Class: CryptoSuite_PKCS11

CryptoSuite_PKCS11

PKCS#11-compliant implementation to support Hardware Security Modules.

new CryptoSuite_PKCS11(keySize, hash, opts)

Parameters:
Name Type Description
keySize number Length of key (in bytes), a.k.a "security level"
hash string Optional. Hash algorithm, supported values are "SHA2" and "SHA3"
opts object Option is the form { lib: string, slot: number, pin: string } If lib is not specified or null, its value will be taken from the CRYPTO_PKCS11_LIB env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-lib key in the configuration file. If slot is not specified or null, its value will be taken from the CRYPTO_PKCS11_SLOT env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-slot key in the configuration file. If pin is not specified or null, its value will be taken from the CRYPTO_PKCS11_PIN env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-pin key in the configuration file.

Methods


decrypt()

This is an implementation of module:api.CryptoSuite#decrypt Decrypts cipherText using key. The opts argument should be appropriate for the algorithm used.

deriveKey()

This is an implementation of module:api.CryptoSuite#deriveKey

encrypt()

This is an implementation of module:api.CryptoSuite#encrypt Encrypts plainText using key. The opts argument should be appropriate for the algorithm used.

generateKey()

This is an implementation of module:api.CryptoSuite#generateKey Returns an instance of module.api.Key representing the private key, which also encapsulates the public key. By default the generated key (keypar) is (are) ephemeral unless opts.ephemeral is set to false, in which case the key (keypair) will be saved across PKCS11 sessions by the HSM hardware.
Returns:
Promise of an instance of module:PKCS11_ECDSA_KEY containing the private key and the public key.
Type
Key

getKey()

This is an implementation of module:api.CryptoSuite#getKey Returns the key this CSP associates to the Subject Key Identifier ski.

importKey()

This is an implementation of module:api.CryptoSuite#importKey

sign()

This is an implementation of module:api.CryptoSuite#sign Signs digest using key k. The opts argument is not needed.

verify()

This is an implementation of module:api.CryptoSuite#verify Verifies signature against key k and digest