CryptoKey: type property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

We’d love to hear your thoughts on the next set of proposals for the JavaScript language. You can find a description of the proposals here.
Please take two minutes to fill out our short survey.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

Note: This feature is available in Web Workers.

The read-only type property of the CryptoKey interface indicates which kind of key is represented by the object. It can have the following values:

Value

One of the following strings: "secret", "private", or "public".

Examples

This function verifies a message using SubtleCrypto.verify() and a public key given in the parameter. If the key is not a public key, it always returns "invalid", as such verification is fundamentally insecure.

js
async function verifyMessage(publicKey) {
  const signatureValue = document.querySelector(
    ".rsassa-pkcs1 .signature-value",
  );
  signatureValue.classList.remove("valid", "invalid");

  let result = false; // By default, it is invalid

  if (publicKey.type === "public") {
    const encoded = getMessageEncoding();
    result = await window.crypto.subtle.verify(
      "RSASSA-PKCS1-v1_5",
      publicKey,
      signature,
      encoded,
    );
  }

  signatureValue.classList.add(result ? "valid" : "invalid");
}

Specifications

Specification
Web Cryptography Level 2
# dom-cryptokey-type

Browser compatibility