Push Encryption Verifier

Implementing support for Web Push Encryption involves a series of steps. This tool exists to make debugging your implementation easier by, given the input keying material, sharing both the ciphertext and the intermediate values that will be used in the encryption.

Input variables

Public keys must be given as P-256 uncompressed EC points whereas the private key must be given as a 32-octet point. Both the salt and auth secret must be 16 bytes in size. All values, except for the plaintext data, must be base64 encoded, optionally using the URL-safe alphabet.


NIST P-256 uncompressed EC points

A series of 65 bytes starting with 0x04 followed by two 32-byte points, per SEC1 2.3.3.

Note: This is the format given by the W3C Push API's PushSubscription.getKey() method.

Note: When using Web Crypto, keep in mind that not all browsers allow importing such keys. The points can be written to the `x` and `y` properties in a JWK key, which can be imported by all implementations.

NIST P-256 Private Key

A series of 32 bytes containing the private key that belongs to the given public key. Only the sender's private key has to be known, since this verifies won't decode the information again.

Note: When using Web Crypto, this is the value of the `d` property of an exported JWK key.

Note: Browsers do not give you the private key associated with a Push API subscription.