# AWS Encryption SDK for JavaScript
The AWS Encryption SDK for JavaScript is designed to provide a client-side encryption library for developers who are writing web browser applications in JavaScript or web server applications in Node.js.
Like all implementations of the AWS Encryption SDK, the AWS Encryption SDK for JavaScript offers advanced data protection features. These include [envelope encryption](concepts.md#envelope-encryption), additional authenticated data (AAD), and secure, authenticated, symmetric key [algorithm suites](concepts.md#crypto-algorithm), such as 256-bit AES-GCM with key derivation and signing.
All language-specific implementations of the AWS Encryption SDK are designed to be interoperable, subject to the constraints of the language. For details about language constraints for JavaScript, see [Compatibility of the AWS Encryption SDK for JavaScript](javascript-compatibility.md).
**Learn More**
+ For details about programming with the AWS Encryption SDK for JavaScript, see the [aws-encryption-sdk-javascript](https://github.com/aws/aws-encryption-sdk-javascript/) repository on GitHub.
+ For programming examples, see [AWS Encryption SDK for JavaScript examples](js-examples.md) and the [example-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-browser) and [example-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-node) modules in the [aws-encryption-sdk-javascript](https://github.com/aws/aws-encryption-sdk-javascript/) repository.
+ For a real-world example of using the AWS Encryption SDK for JavaScript to encrypt data in a web application, see [How to enable encryption in a browser with the AWS Encryption SDK for JavaScript and Node.js](https://aws.amazon.com/blogs/security/how-to-enable-encryption-browser-aws-encryption-sdk-javascript-node-js/) in the AWS Security Blog.
**Topics**
+ [Compatibility](javascript-compatibility.md)
+ [Installation](javascript-installation.md)
+ [Modules](javascript-modules.md)
+ [Examples](js-examples.md)
# Compatibility of the AWS Encryption SDK for JavaScript
The AWS Encryption SDK for JavaScript is designed to be interoperable with other language implementations of the AWS Encryption SDK. In most cases, you can encrypt data with the AWS Encryption SDK for JavaScript and decrypt it with any other language implementation, including the [AWS Encryption SDK Command Line Interface](crypto-cli.md). And you can use the AWS Encryption SDK for JavaScript to decrypt [encrypted messages](concepts.md#message) produced by other language implementations of the AWS Encryption SDK.
However, when you use the AWS Encryption SDK for JavaScript, you need to be aware of some compatibility issues in the JavaScript language implementation and in web browsers.
Also, when using different language implementations, be sure to configure compatible master key providers, master keys, and keyrings. For details, see [Keyring compatibility](choose-keyring.md#keyring-compatibility).
## AWS Encryption SDK for JavaScript compatibility
The JavaScript implementation of the AWS Encryption SDK differs from other language implementations in the following ways:
+ The encrypt operation of the AWS Encryption SDK for JavaScript doesn't return nonframed ciphertext. However, the AWS Encryption SDK for JavaScript will decrypt framed and nonframed ciphertext returned by other language implementations of the AWS Encryption SDK.
+ Beginning in Node.js version 12.9.0, Node.js supports the following RSA key wrapping options:
+ OAEP with SHA1, SHA256, SHA384, or SHA512
+ OAEP with SHA1 and MGF1 with SHA1
+ PKCS1v15
+ Before version 12.9.0, Node.js supports only the following RSA key wrapping options:
+ OAEP with SHA1 and MGF1 with SHA1
+ PKCS1v15
## Browser compatibility
Some web browsers don't support basic cryptographic operations that the AWS Encryption SDK for JavaScript requires. You can compensate for some of the missing operations by configuring a fallback for the WebCrypto API that the browser implements.
**Web browser limitations**
The following limitations are common to all web browsers:
+ The WebCrypto API doesn't support PKCS1v15 key wrapping.
+ Browsers don't support 192-bit keys.
**Required cryptographic operations**
The AWS Encryption SDK for JavaScript requires the following operations in web browsers. If a browser doesn't support these operations, it's incompatible with the AWS Encryption SDK for JavaScript.
+ The browser must include `crypto.getRandomValues()`, which is a method for generating cryptographically random values. For information about the web browser versions that support `crypto.getRandomValues()`, see [Can I Use crypto.getRandomValues()?](https://caniuse.com/#feat=getrandomvalues).
**Required fallback**
The AWS Encryption SDK for JavaScript requires the following libraries and operations in web browsers. If you support a web browser that doesn't fulfill these requirements, you must configure a fallback. Otherwise, attempts to use the AWS Encryption SDK for JavaScript with the browser will fail.
+ The WebCrypto API, which performs basic cryptographic operations in web applications, isn't available for all browsers. For information about the web browser versions that support web cryptography, see [Can I Use Web Cryptography?](https://caniuse.com/#feat=cryptography).
+ Modern versions of the Safari web browser don't support AES-GCM encryption of zero bytes, which the AWS Encryption SDK requires. If the browser implements the WebCrypto API, but can't use AES-GCM to encrypt zero bytes, the AWS Encryption SDK for JavaScript uses the fallback library only for zero-byte encryption. It uses the WebCrypto API for all other operations.
To configure a fallback for either limitation, add the following statements to your code. In the [configureFallback](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/web-crypto-backend/src/backend-factory.ts#L78) function, specify a library that supports the missing features. The following example uses the Microsoft Research JavaScript Cryptography Library (`msrcrypto`), but you can replace it with a compatible library. For a complete example, see [fallback.ts](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/example-browser/src/fallback.ts).
```
import { configureFallback } from '@aws-crypto/client-browser'
configureFallback(msrCrypto)
```
# Installing the AWS Encryption SDK for JavaScript
The AWS Encryption SDK for JavaScript consists of a collection of interdependent modules. Several of the modules are just collections of modules that are designed to work together. Some modules are designed to work independently. A few modules are required for all implementations; a few others are required only for special cases. For information about the modules in the AWS Encryption SDK for JavaScript, see [Modules in the AWS Encryption SDK for JavaScript](javascript-modules.md) and the `README.md` file in each of the modules in the [aws-encryption-sdk-javascript](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules) repository on GitHub.
**Note**
All versions of the AWS Encryption SDK for JavaScript earlier than 2.0.0 are in the [end-of-support phase](https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle).
You can safely update from version 2.0.*x* and later to the latest version of the AWS Encryption SDK for JavaScript without any code or data changes. However, [ new security features](about-versions.md#version-2) introduced in version 2.0.*x* are not backward-compatible. To update from versions earlier than 1.7.*x* to version 2.0.*x* and later, you must first update to the latest 1.*x* version of the AWS Encryption SDK for JavaScript. For details, see [Migrating your AWS Encryption SDK](migration.md).
To install the modules, use the [npm package manager](https://www.npmjs.com/get-npm).
For example, to install the `client-node` module, which includes all of the modules you need to program with the AWS Encryption SDK for JavaScript in Node.js, use the following command.
```
npm install @aws-crypto/client-node
```
To install the `client-browser` module, which includes all of the modules you need to program with the AWS Encryption SDK for JavaScript in the browser, use the following command.
```
npm install @aws-crypto/client-browser
```
For working examples of how to use the AWS Encryption SDK for JavaScript, see the examples in the `example-node` and `example-browser` modules in the [aws-encryption-sdk-javascript](https://github.com/aws/aws-encryption-sdk-javascript/) repository on GitHub.
# Modules in the AWS Encryption SDK for JavaScript
The modules in the AWS Encryption SDK for JavaScript make it easy to install the code that you need for your projects.
## Modules for JavaScript Node.js
[client-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/client-node)
Includes all of the modules you need to program with the AWS Encryption SDK for JavaScript in Node.js.
[caching-materials-manager-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/caching-materials-manager-node)
Exports functions that support the [data key caching](data-key-caching.md) feature in the AWS Encryption SDK for JavaScript in Node.js.
[decrypt-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/decrypt-node)
Exports functions that decrypt and verify encrypted messages representing data and data streams. Included in the `client-node` module.
[encrypt-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/encrypt-node)
Exports functions that encrypt and sign different types of data. Included in the `client-node` module.
[example-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-node)
Exports working examples of programming with the AWS Encryption SDK for JavaScript in Node.js. Includes example of different types of keyrings and different types of data.
[hkdf-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/hkdf-node)
Exports an [HMAC-based Key Derivation Function](https://en.wikipedia.org/wiki/HKDF) (HKDF) that the AWS Encryption SDK for JavaScript in Node.js uses in particular algorithm suites. The AWS Encryption SDK for JavaScript in the browser uses the native HKDF function in the WebCrypto API.
[integration-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/integration-node)
Defines tests that verify that the AWS Encryption SDK for JavaScript in Node.js is compatible with other language implementations of the AWS Encryption SDK.
[kms-keyring-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/kms-keyring-node)
Exports functions that support AWS KMS keyrings in Node.js.
[raw-aes-keyring-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/raw-aes-keyring-node)
Exports functions that support [Raw AES keyrings](use-raw-aes-keyring.md) in Node.js.
[raw-rsa-keyring-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/raw-rsa-keyring-node)
Exports functions that support [Raw RSA keyrings](use-raw-rsa-keyring.md) in Node.js.
## Modules for JavaScript Browser
[client-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/client-browser)
Includes all of the modules you need to program with the AWS Encryption SDK for JavaScript in the browser.
[caching-materials-manager-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/caching-materials-manager-browser)
Exports functions that support the [data key caching](data-key-caching.md) feature for JavaScript in the browser.
[decrypt-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/decrypt-browser)
Exports functions that decrypt and verify encrypted messages representing data and data streams.
[encrypt-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/encrypt-browser)
Exports functions that encrypt and sign different types of data.
[example-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-browser)
Working examples of programming with the AWS Encryption SDK for JavaScript in the browser. Includes examples of different types of keyrings and different types of data.
[integration-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/integration-browser)
Defines tests that verify that the AWS Encryption SDK for JavaScript in the browser is compatible with other language implementations of the AWS Encryption SDK.
[kms-keyring-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/kms-keyring-browser)
Exports functions that support [AWS KMS keyrings](use-kms-keyring.md) in the browser.
[raw-aes-keyring-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/raw-aes-keyring-browser)
Exports functions that support [Raw AES keyrings](use-raw-aes-keyring.md) in the browser.
[raw-rsa-keyring-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/raw-rsa-keyring-browser)
Exports functions that support [Raw RSA keyrings](use-raw-rsa-keyring.md) in the browser.
## Modules for all implementations
[cache-material](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/cache-material)
Supports the [data key caching](data-key-caching.md) feature. Provides code for assembling the cryptographic materials that are cached with each data key.
[kms-keyring](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/kms-keyring)
Exports functions that support [KMS keyrings](use-kms-keyring.md).
[material-management](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/material-management)
Implements the [cryptographic materials manager](concepts.md#crypt-materials-manager) (CMM).
[raw-keyring](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/raw-keyring)
Exports functions required for raw AES and RSA keyrings.
[serialize](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/serialize)
Exports functions that the SDK uses to serialize its output.
[web-crypto-backend](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/web-crypto-backend)
Exports functions that use the WebCrypto API in the AWS Encryption SDK for JavaScript in the browser.
# AWS Encryption SDK for JavaScript examples
The following examples show you how to use the AWS Encryption SDK for JavaScript to encrypt and decrypt data.
You can find more examples of using the AWS Encryption SDK for JavaScript in the [example-node](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-node) and [example-browser](https://github.com/aws/aws-encryption-sdk-javascript/tree/master/modules/example-browser) modules in the [aws-encryption-sdk-javascript](https://github.com/aws/aws-encryption-sdk-javascript/) repository on GitHub. These example modules are not installed when you install the `client-browser` or `client-node` modules.
**See the complete code samples**: Node: [kms\$1simple.ts](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/example-node/src/kms_simple.ts), Browser: [kms\$1simple.ts](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/example-browser/src/kms_simple.ts)
**Topics**
+ [Encrypting data with an AWS KMS keyring](#javascript-example-encrypt)
+ [Decrypting data with an AWS KMS keyring](#javascript-example-decrypt)
## Encrypting data with an AWS KMS keyring
The following example shows you how to use the AWS Encryption SDK for JavaScript to encrypt and decrypt a short string or byte array.
This example features an [AWS KMS keyring](use-kms-keyring.md), a type of keyring that uses an AWS KMS key to generate and encrypt data keys. For help creating an AWS KMS key, see [Creating Keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. For help identifying the AWS KMS keys in an AWS KMS keyring, see [Identifying AWS KMS keys in an AWS KMS keyring](use-kms-keyring.md#kms-keyring-id)
Step 1: Set the commitment policy.
Beginning in version 1.7.*x* of the AWS Encryption SDK for JavaScript, you can set the commitment policy when you call the new `buildClient` function that instantiates an AWS Encryption SDK client. The `buildClient` function takes an enumerated value that represents your commitment policy. It returns updated `encrypt` and `decrypt` functions that enforce your commitment policy when you encrypt and decrypt.
The following examples use the `buildClient` function to specify the [default commitment policy](migrate-commitment-policy.md), `REQUIRE_ENCRYPT_REQUIRE_DECRYPT`. You can also use the `buildClient` to limit the number of encrypted data keys in an encrypted message. For more information, see [Limiting encrypted data keys](configure.md#config-limit-keys).
```
import {
KmsKeyringBrowser,
KMS,
getClient,
buildClient,
CommitmentPolicy,
} from '@aws-crypto/client-browser'
const { encrypt, decrypt } = buildClient(
CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
)
```
```
import {
KmsKeyringNode,
buildClient,
CommitmentPolicy,
} from '@aws-crypto/client-node'
const { encrypt, decrypt } = buildClient(
CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
)
```
Step 2: Construct the keyring.
Create an AWS KMS keyring for encryption.
When encrypting with an AWS KMS keyring, you must specify a *generator key*, that is, an AWS KMS key that is used to generate the plaintext data key and encrypt it. You can also specify zero or more *additional keys* that encrypt the same plaintext data key. The keyring returns the plaintext data key and one encrypted copy of that data key for each AWS KMS key in the keyring, including the generator key. To decrypt the data, you need to decrypt any one of the encrypted data keys.
To specify the AWS KMS keys for an encryption keyring in the AWS Encryption SDK for JavaScript, you can use [any supported AWS KMS key identifier](use-kms-keyring.md#kms-keyring-id). This example uses a generator key, which is identified by its [alias ARN](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-alias-ARN), and one additional key, which is identified by a [key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN).
If you plan to reuse your AWS KMS keyring for decrypting, you must use key ARNs to identify the AWS KMS keys in the keyring.
Before running this code, replace the example AWS KMS key identifiers with valid identifiers. You must have the [permissions required to use the AWS KMS keys](use-kms-keyring.md#kms-keyring-permissions) in the keyring.
Begin by providing your credentials to the browser. The AWS Encryption SDK for JavaScript examples use the [webpack.DefinePlugin](https://webpack.js.org/plugins/define-plugin/), which replaces the credential constants with your actual credentials. But you can use any method to provide your credentials. Then, use the credentials to create an AWS KMS client.
```
declare const credentials: {accessKeyId: string, secretAccessKey:string, sessionToken:string }
const clientProvider = getClient(KMS, {
credentials: {
accessKeyId,
secretAccessKey,
sessionToken
}
})
```
Next, specify the AWS KMS keys for the generator key and additional key. Then, create an AWS KMS keyring using the AWS KMS client and the AWS KMS keys.
```
const generatorKeyId = 'arn:aws:kms:us-west-2:111122223333:alias/EncryptDecrypt'
const keyIds = ['arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab']
const keyring = new KmsKeyringBrowser({ clientProvider, generatorKeyId, keyIds })
```
```
const generatorKeyId = 'arn:aws:kms:us-west-2:111122223333:alias/EncryptDecrypt'
const keyIds = ['arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab']
const keyring = new KmsKeyringNode({ generatorKeyId, keyIds })
```
Step 3: Set the encryption context.
An [encryption context](concepts.md#encryption-context) is arbitrary, non-secret additional authenticated data. When you provide an encryption context on encrypt, the AWS Encryption SDK cryptographically binds the encryption context to the ciphertext so that the same encryption context is required to decrypt the data. Using an encryption context is optional, but we recommend it as a best practice.
Create a simple object that includes the encryption context pairs. The key and value in each pair must be a string.
```
const context = {
stage: 'demo',
purpose: 'simple demonstration app',
origin: 'us-west-2'
}
```
```
const context = {
stage: 'demo',
purpose: 'simple demonstration app',
origin: 'us-west-2'
}
```
Step 4: Encrypt the data.
To encrypt the plaintext data, call the `encrypt` function. Pass in the AWS KMS keyring, the plaintext data, and the encryption context.
The `encrypt` function returns an [encrypted message](concepts.md#message) (`result`) that contains the encrypted data, the encrypted data keys, and important metadata, including the encryption context and signature.
You can [decrypt this encrypted message](#javascript-example-decrypt) by using the AWS Encryption SDK for any supported programming language.
```
const plaintext = new Uint8Array([1, 2, 3, 4, 5])
const { result } = await encrypt(keyring, plaintext, { encryptionContext: context })
```
```
const plaintext = 'asdf'
const { result } = await encrypt(keyring, plaintext, { encryptionContext: context })
```
## Decrypting data with an AWS KMS keyring
You can use the AWS Encryption SDK for JavaScript to decrypt the encrypted message and recover the original data.
In this example, we decrypt the data that we encrypted in the [Encrypting data with an AWS KMS keyring](#javascript-example-encrypt) example.
Step 1: Set the commitment policy.
Beginning in version 1.7.*x* of the AWS Encryption SDK for JavaScript, you can set the commitment policy when you call the new `buildClient` function that instantiates an AWS Encryption SDK client. The `buildClient` function takes an enumerated value that represents your commitment policy. It returns updated `encrypt` and `decrypt` functions that enforce your commitment policy when you encrypt and decrypt.
The following examples use the `buildClient` function to specify the [default commitment policy](migrate-commitment-policy.md), `REQUIRE_ENCRYPT_REQUIRE_DECRYPT`. You can also use the `buildClient` to limit the number of encrypted data keys in an encrypted message. For more information, see [Limiting encrypted data keys](configure.md#config-limit-keys).
```
import {
KmsKeyringBrowser,
KMS,
getClient,
buildClient,
CommitmentPolicy,
} from '@aws-crypto/client-browser'
const { encrypt, decrypt } = buildClient(
CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
)
```
```
import {
KmsKeyringNode,
buildClient,
CommitmentPolicy,
} from '@aws-crypto/client-node'
const { encrypt, decrypt } = buildClient(
CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
)
```
Step 2: Construct the keyring.
To decrypt the data, pass in the [encrypted message](concepts.md#message) (`result`) that the `encrypt` function returned. The encrypted message includes the encrypted data, the encrypted data keys, and important metadata, including the encryption context and signature.
You must also specify an [AWS KMS keyring](use-kms-keyring.md) when decrypting. You can use the same keyring that was used to encrypt the data or a different keyring. To succeed, at least one AWS KMS key in the decryption keyring must be able to decrypt one of the encrypted data keys in the encrypted message. Because no data keys are generated, you do not need to specify a generator key in a decryption keyring. If you do, the generator key and additional keys are treated the same way.
To specify an AWS KMS key for a decryption keyring in the AWS Encryption SDK for JavaScript, you must use the [key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN). Otherwise, the AWS KMS key is not recognized. For help identifying the AWS KMS keys in an AWS KMS keyring, see [Identifying AWS KMS keys in an AWS KMS keyring](use-kms-keyring.md#kms-keyring-id)
If you use the same keyring for encrypting and decrypting, use key ARNs to identify the AWS KMS keys in the keyring.
In this example, we create a keyring that includes only one of the AWS KMS keys in the encryption keyring. Before running this code, replace the example key ARN with a valid one. You must have `kms:Decrypt` permission on the AWS KMS key.
Begin by providing your credentials to the browser. The AWS Encryption SDK for JavaScript examples use the [webpack.DefinePlugin](https://webpack.js.org/plugins/define-plugin/), which replaces the credential constants with your actual credentials. But you can use any method to provide your credentials. Then, use the credentials to create an AWS KMS client.
```
declare const credentials: {accessKeyId: string, secretAccessKey:string, sessionToken:string }
const clientProvider = getClient(KMS, {
credentials: {
accessKeyId,
secretAccessKey,
sessionToken
}
})
```
Next, create an AWS KMS keyring using the AWS KMS client. This example uses just one of the AWS KMS keys from the encryption keyring.
```
const keyIds = ['arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab']
const keyring = new KmsKeyringBrowser({ clientProvider, keyIds })
```
```
const keyIds = ['arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab']
const keyring = new KmsKeyringNode({ keyIds })
```
Step 3: Decrypt the data.
Next, call the `decrypt` function. Pass in the decryption keyring that you just created (`keyring`) and the [encrypted message](concepts.md#message) that the `encrypt` function returned (`result`). The AWS Encryption SDK uses the keyring to decrypt one of the encrypted data keys. Then it uses the plaintext data key to decrypt the data.
If the call succeeds, the `plaintext` field contains the plaintext (decrypted) data. The `messageHeader` field contains metadata about the decryption process, including the encryption context that was used to decrypt the data.
```
const { plaintext, messageHeader } = await decrypt(keyring, result)
```
```
const { plaintext, messageHeader } = await decrypt(keyring, result)
```
Step 4: Verify the encryption context.
The [encryption context](concepts.md#encryption-context) that was used to decrypt the data is included in the message header (`messageHeader`) that the `decrypt` function returns. Before your application returns the plaintext data, verify that the encryption context that you provided when encrypting is included in the encryption context that was used when decrypting. A mismatch might indicate that the data was tampered with, or that you didn't decrypt the right ciphertext.
When verifying the encryption context, do not require an exact match. When you use an encryption algorithm with signing, the [cryptographic materials manager](concepts.md#crypt-materials-manager) (CMM) adds the public signing key to the encryption context before encrypting the message. But all of the encryption context pairs that you submitted should be included in the encryption context that was returned.
First, get the encryption context from the message header. Then, verify that each key-value pair in the original encryption context (`context`) matches a key-value pair in the returned encryption context (`encryptionContext`).
```
const { encryptionContext } = messageHeader
Object
.entries(context)
.forEach(([key, value]) => {
if (encryptionContext[key] !== value) throw new Error('Encryption Context does not match expected values')
})
```
```
const { encryptionContext } = messageHeader
Object
.entries(context)
.forEach(([key, value]) => {
if (encryptionContext[key] !== value) throw new Error('Encryption Context does not match expected values')
})
```
If the encryption context check succeeds, you can return the plaintext data.