The RsaPssParams dictionary of the Web Crypto API represents the object that should be passed as the algorithm parameter into SubtleCrypto.sign() or SubtleCrypto.verify(), when using the RSA-PSS algorithm.


A DOMString. This should be set to RSA-PSS.

A long integer representing the length of the random salt to use, in bytes.

RFC 3447 says that "Typical salt lengths" are either 0 or the length of the output of the digest algorithm that was selected when this key was generated. For example, if you use SHA-256 as the digest algorithm, this could be 32.

The maximum size of saltLength is given by:

Math.ceil((keySizeInBits - 1)/8) - digestSizeInBytes - 2

So for a key length of 2048 bits and a digest output size of 32 bytes, the maximum size would be 222.


See the examples for SubtleCrypto.sign() and SubtleCrypto.verify().


Specification Status Comment
Web Cryptography API
The definition of 'SubtleCrypto.RsaPssParams' in that specification.

Browser compatibility

Browsers that support the "RSA-PSS" algorithm for the SubtleCrypto.sign() and SubtleCrypto.verify() methods will support this type.

See also