Cloudflare Workers Support

[panva]

Warning

You should not be using the nodejs_compat flag in wrangler. Using this flag makes your code's bundle process import the Node.js bundle that depends on node:crypto and other Node.js builtins. Given that these builtins are incomplete¹ in Cloudflare workers you will be met with errors.

Tip

If you don't use the nodejs_compat flag in Cloudflare Workers, then you're all set and good.

Cloudflare Workers (workerd) make use of Web Cryptography API for the cryptographic operations.

JSON Web Key Type Support

	Supported	kty value
RSA	✓	RSA
Elliptic Curve	✓	EC	supported curves: P-256, P-384, P-521
Octet Key Pair	✓	OKP	supported subtypes: Ed25519, X25519
Octet sequence	✓	oct

JWS Algorithm Support

	Supported	alg values
RSASSA-PKCS1-v1_5	✓	RS256, RS384, RS512
RSASSA-PSS	✓	PS256, PS384, PS512
ECDSA	✓	ES256, ES384, ES512
Edwards-curve DSA	✓	EdDSA
HMAC with SHA-2	✓	HS256, HS384, HS512
Unsecured JWS	✓	none

JWE Key Management Algorithm Support

	Supported	alg values
AES	✓	A128KW, A192KW, A256KW
AES GCM	✓	A128GCMKW, A192GCMKW, A256GCMKW
Direct Key Agreement	✓	dir
RSAES OAEP	✓	RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512
PBES2	✓	PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW
ECDH-ES	✓	ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW

JWE Content Encryption Algorithm Support

	Supported	enc values
AES GCM	✓	A128GCM, A192GCM, A256GCM
AES CBC w/ HMAC	✓	A128CBC-HS256, A192CBC-HS384, A256CBC-HS512

Unsupported Algorithms or Key Types

Due to the Web Cryptography API and runtime limitations the following is not supported in Clouflare Workers:

• RSA1_5
• secp256k1 and ES256K
• Ed448 and X448

---

See also

• Browser Support
• Bun Support
• Deno Support
• Electron Support
• Node.js Support
• Vercel's Edge Runtime Support

Footnotes

1. https://developers.cloudflare.com/workers/runtime-apis/nodejs/crypto/ ↩