Secure contextThis feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The digest()
method of the SubtleCrypto
interface generates a digest of the given data. A digest is a short fixed-length value derived from some variable-length input. Cryptographic digests should exhibit collision-resistance, meaning that it's hard to come up with two different inputs that have the same digest value.
It takes as its arguments an identifier for the digest algorithm to use and the data to digest. It returns a Promise
which will be fulfilled with the digest.
Syntax
const digest = crypto.subtle.digest(algorithm, data);
Parameters
algorithm
is aDOMString
defining the hash function to use. Supported values are:SHA-1
(but don't use this in cryptographic applications)SHA-256
SHA-384
SHA-512
.
data
is anArrayBuffer
orArrayBufferView
containing the data to be digested.
Return value
digest
is aPromise
that fulfills with anArrayBuffer
containing the digest.
Supported algorithms
Digest algorithms, also known as cryptographic hash functions, transform an arbitrarily large block of data into a fixed-size output, usually much shorter than the input. They have a variety of applications in cryptography.
SHA-1
This algorithm is specified in FIPS 180-4, section 6.1, and produces an output 160 bits long.
Warning: This algorithm is now considered vulnerable and should not be used for cryptographic applications.
SHA-256
This algorithm is specified in FIPS 180-4, section 6.2, and produces an output 256 bits long.
SHA-384
This algorithm is specified in FIPS 180-4, section 6.5, and produces an output 384 bits long.
SHA-512
This algorithm is specified in FIPS 180-4, section 6.4, and produces an output 512 bits long.
Hint: If you are looking here for how to create an keyed-hash message authentication code (HMAC), you need to use the SubtleCrypto.sign() instead.
Examples
Basic example
This example encodes a message, then calculates its SHA-256 digest and logs the digest length:
const text = 'An obscure body in the S-K System, your majesty. The inhabitants refer to it as the planet Earth.';
async function digestMessage(message) {
const encoder = new TextEncoder();
const data = encoder.encode(message);
const hash = await crypto.subtle.digest('SHA-256', data);
return hash;
}
const digestBuffer = await digestMessage(text);
console.log(digestBuffer.byteLength);
Converting a digest to a hex string
The digest is returned as an ArrayBuffer
, but for comparison and display digests are often represented as hex strings. This example calculates a digest, then converts the ArrayBuffer
to a hex string:
const text = 'An obscure body in the S-K System, your majesty. The inhabitants refer to it as the planet Earth.';
async function digestMessage(message) {
const msgUint8 = new TextEncoder().encode(message); // encode as (utf-8) Uint8Array
const hashBuffer = await crypto.subtle.digest('SHA-256', msgUint8); // hash the message
const hashArray = Array.from(new Uint8Array(hashBuffer)); // convert buffer to byte array
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); // convert bytes to hex string
return hashHex;
}
const digestHex = await digestMessage(text);
console.log(digestHex);
Specifications
Specification | Status | Comment |
---|---|---|
Web Cryptography APIThe definition of 'SubtleCrypto.digest()' in that specification. | Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
digest
|
Chrome
Full support 37 |
Edge Partial support 12 Partial support 12 Notes' Not supported: SHA-1. |
Firefox Full support 34 Full support 34 No support 32 — 34 Disabled' From version 32 until version 34 (exclusive): this feature is behind the |
IE Partial support 11 Partial support 11 Notes' Returns |
Opera
Full support 24 |
Safari
Full support 7 |
WebView Android
Full support 37 |
Chrome Android
Full support 37 |
Firefox Android Full support 34 Full support 34 No support 32 — 34 Disabled' From version 32 until version 34 (exclusive): this feature is behind the |
Opera Android
Full support 24 |
Safari iOS
Full support 7 |
Samsung Internet Android
Full support 6.0 |
Legend
- Full support
- Full support
- Partial support
- Partial support
- See implementation notes.'
- See implementation notes.
- User must explicitly enable this feature.'
- User must explicitly enable this feature.
In Chrome 60, they added a feature that disables crypto.subtle for non-TLS connections.
See also
- Chromium secure origins specification
- FIPS 180-4 specifies the SHA family of digest algorithms.
SubtleCrypto.digest() by Mozilla Contributors is licensed under CC-BY-SA 2.5.