- 动态与公告
- 产品简介
- 购买指南
- 快速入门
- 域名服务
- 站点加速
- 源站配置
- 边缘函数
- 安全防护
- 规则引擎
- 四层代理
- 数据分析与日志服务
- 工具指南
- 实践教程
- API 文档
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Edge Function APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Custom Response Page APIs
- Version Management APIs
- Data Types
- Error Codes
- 常见问题
- 相关协议
- TEO 政策
- 联系我们
- 词汇表
- 动态与公告
- 产品简介
- 购买指南
- 快速入门
- 域名服务
- 站点加速
- 源站配置
- 边缘函数
- 安全防护
- 规则引擎
- 四层代理
- 数据分析与日志服务
- 工具指南
- 实践教程
- API 文档
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Edge Function APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Custom Response Page APIs
- Version Management APIs
- Data Types
- Error Codes
- 常见问题
- 相关协议
- TEO 政策
- 联系我们
- 词汇表
Web Crypto API 基于 Web APIs 标准 Web Crypto API 进行设计。提供了一组常见的加密操作接口,相比纯 JavaScript 实现的加密接口,
Web Crypto API 的性能更高。注意:
不支持直接构造
Crypto 对象,边缘函数运行时会在全局注入,直接使用全局 crypto 实例即可。描述
// 编码const encodeContent = new TextEncoder().encode('hello world');// 使用 crypto,生成 SHA-256 哈希值 Promise<ArrayBuffer>const sha256Content = await crypto.subtle.digest({ name: 'SHA-256' },encodeContent);const result = new Uint8Array(sha256Content);
属性
// crypto.subtlereadonly subtle: SubtleCrypto;
方法
getRandomValues
crypto.getRandomValues(buffer: TypedArray): TypedArray;
生成随机数填充 buffer, 并返回 buffer。
参数
属性名 | 类型 | 必填 | 说明 |
buffer | 是 |
randomUUID
crypto.randomUUID(): string;
返回随机 UUID(v4)。
SubtleCrypto
说明:
SubtleCrypto 加密接口按功能分为两类:
加密功能,包含
encrypt/decrypt、sign/verify、digest, 可以用来实现隐私和身份验证等安全功能。密钥管理功能,包含
generateKey、deriveKey、importKey/exportKey, 可以用来管理密钥。digest
crypto.subtle.digest(algorithm: string | object, data: ArrayBuffer): Promise<ArrayBuffer>;
encrypt
crypto.subtle.encrypt(algorithm: object, key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
对于
RSA-OAEP 算法,要求 data 长度不能超过 modulusLength/8 - 2*hLen -2,其中 hLen 的取值逻辑为:SHA-1: hLen = 20 byte
SHA-256: hLen = 32 byte
SHA-384: hLen = 48 byte
SHA-512: hLen = 64 byte
对于
AES-CTR,AES-CBC,AES-GCM,限制 data 长度 1MB。decrypt
crypto.subtle.decrypt(algorithm: object, key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
对于
RSA-OAEP 算法, data 长度为 modulusLength/8。对于
AES-CTR,AES-CBC,AES-GCM,限制 data 长度 1MB。sign
crypto.subtle.sign(algorithm: string | object, key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
verify
crypto.subtle.verify(algorithm: string | object, key: CryptoKey, signature: BufferSource, data: ArrayBuffer): Promise<boolean>;
generateKey
crypto.subtle.generateKey(algorithm: object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey | CryptoKeyPair>;
deriveKey
crypto.subtle.deriveKey(algorithm: object, baseKey: CryptoKey, derivedKeyAlgorithm: object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey>;
importKey
crypto.subtle.importKey(format: string, keyData: BufferSource, algorithm: string | object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey>;
exportKey
crypto.subtle.exportKey(format: string, key: CryptoKey): Promise<ArrayBuffer>;
deriveBits
crypto.subtle.deriveBits(algorithm: object, baseKey: CryptoKey, length: integer): Promise<ArrayBuffer>;
wrapKey
crypto.subtle.wrapKey(format: string, key: CryptoKey, wrappingKey: CryptoKey, wrapAlgo: string | object): Promise<ArrayBuffer>;;
unwrapKey
crypto.subtle.unwrapKey(format: string, wrappedKey: ArrayBuffer, unwrappingKey: CryptoKey, unwrapAlgo: string | object, unwrappedKeyAlgo: string | object, extractable: boolean, keyUsages: Array<string>): Promise<CryptoKey>;
CryptoKey
CryptoKey 属性描述如下。属性名 | 类型 | 只读 | 说明 |
type | string | 是 | 密钥类型。 |
extractable | boolean | 是 | 密钥是否可导出。 |
algorithm | object | 是 | 算法相关, 包含算法需要的字段。 |
usages | Array<string> | 是 | 密钥的用途。 |
CryptoKeyPair
CryptoKeyPair 属性描述如下。支持算法
Algorithm | encrypt() decrypt() | sign() verify() | wrapKey() unwrapKey() | deriveKey() deriveBits() | generateKey() | importKey() | exportKey() | digest() |
RSASSA-PKCS1-v1_5 | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
RSA-PSS | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
RSA-OAEP | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
ECDSA | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
ECDH | - | - | - | ✓ | ✓ | ✓ | ✓ | - |
HMAC | - | ✓ | - | - | ✓ | ✓ | ✓ | - |
AES-CTR | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
AES-CBC | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
AES-GCM | ✓ | - | ✓ | - | ✓ | ✓ | ✓ | - |
AES-KW | - | - | ✓ | - | ✓ | ✓ | ✓ | - |
HKDF | - | - | - | ✓ | - | ✓ | - | - |
PBKDF2 | - | - | - | ✓ | - | ✓ | - | - |
SHA-1 | - | - | - | - | - | - | - | ✓ |
SHA-256 | - | - | - | - | - | - | - | ✓ |
SHA-384 | - | - | - | - | - | - | - | ✓ |
SHA-512 | - | - | - | - | - | - | - | ✓ |
MD5 | - | - | - | - | - | - | - | ✓ |
示例代码
function uint8ArrayToHex(arr) {return Array.prototype.map.call(arr, (x) => ((`0${x.toString(16)}`).slice(-2))).join('');}async function handleEvent(event) {const encodeArr = TextEncoder().encode('hello world');// 执行 md5const md5Buffer = await crypto.subtle.digest({ name: 'MD5' }, encodeArr);// 输出十六进制字符串const md5Str = uint8ArrayToHex(new Uint8Array(md5Buffer));const response = new Response(md5Str);return response;}addEventListener('fetch', async (event) => {event.respondWith(handleEvent(event));});
是
否
本页内容是否解决了您的问题?