Class: CryptoSuite_PKCS11

CryptoSuite_PKCS11

PKCS#11-compliant implementation to support Hardware Security Modules.

new CryptoSuite_PKCS11(keySize, hash, opts)

Parameters:
Name Type Description
keySize number Length of key (in bytes), a.k.a "security level"
hash string Optional. Hash algorithm, supported values are "SHA2" and "SHA3"
opts Object Options are of the form
  {
    lib: string,       // the library package to support this implementation
    slot: number,      // the hardware slot number
    pin: string,       // the user's PIN
    usertype: number,  // the user type
    readwrite: boolean // true if the session is read/write or false if read-only
  }
If 'lib' is not specified or null, its value will be taken from the CRYPTO_PKCS11_LIB env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-lib key in the configuration file.

If 'slot' is not specified or null, its value will be taken from the CRYPTO_PKCS11_SLOT env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-slot key in the configuration file.

If 'pin' is not specified or null, its value will be taken from the CRYPTO_PKCS11_PIN env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-pin key in the configuration file.

If 'usertype' is not specified or null, its value will be taken from the CRYPTO_PKCS11_USERTYPE env var, if the env var is not set, its value will be taken from the crypto-pkcs11-usertype key in the configuration file, if the config value is not set, its value will default to 1. The value will not be validated, assumes the C_Login will validate. --- from http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
0          CKU_SO                          0UL
1          CKU_USER                        1UL
2          CKU_CONTEXT_SPECIFIC            2UL
4294967295 max allowed            0xFFFFFFFFUL

If 'readwrite' is not specified or null, its value will be taken from the CRYPTO_PKCS11_READWRITE env var, if the env var is not set, its value will be taken from the crypto-pkcs11-readwrite key in the configuration file, if the config value is not set, its value will default to true.

Extends

Methods


decrypt()

This is an implementation of module:api.CryptoSuite#decrypt Decrypts cipherText using key. The opts argument is not supported yet.
Overrides:

deriveKey()

This is an implementation of module:api.CryptoSuite#deriveKey
Overrides:

encrypt()

This is an implementation of module:api.CryptoSuite#encrypt Encrypts plainText using key. The opts argument is not supported.
Overrides:

generateEphemeralKey()

Generate an ephemeral key.
Inherited From:
Overrides:
Throws:
Will throw an error if not implemented
Returns:
An instance of the Key class
Type
module:api.Key

generateKey()

This is an implementation of module:api.CryptoSuite#generateKey Returns an instance of module.api.Key representing the private key, which also encapsulates the public key. By default the generated key (keypar) is (are) ephemeral unless opts.ephemeral is set to false, in which case the key (keypair) will be saved across PKCS11 sessions by the HSM hardware.
Overrides:
Returns:
Promise of an instance of module:PKCS11_ECDSA_KEY containing the private key and the public key.
Type
module:api.Key

getKey()

This is an implementation of module:api.CryptoSuite#getKey Returns the key this CSP associates to the Subject Key Identifier ski.
Overrides:

hash()

This is an implementation of module:api.CryptoSuite#hash The opts argument is not supported yet.
Overrides:

importKey()

This is an implementation of module:api.CryptoSuite#importKey
Overrides:

<abstract> setCryptoKeyStore(cryptoKeyStore)

Set the cryptoKeyStore. When the application needs to use a key store other than the default, it should use the Client newCryptoKeyStore to create an instance and use this function to set the instance on the CryptoSuite.
Parameters:
Name Type Description
cryptoKeyStore CryptoKeyStore The cryptoKeyStore.
Inherited From:
Overrides:

sign()

This is an implementation of module:api.CryptoSuite#sign Signs digest using key k.
Overrides:

verify()

This is an implementation of module:api.CryptoSuite#verify Verifies signature against key k and digest
Overrides: