new CryptoSuite_PKCS11(keySize, hash, opts)
Parameters:
Name | Type | Description |
---|---|---|
keySize |
number | Length of key (in bytes), a.k.a "security level" |
hash |
string | Optional. Hash algorithm, supported values are "SHA2" and "SHA3" |
opts |
Object | Options are of the form
{ lib: string, // the library package to support this implementation slot: number, // the hardware slot number label: string, // the label assigned to the token at slot initialisation (overrides slot) pin: string, // the user's PIN usertype: number, // the user type readwrite: boolean // true if the session is read/write or false if read-only }If 'lib' is not specified or null, its value will be taken from the CRYPTO_PKCS11_LIB env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-lib key in the configuration file. If 'slot' is not specified or null, its value will be taken from the CRYPTO_PKCS11_SLOT env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-slot key in the configuration file. If 'label' is not specified or null, its value will be taken from the CRYPTO_PKCS11_LABEL env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-label key in the configuration file. If label is present then it will override any slot value provided If 'pin' is not specified or null, its value will be taken from the CRYPTO_PKCS11_PIN env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-pin key in the configuration file. If 'usertype' is not specified or null, its value will be taken from the CRYPTO_PKCS11_USERTYPE env var, if the env var is not set, its value will be taken from the crypto-pkcs11-usertype key in the configuration file, if the config value is not set, its value will default to 1. The value will not be validated, assumes the C_Login will validate. --- from http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html 0 CKU_SO 0UL 1 CKU_USER 1UL 2 CKU_CONTEXT_SPECIFIC 2UL 4294967295 max allowed 0xFFFFFFFFUL If 'readwrite' is not specified or null, its value will be taken from the CRYPTO_PKCS11_READWRITE env var, if the env var is not set, its value will be taken from the crypto-pkcs11-readwrite key in the configuration file, if the config value is not set, its value will default to true. |
Extends
- module:api.CryptoSuite
Methods
-
createKeyFromRaw()
-
This is an implementation of module:api.CryptoSuite#createKeyFromRaw
-
decrypt()
-
This is an implementation of module:api.CryptoSuite#decrypt Decrypts cipherText using key. The opts argument is not supported yet.
-
deriveKey()
-
This is an implementation of module:api.CryptoSuite#deriveKey
-
encrypt()
-
This is an implementation of module:api.CryptoSuite#encrypt Encrypts plainText using key. The opts argument is not supported.
-
generateEphemeralKey()
-
This is an implementation of module:api.CryptoSuite#generateEphemeralKey
Returns:
Promise of an instance of module:Pkcs11EcdsaKey containing the private key and the public key.- Type
- module:api.Key
-
generateKey()
-
This is an implementation of module:api.CryptoSuite#generateKey Returns an instance of module.api.Key representing the private key, which also encapsulates the public key. The key (keypair) will be saved across PKCS11 sessions by the HSM hardware. Use generateEphemeralKey to retrieve an ephmeral key.
Returns:
Promise of an instance of module:Pkcs11EcdsaKey containing the private key and the public key.- Type
- module:api.Key
-
getKey()
-
This is an implementation of module:api.CryptoSuite#getKey Returns the key this CSP associates to the Subject Key Identifier ski.
-
getKeySize()
-
This is an implementation of module:api.CryptoSuite#getKeySize
-
hash()
-
This is an implementation of module:api.CryptoSuite#hash The opts argument is not supported yet.
-
<async> importKey()
-
This is an implementation of module:api.CryptoSuite#importKey
-
sign()
-
This is an implementation of module:api.CryptoSuite#sign Signs digest using key k.
-
verify()
-
This is an implementation of module:api.CryptoSuite#verify Verifies signature against key k and digest