安全上下文
此特征只可用于
安全上下文
(HTTPS),在某些或所有
支持浏览器
.
encrypt()
方法在
SubtleCrypto
interface encrypts data.
It takes as its arguments a
key
to encrypt with, some algorithm-specific parameters, and the data to encrypt (also known as "plaintext"). It returns a
Promise
which will be fulfilled with the encrypted data (also known as "ciphertext").
const result = crypto.subtle.encrypt(algorithm, key, data);
algorithm
is an object specifying the
algorithm
to be used and any extra parameters if required:
RsaOaepParams
对象。
AesCtrParams
对象。
AesCbcParams
对象。
AesGcmParams
对象。
key
是
CryptoKey
containing the key to be used for encryption.
data
是
BufferSource
containing the data to be encrypted (also known as the
plaintext
).
result
是
Promise
that fulfills with an
ArrayBuffer
containing the "ciphertext".
The promise is rejected when the following exceptions are encountered:
Raised when the operation failed for an operation-specific reason (e.g. algorithm parameters of invalid sizes, or AES-GCM plaintext longer than 2³⁹−256 bytes).
The Web Crypto API provides four algorithms that support the
encrypt()
and
decrypt()
operations.
One of these algorithms — RSA-OAEP — is a public-key cryptosystem .
The other three encryption algorithms here are all symmetric algorithms , and they're all based on the same underlying cipher, AES (Advanced Encryption Standard). The difference between them is the mode . The Web Crypto API supports three different AES modes:
It's strongly recommended to use authenticated encryption , which includes checks that the ciphertext has not been modified by an attacker. Authentication helps protect against chosen-ciphertext attacks, in which an attacker can ask the system to decrypt arbitrary messages, and use the result to deduce information about the secret key. While it's possible to add authentication to CTR and CBC modes, they do not provide it by default and when implementing it manually one can easily make minor, but serious mistakes. GCM does provide built-in authentication, and for this reason it's often recommended over the other two AES modes.
The RSA-OAEP public-key encryption system is specified in RFC 3447 .
This represents AES in Counter Mode, as specified in NIST SP800-38A .
This represents AES in Cipher Block Chaining Mode, as specified in NIST SP800-38A .
This represents AES in Galois/Counter Mode, as specified in NIST SP800-38D .
One major difference between this mode and the others is that GCM is an "authenticated" mode, which means that it includes checks that the ciphertext has not been modified by an attacker.
注意 : You can try the working examples out on GitHub.
This code fetches the contents of a text box, encodes it for encryption, and encrypts it with using RSA-OAEP. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".rsa-oaep #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
function encryptMessage(publicKey) {
let encoded = getMessageEncoding();
return window.crypto.subtle.encrypt(
{
name: "RSA-OAEP"
},
publicKey,
encoded
);
}
This code fetches the contents of a text box, encodes it for encryption, and encrypts it using AES in CTR mode. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".aes-ctr #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
function encryptMessage(key) {
let encoded = getMessageEncoding();
// counter will be needed for decryption
counter = window.crypto.getRandomValues(new Uint8Array(16));
return window.crypto.subtle.encrypt(
{
name: "AES-CTR",
counter,
length: 64
},
key,
encoded
);
}
let iv = new Uint8Array(16);
let key = new Uint8Array(16);
let data = new Uint8Array(12345);
//crypto functions are wrapped in promises so we have to use await and make sure the function that
//contains this code is an async function
//encrypt function wants a cryptokey object
const key_encoded = await crypto.subtle.importKey( "raw", key.buffer, 'AES-CTR' , false, ["encrypt", "decrypt"]);
const encrypted_content = await window.crypto.subtle.encrypt(
{
name: "AES-CTR",
counter: iv,
length: 128
},
key_encoded,
data
);
//Uint8Array
console.log(encrypted_content);
This code fetches the contents of a text box, encodes it for encryption, and encrypts it using AES in CBC mode. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".aes-cbc #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
function encryptMessage(key) {
let encoded = getMessageEncoding();
// iv will be needed for decryption
iv = window.crypto.getRandomValues(new Uint8Array(16));
return window.crypto.subtle.encrypt(
{
name: "AES-CBC",
iv
},
key,
encoded
);
}
This code fetches the contents of a text box, encodes it for encryption, and encrypts it using AES in GCM mode. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".aes-gcm #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
function encryptMessage(key) {
let encoded = getMessageEncoding();
// iv will be needed for decryption
iv = window.crypto.getRandomValues(new Uint8Array(12));
return window.crypto.subtle.encrypt(
{
name: "AES-GCM",
iv: iv
},
key,
encoded
);
}
| 规范 | 状态 | 注释 |
|---|---|---|
|
Web Cryptography API
The definition of 'SubtleCrypto.encrypt()' in that specification. |
推荐 | 初始定义。 |
| 桌面 | 移动 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
encrypt
|
Chrome 37 |
Edge
部分支持
12
|
Firefox
34
|
IE
部分支持
11
|
Opera 24 | Safari 7 | WebView Android 37 | Chrome Android 37 |
Firefox Android
34
|
Opera Android 24 | Safari iOS 7 | Samsung Internet Android 6.0 |
完整支持
部分支持
见实现注意事项。
用户必须明确启用此特征。
SubtleCrypto.decrypt()
.
SubtleCrypto