JSDoc: Class: KeyChain

new KeyChain(identityManager, policyManager)

A KeyChain provides a set of interfaces to the security library such as identity management, policy configuration and packet signing and verification. Note: This class is an experimental feature. See the API docs for more detail at http://named-data.net/doc/ndn-ccl-api/key-chain.html . Create a new KeyChain with the given IdentityManager and PolicyManager.

Parameters:

Name	Type	Description
`identityManager`	IdentityManager	An object of a subclass of IdentityManager.
`policyManager`	PolicyManager	An object of a subclass of PolicyManager.

Source:

security/key-chain.js, line 46

Methods

createIdentity(identityName, params) → {Name}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`params`	KeyParams	(optional) The key parameters if a key needs to be generated for the identity. If omitted, use KeyChain.DEFAULT_KEY_PARAMS.

Deprecated:

Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.

Source:

security/key-chain.js, line 88

Returns:

The key name of the auto-generated KSK of the identity.

Type: Name

createIdentityAndCertificate(identityName, params) → {Name}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`params`	KeyParams	(optional) The key parameters if a key needs to be generated for the identity. If omitted, use KeyChain.DEFAULT_KEY_PARAMS.

Source:

security/key-chain.js, line 69

Returns:

The name of the certificate for the auto-generated KSK of the identity.

Type: Name

createSigningRequest(keyName) → {Blob}

Create a public key signing request.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.

Source:

security/key-chain.js, line 176

Returns:

The signing request data.

Type: Blob

deleteIdentity(identityName)

Delete the identity from the public and private key storage. If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.

Source:

security/key-chain.js, line 100

generateRSAKeyPair(identityName, isKsk, keySize) → {Name}

Generate a pair of RSA keys for the specified identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`isKsk`	boolean	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
`keySize`	number	(optional) The size of the key. If omitted, use a default secure key size.

Source:

security/key-chain.js, line 136

Returns:

The generated key name.

Type: Name

generateRSAKeyPairAsDefault(identityName, isKsk, keySize) → {Name}

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`isKsk`	boolean	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
`keySize`	number	(optional) The size of the key. If omitted, use a default secure key size.

Source:

security/key-chain.js, line 164

Returns:

The generated key name.

Type: Name

getAnyCertificate(certificateName) → {IdentityCertificate}

Get a certificate even if the certificate is not valid anymore.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the requested certificate.

Source:

security/key-chain.js, line 214

Returns:

The requested certificate.

Type: IdentityCertificate

getAnyIdentityCertificate(certificateName) → {IdentityCertificate}

Get an identity certificate even if the certificate is not valid anymore.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the requested certificate.

Source:

security/key-chain.js, line 234

Returns:

The requested certificate.

Type: IdentityCertificate

getCertificate(certificateName) → {IdentityCertificate}

Get a certificate with the specified name.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the requested certificate.

Source:

security/key-chain.js, line 204

Returns:

The requested certificate which is valid.

Type: IdentityCertificate

getDefaultCertificateName() → {Name}

Get the default certificate name of the default identity.

Source:

security/key-chain.js, line 122

Throws:

SecurityException if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set.

Returns:

The requested certificate name.

Type: Name

getDefaultIdentity() → {Name}

Get the default identity.

Source:

security/key-chain.js, line 110

Throws:

SecurityException if the default identity is not set.

Returns:

The name of default identity.

Type: Name

getIdentityCertificate(certificateName) → {IdentityCertificate}

Get an identity certificate with the specified name.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the requested certificate.

Source:

security/key-chain.js, line 224

Returns:

The requested certificate which is valid.

Type: IdentityCertificate

getIdentityManager() → {IdentityManager}

Get the identity manager given to or created by the constructor.

Source:

security/key-chain.js, line 262

Returns:

The identity manager.

Type: IdentityManager

getPolicyManager() → {PolicyManager}

Get the policy manager given to or created by the constructor.

Source:

security/key-chain.js, line 275

Returns:

The policy manager.

Type: PolicyManager

installIdentityCertificate(certificate)

Install an identity certificate into the public key identity storage.

Parameters:

Name	Type	Description
`certificate`	IdentityCertificate	The certificate to to added.

Source:

security/key-chain.js, line 185

revokeCertificate(certificateName)

Revoke a certificate.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the certificate that will be revoked.

Source:

security/key-chain.js, line 253

revokeKey(keyName)

Revoke a key.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key that will be revoked.

Source:

security/key-chain.js, line 243

setDefaultCertificateForKey(certificate)

Set the certificate as the default for its corresponding key.

Parameters:

Name	Type	Description
`certificate`	IdentityCertificate	The certificate.

Source:

security/key-chain.js, line 194

setDefaultKeyForIdentity(keyName, identityName)

Set a key as the default key of an identity.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.
`identityName`	Name	(optional) the name of the identity. If not specified, the identity name is inferred from the keyName.

Source:

security/key-chain.js, line 147

setFace(face)

Set the Face which will be used to fetch required certificates.

Parameters:

Name	Type	Description
`face`	Face	A pointer to the Face object.

Source:

security/key-chain.js, line 488

sign(target, certificateName, wireFormat, onComplete) → {Signature}

Sign the target. If it is a Data or Interest object, set its signature. If it is an array, produce a Signature object.

Parameters:

Name	Type	Description
`target`	Data \| Interest \| Buffer	If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If this is an Interest object, wire encode for signing, append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits. If it is an array, sign it and produce a Signature object.
`certificateName`	Name	The certificate name of the key to use for signing.
`wireFormat`	WireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
`onComplete`	function	(optional) If target is a Data object, this calls onComplete(data) with the supplied Data object which has been modified to set its signature. If target is an Interest object, this calls onComplete(interest) with the supplied Interest object which has been modified to set its signature. If target is a Buffer, this calls onComplete(signature) where signature is the produced Signature object. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.)

Source:

security/key-chain.js, line 310

Returns:

If onComplete is omitted, return the generated Signature object (if target is a Buffer) or null (if target is Data or Interest). Otherwise, if onComplete is supplied then return null and use onComplete as described above.

Type: Signature

signByIdentity(target, identityName, wireFormat, onComplete) → {Signature}

Sign the target. If it is a Data object, set its signature. If it is an array, produce a signature object.

Parameters:

Name	Type	Description
`target`	Data \| Buffer	If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is an array, sign it and return a Signature object.
`identityName`		(optional) The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
`wireFormat`		(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
`onComplete`	function	(optional) If target is a Data object, this calls onComplete(data) with the supplied Data object which has been modified to set its signature. If target is a Buffer, this calls onComplete(signature) where signature is the produced Signature object. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.)

Source:

security/key-chain.js, line 344

Returns:

If onComplete is omitted, return the generated Signature object (if target is a Buffer) or null (if target is Data). Otherwise, if onComplete is supplied then return null and use onComplete as described above.

Type: Signature

signWithSha256(target, wireFormat)

Sign the target using DigestSha256.

Parameters:

Name	Type	Description
`target`	Data \| Interest	If this is a Data object, wire encode for signing, digest it and set its SignatureInfo to a DigestSha256, updating its signature and wireEncoding. If this is an Interest object, wire encode for signing, append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits.
`wireFormat`	WireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().

Source:

security/key-chain.js, line 403

verifyData(data, onVerified, onVerifyFailed, stepCount)

Check the signature on the Data object and call either onVerify or onVerifyFailed. We use callback functions because verify may fetch information to check the signature.

Parameters:

Name	Type	Description
`data`	Data	The Data object with the signature to check.
`onVerified`	function	If the signature is verified, this calls onVerified(data).
`onVerifyFailed`	function	If the signature check fails, this calls onVerifyFailed(data).
`stepCount`	number

Source:

security/key-chain.js, line 422

verifyInterest(interest, onVerified, onVerifyFailed)

Check the signature on the signed interest and call either onVerify or onVerifyFailed. We use callback functions because verify may fetch information to check the signature.

Parameters:

Name	Type	Description
`interest`	Interest	The interest with the signature to check.
`onVerified`	function	If the signature is verified, this calls onVerified(interest).
`onVerifyFailed`	function	If the signature check fails, this calls onVerifyFailed(interest).

Source:

security/key-chain.js, line 457