Class DKEK
Defined in: DKEK.js.
Constructor Attributes | Constructor Name and Description |
---|---|
DKEK(crypto)
Class supporting DKEK functions outside the SmartCard-HSM
|
Method Attributes | Method Name and Description |
---|---|
clear()
Zeroize DKEK
|
|
convertCRT2PEM(pri, pub)
Wrap RSA or ECC key
|
|
<static> |
DKEK.decryptKeyShare(keyshare, password)
Decrypt a DKEK share
|
<static> |
DKEK.deriveDKEKShareKey(password, password)
Derive DKEK share encryption key from password
|
encodeAESKey(key)
Wrap AES key
|
|
encodeKey(pri, pub)
Wrap RSA or ECC key
|
|
<static> |
DKEK.encryptKeyShare(keyshare, password)
Encrypt a DKEK share
|
getKCV()
Return the Key Check Value (KCV) of the internal DKEK
|
|
getKENC()
Derive the encryption key from the DKEK
|
|
getKMAC()
Derive the message authentication key from the DKEK
|
|
importDKEKShare(share)
Import a DKEK share
|
Class Detail
DKEK(crypto)
Class supporting DKEK functions outside the SmartCard-HSM
- Parameters:
- {Crypto} crypto
- the crypto provider
Method Detail
clear()
Zeroize DKEK
{Key}
convertCRT2PEM(pri, pub)
Wrap RSA or ECC key
- Parameters:
- {Key} pri
- the private key in CRT format
- {Key} pub
- the public key
- Returns:
- the private key in private exponent / modulus format
<static>
{ByteString}
DKEK.decryptKeyShare(keyshare, password)
Decrypt a DKEK share
- Parameters:
- {ByteString} keyshare
- the encrypted key share as read from the .pbe file
- {ByteString} password
- the password
- Returns:
- plain DKEK value
<static>
{ByteString}
DKEK.deriveDKEKShareKey(password, password)
Derive DKEK share encryption key from password
- Parameters:
- {ByteString} password
- the password
- password
- Returns:
- the derived key (32 Byte) concatenated with the IV (16 Byte)
{ByteString}
encodeAESKey(key)
Wrap AES key
- Parameters:
- {Key} key
- the secret key
- Returns:
- the secret key wrapped with the DKEK
{ByteString}
encodeKey(pri, pub)
Wrap RSA or ECC key
- Parameters:
- {Key} pri
- the private key
- {Key} pub
- the public key
- Returns:
- the private key wrapped with the DKEK
<static>
{ByteString}
DKEK.encryptKeyShare(keyshare, password)
Encrypt a DKEK share
- Parameters:
- {ByteString} keyshare
- the key share
- {ByteString} password
- the password
- Returns:
- Encrypted DKEK share value
{ByteString}
getKCV()
Return the Key Check Value (KCV) of the internal DKEK
- Returns:
- the KCV
{ByteString}
getKENC()
Derive the encryption key from the DKEK
- Returns:
- the encryption key
{ByteString}
getKMAC()
Derive the message authentication key from the DKEK
- Returns:
- the message authentication key
importDKEKShare(share)
Import a DKEK share
- Parameters:
- {ByteString} share
- a 32 byte share