JavaScript HSM API Dinamo
    Preparing search index...

    Interface Key

    interface Key {
        create(
            name: string,
            algorithm:
                | ECC_ASYMMETRIC_SWITCHES
                | SYMMETRICAL_KEYS
                | RSA_ASYMMETRIC_KEYS
                | ECX_ASYMMETRIC_SWITCHES
                | HMAC_KEYS
                | ALT_BN128,
            exportable?: boolean,
            temporary?: boolean,
            blockchain?: boolean,
        ): Promise<boolean>;
        delete(name: string): Promise<boolean>;
        block(name: string): Promise<boolean>;
        unblock(name: string): Promise<boolean>;
        import(
            name: string,
            algorithm: SYMMETRICAL_KEYS | RSA_ASYMMETRIC_KEYS | HMAC_KEYS | ALT_BN128,
            data: Buffer,
            exportable?: boolean,
            temporary?: boolean,
            blockchain?: boolean,
        ): Promise<boolean>;
        importCertificate(name: string, certData: Buffer): Promise<boolean>;
        generatePKCS10(
            keyName: string,
            dn: X500DistinguishedName,
            hashAlgorithm?: PKCS10_HASH_ALGORITHM,
        ): Promise<Buffer<ArrayBufferLike>>;
        exportAsymmetricPub(
            name: string,
            x509: boolean,
        ): Promise<Buffer<ArrayBufferLike>>;
        exportAsymmetricPriv(name: string): Promise<Buffer<ArrayBufferLike>>;
        exportSymmetric(name: string): Promise<Buffer<ArrayBufferLike>>;
        exportCertClearText(name: string): Promise<Buffer<ArrayBufferLike>>;
        importKekWrap(
            mode: KEK_MODE | UNUSED_MODE,
            pad: KEK_WRAP_PADDING,
            name: string,
            kekKeyName: string,
            objType:
                | ECC_ASYMMETRIC_SWITCHES
                | SYMMETRICAL_KEYS
                | RSA_ASYMMETRIC_KEYS
                | ECX_ASYMMETRIC_SWITCHES,
            data: Buffer,
            iv?: string,
            exportable?: boolean,
            temporary?: boolean,
            blockchain?: boolean,
        ): Promise<boolean>;
        exportKekWrap(
            mode: KEK_MODE | UNUSED_MODE,
            pad: KEK_WRAP_PADDING,
            name: string,
            kekKeyName: string,
            iv?: string,
        ): Promise<Buffer<ArrayBufferLike>>;
        importPKCS8(
            name: string,
            keyType: ECC_ASYMMETRIC_SWITCHES | RSA_ASYMMETRIC_KEYS,
            password: string,
            p8: string,
            exportable?: boolean,
            temporary?: boolean,
            blockchain?: boolean,
        ): Promise<boolean>;
        exportPKCS8(
            name: string,
            password: string,
        ): Promise<Buffer<ArrayBufferLike>>;
        importPKCS12(
            keyName: string,
            certName: string,
            password: string,
            p12: Buffer,
            pubKey?: string,
            exportable?: boolean,
            temporary?: boolean,
        ): Promise<boolean>;
    }
    Index

    Methods

    create delete block unblock import importCertificate generatePKCS10 exportAsymmetricPub exportAsymmetricPriv exportSymmetric exportCertClearText importKekWrap exportKekWrap importPKCS8 exportPKCS8 importPKCS12

    Methods

    • Deletes a key stored in the HSM.

      Parameters

      • name: string

        Key name.

      Returns Promise<boolean>

      Returns true if the key was successfully deleted.

      If the key name is invalid.

      If an error occurs when deleting the key.

      Example code: Deleting a key

    • Locks a key in the HSM.

      Parameters

      • name: string

        Key name.

      Returns Promise<boolean>

      Returns true if the key was successfully locked.

      If the key name is invalid.

      In the event of an error when locking the key.

      Example code: Locking a key

    • Unlocks a key in the HSM.

      Parameters

      • name: string

        Key name.

      Returns Promise<boolean>

      Returns true if the key was successfully unlocked.

      If the key name is invalid.

      In the event of an error when unlocking the key.

      Example code: Unlocking a key

    • Import a cryptographic key into the HSM.

      Parameters

      • name: string

        Key name.

      • algorithm: SYMMETRICAL_KEYS | RSA_ASYMMETRIC_KEYS | HMAC_KEYS | ALT_BN128

        Key algorithm, the same as used in the create function.

      • date: Buffer

        Data of the key to be imported.

      • Optionalexportable: boolean

        Defines whether the key is exportable.

      • Optionaltemporary: boolean

        Defines whether the key is temporary.

      • Optionalblockchain: boolean

        Defines whether the key can be used in blockchain operations.

      Returns Promise<boolean>

      Returns true if the key was imported successfully.

      If the key name is invalid.

      If an error occurs when importing the key.

      Example code: Importing a symmetric key

    • Import a certificate into HSM.

      Parameters

      • name: string

        Name of certificate.

      • certData: Buffer

        Certificate to be imported.

      Returns Promise<boolean>

      Returns true if the certificate was imported successfully.

      If the name of the certificate is invalid.

      In the event of an error when importing the certificate.

      Example code: Importing a certificate

    • Generates a CSR (Certificate Signing Request).
      This is a specialized function of HSM's PKCS#10 CSR generation API.

      Parameters

      • keyName: string

        Key name.

      • dn: X500DistinguishedName

        Certificate data.

      • OptionalhashAlgorithm: PKCS10_HASH_ALGORITHM

        Hash algorithm to be used to generate the CSR. If not provided, the standard HSM algorithm will be used.

      Returns Promise<Buffer<ArrayBufferLike>>

      Returns the CSR in DER format.

      If the key name is invalid.

      Example code: Generating a PKCS#10

    • Exports the public key of an asymmetric pair stored in the HSM.

      Parameters

      • name: string

        Key name.

      • x509: boolean

        If true, the key will be exported in X.509 format.

      Returns Promise<Buffer<ArrayBufferLike>>

      Buffer containing the key data.

      If the key name is invalid.

      If an error occurs when importing the key.

      Example code: Exporting an asymmetric public key

    • Exports the private part of the asymmetric key stored in the HSM.

      Parameters

      • name: string

        Key name.

      Returns Promise<Buffer<ArrayBufferLike>>

      Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

      If the key name is invalid.

      If an error occurs when importing the key.

      Example code: Exporting an asymmetric private key

    • Exports the private key stored in the HSM in clear text.

      Parameters

      • name: string

        Key name.

      Returns Promise<Buffer<ArrayBufferLike>>

      Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

      If the key name is invalid.

      If an error occurs when importing the key.

      Example code: Exporting a symmetric key

    • Exports the certificate stored in the HSM in clear text.

      Parameters

      • name: string

        Key name.

      Returns Promise<Buffer<ArrayBufferLike>>

      Buffer containing the certificate.

      If the key name is invalid.

      If an error occurs when importing the key.

      Example code: Exporting certificate in plain text

    • Import a key encrypted by a KEK (Key Encryption Key).

      Parameters

      • mode: KEK_MODE | UNUSED_MODE

        Operating mode for importing the key.

      • pad: KEK_WRAP_PADDING

        Padding option for KEK operation.

      • name: string

        Key name.

      • kekKeyName: string

        Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.

      • objType:
        | ECC_ASYMMETRIC_SWITCHES
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | ECX_ASYMMETRIC_SWITCHES

        Object type.

      • date: Buffer

        Buffer containing the data of the encrypted key to be imported.

      • Optionaliv: string

        Initialization Vector. Mandatory for enums.KEK_MODE.MODE_CBC mode.

      • Optionalexportable: boolean

        Defines whether the key is exportable.

      • Optionaltemporary: boolean

        Defines whether the key is temporary.

      • Optionalblockchain: boolean

        Defines whether the key can be used in blockchain operations.

      Returns Promise<boolean>

      Returns true if the key was imported successfully.

      If an error occurs when importing the key.

      Example code: Importing KEKed key

    • Exports a key encrypted by a KEK (Key Encryption Key).

      Parameters

      • mode: KEK_MODE | UNUSED_MODE

        Operating mode for exporting the key.

      • pad: KEK_WRAP_PADDING

        Padding option for KEK operation.

      • name: string

        Key name.

      • kekKeyName: string

        Name of the Key Encryption Key (KEK) that will be used to encrypt the exported key.

      • Optionaliv: string

        Initialization Vector. Mandatory for enums.KEK_MODE.MODE_CBC mode.

      Returns Promise<Buffer<ArrayBufferLike>>

      Buffer containing the encrypted key data.

      If an error occurs when importing the key.

      Example code: Exporting KEKed key

    • Exports a PKCS#8 key from the HSM.

      Parameters

      • name: string

        Key name.

      • password: string

        Key password.

      Returns Promise<Buffer<ArrayBufferLike>>

      Returns a buffer containing the key data.

      If the key name is invalid.

      If the key password does not meet the minimum requirements.

      If an error occurs when exporting the key.

      Example code: Importing and exporting with PKCS#8

    • Imports a private key and its corresponding certificate in PKCS#12 format into the HSM.

      PKCS#12 (Public-Key Cryptography Standards #12) is a standard file format for storing private keys, certificates and other cryptographic secrets. It allows multiple objects to be stored in a single file and protected by a password.

      Parameters

      • keyName: string

        The name of the key to be created in the HSM. This name must be unique and follow the HSM naming rules.

      • certName: string

        The name of the certificate to be created in the HSM. This name must be unique and follow the HSM naming rules.

      • password: string

        The password that protects the PKCS#12 file.

      • p12: Buffer

        The contents of the PKCS#12 file in the form of a Buffer. This buffer must contain the binary data from the PKCS#12 file.

      • OptionalpubKey: string

        Public key of the certificate in hexadecimal format.

      • Optionalexportable: boolean

        Defines whether the key is exportable.

      • Optionaltemporary: boolean

        Defines whether the key is temporary.

      Returns Promise<boolean>

      A promise that resolves to true if the import is successful.

      If the name of the key or certificate is invalid.

      If the password is invalid (null, empty or out of bounds).

      If an error occurs during the import, such as a communication error with the HSM or an incorrect password.

      Example code: Importing a PKCS#12

    Settings

    On This Page

    Methods