If represented as an <Object>, the object must have a name
property
whose value is one of the above listed values.
rsaHashedKeyGenParams.modulusLength
#
RSA 模数的长度(以位为单位)。作为最佳实践,这至少应为 2048
。
¥The length in bits of the RSA modulus. As a best practice, this should be
at least 2048
.
rsaHashedKeyGenParams.name
#
-
类型:<string> 必须是
'RSASSA-PKCS1-v1_5'
、'RSA-PSS'
或'RSA-OAEP'
之一。¥Type: <string> Must be one of
'RSASSA-PKCS1-v1_5'
,'RSA-PSS'
, or'RSA-OAEP'
.
rsaHashedKeyGenParams.publicExponent
#
-
类型:<Uint8Array>
¥Type: <Uint8Array>
RSA 公共指数。这必须是一个 <Uint8Array>,其中包含一个必须适合 32 位的大端无符号整数。<Uint8Array> 可以包含任意数量的前导零位。该值必须是质数。除非有理由使用不同的值,否则使用 new Uint8Array([1, 0, 1])
(65537) 作为公共指数。
¥The RSA public exponent. This must be a <Uint8Array> containing a big-endian,
unsigned integer that must fit within 32-bits. The <Uint8Array> may contain an
arbitrary number of leading zero-bits. The value must be a prime number. Unless
there is reason to use a different value, use new Uint8Array([1, 0, 1])
(65537) as the public exponent.
类:RsaOaepParams
#
¥Class: RsaOaepParams
rsaOaepParams.label
#
-
类型:<ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
¥Type: <ArrayBuffer> | <TypedArray> | <DataView> | <Buffer>
不会加密但会绑定到生成的密文的额外字节集合。
¥An additional collection of bytes that will not be encrypted, but will be bound to the generated ciphertext.
rsaOaepParams.label
参数是可选的。
¥The rsaOaepParams.label
parameter is optional.
rsaOaepParams.name
#
类:RsaPssParams
#
¥Class: RsaPssParams
rsaPssParams.name
#
rsaPssParams.saltLength
#
要使用的随机盐的长度(以字节为单位)。
¥The length (in bytes) of the random salt to use.