Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloudflare Workers Support #265

Closed
panva opened this issue Sep 9, 2021 · 0 comments
Closed

Cloudflare Workers Support #265

panva opened this issue Sep 9, 2021 · 0 comments
Labels

Comments

@panva
Copy link
Owner

panva commented Sep 9, 2021

Warning

You should not be using the nodejs_compat flag in wrangler. Using this flag makes your code's bundle process import the Node.js bundle that depends on node:crypto and other Node.js builtins. Given that these builtins are incomplete1 in Cloudflare workers you will be met with errors.

Tip

If you don't use the nodejs_compat flag in Cloudflare Workers, then you're all set and good.

Cloudflare Workers (workerd) make use of Web Cryptography API for the cryptographic operations.

JSON Web Key Type Support

Supported kty value
RSA RSA
Elliptic Curve EC supported curves: P-256, P-384, P-521
Octet Key Pair OKP supported subtypes: Ed25519, X25519
Octet sequence oct

JWS Algorithm Support

Supported alg values
RSASSA-PKCS1-v1_5 RS256, RS384, RS512
RSASSA-PSS PS256, PS384, PS512
ECDSA ES256, ES384, ES512
Edwards-curve DSA EdDSA
HMAC with SHA-2 HS256, HS384, HS512
Unsecured JWS none

JWE Key Management Algorithm Support

Supported alg values
AES A128KW, A192KW, A256KW
AES GCM A128GCMKW, A192GCMKW, A256GCMKW
Direct Key Agreement dir
RSAES OAEP RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512
PBES2 PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW
ECDH-ES ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW

JWE Content Encryption Algorithm Support

Supported enc values
AES GCM A128GCM, A192GCM, A256GCM
AES CBC w/ HMAC A128CBC-HS256, A192CBC-HS384, A256CBC-HS512

Unsupported Algorithms or Key Types

Due to the Web Cryptography API and runtime limitations the following is not supported in Clouflare Workers:

  • RSA1_5
  • secp256k1 and ES256K
  • Ed448 and X448

See also

Footnotes

  1. https://developers.cloudflare.com/workers/runtime-apis/nodejs/crypto/

@panva panva added the notice label Sep 9, 2021
Repository owner locked and limited conversation to collaborators Sep 9, 2021
@panva panva closed this as completed Sep 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

1 participant