Skip to main content
Version: 3.28.0

sign()

The sign() method of the SubtleCrypto interface generates a digital signature.

It takes as its arguments a key to sign with, some algorithm-specific parameters, and the data to sign. It returns a Promise which will be fulfilled with the signature.

You can use the corresponding verify() method to verify the signature.

Syntax

sign(algorithm, key, data)

Parameters

  • algorithm
    • : A string or object that specifies the signature algorithm to use and its parameters:
      • To use RSASSA-PKCS1-v1_5, pass the string "RSASSA-PKCS1-v1_5" or an object of the form { "name": "RSASSA-PKCS1-v1_5" }.
      • To use HMAC, pass the string "HMAC" or an object of the form { "name": "HMAC" }.
  • key
    • : A CryptoKey object containing the key to be used for signing. If algorithm identifies a public-key cryptosystem, this is the private key.
  • data
    • : An ArrayBuffer, a TypedArray or a DataView object containing the data to be signed.

Return value

A Promise that fulfills with an ArrayBuffer containing the signature.

Exceptions

The promise is rejected when the following exception is encountered:

  • InvalidAccessError
    • : Raised when the signing key is not a key for the request signing algorithm or when trying to use an algorithm that is either unknown or isn't suitable for signing.

Supported algorithms

RSASSA-PKCS1-v1_5

The RSASSA-PKCS1-v1_5 algorithm is specified in RFC 3447.

HMAC

The HMAC algorithm calculates and verifies hash-based message authentication codes according to the FIPS 198-1 standard.

The digest algorithm to use is specified in the HmacImportParams object that you pass into SubtleCrypto.importKey().