SubtleCrypto.digest()

The digest() method of the SubtleCrypto interface generates a digest of the given data. A digest is a short fixed-length value derived from some variable-length input. Cryptographic digests should exhibit collision-resistance, meaning that it's hard to come up with two different inputs that have the same digest value.

It takes as its arguments an identifier for the digest algorithm to use and the data to digest. It returns a Promise which will be fulfilled with the digest.

Syntax

const digest = crypto.subtle.digest(algorithm, data);

Parameters

  • algorithm is a DOMString defining the hash function to use. Supported values are:
    • SHA-1 (but don't use this in cryptographic applications)
    • SHA-256
    • SHA-384
    • SHA-512.
  • data is an ArrayBuffer or ArrayBufferView containing the data to be digested.

Return value

Supported algorithms

Digest algorithms, also known as cryptographic hash functions, transform an arbitrarily large block of data into a fixed-size output, usually much shorter than the input. They have a variety of applications in cryptography.

SHA-1

This algorithm is specified in FIPS 180-4, section 6.1, and produces an output 160 bits long.

Warning: This algorithm is now considered vulnerable and should not be used for cryptographic applications.

SHA-256

This algorithm is specified in FIPS 180-4, section 6.2, and produces an output 256 bits long.

SHA-384

This algorithm is specified in FIPS 180-4, section 6.5, and produces an output 384 bits long.

SHA-512

This algorithm is specified in FIPS 180-4, section 6.4, and produces an output 512 bits long.

Hint: If you are looking here for how to create an keyed-hash message authentication code (HMAC), you need to use the SubtleCrypto.sign() instead.

Examples

Basic example

This example encodes a message, then calculates its SHA-256 digest and logs the digest length:

const text = 'An obscure body in the S-K System, your majesty. The inhabitants refer to it as the planet Earth.';

async function digestMessage(message) {
  const encoder = new TextEncoder();
  const data = encoder.encode(message);
  const hash = await crypto.subtle.digest('SHA-256', data);
  return hash;
}

const digestBuffer = await digestMessage(text);
console.log(digestBuffer.byteLength);

Converting a digest to a hex string

The digest is returned as an ArrayBuffer, but for comparison and display digests are often represented as hex strings. This example calculates a digest, then converts the ArrayBuffer to a hex string:

const text = 'An obscure body in the S-K System, your majesty. The inhabitants refer to it as the planet Earth.';

async function digestMessage(message) {
  const msgUint8 = new TextEncoder().encode(message);                           // encode as (utf-8) Uint8Array
  const hashBuffer = await crypto.subtle.digest('SHA-256', msgUint8);           // hash the message
  const hashArray = Array.from(new Uint8Array(hashBuffer));                     // convert buffer to byte array
  const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); // convert bytes to hex string
  return hashHex;
}

const digestHex = await digestMessage(text);
console.log(digestHex);

Specifications

Specification Status Comment
Web Cryptography API
The definition of 'SubtleCrypto.digest()' in that specification.
Recommendation Initial definition.

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
digestChrome Full support 37Edge Partial support 12
Notes
Partial support 12
Notes
Notes Not supported: SHA-1.
Firefox Full support 34
Full support 34
No support 32 — 34
Disabled
Disabled From version 32 until version 34 (exclusive): this feature is behind the dom.webcrypto.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE Partial support 11
Notes
Partial support 11
Notes
Notes Returns CryptoOperation instead of Promise
Opera Full support 24Safari Full support 7WebView Android Full support 37Chrome Android Full support 37Firefox Android Full support 34
Full support 34
No support 32 — 34
Disabled
Disabled From version 32 until version 34 (exclusive): this feature is behind the dom.webcrypto.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support 24Safari iOS Full support 7Samsung Internet Android Full support 6.0

Legend

Full support  
Full support
Partial support  
Partial support
See implementation notes.
See implementation notes.
User must explicitly enable this feature.
User must explicitly enable this feature.

 In Chrome 60, they added a feature that disables crypto.subtle for non-TLS connections

See also