Web Crypto API

The Web Crypto API is an interface allowing a script to use cryptographic primitives in order to build systems using cryptography.

Warning: The Web Crypto API provides a number of low-level cryptographic primitives. It's very easy to misuse them, and the pitfalls involved can be very subtle.

Even assuming you use the basic cryptographic functions correctly, secure key management and overall security system design are extremely hard to get right, and are generally the domain of specialist security experts.

Errors in security system design and implementation can make the security of the system completely ineffective.

If you're not sure you know what you are doing, you probably shouldn't be using this API.

Interfaces

Some browsers implemented an interface called Crypto without having it well defined or being cryptographically sound. In order to avoid confusion, methods and properties of this interface have been removed from browsers implementing the Web Crypto API, and all Web Crypto API methods are available on a new interface: SubtleCrypto. The Crypto.subtle property gives access to an object implementing it.

Specifications

Specification Status Comment
Web Cryptography API Recommendation Initial definition

Browser compatibility

Crypto

DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
CryptoChrome Full support 11Edge Full support 12Firefox Full support 26IE Full support 11Opera Full support 15Safari Full support 6.1WebView Android Full support YesChrome Android Full support 18Firefox Android Full support 26Opera Android Full support 14Safari iOS Full support 6.1Samsung Internet Android Full support 1.0
getRandomValues()Chrome Full support 11Edge Full support 12Firefox Full support 26IE Full support 11Opera Full support 15Safari Full support 6.1WebView Android Full support ≤37Chrome Android Full support 18Firefox Android Full support 26Opera Android Full support 14Safari iOS Full support 6.1Samsung Internet Android Full support 1.0
subtle
Experimental
Chrome Full support 37Edge Full support 12Firefox Full support 34
Full support 34
No support 32 — 34
Disabled
Disabled From version 32 until version 34 (exclusive): this feature is behind the dom.webcrypto.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE Partial support 11Opera Full support 24Safari Full support 10.1
Full support 10.1
Full support 7
Prefixed
Prefixed Implemented with the vendor prefix: webkit
WebView Android Full support 37Chrome Android Full support 37Firefox Android Full support 34
Full support 34
No support 32 — 34
Disabled
Disabled From version 32 until version 34 (exclusive): this feature is behind the dom.webcrypto.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support 24Safari iOS Full support 10.3
Full support 10.3
Full support 7
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Samsung Internet Android Full support 3.0

Legend

Full support
Full support
Partial support
Partial support
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.
User must explicitly enable this feature.
Requires a vendor prefix or different name for use.
Requires a vendor prefix or different name for use.