JSDoc: Class: TpmPrivateKey

new TpmPrivateKey()

A TpmPrivateKey holds an in-memory private key and provides cryptographic operations such as for signing by the in-memory TPM. Create an uninitialized TpmPrivateKey. You must call a load method to initialize it, such as loadPkcs1.

Source:

security/tpm/tpm-private-key.js, line 50

Classes

Error

Methods

(static) bigIntegerToBuffer(bigInteger) → {Buffer}

Convert a BigInteger to a Buffer.

Parameters:

Name	Type	Description
`bigInteger`	BigInteger	The BigInteger.

Source:

security/tpm/tpm-private-key.js, line 522

Returns:

The Buffer.

Type: Buffer

(static) encodePkcs1PrivateKeyFromRSAKey(rsaKey) → {Blob}

Encode the RSAKey private key as a PKCS #1 private key.

Parameters:

Name	Type	Description
`rsaKey`	RSAKey	The RSAKey private key.

Source:

security/tpm/tpm-private-key.js, line 472

Returns:

The PKCS #1 private key DER.

Type: Blob

(static) encodePkcs8PrivateKey(privateKeyDer, oid, parameters) → {Blob}

Encode the private key to a PKCS #8 private key. We do this explicitly here to avoid linking to extra OpenSSL libraries.

Parameters:

Name	Type	Description
`privateKeyDer`	Buffer	The input private key DER.
`oid`	OID	The OID of the privateKey.
`parameters`	DerNode	The DerNode of the parameters for the OID.

Source:

security/tpm/tpm-private-key.js, line 453

Returns:

The PKCS #8 private key DER.

Type: Blob

(static) encodePublicKeyFromRSAKey(rsaKey) → {Blob}

Encode the public key values in the RSAKey private key as a SubjectPublicKeyInfo.

Parameters:

Name	Type	Description
`rsaKey`	RSAKey	The RSAKey private key with the public key values.

Source:

security/tpm/tpm-private-key.js, line 496

Returns:

The SubjectPublicKeyInfo DER.

Type: Blob

(static) generatePrivateKeyPromise(keyParams, useSync) → {Promise|SyncPromise}

Generate a key pair according to keyParams and return a new TpmPrivateKey with the private key. You can get the public key with derivePublicKey.

Parameters:

Name	Type	Description
`keyParams`	KeyParams	The parameters of the key.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm-private-key.js, line 418

Returns:

A promise which returns the new TpmPrivateKey, or a promise rejected with Error if the key type is not supported, or a promise rejected with TpmPrivateKey.Error for an invalid key size, or an error generating.

Type: Promise | SyncPromise

decryptPromise(cipherText, algorithmType, useSync) → {Promise|SyncPromise}

Decrypt the cipherText using this private key according the encryption algorithmType. Only RSA encryption is supported for now.

Parameters:

Name	Type	Description
`cipherText`	Buffer	The cipher text byte buffer.
`algorithmType`	number	(optional) This decrypts according to algorithmType which is an int from the EncryptAlgorithmType enum. If omitted, use RsaOaep.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm-private-key.js, line 256

Returns:

A promise which returns the decrypted data Blob, or a promise rejected with TpmPrivateKey.Error if the private key is not loaded, if decryption is not supported for this key type, or for error decrypting.

Type: Promise | SyncPromise

derivePublicKey() → {Blob}

Get the encoded public key for this private key.

Source:

security/tpm/tpm-private-key.js, line 200

Throws:

TpmPrivateKey.Error if no private key is loaded, or error converting to a public key.

Returns:

The public key encoding Blob.

Type: Blob

loadPkcs1(encoding, keyType)

Load the unencrypted private key from a buffer with the PKCS #1 encoding. This replaces any existing private key in this object.

Parameters:

Name	Type	Description
`encoding`	Buffer	The byte buffer with the private key encoding.
`keyType`	number	(optional) The KeyType, such as KeyType.RSA. If omitted or null, then partially decode the private key to determine the key type.

Source:

security/tpm/tpm-private-key.js, line 84

Throws:

TpmPrivateKey.Error for errors decoding the key.

loadPkcs8(encoding, keyType)

Load the unencrypted private key from a buffer with the PKCS #8 encoding. This replaces any existing private key in this object.

Parameters:

Name	Type	Description
`encoding`	Buffer	The byte buffer with the private key encoding.
`keyType`	number	(optional) The KeyType, such as KeyType.RSA. If omitted or null, then partially decode the private key to determine the key type.

Source:

security/tpm/tpm-private-key.js, line 153

Throws:

TpmPrivateKey.Error for errors decoding the key.

signPromise(data, digestAlgorithm, useSync) → {Promise|SyncPromise}

Sign the data with this private key, returning a signature Blob.

Parameters:

Name	Type	Description
`data`	Buffer	The input byte buffer.
`digestAlgorithm`	number	The digest algorithm as an int from the DigestAlgorithm enum.
`useSync`	boolean	(optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.

Source:

security/tpm/tpm-private-key.js, line 301

Returns:

A promise which returns the signature Blob (or an isNull Blob if this private key is not initialized), or a promise rejected with TpmPrivateKey.Error for unrecognized digestAlgorithm or an error in signing.

Type: Promise | SyncPromise

toPkcs1() → {Blob}

Get the encoded unencrypted private key in PKCS #1.

Source:

security/tpm/tpm-private-key.js, line 368

Throws:

If no private key is loaded, or error encoding.
Type TpmPrivateKey.Error

Returns:

The private key encoding Blob.

Type: Blob

toPkcs8() → {Blob}

Get the encoded unencrypted private key in PKCS #8.

Source:

security/tpm/tpm-private-key.js, line 386

Throws:

If no private key is loaded, or error encoding.
Type TpmPrivateKey.Error

Returns:

The private key encoding Blob.

Type: Blob