Skip to content

Commit 7a5a89d

Browse files
vlovichvlovich
committed
Update WebCrypto conformance table
I believe we now support the full suite defined in the spec & Ed25519 is going to land before we publish this. Add column for key import since key derivation functions can import the key but not export.
1 parent fca34ab commit 7a5a89d

File tree

1 file changed

+33
-17
lines changed

1 file changed

+33
-17
lines changed

products/workers/src/content/runtime-apis/web-crypto.md

Lines changed: 33 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -271,35 +271,51 @@ These methods are all accessed via `crypto.subtle`, which is also [documented in
271271

272272
### Supported algorithms
273273

274-
Workers implements a subset of the most common cryptographic algorithms, as shown in the following table. We are happy to add support for more algorithms — [let us know about your use case](https://community.cloudflare.com/c/developers/workers).
274+
Workers implements all operation of the [WebCrypto standard](https://www.w3.org/TR/WebCryptoAPI), as shown in the following table.
275+
We are happy to add support for more algorithms — [let us know about your use case](https://community.cloudflare.com/c/developers/workers).
276+
277+
A checkmark (✓) indicates that this feature is believed to be fully supported according to the spec.
278+
[//]: # An x (✘) indicates that this feature is part of the specification but not implemented.
279+
[//]: # If a feature only implements the operation partially, details are listed.
275280

276281
<TableWrap>
277282

278-
| Algorithm | sign()<br/>verify() | encrypt()<br/>decrypt() | digest() | deriveBits()<br/>deriveKey() | generateKey() | wrapKey()<br/>unwrapKey() | exportKey() |
279-
| :---------------------------------------- | :------------------ | :---------------------- | :------- | :--------------------------- | :------------ | :------------------------ | ----------- |
280-
| RSASSA-PKCS1-v1_5 || | | || ||
281-
| RSA-PSS || | | || ||
282-
| ECDSA || | | | | ||
283-
| HMAC || | | || | |
284-
| AES-CBC | || | | || |
285-
| AES-GCM | || | ||| |
286-
| SHA-1 | | || | | | |
287-
| SHA-256 | | || | | | |
288-
| SHA-384 | | || | | | |
289-
| SHA-512 | | || | | | |
290-
| MD5<sup><a href="#footnote-1">1</a></sup> | | || | | | |
291-
| PBKDF2 | | | || | | |
283+
| Algorithm | sign()<br/>verify() | encrypt()<br/>decrypt() | digest() | deriveBits()<br/>deriveKey() | generateKey() | wrapKey()<br/>unwrapKey() | exportKey() | importKey() |
284+
| :------------------------------------------------ | :------------------- | :------------------------ | :------- | :--------------------------- | :------------ | :------------------------ | :---------- | :---------- |
285+
| RSASSA PKCS1 v1.5 || | | || |||
286+
| RSA PSS || | | || |||
287+
| RSA OAEP | || | |||||
288+
| ECDSA || | | || |||
289+
| ECDH | | | ||| |||
290+
| NODE ED25519<sup><a href="#footnote 1">1</a></sup>|| | | || |||
291+
| AES CTR | || | |||||
292+
| AES CBC | || | |||||
293+
| AES GCM | || | |||||
294+
| AES KW | | | | |||||
295+
| HMAC || | | || |||
296+
| SHA 1 | | || | | | | |
297+
| SHA 256 | | || | | | | |
298+
| SHA 384 | | || | | | | |
299+
| SHA 512 | | || | | | | |
300+
| MD5<sup><a href="#footnote 2">2</a></sup> | | || | | | | |
301+
| HKDF | | | || | | ||
302+
| PBKDF2 | | | || | | ||
292303

293304
</TableWrap>
294305

295306
__Footnotes:__
296307

297-
1. <a name="footnote-1"></a> MD5 is not part of the WebCrypto standard, but is supported in Cloudflare Workers for interacting with legacy systems that require MD5. MD5 is considered a weak algorithm. Do not rely upon MD5 for security.
308+
1. <a name="footnote-1"></a> Non-standard EdDSA is supported for the Ed25519 curve. Since this algorithm is non-standard, a few things to keep in mind while using it:
309+
* Use <Code>NODE-ED25519</Code> as the algorithm and namedCurve parameters.
310+
* Unlike NodeJS, we will not support "raw" import of private keys.
311+
* Since this algorithm is non-standard, the implementation may change over time. While we cannot guarantee it at this time, we will strive to maintain backward compatabilityand compatability with NodeJS's behavior.
312+
Any notable compatability notes will be communicated in release notes and via this developer document.
313+
2. <a name="footnote-2"></a> MD5 is not part of the WebCrypto standard, but is supported in Cloudflare Workers for interacting with legacy systems that require MD5. MD5 is considered a weak algorithm. Do not rely upon MD5 for security.
298314
299315
--------------------------------
300316
301317
## See also
302318
303319
- [SubtleCrypto documentation on MDN.](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto)
304320
- [SubtleCrypto documentation as part of the W3C Web Crypto API specification.](https://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface)
305-
- [Example: signing requests](/examples/signing-requests)
321+
- [Example: signing requests](/examples/signing-requests)

0 commit comments

Comments
 (0)