Interface: EncryptionSession
Properties
_sessionSymKey
_sessionSymKey:
SymKey
Instance of the symKey for this EncryptionSession instance. For internal use only. Do not use directly.
retrievalDetails
retrievalDetails:
EncryptionSessionRetrievalDetails
Information on how the key was retrieved
sessionId
sessionId:
string
The sessionId for this EncryptionSession instance.
Methods
addMultipleTmrAccesses()
addMultipleTmrAccesses(
tmrRecipients
:TmrRecipientWithRights
[]):Promise
<AddMultipleTmrAccessesResult
>
Add multiple 2-man-rule Accesses to an existing EncryptionSession
Parameters
tmrRecipients
Array of 2-man-rule authentication factors for which to create a tmrKey
Returns
Promise
<AddMultipleTmrAccessesResult
>
addRecipients()
addRecipients(
recipients
:RecipientsWithRights
,opts
?: {allowUnregisteredUsers
:boolean
;useCache
:boolean
; }):Promise
<AuthorizeRecipientResult
>
Add new recipients to this session. These recipients will be able to read all encrypted messages of this session.
Parameters
recipients
opts?
allowUnregisteredUsers
boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false
.
useCache
boolean
Returns
Promise
<AuthorizeRecipientResult
>
addSymEncKey()
addSymEncKey(
args
: {password
:string
;rawSecret
:string
;rawSymKey
:string
;rights
:UserRights
; }):Promise
<string
>
Adds a SymEncKey for this session, which allows to retrieve the session without being a recipient, and/or to self-add to the session.
You must pass either a password
, or both a rawSecret
and rawSymKey
.
Returns the id
of the newly added SymEncKey
.
Parameters
args
password
string
Optional. Derived automatically to a rawSecret
and a rawSymKey
.
rawSecret
string
Optional. For advanced use. Set a SymEncKey secret manually. Do not use both rawSecret
and password
, as password
is automatically derived into rawSecret
.
rawSymKey
string
Optional. For advanced use. Set a SymEncKey raw Symmetric key manually. Do not use both rawSymKey
and password
, as password
is automatically derived into rawSymKey
. MUST be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64.
rights
Optional. Rights to assign to this SymEncKey. Defaults to { read: true, forward: true, revoke: false }
.
Returns
Promise
<string
>
addTmrAccess()
addTmrAccess(
tmrRecipient
:TmrRecipientWithRights
):Promise
<string
>
Add a 2-man-rule Access to an existing EncryptionSession
Returns the id
of the newly added TmrAccess
.
Parameters
tmrRecipient
Returns
Promise
<string
>
changeRecipientsRights()
changeRecipientsRights(
recipients
:RecipientsWithRights
,opts
?: {allowUnregisteredUsers
:boolean
; }):Promise
<void
>
Change rights for recipients. These recipients must already be allowed on this session. You can add rights by setting them to true
, remove rights by setting them to false
. Unspecified rights will be left unchanged. To add a right, you must have the right in question plus the forward
right. To remove a right, you must have the revoke
right.
Parameters
recipients
opts?
allowUnregisteredUsers
boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false
.
Returns
Promise
<void
>
changeSymEncKeyRights()
changeSymEncKeyRights(
symEncKeyId
:string
,rights
:UserRights
):Promise
<void
>
Change rights for a SymEncKey. You can add rights by setting them to true
, remove rights by setting them to false
. Unspecified rights will be left unchanged. To add a right, you must have the right in question plus the forward
right. To remove a right, you must have the revoke
right.
Parameters
symEncKeyId
string
rights
Returns
Promise
<void
>
decryptFile()
decryptFile<
T
>(encryptedFile
:T
,progressCallback
?: (progress
:number
) =>void
,fileSize
?:number
):Promise
<{data
:T
extendsArrayBuffer
|Uint8Array
<ArrayBufferLike
> |Buffer
<ArrayBufferLike
> ?Buffer
<ArrayBufferLike
> :T
;filename
:string
;sessionId
:string
;size
:number
;type
:FileType
; }>
Decrypts an encrypted file
Type Parameters
• T extends string
| Blob
| ReadableStream
<any
> | Readable
| Buffer
<ArrayBufferLike
>
Parameters
encryptedFile
T
progressCallback?
(progress
: number
) => void
Optional. Progress callback. The progress is given between 0 and 1.
fileSize?
number
Optional. Size of the file to decrypt. Needed when using progressCallback with a ReadableStream or NodeReadable as input type.
Returns
Promise
<{data
: T
extends ArrayBuffer
| Uint8Array
<ArrayBufferLike
> | Buffer
<ArrayBufferLike
> ? Buffer
<ArrayBufferLike
> : T
;filename
: string
;sessionId
: string
;size
: number
;type
: FileType
; }>
data
data:
T
extendsArrayBuffer
|Uint8Array
<ArrayBufferLike
> |Buffer
<ArrayBufferLike
> ?Buffer
<ArrayBufferLike
> :T
filename
filename:
string
sessionId
sessionId:
string
size
size:
number
type
type:
FileType
decryptMessage()
decryptMessage(
encryptedMessage
:string
,options
?: {raw
:boolean
; }):Promise
<string
>
Decrypts an encrypted message string into the corresponding clear-text string.
Parameters
encryptedMessage
string
options?
raw
boolean
Optional. Whether or not the message was encrypted raw. Defaults to false
.
Returns
Promise
<string
>
deleteSymEncKey()
deleteSymEncKey(
symEncKeyId
:string
):Promise
<void
>
@deprecated. Use session.revokeRecipients()
Deletes a SymEncKey from this session.
Parameters
symEncKeyId
string
Returns
Promise
<void
>
encryptFile()
encryptFile<
T
>(clearFile
:T
,filename
:string
,opts
?: {fileSize
:number
;progressCallback
: (p
:number
) =>void
; }):Promise
<T
extendsArrayBuffer
|Uint8Array
<ArrayBufferLike
> |Buffer
<ArrayBufferLike
> ?Buffer
<ArrayBufferLike
> :T
>
Encrypts a file
Type Parameters
• T extends string
| ArrayBuffer
| Uint8Array
<ArrayBufferLike
> | Blob
| ReadableStream
<any
> | Readable
| Buffer
<ArrayBufferLike
>
Parameters
clearFile
T
filename
string
Name of the file. Max 256 characters long.
opts?
fileSize
number
Optional. Needed when using stream.
progressCallback
(p
: number
) => void
Optional. Progress callback. The progress is given between 0 and 1.
Returns
Promise
<T
extends ArrayBuffer
| Uint8Array
<ArrayBufferLike
> | Buffer
<ArrayBufferLike
> ? Buffer
<ArrayBufferLike
> : T
>
encryptMessage()
encryptMessage(
clearString
:string
,options
?: {raw
:boolean
; }):Promise
<string
>
Encrypts a clear-text string into an encrypted message, for the recipients of this session.
Parameters
clearString
string
options?
raw
boolean
Optional. Whether to include or not the sessionID in the encrypted string. If set to true, the encrypted string cannot be used to retrieve the encryption session. Defaults to false
.
Returns
Promise
<string
>
listRecipients()
listRecipients():
Promise
<RecipientsList
>
Retrieve the list of recipients.
You need to have the 'forward'
right on this session to list recipients besides yourself.
Returns
Promise
<RecipientsList
>
listSymEncKeys()
listSymEncKeys():
Promise
<{id
:string
;rights
:UserRights
; }[]>
@deprecated. Use session.listRecipients()
instead List all SymEncKeys added to this session.
Returns
Promise
<{id
: string
;rights
: UserRights
; }[]>
listTmrAccesses()
listTmrAccesses(
options
?: {all
:boolean
;page
:number
; }):Promise
<TmrAccess
[]>
@deprecated. Use session.listRecipients()
instead List TMR accesses for a given EncryptionSession
Parameters
options?
all
boolean
Optional. Return all pages at once.
page
number
Returns
Promise
<TmrAccess
[]>
revoke()
revoke():
Promise
<RevokeResult
>
Entirely revoke this session. You can only do it if you are this session's administrator.
Returns
Promise
<RevokeResult
>
revokeRecipients()
revokeRecipients(
recipients
:RecipientsToRevoke
,opts
?: {allowUnregisteredUsers
:boolean
; }):Promise
<RevokeResult
>
Revoke recipients from this session. You can only do it if you added these recipients yourself, or if you are this session's administrator.
Parameters
recipients
opts?
allowUnregisteredUsers
boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false
.
Returns
Promise
<RevokeResult
>
serialize()
serialize():
string
Serialize session to a string. This is for advanced use. May be used to keep sessions in a cache. WARNING: a user could use this cache to work around being revoked. Use with caution. WARNING: if the cache is accessible to another user, they could use it to decrypt messages they are not supposed to have access to. Make sure only the current user in question can access this cache, for example by encrypting it.
Returns
string
setManagingGroup()
setManagingGroup(
groupId
:string
,user
?:Recipients
):Promise
<{status
:"ok"
; }>
DEPRECATED: assign revoke rights to the group instead.
Give the rights to manage this session with the same rights as the given user to anyone belonging to given group. A common way to use this, and the default, is to set user = group
: this allows any member of the group to act as the owner of the group's MessageAccess
Warning : this can only be done by the user who created the session. If it is done by anyone else, the behavior is not guaranteed. Also, this will only have the expected behavior if the group is the only direct recipient of the session, which means that, during session creation, the group was the only recipient listed, and that encryptForSelf
was set to false
.
Parameters
groupId
string
user?
Must be one of your descendants, possibly the group itself. Defaults to the group
Returns
Promise
<{status
: "ok"
; }>
status
status:
"ok"