new SecretStoreSessionClient(ssEndpointUrl, requestConfigopt)
Client for Secret Store session API. Uses axios
for making requests which is freely configurable.
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
ssEndpointUrl |
string | The endpoint URL where a Secret Store node is listening for incoming session requests. | |
requestConfig |
AxiosRequestConfig |
<optional> |
Additional request configuration params. Note: 'url', 'method' and 'data' fields are overwritten. |
- Source:
Methods
(async) generateServerAndDocumentKey(serverKeyID, signedServerKeyID, threshold) → {Promise.<string>}
Generating server and document keys by one of the participating nodes with one call.
You can generate both keys simultaneously, but if you’re not trusting the Secret Store nodes, it is advised
to run separate server key generation and document key storing sessions.
More information can be found here.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The server key ID of your choosing. It would be good to use document contents hash as this identifier. Otherwise, it could be a random value. In both cases, please note that this value is unique and cannot be changed later. |
signedServerKeyID |
string | The server key ID, signed with author’s private key. |
threshold |
number | The key threshold value. Please consider the guidelines when choosing this value. |
- Source:
(async) generateServerKey(serverKeyID, signedServerKeyID, threshold) → {Promise.<string>}
Generates server keys.
More information can be found here.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The server key ID of your choosing. If you’re planning to link document key to this server key later, it would be good to use document contents hash as this identifier. Otherwise, it could be a random value. In both cases, please note that this value is unique and cannot be changed later. |
signedServerKeyID |
string | The server key ID, signed with author’s private key. Only the author of a server key could bind document key to this server key later. This signature could be generated by `secretstore_signRawHash` RPC method. |
threshold |
number | The key threshold value. Please consider the guidelines when choosing this value. |
- Source:
(async) nodesSetChange(nodeIDsNewSet, signatureOldSet, signatureNewSet) → {Promise.<string>}
Node set change session.
Please follow the description
on how to perform this session.
Requires all added, removed and stable nodes to be online for the duration
of the session. Before starting the session, you’ll need to generate two administrator’s
signatures: old set signature and new set signature. To generate these signatures,
the Secret Store RPC methods should be used: serversSetHash and signRawHash.
Parameters:
| Name | Type | Description |
|---|---|---|
nodeIDsNewSet |
Array.<string> | Node IDs of the *new set*. |
signatureOldSet |
string | ECDSA signature of all online node IDs *keccak(ordered_list(staying + added + removing))*. |
signatureNewSet |
string | ECDSA signature of node IDs that should stay in the Secret Store cluster after the session ends *keccak(ordered_list(staying + added))*. |
- Source:
(async) retrieveDocumentKey(serverKeyID, signedServerKeyID) → {Promise.<string>}
Fetches the document key from the Secret Store.
This is the lighter version of the document key shadow retrieval session,
which returns the final document key (encrypted with the requester's public key).
You must have enough trust in the Secret Store nodes for this. During document key shadow retrieval
session, document key is not reconstructed on any node, but it requires the Secret Store client
either to have access to Parity RPCs, or to run some EC calculations to decrypt the document key.
Please note that the requester must have permission to access this key. Permissions are often managed by a permissioning contract.
More information can be found here.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The ID of previously generated server key, to which document key has been bound. |
signedServerKeyID |
string | The server key ID, signed with the private key of requester, having access to the server key. |
- Source:
(async) retrieveServerKeyPublic(serverKeyID, signedServerKeyID) → {Promise.<string>}
Retrieves the public portion of an already generated server key.
Useable after a successful server key generation session
performed by the same user who generated the server key.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The ID of previously generated server key. |
signedServerKeyID |
string | The hex-encoded server key ID, signed by the same entity (author) that has signed the server key ID in server key generation session. |
- Source:
(async) shadowRetrieveDocumentKey(serverKeyID, signedServerKeyID) → {Promise.<DocumentKeyPortions>}
Fetches the document key from the secret store.
This session is a preferable way of retrieving the previously generated document key. During document key shadow retrieval
session, document key is not reconstructed on any node, but it requires Secret Store client either to have access to Parity RPCs,
or to run some EC calculations to decrypt the document key.
Please note that the requester must have permission to access this key. Permissions are often managed by a permissioning contract.
More information can be found here.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The ID of previously generated server key, to which the document key has been bound. |
signedServerKeyID |
string | The server key ID, signed with the private key of requester, having access to the server key. |
- Source:
(async) signEcdsa(serverKeyID, signedServerKeyID, messageHash) → {Promise.<string>}
ECDSA signing session, for computing ECDSA signature of a given 256-bit message hash.
More information can be found here.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The previously generated hex-encoded server key ID. |
signedServerKeyID |
string | The hex-encoded, previously generated server key ID signed with the private key of requester, having access to the server key. |
messageHash |
string | The 256-bit hash of the message that needs to be signed. |
- Source:
(async) signSchnorr(serverKeyID, signedServerKeyID, messageHash) → {Promise.<string>}
Schnorr signing session, for computing Schnorr signature of a given 256-bit message hash.
More information can be found here.
Parameters:
| Name | Type | Description |
|---|---|---|
serverKeyID |
string | The previously generated hex-encoded server key ID. |
signedServerKeyID |
string | The hex-encoded, previously generated server key ID, signed with the private key of requester, having access to the server key. |
messageHash |
string | The 256-bit hash of the message that needs to be signed. |
- Source:
(async) storeDocumentKey(serverKeyID, signedServerKeyID, commonPointOrKey, encryptedPointopt) → {Promise.<string>}
Binds an externally-generated document key to a server key.
Useable after a server key generation session.
More information can be found here.
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
serverKeyID |
string | The hex-encoded server key ID, the same that was used in the server key generation session. | |
signedServerKeyID |
string | The hex-encoded server key ID, signed by the same entity (author) that has signed the server key id in the server key generation session. | |
commonPointOrKey |
string | ExternallyEncryptedDocumentKey | The hex-encoded common point portion of the externally encrypted document key, or the externally encrypted document key object (with public server key, using special procedure). | |
encryptedPoint |
string |
<optional> |
The hex-encoded encrypted point portion of the externally encrypted document key (wtih public server key, using special procedure). |
- Source: