Class FileEncryptor
Class implementing file encryption
Defined in: FileEncryptor.js.
| Constructor Attributes | Constructor Name and Description |
|---|---|
|
FileEncryptor(sc, mode)
Craate a FileEncryptor instance.
|
| Method Attributes | Method Name and Description |
|---|---|
|
decrypt(buffer)
Validate and decrypt the payload.
|
|
|
deriveKey(key, key)
Derive K.ENC and K.MAC based on the selected scheme.
|
|
|
encrypt(plain)
Encrypt the buffer with K.ENC previously derived with deriveKey() and prepend header.
|
|
|
Generate ephemeral EC key pair at the sending side in hybrid scheme.
|
|
|
keyDerivationFunction1(key, size, context)
Derive a AES key from a AES master key using a CMAC based Key Derivation Function in
Counter Mode as per NIST SP 800-108.
|
|
|
keyDerivationFunction2(id, sharedSecret)
Derive an AES key from the shared secret resulting from performing the ECDH using
a one-step-kdf with SHA-256 (Option 1) as defined in NIST SP 800-56C.
|
|
|
parseHeader(buffer)
Parse the header of the encrypted file.
|
|
| <static> |
FileEncryptor.stripPadding(buffer)
Validate and strip the ISO padding.
|
|
Validate the Message Authentication Code (MAC) over the header.
|
Class Detail
FileEncryptor(sc, mode)
Craate a FileEncryptor instance.
- Parameters:
- {SmartCardHSM} sc
- the SmartCardHSM object used to access the token or undefined at the sender in the hybrid scheme.
- {Number} mode
- the mode to use (One of FileEncryptor.NATIVE, .DERIVED or .HYBRID). Must be specified at the sending side.
Method Detail
{ByteString}
decrypt(buffer)
Validate and decrypt the payload.
- Parameters:
- {ByteString} buffer
- the encrypted payload.
- Returns:
- the plain content.
deriveKey(key, key)
Derive K.ENC and K.MAC based on the selected scheme.
- Parameters:
- {Key} key
- the AES key or private EC key.
- {CVC} key
- the CVC with the public of the receiver.
{ByteString}
encrypt(plain)
Encrypt the buffer with K.ENC previously derived with deriveKey() and prepend header.
- Parameters:
- {ByteString} plain
- the plain input. The caller should clear the buffer after use with plain.clear().
- Returns:
- the header concatenated with the encrypted payload.
generateEphemeralKeyPair(key)
Generate ephemeral EC key pair at the sending side in hybrid scheme.
- Parameters:
- {Key} key
- the domain parameter.
{ByteString}
keyDerivationFunction1(key, size, context)
Derive a AES key from a AES master key using a CMAC based Key Derivation Function in
Counter Mode as per NIST SP 800-108.
- Parameters:
- {Key} key
- the AES master key.
- {Number} size
- the requested number of derived bytes.
- {ByteString} context
- the derivation context used to differ keys derived from the same master.
- Returns:
- the derived key value.
keyDerivationFunction2(id, sharedSecret)
Derive an AES key from the shared secret resulting from performing the ECDH using
a one-step-kdf with SHA-256 (Option 1) as defined in NIST SP 800-56C.
- Parameters:
- {Number} id
- the key identifier (0x01 for K.ENC, 0x02 for K.MAC).
- {ByteString} sharedSecret
- the shared secret resulting from ECDH.
- Returns:
- the key value as 32 bytes.
{Number}
parseHeader(buffer)
Parse the header of the encrypted file.
- Parameters:
- {ByteString} buffer
- the encrypted file with header.
- Returns:
- the offset at which the payload starts.
<static>
{ByteString}
FileEncryptor.stripPadding(buffer)
Validate and strip the ISO padding.
- Parameters:
- {ByteString} buffer
- the decrypted buffer.
- Returns:
- the buffer without padding.
validateHeader()
Validate the Message Authentication Code (MAC) over the header.
- Throws:
- GPError is MAC verification failed.