Web Crypto
Web Crypto API 基于 Web APIs 标准 Web Crypto API 进行设计。提供了一组常见的加密操作接口,相比纯 JavaScript 实现的加密接口,
Web Crypto API
的性能更高。注意:
不支持直接构造
Crypto
对象,边缘函数运行时会在全局注入,直接使用全局 crypto 实例即可。描述
// 编码const encodeContent = new TextEncoder().encode('hello world');// 使用 crypto,生成 SHA-256 哈希值 Promise<ArrayBuffer>const sha256Content = await crypto.subtle.digest({ name: 'SHA-256' },encodeContent);const result = new Uint8Array(sha256Content);
属性
// crypto.subtlereadonly subtle: SubtleCrypto;
方法
getRandomValues
crypto.getRandomValues(buffer: TypedArray): TypedArray;
生成随机数填充 buffer, 并返回 buffer。
参数
属性名 | 类型 | 必填 | 说明 |
buffer | 是 |
randomUUID
crypto.randomUUID(): string;
返回随机 UUID(v4)。
SubtleCrypto
说明:
SubtleCrypto 加密接口按功能分为两类:
加密功能,包含
encrypt/decrypt
、sign/verify
、digest
, 可以用来实现隐私和身份验证等安全功能。密钥管理功能,包含
generateKey
、deriveKey
、importKey/exportKey
, 可以用来管理密钥。digest
crypto.subtle.digest(algorithm: string | object, data: ArrayBuffer): Promise<ArrayBuffer>;
encrypt
crypto.subtle.encrypt(algorithm: object, key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
对于
RSA-OAEP
算法,要求 data 长度不能超过 modulusLength/8 - 2*hLen -2,其中 hLen 的取值逻辑为:SHA-1: hLen = 20 byte
SHA-256: hLen = 32 byte
SHA-384: hLen = 48 byte
SHA-512: hLen = 64 byte
对于
AES-CTR
,AES-CBC
,AES-GCM
,限制 data 长度 1MB。decrypt
crypto.subtle.decrypt(algorithm: object, key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
对于
RSA-OAEP
算法, data 长度为 modulusLength/8。对于
AES-CTR
,AES-CBC
,AES-GCM
,限制 data 长度 1MB。sign
crypto.subtle.sign(algorithm: string | object, key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
verify
crypto.subtle.verify(algorithm: string | object, key: CryptoKey, signature: BufferSource, data: ArrayBuffer): Promise<boolean>;
generateKey
crypto.subtle.generateKey(algorithm: object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey | CryptoKeyPair>;
deriveKey
crypto.subtle.deriveKey(algorithm: object, baseKey: CryptoKey, derivedKeyAlgorithm: object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey>;
importKey
crypto.subtle.importKey(format: string, keyData: BufferSource, algorithm: string | object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey>;
exportKey
crypto.subtle.exportKey(format: string, key: CryptoKey): Promise<ArrayBuffer>;
deriveBits
crypto.subtle.deriveBits(algorithm: object, baseKey: CryptoKey, length: integer): Promise<ArrayBuffer>;
wrapKey
crypto.subtle.wrapKey(format: string, key: CryptoKey, wrappingKey: CryptoKey, wrapAlgo: string | object): Promise<ArrayBuffer>;;
unwrapKey
crypto.subtle.unwrapKey(format: string, wrappedKey: ArrayBuffer, unwrappingKey: CryptoKey, unwrapAlgo: string | object, unwrappedKeyAlgo: string | object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey>;
CryptoKey
CryptoKey
属性描述如下。属性名 | 类型 | 只读 | 说明 |
type | string | 是 | 密钥类型。 |
extractable | boolean | 是 | 密钥是否可导出。 |
algorithm | object | 是 | 算法相关, 包含算法需要的字段。 |
usages | Array<string> | 是 | 密钥的用途。 |
CryptoKeyPair
CryptoKeyPair
属性描述如下。支持算法
Algorithm | encrypt() decrypt() | sign() verify() | wrapKey() unwrapKey() | deriveKey() deriveBits() | generateKey() | importKey() | exportKey() | digest() |
RSASSA-PKCS1-v1_5 | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
RSA-PSS | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
RSA-OAEP | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
ECDSA | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
ECDH | - | - | - | ✓ | ✓ | ✓ | ✓ | - |
HMAC | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
AES-CTR | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
AES-CBC | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
AES-GCM | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
AES-KW | - | - | ✓ | - | ✓ | ✓ | ✓ | - |
HKDF | - | - | - | ✓ | - | ✓ | - | - |
PBKDF2 | - | - | - | ✓ | - | ✓ | - | - |
SHA-1 | - | - | - | - | - | - | - | ✓ |
SHA-256 | - | - | - | - | - | - | - | ✓ |
SHA-384 | - | - | - | - | - | - | - | ✓ |
SHA-512 | - | - | - | - | - | - | - | ✓ |
MD5 | - | - | - | - | - | - | - | ✓ |
示例代码
function uint8ArrayToHex(arr) {return Array.prototype.map.call(arr, (x) => ((`0${x.toString(16)}`).slice(-2))).join('');}async function handleEvent(event) {const encodeArr = TextEncoder().encode('hello world');// 执行 md5const md5Buffer = await crypto.subtle.digest({ name: 'MD5' }, encodeArr);// 输出十六进制字符串const md5Str = uint8ArrayToHex(new Uint8Array(md5Buffer));const response = new Response(md5Str);return response;}addEventListener('fetch', async (event) => {event.respondWith(handleEvent(event));});