Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The CryptoKey interface of the Web Crypto API represents a cryptographic key obtained from one of the SubtleCrypto methods generateKey(), deriveKey(), importKey(), or unwrapKey().

For security reasons, the CryptoKey interface can only be used in a secure context.



String which may take one of the following values:


Boolean indicating whether or not the key may be extracted using SubtleCrypto.exportKey() or SubtleCrypto.wrapKey().

  • true: The key may be extracted.
  • false The key may not be extracted. exportKey() or wrapKey() will throw an exception if used to extract this key.

An object describing the algorithm for which this key can be used and any associated extra parameters.


An Array of strings, indicating what can be done with the key. Possible values for array elements are:

  • "encrypt": The key may be used to encrypt messages.
  • "decrypt": The key may be used to decrypt messages.
  • "sign": The key may be used to sign messages.
  • "verify": The key may be used to verify signatures.
  • "deriveKey": The key may be used in deriving a new key.
  • "deriveBits": The key may be used in deriving bits.
  • "wrapKey": The key may be used to wrap a key.
  • "unwrapKey": The key may be used to unwrap a key.


The examples for SubtleCrypto methods often use CryptoKey objects. For example:


Specification Status Comment
Web Cryptography API
The definition of 'CryptoKey' in that specification.
Recommendation Initial definition.

Browser compatibility

BCD tables only load in the browser

See also