Skip to main content
Module

std/crypto/mod.ts

Deno standard library
Go to Latest
The Standard Library has been moved to JSR. See the blog post for details.
import * as mod from "https://deno.land/std@0.182.0/crypto/mod.ts";

Extensions to the Web Crypto supporting additional encryption APIs, but also delegating to the built-in APIs when possible.

Provides additional digest algorithms that are not part of the WebCrypto standard as well as a subtle.digest and subtle.digestSync methods. It also provides a subtle.timingSafeEqual() method to compare array buffers or data views in a way that isn't prone to timing based attacks.

The "polyfill" delegates to WebCrypto where possible.

The KeyStack export implements the KeyRing interface for managing rotatable keys for signing data to prevent tampering, like with HTTP cookies.

Supported algorithms

Here is a list of supported algorithms. If the algorithm name in WebCrypto and Wasm/Rust is the same, this library prefers to use algorithms that are supported by WebCrypto.

WebCrypto

// https://deno.land/std/crypto/crypto.ts
const webCryptoDigestAlgorithms = [
  "SHA-384",
  "SHA-256",
  "SHA-512",
  // insecure (length-extendable and collidable):
  "SHA-1",
] as const;

Wasm/Rust

// https://deno.land/std/_wasm_crypto/crypto.ts
export const digestAlgorithms = [
  "BLAKE2B-256",
  "BLAKE2B-384",
  "BLAKE2B",
  "BLAKE2S",
  "BLAKE3",
  "KECCAK-224",
  "KECCAK-256",
  "KECCAK-384",
  "KECCAK-512",
  "SHA-384",
  "SHA3-224",
  "SHA3-256",
  "SHA3-384",
  "SHA3-512",
  "SHAKE128",
  "SHAKE256",
  "TIGER",
  // insecure (length-extendable):
  "RIPEMD-160",
  "SHA-224",
  "SHA-256",
  "SHA-512",
  // insecure (collidable and length-extendable):
  "MD5",
  "SHA-1",
] as const;

Timing safe comparison

When checking the values of cryptographic hashes are equal, default comparisons can be susceptible to timing based attacks, where attacker is able to find out information about the host system by repeatedly checking response times to equality comparisons of values.

It is likely some form of timing safe equality will make its way to the WebCrypto standard (see: w3c/webcrypto#270), but until that time, timingSafeEqual() is provided:

import { crypto } from "https://deno.land/std@0.182.0/crypto/mod.ts";
import { assert } from "https://deno.land/std@0.182.0/testing/asserts.ts";

const a = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);
const b = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);
const c = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello deno"),
);

assert(crypto.subtle.timingSafeEqual(a, b));
assert(!crypto.subtle.timingSafeEqual(a, c));

In addition to the method being part of the crypto.subtle interface, it is also loadable directly:

import { timingSafeEqual } from "https://deno.land/std@0.182.0/crypto/timing_safe_equal.ts";
import { assert } from "https://deno.land/std@0.182.0/testing/asserts.ts";

const a = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);
const b = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);

assert(timingSafeEqual(a, b));

Examples

Example 1

import { crypto } from "https://deno.land/std@0.182.0/crypto/mod.ts";

// This will delegate to the runtime's WebCrypto implementation.
console.log(
  new Uint8Array(
    await crypto.subtle.digest(
      "SHA-384",
      new TextEncoder().encode("hello world"),
    ),
  ),
);

// This will use a bundled Wasm/Rust implementation.
console.log(
  new Uint8Array(
    await crypto.subtle.digest(
      "BLAKE3",
      new TextEncoder().encode("hello world"),
    ),
  ),
);

Convert hash to a string

import {
  crypto,
  toHashString,
} from "https://deno.land/std@0.182.0/crypto/mod.ts";

const hash = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("You hear that Mr. Anderson?"),
);

// Hex encoding by default
console.log(toHashString(hash));

// Or with base64 encoding
console.log(toHashString(hash, "base64"));

Classes

A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.

Variables

An wrapper for WebCrypto adding support for additional non-standard algorithms, but delegating to the runtime WebCrypto implementation whenever possible.

Functions

Compare to array buffers or data views in a way that timing based attacks cannot gain information about the platform.

Converts a hash to a string with a given encoding.

Interfaces

Extensions to the Web Crypto interface.

Extensions to the web standard SubtleCrypto interface.

Type Aliases

Types of data that can be signed cryptographically.

Types of keys that can be used to sign data.