Class: CryptoSuite

api. CryptoSuite

Abstract class for a suite of crypto algorithms used by the SDK to perform encryption, decryption and secure hashing. A complete suite includes libraries for asymmetric keys (such as ECDSA or RSA), symmetric keys (such as AES) and secure hash (such as SHA2/3). The SDK provides a default implementation based on ECDSA + AES + SHA2/3. An alternative implementation can be specified using the "CRYPTO_SUITE" environment variable, pointing to a full path to the require() package for the module.

new CryptoSuite()

Methods


decrypt(key, cipherText, opts)

Decrypts ciphertext using key k. The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key Key Decryption key (private key)
cipherText Array.<byte> Cipher text to decrypt
opts Object Decrypt options
Returns:
Plain text after decryption
Type
Array.<byte>

deriveKey(key, opts)

Derives a key from k using opts.
Parameters:
Name Type Description
key Key the source key
opts Object algorithm: an identifier for the algorithm to be used ephemeral: true if the key to generate has to be ephemeral
Returns:
derived key
Type
Key

encrypt(key, plainText, opts)

Encrypts plaintext using key k. The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key Key Encryption key (public key)
plainText Array.<byte> Plain text to encrypt
opts Object Encryption options
Returns:
Cipher text after encryption
Type
Array.<byte>

generateKey(opts)

Generate a key using the opts
Parameters:
Name Type Description
opts Object algorithm: an identifier for the algorithm to be used, such as "ECDSA" ephemeral: true if the key to generate has to be ephemeral
Returns:
Promise of an instance of the Key class
Type
Key

getKey(ski)

Returns the key this CSP associates to the Subject Key Identifier ski.
Parameters:
Name Type Description
ski Array.<byte> Subject Key Identifier specific to a Crypto Suite implementation
Returns:
Promise of an instance of the Key class corresponding to the ski
Type
Key

hash(msg, opts)

Hashes messages msg using options opts.
Parameters:
Name Type Description
msg Array.<byte> Source message to be hashed
opts Object algorithm: an identifier for the algorithm to be used, such as "SHA3"
Returns:
The hashed digest in hexidecimal string encoding
Type
string

importKey(raw, opts)

Imports a key from its raw representation using opts. If the `opts.ephemeral` parameter is false, the method, in addition to returning the imported Key instance, also saves the imported key in the key store as PEM files that can be retrieved using the 'getKey()' method
Parameters:
Name Type Description
raw Array.<byte> Raw bytes of the key to import
opts Object
`type`: type of information that 'raw' represents: x509 certificate,
`algorithm`: an identifier for the algorithm to be used
`ephemeral`: true if the key to generate has to be ephemeral
Returns:
Promise of an instance of the Key class wrapping the raw key bytes
Type
Key

sign(key, digest, opts)

Signs digest using key k. The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key Key Signing key (private key)
digest Array.<byte> The message digest to be signed. Note that when a signature of a hash of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest) and the hash function (as opts) to sign.
opts Object hashingFunction: the function to use to hash
Returns:
the resulting signature
Type
Array.<byte>

verify(key, signature, digest)

Verifies signature against key k and digest The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key Key Signing verification key (public key)
signature Array.<byte> The signature to verify
digest Array.<byte> The digest that the signature was created for
Returns:
true if the signature verifies successfully
Type
boolean