Interface Key

interface Key {
    create(name: string, algorithm:
        | ECC_ASYMMETRIC_SWITCHES
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | ECX_ASYMMETRIC_SWITCHES
        | HMAC_KEYS
        | ALT_BN128, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    delete(name: string): Promise<boolean>;
    block(name: string): Promise<boolean>;
    unblock(name: string): Promise<boolean>;
    import(name: string, algorithm:
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | HMAC_KEYS
        | ALT_BN128, data: Buffer, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    importCertificate(name: string, certData: Buffer): Promise<boolean>;
    generatePKCS10(keyName: string, dn: X500DistinguishedName, hashAlgorith?: PKCS10_HASH_ALGORITHM): Promise<Buffer>;
    exportAsymmetricPub(name: string, x509: boolean): Promise<Buffer>;
    exportAsymmetricPriv(name: string): Promise<Buffer>;
    exportSymmetric(name: string): Promise<Buffer>;
    exportCertClearText(name: string): Promise<Buffer>;
    importKekWrap(mode: KEK_MODE | UNUSED_MODE, pad: KEK_WRAP_PADDING, name: string, kekKeyName: string, objType:
        | ECC_ASYMMETRIC_SWITCHES
        | SYMMETRICAL_KEYS
        | RSA_ASYMMETRIC_KEYS
        | ECX_ASYMMETRIC_SWITCHES, data: Buffer, iv?: string, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    exportKekWrap(mode: KEK_MODE | UNUSED_MODE, pad: KEK_WRAP_PADDING, name: string, kekKeyName: string, iv?: string): Promise<Buffer>;
    importPKCS8(name: string, keyType: ECC_ASYMMETRIC_SWITCHES | RSA_ASYMMETRIC_KEYS, password: string, p8: string, exportable?: boolean, temporary?: boolean, blockchain?: boolean): Promise<boolean>;
    exportPKCS8(name: string, password: string): Promise<Buffer>;
}

Methods

create delete block unblock import importCertificate generatePKCS10 exportAsymmetricPub exportAsymmetricPriv exportSymmetric exportCertClearText importKekWrap exportKekWrap importPKCS8 exportPKCS8

Methods

create

delete

  • delete(name): Promise<boolean>

  • Deletes a key stored in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<boolean>

    Returns true if the key was successfully deleted.

    Throws

    If the key name is invalid.

    Throws

    In the event of an error when deleting the key.

    See

    Example code: Deleting a key

block

  • block(name): Promise<boolean>

  • Locks a key in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<boolean>

    Returns true if the key was successfully locked.

    Throws

    If the key name is invalid.

    Throws

    In the event of an error when deleting the key.

    See

    Example code: Locking a key

unblock

  • unblock(name): Promise<boolean>

  • Unlocks a key in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<boolean>

    Returns true if the key was successfully unlocked.

    Throws

    If the key name is invalid.

    Throws

    In the event of an error when deleting the key.

    See

    Example code: Unlocking a key

import

  • import(name, algorithm, date, exportable?, temporary?, blockchain?): Promise<boolean>

  • Import a cryptographic key into the HSM.

    Parameters

    • name: string

      Key name.

    • algorithm:
      |SYMMETRICAL_KEYS
      |RSA_ASYMMETRIC_KEYS
      |HMAC_KEYS
      |ALT_BN128

      Key algorithm. Same algorithm used to create the key using the create function

    • date: Buffer

      Data of the key to be imported.

    • Optionalexportable: boolean

      If the key is exportable.

    • Optionaltemporary: boolean

      If the key is temporary.

    • Optionalblockchain: boolean

      Whether the key can be used in blockchain operations.

    Returns Promise<boolean>

    Returns true if the key was imported successfully

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Importing a symmetric key

importCertificate

  • importCertificate(name, certData): Promise<boolean>

  • Import a certificate into HSM.

    Parameters

    • name: string

      Name of certificate.

    • certData: Buffer

      Certificate to be imported.

    Returns Promise<boolean>

    Returns true if the certificate was imported successfully.

    Throws

    If the name of the certificate is invalid.

    Throws

    In the event of an error when importing the certificate.

    See

    Example code: Importing a certificate

generatePKCS10

  • generatePKCS10(keyName, dn, hashAlgorith?): Promise<Buffer>

  • Generates a CSR (Certificate Signing Request).
    This is a specialized function of HSM's PKCS#10 CSR generation API.

    Parameters

    • keyName: string

      Key name.

    • dn: X500DistinguishedName

      Certificate data.

    • OptionalhashAlgorith: PKCS10_HASH_ALGORITHM

      Hash algorithm to be used to generate the CSR. If not provided, the standard HSM algorithm will be used.

    Returns Promise<Buffer>

    Returns the CSR in DER format.

    Throws

    If the key name is invalid.

    See

    Example code: Generating a PKCS#10

exportAsymmetricPub

  • exportAsymmetricPub(name, x509): Promise<Buffer>

  • Exports a cryptographic key stored in the HSM.

    Parameters

    • name: string

      Key name.

    • x509: boolean

      Whether the key will be exported in X509 format.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Exporting an asymmetric public key

exportAsymmetricPrivate

  • exportAsymmetricPrivate(name): Promise<Buffer>

  • Exports the private part of the asymmetric key stored in the HSM.

    Parameters

    • name: string

      Key name.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Exporting an asymmetric private key

exportSymmetric

  • exportSymmetric(name): Promise<Buffer>

  • Exports the private key stored in the HSM in clear text.

    Parameters

    • name: string

      Key name.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Exporting a symmetric key

exportCertClearText

  • exportCertClearText(name): Promise<Buffer>

  • Exports the certificate stored in the HSM in clear text.

    Parameters

    • name: string

      Key name.

    Returns Promise<Buffer>

    Buffer containing the certificate.

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Exporting certificate in plain text

importKekWrap

  • importKekWrap(mode, pad, name, kekKeyName, objType, date, iv?, exportable?, temporary?, blockchain?): Promise<boolean>

  • Import a key encrypted by a KEK (Key Encryption Key).

    Parameters

    • mode: KEK_MODE | UNUSED_MODE

      Operating mode for importing the key.

    • pad: KEK_WRAP_PADDING

      Padding option for KEK operation.

    • name: string

      Key name.

    • kekKeyName: string

      Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.

    • objType:
      |ECC_ASYMMETRIC_SWITCHES
      |SYMMETRICAL_KEYS
      |RSA_ASYMMETRIC_KEYS
      |ECX_ASYMMETRIC_SWITCHES

      Object type.

    • date: Buffer

      Buffer containing the data of the encrypted key to be imported.

    • Optionaliv: string

      Initialization Vector. Required for enums.KEK_MODE.MODE_CBC mode.

    • Optionalexportable: boolean

      If the key is exportable.

    • Optionaltemporary: boolean

      If the key is temporary.

    • Optionalblockchain: boolean

      Whether the key can be used in blockchain operations.

    Returns Promise<boolean>

    Returns true if the key has been imported.

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Importing KEKed key

exportKekWrap

  • exportKekWrap(mode, pad, name, kekKeyName, iv?): Promise<Buffer>

  • Exports a key encrypted by a KEK (Key Encryption Key).

    Parameters

    • mode: KEK_MODE | UNUSED_MODE

      Operating mode for importing the key.

    • pad: KEK_WRAP_PADDING

      Padding option for KEK operation.

    • name: string

      Key name.

    • kekKeyName: string

      Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.

    • Optionaliv: string

      Initialization Vector. Required for enums.KEK_MODE.MODE_CBC mode.

    Returns Promise<Buffer>

    Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.

    Throws

    If the key name is invalid.

    Throws

    If an error occurs when importing the key.

    See

    Example code: Exporting KEKed key

importPKCS8

exportPKCS8

  • exportPKCS8(name, password): Promise<Buffer>

  • Exports a PKCS#8 key from the HSM.

    Parameters

    Returns Promise<Buffer>

    Returns a buffer containing the key data.

    Throws

    If the key name is invalid.

    Throws

    If the key password does not meet the minimum requirements.

    Throws

    If an error occurs when importing the key.

Settings

On This Page

Methods