CryptoKey: type property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since ⁨July 2015⁩.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

Note: This feature is available in Web Workers.

The read-only type property of the CryptoKey interface indicates which kind of key is represented by the object. It can have the following values:

"secret": This key is a secret key for use with a symmetric algorithm.
"private": This key is the private half of an asymmetric algorithm's CryptoKeyPair.
"public": This key is the public half of an asymmetric algorithm's CryptoKeyPair.

Value

One of the following strings: "secret", "private", or "public".

This function verifies a message using SubtleCrypto.verify() and a public key given in the parameter. If the key is not a public key, it always returns "invalid", as such verification is fundamentally insecure.

async function verifyMessage(publicKey) {
  const signatureValue = document.querySelector(
    ".rsassa-pkcs1 .signature-value",
  );
  signatureValue.classList.remove("valid", "invalid");

  let result = false; // By default, it is invalid

  if (publicKey.type === "public") {
    const encoded = getMessageEncoding();
    result = await window.crypto.subtle.verify(
      "RSASSA-PKCS1-v1_5",
      publicKey,
      signature,
      encoded,
    );
  }

  signatureValue.classList.add(result ? "valid" : "invalid");
}