Interface CCFCrypto

interface CCFCrypto {
    digest(algorithm: DigestAlgorithm, plaintext: ArrayBuffer): ArrayBuffer;
    eddsaJwkToPem(jwk: JsonWebKeyEdDSAPrivate): string;
    eddsaPemToJwk(pem: string, kid?: string): JsonWebKeyEdDSAPrivate;
    generateAesKey(size: number): ArrayBuffer;
    generateEcdsaKeyPair(curve: string): CryptoKeyPair;
    generateEddsaKeyPair(curve: string): CryptoKeyPair;
    generateRsaKeyPair(size: number, exponent?: number): CryptoKeyPair;
    isValidX509CertBundle(pem: string): boolean;
    isValidX509CertChain(chain: string, trusted: string): boolean;
    jwkToPem(jwk: JsonWebKeyECPrivate): string;
    pemToJwk(pem: string, kid?: string): JsonWebKeyECPrivate;
    pubEddsaJwkToPem(jwk: JsonWebKeyEdDSAPublic): string;
    pubEddsaPemToJwk(pem: string, kid?: string): JsonWebKeyEdDSAPublic;
    pubJwkToPem(jwk: JsonWebKeyECPublic): string;
    pubPemToJwk(pem: string, kid?: string): JsonWebKeyECPublic;
    pubRsaJwkToPem(jwk: JsonWebKeyRSAPublic): string;
    pubRsaPemToJwk(pem: string, kid?: string): JsonWebKeyRSAPublic;
    rsaJwkToPem(jwk: JsonWebKeyRSAPrivate): string;
    rsaPemToJwk(pem: string, kid?: string): JsonWebKeyRSAPrivate;
    sign(
        algorithm: SigningAlgorithm,
        key: string,
        plaintext: ArrayBuffer,
    ): ArrayBuffer;
    unwrapKey(
        key: ArrayBuffer,
        wrappingKey: ArrayBuffer,
        wrapAlgo: WrapAlgoParams,
    ): ArrayBuffer;
    verifySignature(
        algorithm: SigningAlgorithm,
        key: string,
        signature: ArrayBuffer,
        plaintext: ArrayBuffer,
    ): boolean;
    wrapKey(
        key: ArrayBuffer,
        wrappingKey: ArrayBuffer,
        wrapAlgo: WrapAlgoParams,
    ): ArrayBuffer;
}

Methods

digest eddsaJwkToPem eddsaPemToJwk generateAesKey generateEcdsaKeyPair generateEddsaKeyPair generateRsaKeyPair isValidX509CertBundle isValidX509CertChain jwkToPem pemToJwk pubEddsaJwkToPem pubEddsaPemToJwk pubJwkToPem pubPemToJwk pubRsaJwkToPem pubRsaPemToJwk rsaJwkToPem rsaPemToJwk sign unwrapKey verifySignature wrapKey

Methods

digest

  • digest(algorithm: DigestAlgorithm, plaintext: ArrayBuffer): ArrayBuffer

  • Generate a digest (hash) of the given data.

    Parameters

    Returns ArrayBuffer

eddsaJwkToPem

  • eddsaJwkToPem(jwk: JsonWebKeyEdDSAPrivate): string

  • Converts an EdDSA private key as JSON Web Key (JWK) object to PEM. Currently only Curve25519 is supported.

    Parameters

    Returns string

eddsaPemToJwk

  • eddsaPemToJwk(pem: string, kid?: string): JsonWebKeyEdDSAPrivate

  • Converts an EdDSA private key as PEM to JSON Web Key (JWK) object. Only Curve25519 and X25519 are supported.

    Parameters

    • pem: string

      EdDSA private key as PEM

    • Optionalkid: string

      Key identifier (optional)

    Returns JsonWebKeyEdDSAPrivate

generateAesKey

  • generateAesKey(size: number): ArrayBuffer

  • Generate an AES key.

    Parameters

    • size: number

      The length in bits of the key to generate. 128, 192, or 256.

    Returns ArrayBuffer

generateEcdsaKeyPair

  • generateEcdsaKeyPair(curve: string): CryptoKeyPair

  • Generate an ECDSA key pair.

    Parameters

    • curve: string

      The name of the curve, one of "secp256r1", "secp384r1".

    Returns CryptoKeyPair

generateEddsaKeyPair

  • generateEddsaKeyPair(curve: string): CryptoKeyPair

  • Generate an EdDSA key pair.

    Parameters

    • curve: string

      The name of the curve. Only "curve25519" and "x25519" are supported.

    Returns CryptoKeyPair

generateRsaKeyPair

  • generateRsaKeyPair(size: number, exponent?: number): CryptoKeyPair

  • Generate an RSA key pair.

    Parameters

    • size: number

      The length in bits of the RSA modulus. Minimum: 2048.

    • Optionalexponent: number

      The public exponent. Default: 65537.

    Returns CryptoKeyPair

isValidX509CertBundle

  • isValidX509CertBundle(pem: string): boolean

  • Returns whether a string is a PEM-encoded bundle of X.509 certificates.

    A bundle consists of one or more certificates. Certificates in the bundle do not have to be related to each other. Validation is only syntactical, properties like validity dates are not evaluated.

    Parameters

    • pem: string

    Returns boolean

isValidX509CertChain

  • isValidX509CertChain(chain: string, trusted: string): boolean

  • Returns whether a certificate chain is valid given a set of trusted certificates. The chain and trusted certificates are PEM-encoded bundles of X.509 certificates.

    Parameters

    • chain: string
    • trusted: string

    Returns boolean

jwkToPem

  • jwkToPem(jwk: JsonWebKeyECPrivate): string

  • Converts an elliptic curve private key as JSON Web Key (JWK) object to PEM.

    Parameters

    Returns string

pemToJwk

  • pemToJwk(pem: string, kid?: string): JsonWebKeyECPrivate

  • Converts an elliptic curve private key as PEM to JSON Web Key (JWK) object.

    Parameters

    • pem: string

      Elliptic curve private key as PEM

    • Optionalkid: string

      Key identifier (optional)

    Returns JsonWebKeyECPrivate

pubEddsaJwkToPem

  • pubEddsaJwkToPem(jwk: JsonWebKeyEdDSAPublic): string

  • Converts an EdDSA public key as JSON Web Key (JWK) object to PEM. Currently only Curve25519 is supported.

    Parameters

    Returns string

pubEddsaPemToJwk

  • pubEddsaPemToJwk(pem: string, kid?: string): JsonWebKeyEdDSAPublic

  • Converts an EdDSA public key as PEM to JSON Web Key (JWK) object. Only Curve25519 and X25519 are supported.

    Parameters

    • pem: string

      EdDSA public key as PEM

    • Optionalkid: string

      Key identifier (optional)

    Returns JsonWebKeyEdDSAPublic

pubJwkToPem

  • pubJwkToPem(jwk: JsonWebKeyECPublic): string

  • Converts an elliptic curve public key as JSON Web Key (JWK) object to PEM.

    Parameters

    Returns string

pubPemToJwk

  • pubPemToJwk(pem: string, kid?: string): JsonWebKeyECPublic

  • Converts an elliptic curve public key as PEM to JSON Web Key (JWK) object.

    Parameters

    • pem: string

      Elliptic curve public key as PEM

    • Optionalkid: string

      Key identifier (optional)

    Returns JsonWebKeyECPublic

pubRsaJwkToPem

  • pubRsaJwkToPem(jwk: JsonWebKeyRSAPublic): string

  • Converts an RSA public key as JSON Web Key (JWK) object to PEM.

    Parameters

    Returns string

pubRsaPemToJwk

  • pubRsaPemToJwk(pem: string, kid?: string): JsonWebKeyRSAPublic

  • Converts an RSA public key as PEM to JSON Web Key (JWK) object.

    Parameters

    • pem: string

      RSA public key as PEM

    • Optionalkid: string

      Key identifier (optional)

    Returns JsonWebKeyRSAPublic

rsaJwkToPem

  • rsaJwkToPem(jwk: JsonWebKeyRSAPrivate): string

  • Converts an RSA private key as JSON Web Key (JWK) object to PEM.

    Parameters

    Returns string

rsaPemToJwk

  • rsaPemToJwk(pem: string, kid?: string): JsonWebKeyRSAPrivate

  • Converts an RSA private key as PEM to JSON Web Key (JWK) object.

    Parameters

    • pem: string

      RSA private key as PEM

    • Optionalkid: string

      Key identifier (optional)

    Returns JsonWebKeyRSAPrivate

sign

  • sign(
        algorithm: SigningAlgorithm,
        key: string,
        plaintext: ArrayBuffer,
    ): ArrayBuffer

  • Generate a signature.

    Parameters

    • algorithm: SigningAlgorithm

      Signing algorithm and parameters

    • key: string

      A PEM-encoded private key

    • plaintext: ArrayBuffer

      Input data that will be signed

    Returns ArrayBuffer

    Throws

    Will throw an error if the key is not compatible with the signing algorithm or if an unknown algorithm is used.

unwrapKey

  • unwrapKey(
        key: ArrayBuffer,
        wrappingKey: ArrayBuffer,
        wrapAlgo: WrapAlgoParams,
    ): ArrayBuffer

  • Unwraps a key using a wrapping key.

    Constraints on the key and wrappingKey parameters depend on the wrapping algorithm that is used (wrapAlgo).

    Parameters

    Returns ArrayBuffer

verifySignature

  • verifySignature(
        algorithm: SigningAlgorithm,
        key: string,
        signature: ArrayBuffer,
        plaintext: ArrayBuffer,
    ): boolean

  • Returns whether digital signature is valid.

    Parameters

    • algorithm: SigningAlgorithm

      Signing algorithm and parameters

    • key: string

      A PEM-encoded public key or X.509 certificate

    • signature: ArrayBuffer

      Signature to verify

    • plaintext: ArrayBuffer

      Input data that was signed

    Returns boolean

    Throws

    Will throw an error if the key is not compatible with the signing algorithm or if an unknown algorithm is used.

wrapKey

  • wrapKey(
        key: ArrayBuffer,
        wrappingKey: ArrayBuffer,
        wrapAlgo: WrapAlgoParams,
    ): ArrayBuffer

  • Wraps a key using a wrapping key.

    Constraints on the key and wrappingKey parameters depend on the wrapping algorithm that is used (wrapAlgo).

    Parameters

    Returns ArrayBuffer

Settings

Member Visibility

On This Page

Methods