Web Crypto API RSA-PSS Generate Keys Sign & verify Message

by Anish

Posted on Tuesday september 25, 2018

This sample chapter extracted from the book, Cryptography for JavaScript Developers.

The Web crypto api describes using The RSA-PSS algorithm identifier is used to perform signing and verification using the RSASSA-PSS algorithm specified in [RFC3447], using the SHA hash functions defined in this specification and the mask generation formula MGF1.

The recognized algorithm name for this algorithm is "RSA-PSS".

  1. sign: Perform the signature generation operation
  2. verify: Perform the signature verification operation
  3. importKey EcKeyImportParams Key (spki,jwk,raw,pkcs8)
  4. exportKey None ArrayBuffer
  5. generateKey: Generate an RSA key pair

hash algorithms reference

  1. id-sha1=SHA-1
  2. id-sha256=SHA-256
  3. id-sha384=SHA-384
  4. id-sha512=SHA-512


Input Text to Signed
Signature Output (Hex)
RSA-PSS Public Key (JWK) :
RSA-PSS Private Key (JWK):

This is the web cryptography api example of performing ECDH generateKey and derivebits, and then using generate key to encrypt and decrypt the message in AES

RSA-PSS Javascript example of using webcrypto api

Generate RSA-PSS Keys, then sign the message using the RSA private key

                name: "RSA-PSS",
                modulusLength: 2048, //can be 1024, 2048, or 4096
                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
                hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
            true, //whether the key is extractable (i.e. can be used in exportKey)
            ["sign", "verify"] //can be any combination of "sign" and "verify"
    .then(function(key) {

        publicKey = key.publicKey;
        privateKey = key.privateKey;

Exporting the RSA-PSS Keys in JWK for the demo purpose only, you can export the keys if you want to save it into the filesystems

        // For Demo Purpos Only Exported in JWK format
        window.crypto.subtle.exportKey("jwk", key.publicKey).then(
            function(keydata) {
                publicKeyhold = keydata;
                publicKeyJson = JSON.stringify(publicKeyhold);
                document.getElementById("rsapublic").value = publicKeyJson;

        window.crypto.subtle.exportKey("jwk", key.privateKey).then(
            function(keydata) {
                privateKeyhold = keydata;
                privateKeyJson = JSON.stringify(privateKeyhold);
                document.getElementById("rsaprivate").value = privateKeyJson;

Signing the message, using the RSA private keys

                    name: "RSA-PSS",
                    saltLength: 128, //the length of the salt
                privateKey, //from generateKey or importKey above
                asciiToUint8Array(plainText) //ArrayBuffer of data you want to sign
            .then(function(signature) {
                //returns an ArrayBuffer containing the signature
                document.getElementById("cipherText").value = bytesToHexString(signature);
            .catch(function(err) {

    .catch(function(err) {

Signature Validation : This operation requires RSA public key

                name: "RSA-PSS",
                saltLength: 128, //the length of the salt
            publicKey, //from generateKey or importKey above
            hexStringToUint8Array(cipherText), //ArrayBuffer of the data
        .then(function(decrypted) {
            alert("Verified   " + decrypted);
        .catch(function(err) {

Download the sample code here
Next Reading RSA-OAEP generateKey/Encrypt/Decrypt

Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9

python Cryptography Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

Kubernetes for DevOps

Hello Dockerfile

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang ryptography for Developers