On this page
@std/crypto
Overview Jump to heading
Extensions to the Web Crypto supporting additional encryption APIs, but also delegating to the built-in APIs when possible.
import { crypto } from "@std/crypto/crypto";
const message = "Hello, Deno!";
const encoder = new TextEncoder();
const data = encoder.encode(message);
await crypto.subtle.digest("BLAKE3", data);
Add to your project Jump to heading
deno add jsr:@std/crypto
See all symbols in @std/crypto on
What is web crypto? Jump to heading
The Web Crypto API is a standard set of low-level cryptographic primitives available in web browsers and other environments like Deno. It provides secure methods for hashing, encryption, decryption, signing, and verifying data, useful when you need to protect sensitive information.
Why use @std/crypto? Jump to heading
This package provides Web Crypto–compatible helpers and algorithms (like BLAKE3) with a familiar API. Use it in:
- API clients and SDKs: sign/verify payloads, compute request checksums, or derive cache validators (ETag‑like) with BLAKE3.
- CLI tools and build systems: fingerprint files and directories for caching, artifact integrity, or change detection.
- Edge/serverless apps: verify webhooks and JWT parts, hash bodies before storage, or compare secrets in constant time.
- Data pipelines: de‑duplicate blobs via fast hashing; generate stable IDs from content.
Examples Jump to heading
Hashing Jump to heading
import { crypto } from "@std/crypto/crypto";
const data = new TextEncoder().encode("hello");
const hash = await crypto.subtle.digest("BLAKE3", data);
console.log(new Uint8Array(hash));
Hash to hex Jump to heading
import { crypto } from "@std/crypto/crypto";
const toHex = (bytes: Uint8Array) =>
Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
const data = new TextEncoder().encode("hello");
const buf = await crypto.subtle.digest("BLAKE3", data);
console.log(toHex(new Uint8Array(buf))); // e.g. "ea..."
Hash a file (BLAKE3) Jump to heading
import { crypto } from "@std/crypto/crypto";
const file = await Deno.readFile("./README.md");
const buf = await crypto.subtle.digest("BLAKE3", file);
console.log(new Uint8Array(buf));
Constant‑time compare Jump to heading
import { crypto } from "@std/crypto/crypto";
import { timingSafeEqual } from "@std/crypto/timing-safe-equal";
const enc = new TextEncoder();
const a = new Uint8Array(
await crypto.subtle.digest("BLAKE3", enc.encode("abc")),
);
const b = new Uint8Array(
await crypto.subtle.digest("BLAKE3", enc.encode("abd")),
);
console.log(timingSafeEqual(a, b)); // false
Synchronous hashing (scripts) Jump to heading
import { crypto } from "@std/crypto/crypto";
const data = new TextEncoder().encode("fast");
const buf = crypto.subtle.digestSync("BLAKE3", data);
console.log(new Uint8Array(buf));
Random bytes Jump to heading
import { crypto } from "@std/crypto/crypto";
const iv = new Uint8Array(12);
crypto.getRandomValues(iv);
console.log(iv);
AES‑GCM encrypt/decrypt (Web Crypto) Jump to heading
import { crypto } from "@std/crypto/crypto";
const key = await crypto.subtle.generateKey(
{ name: "AES-GCM", length: 256 },
true,
["encrypt", "decrypt"],
);
const iv = crypto.getRandomValues(new Uint8Array(12));
const data = new TextEncoder().encode("secret message");
const ciphertext = await crypto.subtle.encrypt(
{ name: "AES-GCM", iv },
key,
data,
);
const plaintext = await crypto.subtle.decrypt(
{ name: "AES-GCM", iv },
key,
ciphertext,
);
console.log(new TextDecoder().decode(new Uint8Array(plaintext))); // "secret message"
Tips Jump to heading
- Prefer Web Crypto primitives; avoid rolling your own crypto.
- Encode inputs with
TextEncoderand compare results as bytes or hex.