interface Key {
    create(name: string, algorithm:
        | ECC_ASYMMETRIC_SWITCHES
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | ECX_ASYMMETRIC_SWITCHES
        | HMAC_KEYS
        | ALT_BN128, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    delete(name: string): Promise<boolean>;
    block(name: string): Promise<boolean>;
    unblock(name: string): Promise<boolean>;
    import(name: string, algorithm:
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | HMAC_KEYS
        | ALT_BN128, data: Buffer, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    importCertificate(name: string, certData: Buffer): Promise<boolean>;
    generatePKCS10(keyName: string, dn: X500DistinguishedName, hashAlgorith?: PKCS10_HASH_ALGORITHM): Promise<Buffer>;
    exportAsymmetricPub(name: string, x509: boolean): Promise<Buffer>;
    exportAsymmetricPriv(name: string): Promise<Buffer>;
    exportSymmetric(name: string): Promise<Buffer>;
    exportCertClearText(name: string): Promise<Buffer>;
    importKekWrap(mode: KEK_MODE | UNUSED_MODE, pad: KEK_WRAP_PADDING, name: string, kekKeyName: string, objType:
        | ECC_ASYMMETRIC_SWITCHES
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | ECX_ASYMMETRIC_SWITCHES, data: Buffer, iv?: string, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    exportKekWrap(mode: KEK_MODE | UNUSED_MODE, pad: KEK_WRAP_PADDING, name: string, kekKeyName: string, iv?: string): Promise<Buffer>;
    importPKCS8(name: string, keyType: ECC_ASYMMETRIC_SWITCHES | RSA_ASYMMETRIC_KEYS, password: string, p8: string, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    exportPKCS8(name: string, password: string): Promise<Buffer>;
    importPKCS12(keyName: string, certName: string, password: string, p12: Buffer, pubKey?: string, exportable?: boolean, temporary?: boolean): Promise<boolean>;
}

Methods

  • Deletes a key stored in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<boolean>

    Returns true if the key was successfully deleted.

    If the key name is invalid.

    In the event of an error when deleting the key.

    Example code: Deleting a key

  • Locks a key in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<boolean>

    Returns true if the key was successfully locked.

    If the key name is invalid.

    In the event of an error when deleting the key.

    Example code: Locking a key

  • Unlocks a key in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<boolean>

    Returns true if the key was successfully unlocked.

    If the key name is invalid.

    In the event of an error when deleting the key.

    Example code: Unlocking a key

  • Import a cryptographic key into the HSM.

    Parameters

    • name: string

      Key name.

    • algorithm:
      |SYMMETRICAL_KEYS
      |RSA_ASYMMETRIC_KEYS
      |HMAC_KEYS
      |ALT_BN128

      Key algorithm. Same algorithm used to create the key using the create function

    • date: Buffer

      Data of the key to be imported.

    • Optionalexportable: boolean

      If the key is exportable.

    • Optionaltemporary: boolean

      If the key is temporary.

    • Optionalblockchain: boolean

      Whether the key can be used in blockchain operations.

    Returns Promise<boolean>

    Returns true if the key was imported successfully

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Importing a symmetric key

  • Import a certificate into HSM.

    Parameters

    • name: string

      Name of certificate.

    • certData: Buffer

      Certificate to be imported.

    Returns Promise<boolean>

    Returns true if the certificate was imported successfully.

    If the name of the certificate is invalid.

    In the event of an error when importing the certificate.

    Example code: Importing a certificate

  • Generates a CSR (Certificate Signing Request).
    This is a specialized function of HSM's PKCS#10 CSR generation API.

    Parameters

    • keyName: string

      Key name.

    • dn: X500DistinguishedName

      Certificate data.

    • OptionalhashAlgorith: PKCS10_HASH_ALGORITHM

      Hash algorithm to be used to generate the CSR. If not provided, the standard HSM algorithm will be used.

    Returns Promise<Buffer>

    Returns the CSR in DER format.

    If the key name is invalid.

    Example code: Generating a PKCS#10

  • Exports a cryptographic key stored in the HSM.

    Parameters

    • name: string

      Key name.

    • x509: boolean

      Whether the key will be exported in X509 format.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Exporting an asymmetric public key

  • Exports the private part of the asymmetric key stored in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Exporting an asymmetric private key

  • Exports the private key stored in the HSM in clear text.

    Parameters

    • name: string

      Key name.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Exporting a symmetric key

  • Exports the certificate stored in the HSM in clear text.

    Parameters

    • name: string

      Key name.

    Returns Promise<Buffer>

    Buffer containing the certificate.

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Exporting certificate in plain text

  • Import a key encrypted by a KEK (Key Encryption Key).

    Parameters

    • mode: KEK_MODE | UNUSED_MODE

      Operating mode for importing the key.

    • pad: KEK_WRAP_PADDING

      Padding option for KEK operation.

    • name: string

      Key name.

    • kekKeyName: string

      Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.

    • objType:
      |ECC_ASYMMETRIC_SWITCHES
      |SYMMETRICAL_KEYS
      |RSA_ASYMMETRIC_KEYS
      |ECX_ASYMMETRIC_SWITCHES

      Object type.

    • date: Buffer

      Buffer containing the data of the encrypted key to be imported.

    • Optionaliv: string

      Initialization Vector. Required for enums.KEK_MODE.MODE_CBC mode.

    • Optionalexportable: boolean

      If the key is exportable.

    • Optionaltemporary: boolean

      If the key is temporary.

    • Optionalblockchain: boolean

      Whether the key can be used in blockchain operations.

    Returns Promise<boolean>

    Returns true if the key has been imported.

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Importing KEKed key

  • Exports a key encrypted by a KEK (Key Encryption Key).

    Parameters

    • mode: KEK_MODE | UNUSED_MODE

      Operating mode for importing the key.

    • pad: KEK_WRAP_PADDING

      Padding option for KEK operation.

    • name: string

      Key name.

    • kekKeyName: string

      Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.

    • Optionaliv: string

      Initialization Vector. Required for enums.KEK_MODE.MODE_CBC mode.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    If the key name is invalid.

    If an error occurs when importing the key.

    Example code: Exporting KEKed key

  • Exports a PKCS#8 key from the HSM.

    Parameters

    Returns Promise<Buffer>

    Returns a buffer containing the key data.

    If the key name is invalid.

    If the key password does not meet the minimum requirements.

    If an error occurs when importing the key.

  • Imports a private key and its corresponding certificate in PKCS#12 format into the HSM.

    PKCS#12 (Public-Key Cryptography Standards #12) is a standard file format for storing private keys, certificates and other cryptographic secrets. It allows multiple objects to be stored in a single file and protected by a password.

    Parameters

    • keyName: string

      The name of the key to be created in the HSM. This name must be unique and follow the HSM naming rules.

    • certName: string

      The name of the certificate to be created in the HSM. This name must be unique and follow the HSM naming rules.

    • password: string

      The password that protects the PKCS#12 file. The length of the password must be between P8_IMPORT_EXPORT_SECRET_MIN_LEN e P8_IMPORT_EXPORT_SECRET_MAX_LEN.

    • p12: Buffer

      The contents of the PKCS#12 file in the form of a Buffer. This buffer must contain the binary data from the PKCS#12 file.

    • OptionalpubKey: string

      Public key of the certificate in hexadecimal format.

    • Optionalexportable: boolean

      If the key is exportable.

    • Optionaltemporary: boolean

      If the key is temporary.

    Returns Promise<boolean>

    A promise that resolves to true if the import is successful.

    If the name of the key or certificate is invalid.

    If the password is invalid (null, empty or out of bounds).

    If an error occurs during the import, such as a communication error with the HSM or an incorrect password.

    Example code: Importing a PKCS#12