The SubtleCrypto.generateKey() method returns a Promise of a newly generated CryptoKey, for symmetrical algorithms, or a CryptoKeyPair, containing two newly generated keys, for asymmetrical algorithm, that matches the algorithm, the usages and the extractability given as parameters.

Syntax

var result = crypto.subtle.generateKey(algo, extractable, keyUsages);

Parameters

  • algo is a dictionary object defining the key generation function to use. Supported algo are: AES-CBC, AES-CTR, AES-GCM, RSA-OAEP, AES-KW, HMAC, RSASSA-PKCS1-v1_5, ECDSA, ECDH, and DH. Format of the dictionary object is:
    • "name"which corresponds to one of the supported algo's listed above,

    • "modulusLength", which corresponds to the number of digits used in the modulus

    • "publicExponent", a Uint8Array representing the public exponent

    • "hash", a dictionary object referencing the hash algorithm to use. For example:

      • {name: "SHA-512"}

  • extractable is a Boolean indicating if the key can be extracted from the CryptoKey object at a later stage.
  • keyUsages  is an Array indicating what can be done with the newly generated key. Possible values of the array are:
    • "encrypt", allowing the key to be used for encrypting messages.
    • "decrypt", allowing the key to be used for decrypting messages.
    • "sign", allowing the key to be used for signing messages.
    • "verify", allowing the key to be used for verifying the signature of messages.
    • "deriveKey", allowing the key to be used as a base key when deriving a new key.
    • "deriveBits", allowing the key to be used as a base key when deriving bits of data for use in cryptographic primitives.
    • "wrapKey", allowing the key to wrap a symmetric key for usage (transfer, storage) in unsecure environments.
    • "unwrapKey", allowing the key to unwrap a symmetric key for usage (transfer, storage) in unsecure environments.

Return value

Exceptions

The promise is rejected when the following exception is encountered:

  • SyntaxError when keyUsages is empty but the generated symmetric key is of type "secret" or "private" or the generated private component of the generated asymmetric pair of key is empty.

Specifications

Specification Status Comment
Web Cryptography API
The definition of 'SubtleCrypto.generateKey()' in that specification.
Recommendation Initial definition.

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Basic supportChrome Full support 37Edge Partial support 12
Notes
Partial support 12
Notes
Notes Not supported: RSA-PSS, ECDSA, ECDH.
Notes Not supported: AES-CTR.
Firefox Full support 34
Full support 34
No support 32 — 34
Disabled
Disabled From version 32 until version 34 (exclusive): this feature is behind the dom.webcrypto.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE Partial support 11
Notes
Partial support 11
Notes
Notes Returns KeyOperation instead of Promise
Opera Full support 24Safari Full support 7WebView Android Full support 37Chrome Android Full support 37Edge Mobile Full support 12Firefox Android Full support 34
Full support 34
No support 32 — 34
Disabled
Disabled From version 32 until version 34 (exclusive): this feature is behind the dom.webcrypto.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support 24Safari iOS Full support 7Samsung Internet Android Full support 6.0

Legend

Full support  
Full support
Partial support  
Partial support
See implementation notes.
See implementation notes.
User must explicitly enable this feature.
User must explicitly enable this feature.

See also

Document Tags and Contributors

Contributors to this page: fscholz, kalitine, michaelfward, Dans24, abbycar, Dejmek, teoli
Last updated by: fscholz,