@substrate-system/keys
    Preparing search index...

    Class EccKeys

    Class for ECC keys

    Hierarchy (View Summary)

    Index

    Constructors

    constructor

    Properties

    DID exchangeKey hasPersisted isSessionOnly writeKey _instance EXCHANGE_KEY_NAME INFO TYPE WRITE_KEY_NAME

    Accessors

    deviceName privateExchangeKey privateWriteKey publicExchangeKey publicWriteKey

    Methods

    decrypt decryptAsString delete encrypt encryptAsString getAesKey getDeviceName persist publicExchangeKeyAsString publicWriteKeyAsString sign signAsString toJson unwrap wrap _createExchangeKeys _createWriteKeys create deviceName exist load

    Constructors

    Properties

    DID: `did:key:z${string}`
    exchangeKey: CryptoKeyPair
    hasPersisted: boolean
    isSessionOnly: boolean
    writeKey: CryptoKeyPair

    Static_instance

    _instance: any
    EXCHANGE_KEY_NAME: string = DEFAULT_ECC_EXCHANGE
    INFO: string = 'keys'
    TYPE: "ecc" | "rsa" = ...
    WRITE_KEY_NAME: string = DEFAULT_ECC_WRITE

    Accessors

    • get deviceName(): Promise<string>

      The machine-readable name for this keypair.

      Returns Promise<string>

    • get privateExchangeKey(): CryptoKey

      Returns CryptoKey

    • get privateWriteKey(): CryptoKey

      Returns CryptoKey

    • get publicExchangeKey(): CryptoKey & {
          asString: (format?: SupportedEncodings) => Promise<string>;
      }

      Returns CryptoKey & { asString: (format?: SupportedEncodings) => Promise<string> }

    • get publicWriteKey(): CryptoKey & {
          asString: (format?: SupportedEncodings) => Promise<string>;
      }

      Returns CryptoKey & { asString: (format?: SupportedEncodings) => Promise<string> }

    Methods

    • Decrypt the given message. The encrypted message should be ephemeral public key + salt + iv + cipher text.

      The ephemeral public key is extracted from the beginning of the message and used with our private key to derive the AES decryption key.

      Parameters

      • msg: string | ArrayBuffer | Uint8Array<ArrayBufferLike>

        The encrypted content

      • OptionalaesAlgorithm: string | null

        The algorithm. Default is AES-GCM.

      • Optionalinfo: string | null

        Custom "info" parameter

      Returns Promise<ArrayBuffer | Uint8Array<ArrayBufferLike>>

      The decrypted content.

    • Decrypt and return as string using ECIES. The encrypted message should be ephemeral public key + salt + iv + cipher text.

      The ephemeral public key is extracted from the beginning of the message and used with our private key to derive the AES decryption key.

      Parameters

      • msg: string | ArrayBuffer | Uint8Array<ArrayBufferLike>

        The encrypted content

      • OptionalaesAlgorithm: string | null

        The algorithm. Default is AES-GCM.

      • Optionalinfo: string | null

        Custom "info" parameter

      Returns Promise<string>

      The decrypted content as a string.

    • Encrypt the given content to the given public key, or encrypt to our own public key if a key is not passed in.

      This does ECIES style encryption -- a new ephemeral keypair is generated and used to encrypt the message with ephemeral private + recipient public. The public key from the ephemeral keypair is prefixed to the cipher text.

      Parameters

      • content: string | Uint8Array<ArrayBufferLike>

        Content to encrypt

      • Optionalrecipient: string | CryptoKey | null

        Their public key. Optional b/c we will use our own public key if not passed in. Can be a CryptoKey or a base64 encoded string.

      • Optionalinfo: string | null

        info tag for HKDF. Default is the class property.

      • OptionalaesKey: string | Uint8Array<ArrayBufferLike> | CryptoKey | null

        This is not relevant for most use cases.

      • Optionalkeysize: SymmKeyLength | null

        Default is 256

      Returns Promise<Uint8Array<ArrayBufferLike>>

      Buffer of ephemeral-public-key + salt + iv + cipher text

    • Encrypt and return as base64 string.

      Parameters

      • content: string | Uint8Array<ArrayBufferLike>
      • Optionalrecipient: string | CryptoKey | null
      • Optionalinfo: string | null
      • OptionalaesKey: string | Uint8Array<ArrayBufferLike> | CryptoKey | null
      • Optionalkeysize: SymmKeyLength | null

      Returns Promise<string>

    • Do DHKE, create a new AES-GCM key.

      Parameters

      • OptionalpublicKey: string | CryptoKey | null

        Public key to use in DHKE. Will use our public key if it is not passed in.

      • Optionalinfo: string | null

        The info parameter for DHKE. Will use the class property INFO if it is not passed in.

      Returns Promise<CryptoKey>

      New AES key

    • Return a 32-character, DNS friendly hash of the public signing key.

      Returns Promise<string>

    • Serialize this keys instance. Will return an object of { DID, publicExchangeKey }, where DID is the public write key, and publicExchangeKey is the encryption key, base64 encoded.

      Parameters

      • Optionalformat: SupportedEncodings

      Returns Promise<{ DID: `did:key:z${string}`; publicExchangeKey: string }>

    • Unwrap a content key that was wrapped for this device using the add method.

      The recipient device uses its private key + the ephemeral public key to rederive the KEK and decrypt the wrapped content key.

      Parameters

      • enc: string

        The ephemeral public key (base64) from the sender.

      • wrappedKey: string

        The wrapped content key (base64) - contains salt + iv + ciphertext.

      • Optionalinfo: string

        Optional info parameter for HKDF. Must match what was used in add. Defaults to 'key-wrap'.

      Returns Promise<CryptoKey>

      The unwrapped AES content key.

    • "Add a device," meaning, take an existing AES key and add the ability for a new keypair to decrypt/use the AES key.

      This implements HPKE-style key wrapping:

      1. Generate ephemeral X25519 keypair
      2. Do ECDH with recipient's public key -> shared secret
      3. Use HKDF to derive a KEK (key encryption key)
      4. AES-GCM encrypt the content
      5. Return the ephemeral public key (encapsulation) + wrapped key

      Parameters

      • contentKey: string | Uint8Array<ArrayBufferLike> | CryptoKey

        The existing AES key used to encrypt the content. Can be a base64 encoded string.

      • newPublicKey: CryptoKey

        The new device's public X25519 key.

      • Optionalinfo: string

        Optional info parameter for HKDF. Defaults to 'key-wrap'.

      Returns Promise<WrappedKey>

      The ephemeral public key (base64) and the wrapped AES key (base64).

    Static_createExchangeKeys

    Static_createWriteKeys

    • Factory function.

      Type Parameters

      Parameters

      • Optionalsession: boolean

        Session only? i.e., not saved in indexedDB. Default false.

      • Optionalextractable: boolean

        Can we extract the private keys? Default false.

      • Optionalkeys: { exchangeKeys?: CryptoKeyPair | null; writeKeys?: CryptoKeyPair | null }

        A set of keys to use here.

      Returns Promise<T>

      A new class instance.

    • Return a 32-character, DNS-friendly hash of the given DID.

      Parameters

      • did: `did:key:z${string}`

        A DID format string

      Returns Promise<string>

      32 character, base32 hash of the DID

    • Parameters

      • opts: { encryptionKeyName?: string; writeKeyName?: string } = {}

      Returns Promise<boolean>

    • Restore some keys from indexedDB, or create a new keypair if it doesn't exist yet. Overrides base class to use ECC-specific key names.

      Type Parameters

      Parameters

      • this: typeof EccKeys
      • opts: Partial<
            {
                encryptionKeyName: string;
                extractable: boolean;
                session: boolean;
                writeKeyName: string;
            },
        > = ...

      Returns Promise<T>

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Accessors
    Methods