Use the generateKey() method of the SubtleCrypto interface to generate a new key (for symmetric algorithms) or key pair (for public-key algorithms).
Syntax
const result = crypto.subtle.generateKey(algorithm, extractable, keyUsages);
Parameters
algorithmis a dictionary object defining the type of key to generate and providing extra algorithm-specific parameters.- For RSASSA-PKCS1-v1_5, RSA-PSS, or RSA-OAEP: pass an
RsaHashedKeyGenParamsobject. - For ECDSA or ECDH: pass an
EcKeyGenParamsobject. - For HMAC: pass an
HmacKeyGenParamsobject. - For AES-CTR, AES-CBC, AES-GCM, or AES-KW: pass an
AesKeyGenParamsobject.
- For RSASSA-PKCS1-v1_5, RSA-PSS, or RSA-OAEP: pass an
extractableis aBooleanindicating whether it will be possible to export the key usingSubtleCrypto.exportKey()orSubtleCrypto.wrapKey().keyUsagesis anArrayindicating what can be done with the newly generated key. Possible values for array elements are:encrypt: The key may be used toencryptmessages.decrypt: The key may be used todecryptmessages.sign: The key may be used tosignmessages.verify: The key may be used toverifysignatures.deriveKey: The key may be used inderiving a new key.deriveBits: The key may be used inderiving bits.wrapKey: The key may be used towrap a key.unwrapKey: The key may be used tounwrap a key.
Return value
resultis aPromisethat fulfills with aCryptoKey(for symmetric algorithms) or aCryptoKeyPair(for public-key algorithms).
Exceptions
The promise is rejected when the following exception is encountered:
SyntaxError- Raised when the result is a
CryptoKeyof typesecretorprivatebutkeyUsagesis empty. SyntaxError- Raised when the result is a
CryptoKeyPairand itsprivateKey.usagesattribute is empty.
Examples
Note: You can try the working examples on GitHub.
RSA key pair generation
This code generates an RSA-OAEP encryption key pair. See the complete code on GitHub.
let keyPair = window.crypto.subtle.generateKey(
{
name: "RSA-OAEP",
modulusLength: 4096,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256"
},
true,
["encrypt", "decrypt"]
);
Elliptic curve key pair generation
This code generates an ECDSA signing key pair. See the complete code on GitHub.
let keyPair = window.crypto.subtle.generateKey(
{
name: "ECDSA",
namedCurve: "P-384"
},
true,
["sign", "verify"]
);
HMAC key generation
This code generates an HMAC signing key. See the complete code on GitHub.
let key = window.crypto.subtle.generateKey(
{
name: "HMAC",
hash: {name: "SHA-512"}
},
true,
["sign", "verify"]
);
AES key generation
This code generates an AES-GCM encryption key. See the complete code on GitHub.
let key = window.crypto.subtle.generateKey(
{
name: "AES-GCM",
length: 256
},
true,
["encrypt", "decrypt"]
);
Specifications
| Specification | Status | Comment |
|---|---|---|
| Web Cryptography API The definition of 'SubtleCrypto.generateKey()' in that specification. |
Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
generateKey | Chrome Full support 37 | Edge
Partial support
12
| Firefox
Full support
34
| IE
Partial support
11
| Opera Full support 24 | Safari Full support 7 | WebView Android Full support 37 | Chrome Android Full support 37 | Firefox Android
Full support
34
| Opera Android Full support 24 | Safari iOS Full support 7 | Samsung Internet Android Full support 6.0 |
Legend
- Full support
- Full support
- Partial support
- Partial support
- See implementation notes.
- See implementation notes.
- User must explicitly enable this feature.
- User must explicitly enable this feature.