Skip to main content
Deno 2 is finally here 🎉️
Learn more
Module

std/crypto/mod.ts

Deno standard library
Go to Latest
The Standard Library has been moved to JSR. See the blog post for details.
import * as mod from "https://deno.land/std@0.208.0/crypto/mod.ts";

Extensions to the Web Crypto supporting additional encryption APIs, but also delegating to the built-in APIs when possible.

Provides additional digest algorithms that are not part of the WebCrypto standard as well as a subtle.digest and subtle.digestSync methods.

The "polyfill" delegates to WebCrypto where possible.

The KeyStack export implements the KeyRing interface for managing rotatable keys for signing data to prevent tampering, like with HTTP cookies.

Supported algorithms

Here is a list of supported algorithms. If the algorithm name in WebCrypto and Wasm/Rust is the same, this library prefers to use algorithms that are supported by WebCrypto.

WebCrypto

// https://deno.land/std/crypto/crypto.ts
const webCryptoDigestAlgorithms = [
  "SHA-384",
  "SHA-256",
  "SHA-512",
  // insecure (length-extendable and collidable):
  "SHA-1",
] as const;

Wasm/Rust

// https://deno.land/std/crypto/_wasm/mod.ts
export const digestAlgorithms = [
  "BLAKE2B-128",
  "BLAKE2B-160",
  "BLAKE2B-224",
  "BLAKE2B-256",
  "BLAKE2B-384",
  "BLAKE2B",
  "BLAKE2S",
  "BLAKE3",
  "KECCAK-224",
  "KECCAK-256",
  "KECCAK-384",
  "KECCAK-512",
  "SHA-384",
  "SHA3-224",
  "SHA3-256",
  "SHA3-384",
  "SHA3-512",
  "SHAKE128",
  "SHAKE256",
  "TIGER",
  // insecure (length-extendable):
  "RIPEMD-160",
  "SHA-224",
  "SHA-256",
  "SHA-512",
  // insecure (collidable and length-extendable):
  "MD4",
  "MD5",
  "SHA-1",
] as const;

Examples

Example 1

import { crypto } from "https://deno.land/std@0.208.0/crypto/mod.ts";

// This will delegate to the runtime's WebCrypto implementation.
console.log(
  new Uint8Array(
    await crypto.subtle.digest(
      "SHA-384",
      new TextEncoder().encode("hello world"),
    ),
  ),
);

// This will use a bundled Wasm/Rust implementation.
console.log(
  new Uint8Array(
    await crypto.subtle.digest(
      "BLAKE3",
      new TextEncoder().encode("hello world"),
    ),
  ),
);

Convert hash to a string

import {
  crypto,
} from "https://deno.land/std@0.208.0/crypto/mod.ts";
import { encodeHex } from "https://deno.land/std@0.208.0/encoding/hex.ts"
import { encodeBase64 } from "https://deno.land/std@0.208.0/encoding/base64.ts"

const hash = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("You hear that Mr. Anderson?"),
);

// Hex encoding
console.log(encodeHex(hash));

// Or with base64 encoding
console.log(encodeBase64(hash));

Classes

A cryptographic key chain which allows signing of data to prevent tampering, but also allows for easy key rotation without needing to re-sign the data.

Variables

An wrapper for WebCrypto adding support for additional non-standard algorithms, but delegating to the runtime WebCrypto implementation whenever possible.

Functions

When checking the values of cryptographic hashes are equal, default comparisons can be susceptible to timing based attacks, where attacker is able to find out information about the host system by repeatedly checking response times to equality comparisons of values.

f
toHashString
deprecated

Interfaces

Extensions to the Web Crypto interface.

Extensions to the web standard SubtleCrypto interface.

Type Aliases

Types of data that can be signed cryptographically.

Types of keys that can be used to sign data.