What is the Web Crypto API?

The Web Crypto API exposes cryptographic primitives in browsers and other JavaScript runtimes through crypto.subtle (a SubtleCrypto object). It supports hashing, signing, verification, encryption, key derivation and key wrapping using named algorithms with typed parameters.

Which algorithm should I use to encrypt data?

For symmetric encryption, AES-GCM is the recommended authenticated cipher; AES-CBC and AES-CTR are also available. For asymmetric encryption use RSA-OAEP. Each requires the matching key type and a correct iv or label parameter.

Use ECDSA (with a P-256/P-384/P-521 curve) or RSASSA-PKCS1-v1_5 or RSA-PSS for digital signatures, and HMAC for symmetric message authentication. Pass the algorithm name and its parameters to crypto.subtle.sign and verify with crypto.subtle.verify.

Which algorithms derive keys from a password?

PBKDF2 derives bits/keys from a password with a salt and iteration count; HKDF derives from existing high-entropy key material; ECDH derives a shared secret from two key pairs. All are used with deriveBits and deriveKey, not with encrypt or sign directly.

Does this tool run any cryptography?

No. It is a static reference of algorithm names and their supported operations, searched locally. No keys are generated and nothing is transmitted.

Web Crypto API Algorithms Reference

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Web Crypto API algorithm identifiers

The crypto.subtle interface takes a named algorithm for every operation, and each algorithm only supports certain operations. This reference lists the SubtleCrypto algorithm identifiers with a support matrix across sign, verify, encrypt, decrypt, digest, derive and wrap, plus a live filter.

How it works

Every SubtleCrypto call names an algorithm and supplies its parameters:

const sig = await crypto.subtle.sign(
  { name: "ECDSA", hash: "SHA-256" },
  privateKey,
  data
);

const ct = await crypto.subtle.encrypt(
  { name: "AES-GCM", iv },
  key,
  plaintext
);

An algorithm only works for the operations it supports — AES-GCM does encrypt/decrypt/wrapKey/unwrapKey but not sign; ECDSA does sign/verify but not encrypt. The matrix below maps each name to its valid operations.

Tips and notes

Prefer AES-GCM (authenticated) over AES-CBC for new code, with a unique IV.
PBKDF2/HKDF/ECDH produce key material via deriveBits/deriveKey only.
Hash names (SHA-256, SHA-384, SHA-512) are used with digest and as the hash parameter inside signing/derivation algorithms.
SHA-1 is supported for digest but is unsafe for signatures.