interface Cryptography {
    mOfnSplit(m: number, n: number, secret?: null | string): Promise<hsm.interfaces.cryptography.MofNSplit>;
    mOfNRecover(parts: Buffer[]): Promise<Buffer>;
    rsaSign(keyName: string, hashAlgorithm: HASH_ALGORITHMS, hash: Buffer, pad: PAD_TYPE): Promise<Buffer>;
    rsaVerify(keyName: string, hashAlgorithm: HASH_ALGORITHMS, pad: PAD_TYPE, hash: Buffer, signature: Buffer): Promise<boolean>;
    eccSign(keyName: string, hashAlgorithm: HASH_ALGORITHMS, hash: Buffer): Promise<Buffer>;
    eccVerify(keyName: string, hashAlgorithm: HASH_ALGORITHMS, hash: Buffer, signature: Buffer): Promise<boolean>;
    eddsaSign(keyName: string, hash: Buffer): Promise<Buffer>;
    eddsaVerify(keyName: string, hash: Buffer, signature: Buffer): Promise<boolean>;
    dataUnenvelop(keyName: string, data: Buffer, paddingOption: ENC_DEC_PADDING): Promise<Buffer>;
    dataEnvelop(pubKey: Buffer, keyLength: RSA_LENGTH_KEYS, data: Buffer, paddingOption: ENC_DEC_PADDING): Promise<Buffer>;
    genRand(len: number): Promise<Buffer>;
}

Methods

  • Reconstructs the secret M of N from the parts of the custodians. According to Shamir's secret-sharing pattern.

    Parameters

    • parts: Buffer[]

      Array of buffers with the parts of the secret generated by the Cryptography.mOfnSplit function.

    Returns Promise<Buffer>

    Returns a buffer with the reconstructed secret.

    exceptions.HsmError If the secret cannot be reconstructed or an error occurs in the operation.

    Example code: Reconstructing a secret in M from N

  • Signs data using an RSA private key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • hash: Buffer

      Hash of the data to be signed.

    • pad: PAD_TYPE

      Type of padding to be used in the signature.

    Returns Promise<Buffer>

    Returns a buffer with the data signature.

    exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.

    Example code: Signing hash with RSA

  • Verifies a data signature using an RSA key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • pad: PAD_TYPE

      Type of padding to be used in the signature.

    • hash: Buffer

      Hash of the data to be verified.

    • signature: Buffer

      Signature of the data to be verified.

    Returns Promise<boolean>

    Return true if the signature is valid and false otherwise.

    exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.

    Example code: Verifying hash signatures with RSA

  • Signs data using an ECC private key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • hash: Buffer

      Hash of the data to be signed.

    Returns Promise<Buffer>

    Returns a buffer with the data signature.

    exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.

    Example code: Signing hash with ECC

  • Verifies a data signature using an ECC key.

    Parameters

    • keyName: string

      Key name.

    • hashAlgorithm: HASH_ALGORITHMS

      Algorithm used to generate the hash of the data.

    • hash: Buffer

      Hash of the data to be verified.

    • signature: Buffer

      Signature of the data to be verified.

    Returns Promise<boolean>

    Return true if the signature is valid and false otherwise.

    exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.

    Example code: Verifying hash signatures with ECC

  • Signs data using an EdDSA private key.

    Parameters

    • keyName: string

      Key name.

    • hash: Buffer

      Hash of the data to be signed.

    Returns Promise<Buffer>

    Returns a buffer with the data signature.

    exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.

    Example code: Signing hash with EdDSA

  • Verifies a data signature using an EdDSA key.

    Parameters

    • keyName: string

      Key name.

    • hash: Buffer

      Hash of the data to be verified.

    • signature: Buffer

      Signature of the data to be verified.

    Returns Promise<boolean>

    Return true if the signature is valid and false otherwise.

    exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.

    Example code: Verifying hash signatures with EdDSA

  • Unwrap data using an RSA key.

    Parameters

    • keyName: string

      Name of the RSA private key.

    • date: Buffer

      Given that it will be de-enveloped.

    • paddingOption: ENC_DEC_PADDING

      Filling option used in data encryption.

    Returns Promise<Buffer>

    Returns the de-enveloped data.

    exceptions.HsmError If it is not possible to de-envelope the data or an error occurs in the operation.

  • Envelopes data using an RSA public key.

    Parameters

    • pubKey: Buffer

      RSA public key that will be used to envelop the data.

    • keyLength: RSA_LENGTH_KEYS
    • date: Buffer

      Given that it will be enveloped.

    • paddingOption: ENC_DEC_PADDING

      Filling option used in data encryption.

    Returns Promise<Buffer>

    Returns the enveloped data.

    exceptions.HsmError If the data cannot be enveloped or an error occurs in the operation.

  • Returns a set of pseudo-random bytes of size len for use in cryptography.

    Parameters

    • len: number

      Number of bytes to be generated. The value should be between 0 and 4294967295

    Returns Promise<Buffer>

    Returns a buffer containing a set of pseudo-random bytes of size len.

    exceptions.HsmError If it is not possible to retrieve the bytes or there is an error in the operation.

    Example code: Generating a set of random bytes