new CryptoSuite_PKCS11(keySize, hash, opts)
Parameters:
Name | Type | Description |
---|---|---|
keySize |
number | Length of key (in bytes), a.k.a "security level" |
hash |
string | Optional. Hash algorithm, supported values are "SHA2" and "SHA3" |
opts |
Object | Options are of the form
{ lib: string, // the library package to support this implementation slot: number, // the hardware slot number pin: string, // the user's PIN usertype: number, // the user type readwrite: boolean // true if the session is read/write or false if read-only }If 'lib' is not specified or null, its value will be taken from the CRYPTO_PKCS11_LIB env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-lib key in the configuration file. If 'slot' is not specified or null, its value will be taken from the CRYPTO_PKCS11_SLOT env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-slot key in the configuration file. If 'pin' is not specified or null, its value will be taken from the CRYPTO_PKCS11_PIN env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-pin key in the configuration file. If 'usertype' is not specified or null, its value will be taken from the CRYPTO_PKCS11_USERTYPE env var, if the env var is not set, its value will be taken from the crypto-pkcs11-usertype key in the configuration file, if the config value is not set, its value will default to 1. The value will not be validated, assumes the C_Login will validate. --- from http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html 0 CKU_SO 0UL 1 CKU_USER 1UL 2 CKU_CONTEXT_SPECIFIC 2UL 4294967295 max allowed 0xFFFFFFFFUL If 'readwrite' is not specified or null, its value will be taken from the CRYPTO_PKCS11_READWRITE env var, if the env var is not set, its value will be taken from the crypto-pkcs11-readwrite key in the configuration file, if the config value is not set, its value will default to true. |
Extends
Methods
-
decrypt()
-
This is an implementation of module:api.CryptoSuite#decrypt Decrypts cipherText using key. The opts argument is not supported yet.
- Overrides:
-
deriveKey()
-
This is an implementation of module:api.CryptoSuite#deriveKey
- Overrides:
-
encrypt()
-
This is an implementation of module:api.CryptoSuite#encrypt Encrypts plainText using key. The opts argument is not supported.
- Overrides:
-
generateEphemeralKey()
-
Generate an ephemeral key.
- Inherited From:
- Overrides:
Throws:
Will throw an error if not implementedReturns:
An instance of the Key class- Type
- module:api.Key
-
generateKey()
-
This is an implementation of module:api.CryptoSuite#generateKey Returns an instance of module.api.Key representing the private key, which also encapsulates the public key. By default the generated key (keypar) is (are) ephemeral unless opts.ephemeral is set to false, in which case the key (keypair) will be saved across PKCS11 sessions by the HSM hardware.
- Overrides:
Returns:
Promise of an instance of module:PKCS11_ECDSA_KEY containing the private key and the public key.- Type
- module:api.Key
-
getKey()
-
This is an implementation of module:api.CryptoSuite#getKey Returns the key this CSP associates to the Subject Key Identifier ski.
- Overrides:
-
hash()
-
This is an implementation of module:api.CryptoSuite#hash The opts argument is not supported yet.
- Overrides:
-
importKey()
-
This is an implementation of module:api.CryptoSuite#importKey
- Overrides:
-
<abstract> setCryptoKeyStore(cryptoKeyStore)
-
Set the cryptoKeyStore. When the application needs to use a key store other than the default, it should use the Client newCryptoKeyStore to create an instance and use this function to set the instance on the CryptoSuite.
Parameters:
Name Type Description cryptoKeyStore
CryptoKeyStore The cryptoKeyStore. - Inherited From:
- Overrides:
-
sign()
-
This is an implementation of module:api.CryptoSuite#sign Signs digest using key k.
- Overrides:
-
verify()
-
This is an implementation of module:api.CryptoSuite#verify Verifies signature against key k and digest
- Overrides: