Operation parameters (key, mode, IV). The mode must specify the direction (ENCRYPT/DECRYPT).
Returns an instance of Transform Stream.
Sample code: Example of symmetric encryption using Streams
Creates a stream for hashing operations (Transform Stream). Allows you to calculate the hash of large volumes of data incrementally.
Operation parameters (algorithm, optional key for HMAC/CMAC).
Returns an instance of Transform Stream.
Sample code: Example of hash generation using streams
Performs an atomic (one-shot) hash operation. Processes all the data in a single call to the HSM.
Hash algorithm to be used.
Data to process.
Key name in the HSM (optional; required for HMAC or CMAC).
Returns the final digest generated by HSM.
exceptions.HsmError If an error occurs during the hashing operation in the HSM.
Sample code: Example of hash generation (one-shot)
Performs a generic symmetric encryption/decryption operation. Automatically selects between FAST mode (one-shot) and Stream mode based on the data size (1200-byte limit for FAST).
Operation parameters (key, mode, IV). The "mode" field must include the direction (ENCRYPT/DECRYPT).
Data to process.
Returns the processed data (encrypted or decrypted).
exceptions.HsmError If an error occurs during the HSM operation.
Sample code: Example of symmetric encryption/decryption (one-shot)
Encrypts data using a symmetric key. Automatically sets the direction to ENCRYPT in the provided options.
Operating parameters (key, mode, IV).
Data to encrypt.
Returns the encrypted data.
exceptions.HsmError If an error occurs during the HSM operation.
Sample code: Example of symmetric encryption/decryption (one-shot)
Decrypts data using a symmetric key. Automatically sets the direction to DECRYPT in the provided options.
Operating parameters (key, mode, IV).
Data to decrypt.
Returns the decrypted data.
exceptions.HsmError If an error occurs during the HSM operation.
Sample code: Example of symmetric encryption/decryption (one-shot)
Splits M from N of a secret, according to Shamir's secret-sharing pattern.
Minimum number of parts needed to reconstruct the secret. The maximum value must be less than or equal to n.
Total number of parts generated.
Secret that will be shared in several parts. Null can be passed so that a secret is generated randomly by the HSM, in which case the value will be returned in interfaces.cryptography.MofNSplit.
Returns an object with the secret split.
This method is legacy. Use interfaces.management.Management.generateSVMK instead.
exceptions.HsmError If it is not possible to split the secret or an error occurs in the operation.
Example code: Dividing a secret into M from N
Reconstructs the secret M of N from the parts of the custodians. According to Shamir's secret-sharing pattern.
Array of buffers with the parts of the secret generated by the Cryptography.mOfnSplit function.
Returns a buffer with the reconstructed secret.
This method is legacy. Use interfaces.management.Management.recoverSVMK instead.
exceptions.HsmError If the secret cannot be reconstructed or an error occurs in the operation.
Example code: Reconstructing a secret in M from N
Signs data using an RSA private key.
Key name.
Algorithm used to generate the hash of the data.
Hash of the data to be signed.
Type of padding to be used in the signature.
Returns a buffer with the data signature.
exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.
Example code: Signing hash with RSA
Verifies a data signature using an RSA key.
Key name.
Algorithm used to generate the hash of the data.
Type of padding to be used in the signature.
Hash of the data to be verified.
Signature of the data to be verified.
Returns true if the signature is valid and false otherwise.
exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.
Example code: Verifying hash signatures with RSA
Signs data using an ECC private key.
Key name.
Algorithm used to generate the hash of the data.
Hash of the data to be signed.
Returns a buffer with the data signature.
exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.
Example code: Signing hash with ECC
Verifies a data signature using an ECC key.
Key name.
Algorithm used to generate the hash of the data.
Hash of the data to be verified.
Signature of the data to be verified.
Returns true if the signature is valid and false otherwise.
exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.
Example code: Verifying hash signatures with ECC
Signs data using an EdDSA private key.
Key name.
Hash of the data to be signed.
Returns a buffer with the data signature.
exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.
Example code: Signing hash with EdDSA
Verifies a data signature using an EdDSA key.
Key name.
Hash of the data to be verified.
Signature of the data to be verified.
Returns true if the signature is valid and false otherwise.
exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.
Example code: Verifying hash signatures with EdDSA
Unwrap data using an RSA key.
Name of the RSA private key.
Given that it will be de-enveloped.
Filling option used in data encryption.
Returns the de-enveloped data.
exceptions.HsmError If it is not possible to de-envelope the data or an error occurs in the operation.
Envelopes data using an RSA public key.
RSA public key that will be used to envelop the data.
RSA key size.
Given that it will be enveloped.
Filling option used in data encryption.
Returns the enveloped data.
exceptions.HsmError If the data cannot be enveloped or an error occurs in the operation.
Returns a set of pseudo-random bytes of size len for use in cryptography.
Number of bytes to be generated. The value must be between 0 and 4294967295.
Returns a buffer containing a set of pseudo-random bytes of size len.
exceptions.HsmError If it is not possible to retrieve the bytes or there is an error in the operation.
Example code: Generating a set of random bytes
Sign a message using an ML-DSA private key.
Key name.
Data to be signed (maximum 4 MB).
Whether the signature should be deterministic.
If the data passed is already the hash.
Optionalcontext: Buffer<ArrayBufferLike>Optional context for the signature (maximum 255 bytes).
Returns a buffer with the data signature.
exceptions.HsmError If it is not possible to sign the data or there is an error in the operation.
Sample code: Signing a message with ML-DSA
Verifies a signature on a piece of data using an ML-DSA key.
Key name.
Signed data (maximum 4 MB).
Signature to be verified.
If the signature was generated deterministically.
If the data passed is already the hash.
Optionalcontext: Buffer<ArrayBufferLike>Optional context used in the signature (maximum 255 bytes).
Returns true if the signature is valid and false otherwise.
exceptions.HsmError If it is not possible to verify the signature or an error occurs in the operation.
Sample code: Verifying an ML-DSA signature
Creates a stream for symmetric encryption operations (Transform Stream). Supports continuous data streams, automatically handling block management and padding for block modes (ECB, CBC).