The exportKey()
method of the SubtleCrypto
interface exports a key: that is, it takes as input a CryptoKey
object and gives you the key in an external, portable format.
To export a key, the key must have CryptoKey.extractable
set to true
.
Keys can be exported in several formats: see Supported formats in the SubtleCrypto.importKey()
page for details.
Keys are not exported in an encrypted format: to encrypt keys when exporting them use the SubtleCrypto.wrapKey()
API instead.
The promise is rejected when one of the following exceptions is encountered:
-
InvalidAccessError
DOMException
-
Raised when trying to export a non-extractable key.
-
NotSupported
DOMException
-
Raised when trying to export in an unknown format.
-
TypeError
-
Raised when trying to use an invalid format.
This example exports an AES key as an ArrayBuffer
containing the bytes for the key. See the complete code on GitHub.
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey(
"raw",
key
);
const exportedKeyBuffer = new Uint8Array(exported);
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = `[${exportedKeyBuffer}]`;
}
window.crypto.subtle.generateKey(
{
name: "AES-GCM",
length: 256,
},
true,
["encrypt", "decrypt"]
).then((key) => {
const exportButton = document.querySelector(".raw");
exportButton.addEventListener("click", () => {
exportCryptoKey(key);
});
});
This example exports an RSA private signing key as a PKCS #8 object. The exported key is then PEM-encoded. See the complete code on GitHub.
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
}
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey(
"pkcs8",
key
);
const exportedAsString = ab2str(exported);
const exportedAsBase64 = window.btoa(exportedAsString);
const pemExported = `-----BEGIN PRIVATE KEY-----\n${exportedAsBase64}\n-----END PRIVATE KEY-----`;
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = pemExported;
}
window.crypto.subtle.generateKey(
{
name: "RSA-PSS",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
},
true,
["sign", "verify"]
).then((keyPair) => {
const exportButton = document.querySelector(".pkcs8");
exportButton.addEventListener("click", () => {
exportCryptoKey(keyPair.privateKey);
});
});
This example exports an RSA public encryption key as a PEM-encoded SubjectPublicKeyInfo object. See the complete code on GitHub.
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
}
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey(
"spki",
key
);
const exportedAsString = ab2str(exported);
const exportedAsBase64 = window.btoa(exportedAsString);
const pemExported = `-----BEGIN PUBLIC KEY-----\n${exportedAsBase64}\n-----END PUBLIC KEY-----`;
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = pemExported;
}
window.crypto.subtle.generateKey(
{
name: "RSA-OAEP",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
},
true,
["encrypt", "decrypt"]
).then((keyPair) => {
const exportButton = document.querySelector(".spki");
exportButton.addEventListener("click", () => {
exportCryptoKey(keyPair.publicKey);
});
});
This code exports an ECDSA private signing key as a JSON Web Key object. See the complete code on GitHub.
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey(
"jwk",
key
);
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = JSON.stringify(exported, null, " ");
}
window.crypto.subtle.generateKey(
{
name: "ECDSA",
namedCurve: "P-384"
},
true,
["sign", "verify"]
).then((keyPair) => {
const exportButton = document.querySelector(".jwk");
exportButton.addEventListener("click", () => {
exportCryptoKey(keyPair.privateKey);
});
});