Menu
Open source
importKey
Caution
The experimental module
k6/experimental/webcryptohas graduated, and its functionality is now available globally through thecryptoobject. Thek6/experimental/webcryptois deprecated and will be removed in the near future.To migrate your scripts, remove the
k6/experimental/webcryptoimports and use thecryptoobject instead.
The importKey() imports a key from an external, portable format, and gives you a
CryptoKey object that can be used with the Web Crypto API.
Usage
importKey(format, keyData, algorithm, extractable, keyUsages)Parameters
| Name | Type | Description |
|---|---|---|
format | string | Defines the data format of the key to import. Depending on the algorithm and key type, the data format could vary. Currently supported formats are raw, jwk, spki, and pkcs8. |
keyData | ArrayBuffer, TypedArray, DataView or
JsonWebKey | the data to import the key from. |
algorithm | a string or object with a single name string property | The algorithm to use to import the key. |
extractable | boolean | Indicates whether it will be possible to export the key using exportKey. |
keyUsages | Array<string> | An array of strings describing what operations can be performed with the key. Currently supported usages include encrypt, decrypt, sign, and verify. |
Supported algorithms
| AES-CBC | AES-CTR | AES-GCM | AES-KW | ECDH | ECDSA | HMAC | RSA-OAEP | RSASSA-PKCS1-v1_5 | RSA-PSS |
|---|---|---|---|---|---|---|---|---|---|
| ✅ AesCbcParams | ✅ AesCtrParams | ✅ AesGcmParams | ❌ | ✅ EcdhKeyDeriveParams | ✅ EcdsaParams | ✅ HmacKeyGenParams | ✅ RsaHashedImportParams | ✅ RsaHashedImportParams | ✅ RsaHashedImportParams |
Supported formats
ECDHandECDSAalgorithms have support forpkcs8,spki,rawandjwkformats.RSA-OAEP,RSASSA-PKCS1-v1_5andRSA-PSSalgorithms have support forpkcs8,spkiandjwkformats.AES-*andHMACalgorithms have currently support forrawandjwkformats.
Return Value
A Promise that resolves with the imported key as a
CryptoKey object.
Throws
| Type | Description |
|---|---|
SyntaxError | Raised when the keyUsages parameter is empty but the key is of type secret or private. |
TypeError | Raised when trying to use an invalid format, or if the keyData is not suited for that format. |
Examples
Round-trip key export/import
import { crypto } from 'k6/experimental/webcrypto';
export default async function () {
/**
* Generate a symmetric key using the AES-CBC algorithm.
*/
const generatedKey = await crypto.subtle.generateKey(
{
name: 'AES-CBC',
length: '256',
},
true,
['encrypt', 'decrypt']
);
/**
* Export the key in raw format.
*/
const exportedKey = await crypto.subtle.exportKey('raw', generatedKey);
/**
* Reimport the key in raw format to verify its integrity.
*/
const importedKey = await crypto.subtle.importKey('raw', exportedKey, 'AES-CBC', true, [
'encrypt',
'decrypt',
]);
console.log(JSON.stringify(importedKey));
}Import a static raw key and decrypt transmitted data
This example demonstrates how to import a static raw key and decrypt some transmitted data in base64. The transmitted data in this example represents an initialization vector and encoded data, and in a real-world scenario, it can be a response body or other data received from a request.
import { crypto } from 'k6/experimental/webcrypto';
import { b64decode } from 'k6/encoding';
export default async function () {
const transmittedData = base64Decode(
'whzEN310mrlWIH/icf0dMquRZ2ENyfOzkvPuu92WR/9F8dbeFM8EGUVNIhaS'
);
// keyData is the key used to decrypt the data, which is usually stored in a secure location
// for this example, we are using a static key
const keyData = new Uint8Array([
109, 151, 76, 33, 232, 253, 176, 90, 94, 40, 146, 227, 139, 208, 245, 139, 69, 215, 55, 197, 43,
122, 160, 178, 228, 104, 4, 115, 138, 159, 119, 49,
]);
try {
const result = await decrypt(keyData, transmittedData);
// should output decrypted message
// INFO[0000] result: 'my secret message' source=console
console.log("result: '" + result + "'");
} catch (e) {
console.log('Error: ' + JSON.stringify(e));
}
}
const decrypt = async (keyData, transmittedData) => {
const initializeVectorLength = 12;
// the first 12 bytes are the initialization vector
const iv = new Uint8Array(transmittedData.subarray(0, initializeVectorLength));
// the rest of the transmitted data is the encrypted data
const encryptedData = new Uint8Array(transmittedData.subarray(initializeVectorLength));
const importedKey = await crypto.subtle.importKey(
'raw',
keyData,
{ name: 'AES-GCM', length: '256' },
true,
['decrypt']
);
const plain = await crypto.subtle.decrypt(
{ name: 'AES-GCM', iv: iv },
importedKey,
encryptedData
);
return arrayBufferToString(plain);
};
const arrayBufferToString = (buffer) => {
return String.fromCharCode.apply(null, new Uint8Array(buffer));
};
const base64Decode = (base64String) => {
return new Uint8Array(b64decode(base64String));
};Import a static JWK key and decrypt transmitted data
This example is similar to the previous one. It demonstrates how to import a static jwk key and decrypt some transmitted data (which contains the initialization vector and encoded data) in base64.
import { crypto } from 'k6/experimental/webcrypto';
import { b64decode } from 'k6/encoding';
export default async function () {
// transmitted data is the base64 of the initialization vector + encrypted data
// that unusually transmitted over the network
const transmittedData = base64Decode(
'drCfxl4O+5FcrHe8Bs0CvKlw3gZpv+S5if3zn7c4BJzHJ35QDFV4sJB0pbDT'
);
// keyData is the key used to decrypt the data, which is usually stored in a secure location
// for this example, we are using a static key
const jwkKeyData = {
kty: 'oct',
ext: true,
key_ops: ['decrypt', 'encrypt'],
alg: 'A256GCM',
k: '9Id_8iG6FkGOWmc1S203vGVnTExtpDGxdQN7v7OV9Uc',
};
try {
const result = await decrypt(jwkKeyData, transmittedData);
// should output decrypted message
// INFO[0000] result: 'my secret message' source=console
console.log("result: '" + result + "'");
} catch (e) {
console.log('Error: ' + JSON.stringify(e));
}
}
const decrypt = async (keyData, transmittedData) => {
const initializeVectorLength = 12;
// the first 12 bytes are the initialization vector
const iv = new Uint8Array(transmittedData.subarray(0, initializeVectorLength));
// the rest of the transmitted data is the encrypted data
const encryptedData = new Uint8Array(transmittedData.subarray(initializeVectorLength));
const importedKey = await crypto.subtle.importKey(
'jwk',
keyData,
{ name: 'AES-GCM', length: 256 },
true,
['encrypt', 'decrypt']
);
const plain = await crypto.subtle.decrypt(
{ name: 'AES-GCM', iv: iv },
importedKey,
encryptedData
);
return arrayBufferToString(plain);
};
const arrayBufferToString = (buffer) => {
return String.fromCharCode.apply(null, new Uint8Array(buffer));
};
const base64Decode = (base64String) => {
return new Uint8Array(b64decode(base64String));
};Was this page helpful?
Related resources from Grafana Labs
14 May
Performance testing and observability in Grafana Cloud
Optimize user experiences with Grafana Cloud. Learn real-time insights, performance testing with k6, and continuous validation with Synthetic Monitoring.
60 min
User-centered observability: load testing, real user monitoring, and synthetics
Learn how to use load testing, synthetic monitoring, and real user monitoring (RUM) to understand end users' experience of your apps. Watch on demand.