Hyperledger Fabric SDK for Node.js

Class: CryptoSuite

CryptoSuite

Abstract class for a suite of crypto algorithms used by the SDK to perform digital signing, encryption/decryption and secure hashing. A complete suite includes support for asymmetric keys (such as ECDSA or RSA), symmetric keys (such as AES) and secure hash (such as SHA2/3). The SDK provides a default implementation based on ECDSA + SHA2/3. An alternative implementation can be specified using the "crypto-suite-software" configuration setting, pointing to a full require() path to the package for the module.

new CryptoSuite()

Methods

createKeyFromRaw(pem, opts)

Creates a Key from its raw representation
Parameters:
Name Type Description
pem * PEM string of the key to create
opts KeyOpts Options for the concrete implementation
Returns:
The created key
Type
module:api.Key

decrypt(key, cipherText, opts)

Decrypts ciphertext using key. The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key module:api.Key Decryption key (private key)
cipherText Array.<byte> Cipher text to decrypt
opts Object Decrypt options
Returns:
Plain text after decryption
Type
Array.<byte>

deriveKey(key, opts)

Derives the new private key from the source public key using the parameters passed in the opts. This operation is needed for deriving private keys corresponding to the Transaction Certificates.
Parameters:
Name Type Description
key module:api.Key The source key
opts KeyOpts Optional
Returns:
Derived key
Type
module:api.Key

encrypt(key, plainText, opts)

Encrypts plaintext using key. The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key module:api.Key Encryption key (public key)
plainText Array.<byte> Plain text to encrypt
opts Object Encryption options
Returns:
Cipher text after encryption
Type
Array.<byte>

generateEphemeralKey()

Generate an ephemeral key.
Throws:
Will throw an error if not implemented
Returns:
An instance of the Key class
Type
module:api.Key

<async> generateKey(opts)

Generate a key using the options in opts and persist it in the key store as PEM files that can be retrieved using the getKey() method
Parameters:
Name Type Description
opts KeyOpts Optional
Throws:
Will throw an error if not implemented
Returns:
Promise for an instance of the Key class
Type
Promise.<module:api.Key>

getKey(ski)

Returns the Key this implementation associates to the Subject Key Identifier ski.
Parameters:
Name Type Description
ski string Subject Key Identifier specific to a Crypto Suite implementation, as the unique index to represent the key
Returns:
Promise of an instance of the Key class corresponding to the ski
Type
module:api.Key

getKeySize()

Returns the key size this implementation uses when generating new keys.
Returns:
key size
Type
number

hash(msg, opts)

Produce a hash of the message msg using options opts
Parameters:
Name Type Description
msg string Source message to be hashed
opts Object algorithm: an identifier for the algorithm to be used, such as "SHA3"
Returns:
The hashed digest in hexidecimal string encoding
Type
string

<async> importKey(pem, opts)

Imports a Key from its raw representation using opts to the key store as PEM files that can be retrieved using the 'getKey()' method
Parameters:
Name Type Description
pem string PEM string of the key to import
opts KeyOpts Options for the concrete implementation
Returns:
returns an instance of the Key class that was persisted.
Type
Promise.<module:api.Key>

<abstract> setCryptoKeyStore(cryptoKeyStore)

Set the cryptoKeyStore. When the application needs to use a key store other than the default, it should use the Client newCryptoKeyStore to create an instance and use this function to set the instance on the CryptoSuite.
Parameters:
Name Type Description
cryptoKeyStore CryptoKeyStore The cryptoKeyStore.

sign(key, digest)

Signs digest using key. The opts argument should be appropriate for the algorithm used.
Parameters:
Name Type Description
key module:api.Key Signing key (private key)
digest Array.<byte> The message digest to be signed. Note that when a signature of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest) to sign.
Returns:
the resulting signature
Type
Array.<byte>

verify(key, signature, digest)

Verifies signature against key and digest
Parameters:
Name Type Description
key module:api.Key Signing verification key (public key)
signature Array.<byte> The signature to verify
digest Array.<byte> The digest that the signature was created for
Returns:
true if the signature verifies successfully
Type
boolean