Cryptography Interface

interface Cryptography {
    mOfnSplit(m: number, n: number, secret?: null | string): Promise<MofNSplit>;
    mOfNRecover(parts: Buffer[]): Promise<Buffer>;
    rsaSign(keyName: string, hashAlgorithm: HASH_ALGORITHMS, hash: Buffer, pad: PAD_TYPE): Promise<Buffer>;
    rsaVerify(keyName: string, hashAlgorithm: HASH_ALGORITHMS, pad: PAD_TYPE, hash: Buffer, signature: Buffer): Promise<boolean>;
    eccSign(keyName: string, hashAlgorithm: HASH_ALGORITHMS, hash: Buffer): Promise<Buffer>;
    eccVerify(keyName: string, hashAlgorithm: HASH_ALGORITHMS, hash: Buffer, signature: Buffer): Promise<boolean>;
    eddsaSign(keyName: string, hash: Buffer): Promise<Buffer>;
    eddsaVerify(keyName: string, hash: Buffer, signature: Buffer): Promise<boolean>;
    dataUnenvelop(keyName: string, data: Buffer, paddingOption: ENC_DEC_PADDING): Promise<Buffer>;
    dataEnvelop(pubKey: Buffer, keyLength: RSA_LENGTH_KEYS, data: Buffer, paddingOption: ENC_DEC_PADDING): Promise<Buffer>;
    genRand(len: number): Promise<Buffer>;
}

Methods

mOfnSplit mOfNRecover rsaSign rsaVerify eccSign eccVerify eddsaSign eddsaVerify dataUnenvelop dataEnvelop genRand

Methods

mOfnSplit

mOfNRecover

  • mOfNRecover(parts): Promise<Buffer>

  • Reconstructs the secret M of N from the parts of the custodians. According to Shamir's secret-sharing pattern.

    Parameters

    • parts: Buffer[]

      Array of buffers with the parts of the secret generated by the Cryptography.mOfnSplit function.

    Returns Promise<Buffer>

    Returns a buffer with the reconstructed secret.

    Throws

    exceptions.HsmError If the secret cannot be reconstructed or an error occurs in the operation.

    See

    Example code: Reconstructing a secret in M from N

rsaSign

  • rsaSign(keyName, hashAlgorithm, hash, pad): Promise<Buffer>

  • Signs data using an RSA private key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • hash: Buffer

      Hash of the data to be signed.

    • pad: PAD_TYPE

      Type of padding to be used in the signature.

    Returns Promise<Buffer>

    Returns a buffer with the data signature.

    Throws

    exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.

    See

    Example code: Signing hash with RSA

rsaVerify

  • rsaVerify(keyName, hashAlgorithm, pad, hash, signature): Promise<boolean>

  • Verifies a data signature using an RSA key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • pad: PAD_TYPE

      Type of padding to be used in the signature.

    • hash: Buffer

      Hash of the data to be verified.

    • signature: Buffer

      Signature of the data to be verified.

    Returns Promise<boolean>

    Return true if the signature is valid and false otherwise.

    Throws

    exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.

    See

    Example code: Verifying hash signatures with RSA

eccSign

  • eccSign(keyName, hashAlgorithm, hash): Promise<Buffer>

  • Signs data using an ECC private key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • hash: Buffer

      Hash of the data to be signed.

    Returns Promise<Buffer>

    Returns a buffer with the data signature.

    Throws

    exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.

    See

    Example code: Signing hash with ECC

eccVerify

  • eccVerify(keyName, hashAlgorithm, hash, signature): Promise<boolean>

  • Verifies a data signature using an ECC key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • hash: Buffer

      Hash of the data to be verified.

    • signature: Buffer

      Signature of the data to be verified.

    Returns Promise<boolean>

    Return true if the signature is valid and false otherwise.

    Throws

    exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.

    See

    Example code: Verifying hash signatures with ECC

eddsaSign

  • eddsaSign(keyName, hash): Promise<Buffer>

  • Signs data using an EdDSA private key.

    Parameters

    • keyName: string

      Key name.

    • hash: Buffer

      Hash of the data to be signed.

    Returns Promise<Buffer>

    Returns a buffer with the data signature.

    Throws

    exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.

    See

    Example code: Signing hash with EdDSA

eddsaVerify

  • eddsaVerify(keyName, hash, signature): Promise<boolean>

  • Verifies a data signature using an EdDSA key.

    Parameters

    • keyName: string

      Key name.

    • hash: Buffer

      Hash of the data to be verified.

    • signature: Buffer

      Signature of the data to be verified.

    Returns Promise<boolean>

    Return true if the signature is valid and false otherwise.

    Throws

    exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.

    See

    Example code: Verifying hash signatures with EdDSA

dateUnenvelop

  • dateUnenvelop(keyName, date, paddingOption): Promise<Buffer>

  • Unwrap data using an RSA key.

    Parameters

    • keyName: string

      Name of the RSA private key.

    • date: Buffer

      Given that it will be de-enveloped.

    • paddingOption: ENC_DEC_PADDING

      Filling option used in data encryption.

    Returns Promise<Buffer>

    Returns the de-enveloped data.

    Throws

    exceptions.HsmError If it is not possible to de-envelope the data or an error occurs in the operation.

dateEnvelope

  • dateEnvelope(pubKey, keyLength, date, paddingOption): Promise<Buffer>

  • Envelopes data using an RSA public key.

    Parameters

    • pubKey: Buffer

      RSA public key that will be used to envelop the data.

    • keyLength: RSA_LENGTH_KEYS
    • date: Buffer

      Given that it will be enveloped.

    • paddingOption: ENC_DEC_PADDING

      Filling option used in data encryption.

    Returns Promise<Buffer>

    Returns the enveloped data.

    Throws

    exceptions.HsmError If the data cannot be enveloped or an error occurs in the operation.

genRand

  • genRand(len): Promise<Buffer>

  • Returns a set of pseudo-random bytes of size len for use in cryptography.

    Parameters

    • len: number

      Number of bytes to be generated. The value should be between 0 and 4294967295

    Returns Promise<Buffer>

    Returns a buffer containing a set of pseudo-random bytes of size len.

    Throws

    exceptions.HsmError If it is not possible to retrieve the bytes or there is an error in the operation.

    See

    Example code: Generating a set of random bytes

Settings

On This Page

Methods