UNPKG

tink-crypto

Version:

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

github.com/google/tink

google/tink

88 lines (87 loc) 3.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/** * @license * Copyright 2020 Google LLC * SPDX-License-Identifier: Apache-2.0 */ import { Aead } from '../aead/internal/aead'; import * as KeyManager from './key_manager'; import { KeysetReader } from './keyset_reader'; import { KeysetWriter } from './keyset_writer'; import * as PrimitiveSet from './primitive_set'; import { PbKeyset, PbKeyTemplate } from './proto'; import * as Util from './util'; /** * Keyset handle provide abstracted access to Keysets, to limit the exposure of * actual protocol buffers that hold sensitive key material. * * @final */ export declare class KeysetHandle { private readonly keyset_; constructor(keyset: PbKeyset); /** * Returns a primitive that uses key material from this keyset handle. If * opt_customKeyManager is defined then the provided key manager is used to * instantiate primitives. Otherwise key manager from Registry is used. */ getPrimitive<P>(primitiveType: Util.Constructor<P>, opt_customKeyManager?: KeyManager.KeyManager<P> | null): Promise<P>; /** * Creates a set of primitives corresponding to the keys with status Enabled * in the given keysetHandle, assuming all the correspoding key managers are * present (keys with status different from Enabled are skipped). If provided * uses customKeyManager instead of registered key managers for keys supported * by the customKeyManager. * * Visible for testing. */ getPrimitiveSet<P>(primitiveType: Util.Constructor<P>, opt_customKeyManager?: KeyManager.KeyManager<P> | null): Promise<PrimitiveSet.PrimitiveSet<P>>; /** * Encrypts the underlying keyset with the provided masterKeyAead wnd writes * the resulting encryptedKeyset to the given writer which must be non-null. * * */ write(writer: KeysetWriter, masterKeyAead: Aead): Promise<void>; /** * Writes this keyset using `writer` if and only if the keyset doesn't contain * any secret key material. * * This can be used to persist public keysets or envelope encryption keysets. * Use `CleartextKeysetHandle` to persist keysets containing secret key * material. */ writeNoSecret(writer: KeysetWriter): Uint8Array; /** * Returns the keyset held by this KeysetHandle. * */ getKeyset(): PbKeyset; /** * If the managed keyset contains private keys, returns a `KeysetHandle` of * the public keys. */ getPublicKeysetHandle(): KeysetHandle; } /** * Creates a KeysetHandle from an encrypted keyset obtained via reader, using * masterKeyAead to decrypt the keyset. * * */ export declare function read(reader: KeysetReader, masterKeyAead: Aead): Promise<KeysetHandle>; /** * Returns a new KeysetHandle that contains a single new key generated * according to keyTemplate. * * */ export declare function generateNew(keyTemplate: PbKeyTemplate): Promise<KeysetHandle>; /** * Creates a KeysetHandle from a keyset, obtained via reader, which * must contain no secret key material. * * This can be used to load public keysets or envelope encryption keysets. * Users that need to load cleartext keysets can use CleartextKeysetHandle. * */ export declare function readNoSecret(reader: KeysetReader): KeysetHandle;