JSDoc: Class: Tpm

new Tpm(scheme, location, backEnd)

The TPM (Trusted Platform Module) stores the private portion of a user's cryptography keys. The format and location of stored information is indicated by the TPM locator. The TPM is designed to work with a PIB (Public Information Base) which stores public keys and related information such as certificates. The TPM also provides functionalities of cryptographic transformation, such as signing and decryption. A TPM consists of a unified front-end interface and a backend implementation. The front-end caches the handles of private keys which are provided by the backend implementation. Note: A Tpm instance is created and managed only by the KeyChain. It is returned by the KeyChain getTpm() method, through which it is possible to check for the existence of private keys, get public keys for the private keys, sign, and decrypt the supplied buffers using managed private keys. Create a new TPM instance with the specified location. This constructor should only be called by KeyChain.

Parameters:

Name	Type	Description
`scheme`	string	The scheme for the TPM.
`location`	string	The location for the TPM.
`backEnd`	TpmBackEnd	The TPM back-end implementation.

Source:

security/tpm/tpm.js, line 52

Classes

Error

Methods

createKeyPromise_(identityName, params, useSync) → {Promise|SyncPromise}

Create a key for the identityName according to params. The created key is named //[keyId]/KEY . This should only be called by KeyChain.

Parameters:

Name	Type	Description
`identityName`	Name	The name if the identity.
`params`	KeyParams	The KeyParams for creating the key.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 206

Returns:

A promise which returns the Name of the created key, or a promise rejected with Tpm.Error if params is invalid or if the key type is unsupported, or a promise rejected with TpmBackEnd.Error if the key already exists or cannot be created.

Type: Promise | SyncPromise

decryptPromise(cipherText, keyName, useSync) → {Promise|SyncPromise}

Return the plain text which is decrypted from cipherText using the key with name keyName.

Parameters:

Name	Type	Description
`cipherText`	Buffer	The cipher text byte buffer.
`keyName`	Name	The name of the key.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 173

Returns:

A promise which returns the decrypted data Blob (or an isNull Blob if the key does not exist).

Type: Promise | SyncPromise

deleteKeyPromise_(keyName, useSync) → {Promise|SyncPromise}

Delete the key with name keyName. If the key doesn't exist, do nothing. Note: Continuing to use existing Key handles on a deleted key results in undefined behavior. This should only be called by KeyChain.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 237

Returns:

A promise which fulfills when finished, or a promise rejected with TpmBackEnd.Error if the deletion fails.

Type: Promise | SyncPromise

findKeyPromise_(keyName, useSync) → {Promise|SyncPromise}

Get the TpmKeyHandle with name keyName, using backEnd_.getKeyHandlePromise if it is not already cached in keys_.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key, which is copied.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 285

Returns:

A promise which returns the TpmKeyHandle in the keys_ cache, or null if no key exists with name keyName.

Type: Promise | SyncPromise

getPublicKeyPromise(keyName, useSync) → {Promise|SyncPromise}

Get the public portion of an asymmetric key pair with name keyName.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 118

Returns:

A promise which returns the encoded public key Blob (or an isNull Blob if the key does not exist).

Type: Promise | SyncPromise

hasKeyPromise(keyName, useSync) → {Promise|SyncPromise}

Check if the key with name keyName exists in the TPM.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 100

Returns:

A promise which returns true if the key exists.

Type: Promise | SyncPromise

importPrivateKeyPromise_(keyName, pkcs8, password, useSync) → {Promise|SyncPromise}

Import an encoded private key with name keyName in PKCS #8 format, possibly password-encrypted. This should only be called by KeyChain.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key to use in the TPM.
`pkcs8`	Buffer	The input byte buffer. If the password is supplied, this is a PKCS #8 EncryptedPrivateKeyInfo. If the password is none, this is an unencrypted PKCS #8 PrivateKeyInfo.
`password`	Buffer	The password for decrypting the private key. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is null, import an unencrypted PKCS #8 PrivateKeyInfo.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 266

Returns:

A promise which fulfills when finished, or a promise rejected with TpmBackEnd.Error for an error importing the key.

Type: Promise | SyncPromise

initializePromise_(useSync) → {Promise|SyncPromise}

If isInitialized_ is false and initializePib_ is not null (because it was set by the KeyChain constructor), call initializePib_.initializePromise_ which joinly initializes the Pib and Tpm and sets isInitialized_ true. However, if isInitialized_ is already true or initializePib_ is null, do nothing. This must be called by each method before using this object. This is necessary because the constructor (and the KeyChain constructor) cannot perform async operations.

Parameters:

Name	Type	Description
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 321

Returns:

A promise which fulfills when finished.

Type: Promise | SyncPromise

signPromise(data, keyName, digestAlgorithm, useSync) → {Promise|SyncPromise}

Compute a digital signature from the byte buffer using the key with name keyName.

Parameters:

Name	Type	Description
`data`	Buffer	The input byte buffer.
`keyName`	Name	The name of the key.
`digestAlgorithm`	number	The digest algorithm as an int from the DigestAlgorithm enum.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm.js, line 147

Returns:

A promise which returns the signature Blob (or an isNull Blob if the key does not exist), or a promise rejected with TpmBackEnd.Error for an error in signing.

Type: Promise | SyncPromise