The read-only Window.crypto property returns the Crypto object associated to the global object. This object allows web pages access to certain cryptographic related services. Although the property itself is read-only, all of its methods (and the methods of its child object, SubtleCrypto) are not read-only, and therefore vulnerable to attack by polyfill.

Although window.crypto is available on all windows, the returned Crypto object only has one usable feature in insecure contexts: the getRandomValues() method. In general, you should use this API only in secure contexts.


var cryptoObj = window.crypto || window.msCrypto; // for IE 11


An instance of the Crypto interface, providing access to general-purpose cryptography and a strong random-number generator.


This example uses the Window.crypto property to access the getRandomValues() method.


genRandomNumbers = function getRandomNumbers() {
  var array = new Uint32Array(10);

  var randText = document.getElementById("myRandText");
  randText.innerHTML = "The random numbers are: "
  for (var i = 0; i < array.length; i++) {
    randText.innerHTML += array[i] + " ";


<p id="myRandText">The random numbers are: </p>
<button type="button" onClick='genRandomNumbers()'>Generate 10 random numbers</button>



Specification Status Comment
Web Cryptography API
The definition of 'Window.crypto' in that specification.
Recommendation Initial definition

Browser compatibility

ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
cryptoChrome Full support 37Edge Full support 12Firefox Full support 34IE Full support 11
Full support 11
Prefixed Implemented with the vendor prefix: ms
Opera Full support 24Safari Full support 6.1WebView Android Full support 37Chrome Android Full support 37Firefox Android Full support 34Opera Android Full support 24Safari iOS Full support 6.1Samsung Internet Android Full support 3.0


Full support
Full support
Requires a vendor prefix or different name for use.
Requires a vendor prefix or different name for use.

See also