Skip to content

Add X25519 generateKey overload to SubtleCrypto #2358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
github-actions merged 1 commit into from
Jan 8, 2026
Merged

Add X25519 generateKey overload to SubtleCrypto #2358

github-actions merged 1 commit into from
Jan 8, 2026

Conversation

@kairosci
Copy link
Contributor

@kairosci kairosci commented Jan 7, 2026

Summary

This PR adds a specific overload for the X25519 key exchange algorithm to the SubtleCrypto.generateKey() method, following the same pattern as the existing Ed25519 overload.

Changes

Added the following overload to SubtleCrypto interface in inputfiles/overridingTypes.jsonc:

generateKey(algorithm: "X25519" | { name: "X25519" }, extractable: boolean, keyUsages: ReadonlyArray<"deriveBits" | "deriveKey">): Promise<CryptoKeyPair>;

Rationale

X25519 is used for key derivation (ECDH), so it uses deriveBits and deriveKey as valid keyUsages, unlike Ed25519 which uses sign and verify.

This allows TypeScript to correctly infer CryptoKeyPair as the return type when using X25519, eliminating the need for type assertions or instanceof checks:

// Before: keyPair is CryptoKey | CryptoKeyPair, requires type assertion
const keyPair = await crypto.subtle.generateKey({ name: "X25519" }, true, ["deriveKey"]);

// After: keyPair is CryptoKeyPair, publicKey is directly accessible
const keyPair = await crypto.subtle.generateKey({ name: "X25519" }, true, ["deriveKey"]);
const publicKey = keyPair.publicKey; // No error!

Browser Support

X25519 is supported by:

  • Chrome/Edge (Blink): Yes, since version 133
  • Firefox (Gecko): Yes, since version 135
  • Safari (WebKit): Yes, since version 17.0

This meets the requirement of support by 2+ major browser engines.

References

@kairosci
Add X25519 generateKey overload to SubtleCrypto
377265c 
This adds a specific overload for the X25519 key exchange algorithm to
the SubtleCrypto.generateKey() method, following the same pattern as
the existing Ed25519 overload.

X25519 is used for key derivation (ECDH), so it uses 'deriveBits' and
'deriveKey' as valid keyUsages, unlike Ed25519 which uses 'sign' and
'verify'.

This allows TypeScript to correctly infer CryptoKeyPair as the return
type when using X25519, eliminating the need for type assertions or
instanceof checks.

Fixes microsoft/TypeScript#62926
@github-actions
Copy link
Contributor

github-actions bot commented Jan 7, 2026

Thanks for the PR!

This section of the codebase is owned by @saschanaz - if they write a comment saying "LGTM" then it will be merged.

@kairosci
Copy link
Contributor Author

kairosci commented Jan 7, 2026

@microsoft-github-policy-service agree

@saschanaz
Copy link
Collaborator

saschanaz commented Jan 8, 2026

LGTM, thanks!

(#2050 is a bigger version of it but it's too big)

@github-actions github-actions bot merged commit 32165fd into microsoft:main Jan 8, 2026
2 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Jan 8, 2026

Merging because @saschanaz is a code-owner of all the changes - thanks!

@kairosci kairosci deleted the fix/add-x25519-generatekey-overload branch January 8, 2026 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Bashamega Bashamega Bashamega approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add generateKey X25519 CryptoKeyPair

3 participants

@kairosci @saschanaz @Bashamega