// Copyright 2018-2025 the Deno authors. MIT license.
// deno-lint-ignore-file no-var
///
///
/** @category Crypto */
declare var crypto: Crypto;
/** @category Crypto */
interface Algorithm {
name: string;
}
/** @category Crypto */
interface KeyAlgorithm {
name: string;
}
/** @category Crypto */
type AlgorithmIdentifier = string | Algorithm;
/** @category Crypto */
type HashAlgorithmIdentifier = AlgorithmIdentifier;
/** @category Crypto */
type KeyType = "private" | "public" | "secret";
/** @category Crypto */
type KeyUsage =
| "decrypt"
| "deriveBits"
| "deriveKey"
| "encrypt"
| "sign"
| "unwrapKey"
| "verify"
| "wrapKey";
/** @category Crypto */
type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
/** @category Crypto */
type NamedCurve = string;
/** @category Crypto */
interface RsaOtherPrimesInfo {
d?: string;
r?: string;
t?: string;
}
/** @category Crypto */
interface JsonWebKey {
alg?: string;
crv?: string;
d?: string;
dp?: string;
dq?: string;
e?: string;
ext?: boolean;
k?: string;
// deno-lint-ignore camelcase
key_ops?: string[];
kty?: string;
n?: string;
oth?: RsaOtherPrimesInfo[];
p?: string;
q?: string;
qi?: string;
use?: string;
x?: string;
y?: string;
}
/** @category Crypto */
interface AesCbcParams extends Algorithm {
iv: BufferSource;
}
/** @category Crypto */
interface AesGcmParams extends Algorithm {
iv: BufferSource;
additionalData?: BufferSource;
tagLength?: number;
}
/** @category Crypto */
interface AesCtrParams extends Algorithm {
counter: BufferSource;
length: number;
}
/** @category Crypto */
interface HmacKeyGenParams extends Algorithm {
hash: HashAlgorithmIdentifier;
length?: number;
}
/** @category Crypto */
interface EcKeyGenParams extends Algorithm {
namedCurve: NamedCurve;
}
/** @category Crypto */
interface EcKeyImportParams extends Algorithm {
namedCurve: NamedCurve;
}
/** @category Crypto */
interface EcdsaParams extends Algorithm {
hash: HashAlgorithmIdentifier;
}
/** @category Crypto */
interface RsaHashedImportParams extends Algorithm {
hash: HashAlgorithmIdentifier;
}
/** @category Crypto */
interface RsaHashedKeyGenParams extends RsaKeyGenParams {
hash: HashAlgorithmIdentifier;
}
/** @category Crypto */
interface RsaKeyGenParams extends Algorithm {
modulusLength: number;
publicExponent: Uint8Array;
}
/** @category Crypto */
interface RsaPssParams extends Algorithm {
saltLength: number;
}
/** @category Crypto */
interface RsaOaepParams extends Algorithm {
label?: Uint8Array;
}
/** @category Crypto */
interface HmacImportParams extends Algorithm {
hash: HashAlgorithmIdentifier;
length?: number;
}
/** @category Crypto */
interface EcKeyAlgorithm extends KeyAlgorithm {
namedCurve: NamedCurve;
}
/** @category Crypto */
interface HmacKeyAlgorithm extends KeyAlgorithm {
hash: KeyAlgorithm;
length: number;
}
/** @category Crypto */
interface RsaHashedKeyAlgorithm extends RsaKeyAlgorithm {
hash: KeyAlgorithm;
}
/** @category Crypto */
interface RsaKeyAlgorithm extends KeyAlgorithm {
modulusLength: number;
publicExponent: Uint8Array;
}
/** @category Crypto */
interface HkdfParams extends Algorithm {
hash: HashAlgorithmIdentifier;
info: BufferSource;
salt: BufferSource;
}
/** @category Crypto */
interface Pbkdf2Params extends Algorithm {
hash: HashAlgorithmIdentifier;
iterations: number;
salt: BufferSource;
}
/** @category Crypto */
interface AesDerivedKeyParams extends Algorithm {
length: number;
}
/** @category Crypto */
interface EcdhKeyDeriveParams extends Algorithm {
public: CryptoKey;
}
/** @category Crypto */
interface AesKeyGenParams extends Algorithm {
length: number;
}
/** @category Crypto */
interface AesKeyAlgorithm extends KeyAlgorithm {
length: number;
}
/** The CryptoKey dictionary of the Web Crypto API represents a cryptographic
* key.
*
* @category Crypto
*/
interface CryptoKey {
readonly algorithm: KeyAlgorithm;
readonly extractable: boolean;
readonly type: KeyType;
readonly usages: KeyUsage[];
}
/** @category Crypto */
declare var CryptoKey: {
readonly prototype: CryptoKey;
new (): never;
};
/** The CryptoKeyPair dictionary of the Web Crypto API represents a key pair for
* an asymmetric cryptography algorithm, also known as a public-key algorithm.
*
* @category Crypto
*/
interface CryptoKeyPair {
privateKey: CryptoKey;
publicKey: CryptoKey;
}
/** @category Crypto */
declare var CryptoKeyPair: {
readonly prototype: CryptoKeyPair;
new (): never;
};
/** This Web Crypto API interface provides a number of low-level cryptographic
* functions. It is accessed via the Crypto.subtle properties available in a
* window context (via globalThis.crypto).
*
* @category Crypto
*/
interface SubtleCrypto {
/**
* Generates an asymmetric cryptographic key pair for encryption, signing, or
* key exchange.
*
* This overload is used for generating key pairs with RSA or elliptic curve
* algorithms.
*
* @example
* ```ts
* // RSA key generation
* const key = await crypto.subtle.generateKey(
* {
* name: "RSA-OAEP",
* modulusLength: 4096,
* publicExponent: new Uint8Array([1, 0, 1]),
* hash: "SHA-256",
* },
* true,
* ["encrypt", "decrypt"]
* );
* ```
*
* @example
* ```ts
* // Elliptic curve (ECDSA) key pair generation
* const key = await crypto.subtle.generateKey(
* {
* name: "ECDSA",
* namedCurve: "P-384",
* },
* true,
* ["sign", "verify"]
* );
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey
*/
generateKey(
algorithm: RsaHashedKeyGenParams | EcKeyGenParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
/**
* Generates a symmetric cryptographic key for encryption, authentication, or
* hashing.
*
* This overload is used for algorithms such as AES and HMAC.
*
* @example
* ```ts
* const key = await crypto.subtle.generateKey(
* {
* name: "AES-GCM",
* length: 256,
* },
* true,
* ["encrypt", "decrypt"]
* );
* ```
*
* @example
* ```ts
* // HMAC key generation
* const key = await crypto.subtle.generateKey(
* {
* name: "HMAC",
* hash: { name: "SHA-512" },
* },
* true,
* ["sign", "verify"]
* );
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey
*/
generateKey(
algorithm: AesKeyGenParams | HmacKeyGenParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
/**
* Generates a cryptographic key or key pair for a given algorithm.
*
* This generic overload handles any key generation request, returning either
* a symmetric key or an asymmetric key pair based on the provided algorithm.
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey
*/
generateKey(
algorithm: AlgorithmIdentifier,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
/**
* Imports a cryptographic key in JSON Web Key (JWK) format.
*
* This method is used to import an asymmetric key (e.g., RSA or ECDSA) from a JWK object.
* JWK allows structured representation of keys, making them portable across different systems.
*
* @example
* ```ts
* // Import an ECDSA private signing key where `jwk` is an object describing a private key
* crypto.subtle.importKey(
* "jwk",
* jwk,
* {
* name: "ECDSA",
* namedCurve: "P-384",
* },
* true,
* ["sign"],
* );
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey
*/
importKey(
format: "jwk",
keyData: JsonWebKey,
algorithm:
| AlgorithmIdentifier
| HmacImportParams
| RsaHashedImportParams
| EcKeyImportParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
/**
* Imports a cryptographic key in raw, PKCS8, or SPKI format.
*
* This method is used to import symmetric keys (e.g., AES), private keys (PKCS8), or public keys (SPKI).
*
* @example
* ```ts
* // Import an AES-GCM secret key where `rawKey` is an ArrayBuffer string
* crypto.subtle.importKey("raw", rawKey, "AES-GCM", true, [
* "encrypt",
* "decrypt",
* ]);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey
*/
importKey(
format: Exclude,
keyData: BufferSource,
algorithm:
| AlgorithmIdentifier
| HmacImportParams
| RsaHashedImportParams
| EcKeyImportParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
/**
* Exports a cryptographic key in JSON Web Key (JWK) format.
*
* This method allows exporting an asymmetric key (e.g., RSA, ECDSA) into a JSON-based representation,
* making it easy to store and transfer across systems.
*
* @example
* ```ts
* await crypto.subtle.exportKey("jwk", key);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey
*/
exportKey(format: "jwk", key: CryptoKey): Promise;
/**
* Exports a cryptographic key in raw, PKCS8, or SPKI format.
*
* This method is used to export symmetric keys (AES), private keys (PKCS8), or public keys (SPKI) in binary form.
*
* @example
* ```ts
* await crypto.subtle.exportKey("raw", key);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey
*/
exportKey(
format: Exclude,
key: CryptoKey,
): Promise;
/**
* Generates a digital signature using a private cryptographic key.
*
* This method is used to sign data with an asymmetric key (e.g., RSA-PSS, ECDSA).
*
* @example
* ```ts
* await crypto.subtle.sign("ECDSA", key, data);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign
*/
sign(
algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams,
key: CryptoKey,
data: BufferSource,
): Promise;
/**
* Verifies a digital signature using a public cryptographic key.
*
* This method checks whether a signature is valid for the given data.
*
* @example
* ```ts
* await crypto.subtle.verify("ECDSA", key, signature, data);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify
*/
verify(
algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams,
key: CryptoKey,
signature: BufferSource,
data: BufferSource,
): Promise;
/**
* Computes a cryptographic hash (digest) of the given data.
*
* This method is commonly used for verifying data integrity.
*
* @example
* ```ts
* // Compute the digest of given data using a cryptographic algorithm
* await crypto.subtle.digest("SHA-256", data);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
*/
digest(
algorithm: AlgorithmIdentifier,
data: BufferSource,
): Promise;
/**
* Encrypts data using a cryptographic key.
*
* This method is used with both symmetric (AES) and asymmetric (RSA) encryption.
*
* @example
* ```ts
* await crypto.subtle.encrypt("RSA-OAEP", key, data);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt
*/
encrypt(
algorithm:
| AlgorithmIdentifier
| RsaOaepParams
| AesCbcParams
| AesGcmParams
| AesCtrParams,
key: CryptoKey,
data: BufferSource,
): Promise;
/**
* Decrypts previously encrypted data using a cryptographic key.
*
* @example
* ```ts
* await crypto.subtle.decrypt("RSA-OAEP", key, data);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/decrypt
*/
decrypt(
algorithm:
| AlgorithmIdentifier
| RsaOaepParams
| AesCbcParams
| AesGcmParams
| AesCtrParams,
key: CryptoKey,
data: BufferSource,
): Promise;
/**
* This method is used to derive a key from a base key using a cryptographic algorithm.
*
* @example
* ```ts
* await crypto.subtle.deriveBits("HKDF", baseKey, length);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveBits
*/
deriveBits(
algorithm:
| AlgorithmIdentifier
| HkdfParams
| Pbkdf2Params
| EcdhKeyDeriveParams,
baseKey: CryptoKey,
length: number,
): Promise;
/**
* This method is used to derive a secret key from a base or master key using a cryptographic algorithm.
* It returns a Promise which fulfils with an object of the new key.
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey
*
* @example
* ```ts
* // Derive a key using an HKDF algorithm
* await crypto.subtle.deriveKey("HKDF", baseKey, derivedKeyType, extractable, keyUsages);
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey
*/
deriveKey(
algorithm:
| AlgorithmIdentifier
| HkdfParams
| Pbkdf2Params
| EcdhKeyDeriveParams,
baseKey: CryptoKey,
derivedKeyType:
| AlgorithmIdentifier
| AesDerivedKeyParams
| HmacImportParams
| HkdfParams
| Pbkdf2Params,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
/**
* Wraps (encrypts) a cryptographic key for secure storage or transmission
*
* @example
* ```ts
* await crypto.subtle.wrapKey("jwk", key, wrappingKey, "RSA-OAEP");
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/wrapKey
*/
wrapKey(
format: KeyFormat,
key: CryptoKey,
wrappingKey: CryptoKey,
wrapAlgorithm:
| AlgorithmIdentifier
| RsaOaepParams
| AesCbcParams
| AesCtrParams,
): Promise;
/**
* Unwraps (decrypts) a previously wrapped key.
*
* @example
* ```ts
* // Unwrap an AES-GCM key wrapped with AES-KW
* const unwrappedKey = await crypto.subtle.unwrapKey(
* "jwk", // Format of the key to import
* wrappedKey, // Encrypted key data as ArrayBuffer
* unwrappingKey, // CryptoKey used for unwrapping
* { name: "AES-KW" }, // Unwrapping algorithm
* { name: "AES-GCM", length: 256 }, // Algorithm for unwrapped key
* true, // Whether the unwrapped key is extractable
* ["encrypt", "decrypt"] // Allowed key usages
* );
* ```
*
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/unwrapKey
*/
unwrapKey(
format: KeyFormat,
wrappedKey: BufferSource,
unwrappingKey: CryptoKey,
unwrapAlgorithm:
| AlgorithmIdentifier
| RsaOaepParams
| AesCbcParams
| AesCtrParams,
unwrappedKeyAlgorithm:
| AlgorithmIdentifier
| HmacImportParams
| RsaHashedImportParams
| EcKeyImportParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise;
}
/** @category Crypto */
declare var SubtleCrypto: {
readonly prototype: SubtleCrypto;
new (): never;
};
/** @category Crypto */
interface Crypto {
readonly subtle: SubtleCrypto;
getRandomValues<
T extends
| Int8Array
| Int16Array
| Int32Array
| Uint8Array
| Uint16Array
| Uint32Array
| Uint8ClampedArray
| BigInt64Array
| BigUint64Array,
>(
array: T,
): T;
randomUUID(): `${string}-${string}-${string}-${string}-${string}`;
}
/** @category Crypto */
declare var Crypto: {
readonly prototype: Crypto;
new (): never;
};