You’re reading the English version of this content since no translation exists yet for this locale. Help us translate this article!

The RsaHashedKeyGenParams dictionary of the Web Crypto API represents the object that should be passed as the algorithm parameter into SubtleCrypto.generateKey(), when generating any RSA-based key pair: that is, when the algorithm is identified as any of RSASSA-PKCS1-v1_5, RSA-PSS, or RSA-OAEP.


A DOMString. This should be set to RSASSA-PKCS1-v1_5, RSA-PSS, or RSA-OAEP, depending on the algorithm you want to use.
A Number. The length in bits of the RSA modulus. This should be at least 2048: see for example see NIST SP 800-131A Rev. 1. Some organizations are now recommending that it should be 4096.

A Uint8Array. The public exponent. Unless you have a good reason to use something else, specify 65537 here ([0x01, 0x00, 0x01]).


A DOMString representing the name of the digest function to use. You can pass any of SHA-256, SHA-384, or SHA-512 here.

Warning: Although you can technically pass SHA-1 as a value here, this is strongly discouraged as SHA-1 is considered vulnerable.


See the examples for SubtleCrypto.generateKey().


Specification Status Comment
Web Cryptography API
The definition of 'SubtleCrypto.RsaHashedKeyGenParams' in that specification.

Browser compatibility

Browsers that support any RSA-based algorithm for the SubtleCrypto.generateKey() method will support this type.

See also