Web Crypto: wrapKey

This page shows the use of the wrapKey() function of the Web Crypto API.

On page load, it generates four keys:

• An AES-GCM secret key
• An RSA-PSS signing key pair
• An RSA-OAEP encryption key pair
• An ECDSA signing key pair

It provides four buttons across the top:

• Wrap the AES-GCM key in raw format
• Wrap the RSA-PSS private key in PKCS #8 format
• Wrap the RSA-OAEP public key in SubjectPublicKeyInfo format
• Wrap the ECDSA private key in JWK format

"Wrapping" a key essentially means exporting it in an encrypted form. So in all four cases, when you click the button you'll be asked for a password, and we will derive a symmetric key from the password, which we will use to encrypt the key after it is exported.

The exported, encrypted key is written to the area below the buttons.