Web Crypto: unwrapKey

This page shows the use of the unwrapKey() function of the Web Crypto API. It contains two separate examples:

Raw/AES-GCM/AES-KW: unwrap an AES-GCM encryption key, that was encrypted using AES-KW and exported in "raw" format.
PKCS #8/RSA-PSS/AES-GCM: unwrap an RSA-PSS signing key, that was encrypted using AES-GCM and exported in "pkcs8" format.

Both examples have the same structure: you get a message and a button labeled "Unwrap Key".

If you click "Unwrap Key" then the example unwraps its particular key. First it will ask for a password: the password you must enter is correct horse battery staple. It uses the password to derive the key that was used to encrypt the wrapped key. It then unwraps the wrapped key. If you get the password wrong, unwrapping will fail.

If unwrapping was successful, a new button is displayed, that enables you to use the unwrapped key. For "raw/AES-GCM" the new button is labeled "Encrypt", and for "pkcs8/RSA-PSS" it's labeled "Sign". You can click the new button to use the unwrapped key to perform the appropriate operation and display the result.

Raw/AES-GCM/AES-KW

Enter a message to encrypt:

Ciphertext:

PKCS #8/RSA-PSS/AES-GCM

Enter a message to sign:

Signature: