Interface: SealdSDK ​

Contents ​

• Properties
  • apiURL
  • appId
  • encryptionSessionCache
  • encryptionSessionCacheCleanupInterval
  • encryptionSessionCacheTTL
  • eventBus
  • goatee
  • hairlessURL
  • intervals
  • keySize
  • numberPreGeneratedIdentityKeys
  • sscrypto
  • utils
  • version
• Methods
  • addGroupMembers()
  • addMissingKeys()
  • checkGroupSelfAddSecret()
  • checkSigchainHash()
  • close()
  • convertTmrAccesses()
  • createEncryptionSession()
  • createGroup()
  • createSubIdentity()
  • decryptFile()
  • decryptMessage()
  • deleteGroup()
  • dropDatabase()
  • encryptFile()
  • encryptMessage()
  • exportIdentity()
  • getCurrentAccountInfo()
  • getRSAKeyPromise()
  • getSigchainHash()
  • heartbeat()
  • importIdentity()
  • initialize()
  • initiateIdentity()
  • listBackupKeys()
  • listGroupMembers()
  • listGroups()
  • preGenerateIdentityKeys()
  • prepareRenew()
  • pullPreGeneratedIdentityKeyFromPool()
  • pushJwt()
  • pushPreGeneratedIdentityKeyToPool()
  • registrationStatus()
  • removeGroupMembers()
  • renewGroupKey()
  • renewKey()
  • retrieveEncryptionSession()
  • retrieveEncryptionSessionByTmr()
  • retrieveEncryptionSessionWithSymEncKey()
  • retrieveMultipleEncryptionSessions()
  • selfAddGroup()
  • selfAddToEncryptionSessionWithSymEncKey()
  • setGroupAdmin()
  • setGroupAdmins()
  • setGroupSelfAddSecret()
  • setLogLevel()
  • startIntervals()
  • stopIntervals()
  • updateContacts()
  • updateCurrentDevice()

Properties ​

apiURL ​

apiURL: string

apiURL with which this SealdSDK instance was created. URL of the Seald API Servers to which it should connect.

appId ​

appId: string

appId with which this SealdSDK instance was created.

encryptionSessionCache ​

encryptionSessionCache: EncryptionSessionCache

Cache object to store encryption sessions

encryptionSessionCacheCleanupInterval ​

encryptionSessionCacheCleanupInterval: number

The cleanup interval of encryptionSession cache.

encryptionSessionCacheTTL ​

encryptionSessionCacheTTL: number

The lifetime of encryptionSession cache.

eventBus ​

eventBus: Emittery<Record<PropertyKey, any>, Record<PropertyKey, any> & _OmnipresentEventData, DatalessEventNames<Record<PropertyKey, any>>>

Event bus. See https://github.com/sindresorhus/emittery

goatee ​

goatee: any

Full Goatee library. For advanced use. See Goatee documentation, ask Seald Team.

hairlessURL ​

hairlessURL: string

hairlessURL with which this SealdSDK instance was created. URL of the Seald external decryption interface with which non-Seald users can decrypt documents.

intervals ​

intervals: Object

Directly exposing the functions called periodically by "startIntervals". These functions cannot throw, so they are safe to "fire and forget": it's not necessary to await them.

Type declaration ​

checkMissingKeys() ​

Check if there are missing message keys for some of the current user's devices, and if so re-encrypts them.

Returns ​

Promise<void>

heartbeat() ​

Send a heartbeat to the server. Contrary to sdk.heartbeat(), this version of the heartbeat cannot throw: it will only print a warning in case of error.

Returns ​

Promise<void>

keySize ​

keySize: 1024 | 2048 | 4096

The configured key size for newly generated asymmetric keys.

numberPreGeneratedIdentityKeys ​

numberPreGeneratedIdentityKeys: number

Get the number of pre-generated keys currently in the pool

sscrypto ​

sscrypto: SSCrypto

Full SSCrypto library. For advanced use. See SSCrypto documentation at https://github.com/seald/sscrypto

utils ​

utils: Object

Various utilities, for advanced use.

Type declaration ​

fetch ​

fetch: FetchFunction

The fetch implementation used by this SDK instance For advanced use.

scrypt ​

scrypt: SCrypt

SCrypt wrapper with reasonable parameters. For advanced use.

cleanEncryptionSessionCache() ​

Cleans the encryption session cache

Returns ​

Promise<void>

deserializeSession() ​

Deserialize a serialized session. For advanced use.

Parameters ​

• serialized: string

Returns ​

EncryptionSession

EncryptionSession

encodePassword() ​

Normalize and encode a string password into a Buffer. For advanced use.

Parameters ​

• password: string

Returns ​

Buffer

generateB64EncodedSymKey() ​

Generate a symmetric key, and return it as a Base64 encoded string.

The key generate here can then be used as databaseRawKey when instantiating the SDK, as rawOverEncryptionKey when creating TMR accesses, as rawSymKey when adding SymEncKey accesses, or as rawTwoManRuleKey in the ssks2MR plugin.

Returns ​

Promise<string>

getRecipients() ​

Manually parse a Recipients parameter into Seald and External recipients, as well as rights, into the format used internally by Goatee. For advanced use.

Parameters ​

• recipients: RecipientsWithRights

• opts?: Object

• opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

Returns ​

Promise<Object>

hairlessRecipients ​

hairlessRecipients: EntrustedRecipient[]

recipients ​

recipients: string[]

rights ​

rights: Record<string, UserRights>

parseUserLicenseToken() ​

Parse a given userLicenseToken. For advanced use.

Parameters ​

• userLicenseToken: string

Returns ​

Object

domainValidationKeyId ​

domainValidationKeyId: string

nonce ​

nonce: string

token ​

token: string

readKeyBackup() ​

Read the internal key backup. For advanced use.

Returns ​

Promise<Buffer>

retrieveEncryptionSessionId() ​

Retrieve an encryption session id

Type parameters ​

• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters ​

• args: Object

• args.encryptedFile?: T

Optional. Arbitrary encrypted file from the session to retrieve.

• args.encryptedMessage?: string

Optional. Arbitrary encrypted message from the session to retrieve.

Returns ​

Promise<string>

writeKeyBackup() ​

Write the internal key backup. For advanced use.

Parameters ​

• encryptedKeyBackup: ArrayBuffer | Uint8Array | Buffer

Returns ​

Promise<void>

version ​

version: string

The SDK version

Methods ​

addGroupMembers() ​

addGroupMembers(groupId, newMembers, newAdmins?, silentKeyRenew?): Promise<void>

Add members to a group. Can only be done by a group administrator. Can also specify which of these group members should also be admins.

Parameters ​

• groupId: string

id of the group

• newMembers: Recipients

id of members to add

• newAdmins?: Recipients

id of new members to also add as admins. This must be a subset of newMembers

• silentKeyRenew?: boolean

Should renew the group key if needed, and the user is administrator of the group . Default to true.

Returns ​

Promise<void>

addMissingKeys() ​

addMissingKeys(deviceId, retryOptions?): void

Trigger the re-encryption of missing message keys for the given deviceId. This function does not return a promise. It only triggers the re-encryption. To be notified of the end of the re-encryption, you must wait for the 'addMissingKeys-done' event on the event-bus. For example: const { deviceId, failed, done, error } = await sdk.eventBus.once('addMissingKeys-done')

Parameters ​

• deviceId: string

• retryOptions?: Object

Optional.

• retryOptions.nRetries?: number

Optional. How many times to retry. Defaults to 3.

• retryOptions.waitBetweenRetries?: number

Optional. Time to wait between retries in milliseconds. Defaults to 30000ms = 30 seconds.

Returns ​

void

checkGroupSelfAddSecret() ​

checkGroupSelfAddSecret(groupId): Promise<boolean>

Check if a self-add secret is set for a given group. Only accessible to group admins.

Parameters ​

• groupId: string

Returns ​

Promise<boolean>

checkSigchainHash() ​

checkSigchainHash(recipient, sigchainHash, opts?): Promise<Object>

Verify if a hash is included in the recipient sigchain. Use the position option to check the hash of a specific sigchain transaction.

Parameters ​

• recipient: Recipients

• sigchainHash: string

• opts?: Object

• opts.position?: number

position of the sigchain transaction against which to check the hash.

Returns ​

Promise<Object>

lastPosition ​

lastPosition: number

position ​

position: number

close() ​

close(): Promise<void>

Close the database. After this, this SDK instance will no longer be usable. This also calls stopIntervals.

Returns ​

Promise<void>

convertTmrAccesses() ​

convertTmrAccesses(tmrJWT, rawOverEncryptionKey, options?): Promise<Object>

Convert all TMR accesses addressed to a given auth factor and matching specified filters to classic message keys. All TMR accesses matching the specified filters must have been encrypted with the same rawOverEncryptionKey.

Parameters ​

• tmrJWT: string

The JWT given at 2FA

• rawOverEncryptionKey: string

The 2-man-rule key. This MUST be a cryptographically random string of 64 bytes B64 encoded.

• options?: Object

• options.createdById?: string

If specified, Seald ID of the user who created the TMR accesses to get

• options.deleteOnConvert?: boolean

Delete the 2-man-rule keys after conversion. Defaults to true.

• options.sessionId?: string

If specified, ID of the message for which to get TMR accesses

• options.tmrAccessId?: string

If specified, ID of the TMR accesses to get

Returns ​

Promise<Object>

errored ​

errored: Record<string, Object>

succeeded ​

succeeded: Record<string, string[]>

createEncryptionSession() ​

createEncryptionSession(recipients, opts?): Promise<EncryptionSession>

Create an encryption session, with which you can then encrypt / decrypt multiple messages.

Parameters ​

• recipients: RecipientsWithRights

Recipients for whom to encrypt.

• opts?: Object

Optional.

• opts.allowDownload?: boolean

Optional. Whether or not to allow non-seald recipients with an email address to download a clear version of the file. Defaults to false.

• opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

• opts.encryptForSelf?: boolean

Optional. Whether or not to include the current account as recipient. Defaults to true

• opts.metadata?: string

Optional. Arbitrary metadata string, not encrypted, for later reference. Max 1024 characters long.

• opts.selfDestructDate?: string

Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.

• opts.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<EncryptionSession>

createGroup() ​

createGroup(args): Promise<Object>

Create a group

Parameters ​

• args: Object

• args.admins: Recipients

Administrators of the group. Administrators must also be members. It must include yourself.

• args.customGroupSymKey?: string

Optional. For advanced use. Set a custom group SymKey manually. Do not use both customGroupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64.

• args.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

• args.groupName: string

Group name. Max 64 characters long.

• args.members: Recipients

Members of the group. It must include yourself.

• args.selfAddPassword?: string

Optional. Pass this if you want to enable self-add to this group. Derived automatically to a selfAddSecret and a customGroupSymKey. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. Useful if you want to pass it out-of-band to other users to use the self-add.

• args.selfAddSecret?: string

Optional. For advanced use. Set a self-add secret manually. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.

Returns ​

Promise<Object>

groupName ​

groupName: string

id ​

id: string

createSubIdentity() ​

createSubIdentity(opts?): Promise<Object>

Create a sub-identity for the current identity, for example to use on another device. The created sub-identity Buffer can then be imported into another SDK instance using sdk.importIdentity.

A re-encryption of existing message keys must happen for the new sub-identity to be able to decrypt existing messages for this account:

• If you do not pass any argument, or pass shouldReencrypt: true, it will happen automatically
• Otherwise, you must trigger addMissingKeys with the newly created deviceId, in order for the re-encryption to happen.

Parameters ​

• opts?: Object

Optional.

• opts.deviceName?: string

Optional. Name of the new device. Max 36 characters long.

• opts.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

• opts.nRetries?: number

Optional. How many times to retry re-encryption. Defaults to 3.

• opts.shouldReencrypt?: boolean

Optional. Should trigger the re-encryption of missing message keys for the newly created device. Defaults to true.

• opts.waitBetweenRetries?: number

Optional. Time to wait between retries in milliseconds. Defaults to 30000ms = 30 seconds.

Returns ​

Promise<Object>

deviceId ​

deviceId: string

identity ​

identity: Buffer

decryptFile() ​

decryptFile<T>(encryptedFile, opts?): Promise<Object>

Decrypt an encrypted file.

Type parameters ​

• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters ​

• encryptedFile: T

File to decrypt. Can be either a binary string, a Blob, a Buffer, or a stream. The function will return the decrypted file in same format.

• opts?: Object

Optional.

• opts.fileSize?: number

Optional. Size of the file to decrypt. Needed when using progressCallback with a ReadableStream or NodeReadable as input type.

• opts.lookupGroupKey?: boolean

should check for group rights

• opts.lookupProxyKey?: boolean

should check for proxy rights

• opts.progressCallback?: (progress) => void

• opts.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<Object>

data ​

data: T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T

filename ​

filename: string

sessionId ​

sessionId: string

size ​

size: number

type ​

type: FileType

decryptMessage() ​

decryptMessage(encryptedString, opts?): Promise<string>

Decrypt a message.

Parameters ​

• encryptedString: string

• opts?: Object

Optional.

• opts.lookupGroupKey?: boolean

should check for group rights

• opts.lookupProxyKey?: boolean

should check for proxy rights

• opts.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<string>

deleteGroup() ​

deleteGroup(groupId): Promise<void>

Delete a group

Parameters ​

• groupId: string

Returns ​

Promise<void>

dropDatabase() ​

dropDatabase(): Promise<void>

Drop local database, and delete locally saved backup key. It will also reset the current SDK instance. Call sdk.initialize() or sdk.initiateIdentity() afterward to continue with this sealdSDK instance.

Returns ​

Promise<void>

encryptFile() ​

encryptFile<T>(clearFile, filename, recipients, opts?): Promise<T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T>

Encrypt a file.

Type parameters ​

• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters ​

• clearFile: T

File to encrypt. Can be either a binary string, a Blob, a Buffer, or a stream. The function will return the encrypted file in same format.

• filename: string

Name of the file. Max 256 characters long.

• recipients: RecipientsWithRights

Recipients for whom to encrypt

• opts?: Object

• opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

• opts.encryptForSelf?: boolean

Optional. Whether or not to include the current account as recipient. Defaults to true

• opts.fileSize?: number

Optional. Size of the file to encrypt. Must be specified for ReadableStream and NodeReadable.

• opts.metadata?: string

Optional. Arbitrary metadata string, not encrypted, for later reference. Takes filename as default value, use '' to override. Max 1024 characters long.

• opts.progressCallback?: (progress) => void

• opts.selfDestructDate?: string

Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.

Returns ​

Promise<T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T>

Example ​

// Encrypt a string for another user of the app
const encryptedString = await seald.encryptFile(
  'Secret file content',
  'SecretFile.txt',
  { userIds: ['Other-User'] }
)

// Encrypt a Buffer for a Seald user
const encryptedBuffer = await seald.encryptFile(
  Buffer.from('Secret file content'),
  'SecretFile.txt',
  { sealdIds: [otherUserSealdId] }
)

// Encrypt a Blob for an external user
const encryptedBlob = await seald.encryptFile(
  new Blob(['Secret file content']),
  'SecretFile.txt',
  { emails: ['external@domain.com'] }
)

// Encrypt a string for another user of the app
const encryptedString = await seald.encryptFile(
  'Secret file content',
  'SecretFile.txt',
  { userIds: ['Other-User'] }
)

// Encrypt a Buffer for a Seald user
const encryptedBuffer = await seald.encryptFile(
  Buffer.from('Secret file content'),
  'SecretFile.txt',
  { sealdIds: [otherUserSealdId] }
)

// Encrypt a Blob for an external user
const encryptedBlob = await seald.encryptFile(
  new Blob(['Secret file content']),
  'SecretFile.txt',
  { emails: ['external@domain.com'] }
)

encryptMessage() ​

encryptMessage(clearString, recipients, opts?): Promise<string>

Encrypt a message.

Parameters ​

• clearString: string

• recipients: RecipientsWithRights

• opts?: Object

Optional.

• opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

• opts.encryptForSelf?: boolean

Optional. Whether or not to include the current account as recipient. Defaults to true

• opts.metadata?: string

Optional.Arbitrary metadata string, not encrypted, for later reference. Max 1024 characters long.

• opts.raw?: boolean

Optional. Whether to include or not the sessionID in the encrypted string. If set to true, the encrypted string cannot be used to retrieve the encryption session. Defaults to false.

• opts.selfDestructDate?: string

Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.

Returns ​

Promise<string>

exportIdentity() ​

exportIdentity(): Promise<Buffer>

Export the current identity, to handle it manually

Returns ​

Promise<Buffer>

getCurrentAccountInfo() ​

getCurrentAccountInfo(): Promise<AccountInfo>

Get account info of current SDK instance.

Returns ​

Promise<AccountInfo>

getRSAKeyPromise() ​

getRSAKeyPromise(size?): Promise<string>

Function which create a promise that resolves to a newly generated b64 encoded RSA key.

Parameters ​

• size?: 1024 | 2048 | 4096

Returns ​

Promise<string>

getSigchainHash() ​

getSigchainHash(recipient?, opts?): Promise<Object>

Get hash of a user last sigchain transaction. If no recipient is given, return the current user hash.

Parameters ​

• recipient?: Recipients

• opts?: Object

• opts.position?: number

get the hash at the given position. Default to last transaction

Returns ​

Promise<Object>

hash ​

hash: string

position ​

position: number

sealdId ​

sealdId: string

heartbeat() ​

heartbeat(): Promise<void>

Send a heartbeat to the server.

Returns ​

Promise<void>

importIdentity() ​

importIdentity(identity): Promise<AccountInfo>

Import identity manually

Parameters ​

• identity: ArrayBuffer | Uint8Array | Buffer

Returns ​

Promise<AccountInfo>

initialize() ​

initialize(): Promise<void>

Initialize the SDK. Must be called before any other method. Resolves when the initialization is done, and you can use the Seald SDK. If you use a persistent DB and do not know the registration status for certain, you may want to run sdk.registrationStatus after initialize, to check if you are in the 'no-account' or 'registered' state.

Returns ​

Promise<void>

initiateIdentity() ​

initiateIdentity(args): Promise<AccountInfo>

Create the account for the first time.

Parameters ​

• args: Object

• args.displayName?: string

Name to display this user under on the dashboard. Defaults to userId.

• args.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

• args.signupJWT?: string

JWT to allow the current user to join your app's Seald Team. Must be generated by your server.

• args.userId?: string

Deprecated. The unique ID of the current user inside your app. It will be used to identify this user. Required if you use a userLicenseToken. Forbidden if you use a signupJWT.

• args.userLicenseToken?: string

Deprecated. The license token to allow the current user to join your app's Seald Team. Must be generated by your server.

Returns ​

Promise<AccountInfo>

listBackupKeys() ​

listBackupKeys(acceptBackupKeys?): Promise<Object[]>

List admin backup keys

Parameters ​

• acceptBackupKeys?: boolean

Returns ​

Promise<Object[]>

listGroupMembers() ​

listGroupMembers(groupId): Promise<Object[]>

List members of a group

Parameters ​

• groupId: string

Returns ​

Promise<Object[]>

listGroups() ​

listGroups(args?): Promise<Object>

List all groups in team

Parameters ​

• args?: Object

Optional.

• args.all?: boolean

Optional. Return all pages at once.

• args.mine?: boolean

Optional. Show only groups of which the current user is a member

• args.page?: number

Optional.

Returns ​

Promise<Object>

lastPage ​

lastPage: number

results ​

results: Object[]

preGenerateIdentityKeys() ​

preGenerateIdentityKeys(n?): void

Pre-generate identity keys and add them to the pool. Pre-generation is started for all keys as soon as this function is called. Keys are always added at the end of the pool, and used from the beginning of the pool.

Pre-generated identity keys will be used to accelerate all functions which need new identity keys: initiateIdentity, createSubIdentity, createGroup, renewGroupKey, renewKey.

Parameters ​

• n?: number

Number of identity keys to pre-generate. Defaults to 1. Minimum 1. Maximum 10.

Returns ​

void

prepareRenew() ​

prepareRenew(): Promise<Buffer>

PrepareRenew prepare a private key renewal, so it can be stored on SSKS without risk of loss during the actual renew

Returns ​

Promise<Buffer>

pullPreGeneratedIdentityKeyFromPool() ​

pullPreGeneratedIdentityKeyFromPool(): PreGeneratedIdentityKey

Retrieve an identity key from the pool. If none are available, this will return null. Key is retrieved from the beginning of the pool.

Returns ​

PreGeneratedIdentityKey

pushJwt() ​

pushJwt(jwt): Promise<Object>

Use a JWT on the current identity

Parameters ​

• jwt: string

JWT to use. Must be generated by your server.

Returns ​

Promise<Object>

joinedTeam ​

joinedTeam: boolean

userId? ​

userId?: string

pushPreGeneratedIdentityKeyToPool() ​

pushPreGeneratedIdentityKeyToPool(key): void

Add a previously retrieved identity key into the pool. Key is added at the end of the pool.

Parameters ​

• key: PreGeneratedIdentityKey

Returns ​

void

registrationStatus() ​

registrationStatus(): Promise<"no-account" | "no-team" | "registered">

Returns the registration status of the SDK instance. In the SDK, you should only get the values 'no-account' or 'registered'.

The state 'no-team' is deprecated, and should never be returned.

Returns ​

Promise<"no-account" | "no-team" | "registered">

removeGroupMembers() ​

removeGroupMembers(groupId, membersToRemove, silentKeyRenew?): Promise<void>

Remove members from a group. Can only be done by a group administrator. You should call renewGroupKey after this.

Parameters ​

• groupId: string

id of the group

• membersToRemove: Recipients

id of members to add

• silentKeyRenew?: boolean

Should renew the group key if needed, and the user is administrator of the group . Default to true.

Returns ​

Promise<void>

renewGroupKey() ​

renewGroupKey(groupId, options?): Promise<void>

Renew group private key. Should be called after removing members.

Parameters ​

• groupId: string

id of the group

• options?: Object

• options.customGroupSymKey?: string

Optional. For advanced use. Set a custom group SymKey manually. Do not use both customGroupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64. MUST be the same as the one used during the group creation.

• options.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

• options.selfAddPassword?: string

Optional. Derived automatically to a customGroupSymKey. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. Useful if you want to pass it out-of-band to other users to use the self-add. MUST be the same as the one used during the group creation.

Returns ​

Promise<void>

renewKey() ​

renewKey(opts?): Promise<void>

Renew the key of this Identity. In order to avoid any failure, we recommande to first use sdk.prepareRenew(), then save the prepared renewal on SSKS, and finally call sdk.renewKey({ preparedRenewal }).

Be careful, if this Identity is stored on SSKS or with another plugin, you will have to store it again, as the old one will not be valid anymore.

Parameters ​

• opts?: Object

• opts.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

• opts.preparedRenewal?: Buffer

Optional. A prepared renewal created using sdk.prepareRenew.

Returns ​

Promise<void>

retrieveEncryptionSession() ​

retrieveEncryptionSession<T>(args): Promise<EncryptionSession>

Retrieve an encryption session, with which you can then encrypt / decrypt multiple messages, either with an encrypted message of this session, or with the sessionId.

Type parameters ​

• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters ​

• args: Object

• args.encryptedFile?: T

Optional. Arbitrary encrypted file from the session to retrieve.

• args.encryptedMessage?: string

Optional. Arbitrary encrypted message from the session to retrieve.

• args.lookupGroupKey?: boolean

should check for group rights

• args.lookupProxyKey?: boolean

should check for proxy rights

• args.sessionId?: string

Optional. sessionId of the session to retrieve.

• args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<EncryptionSession>

retrieveEncryptionSessionByTmr() ​

retrieveEncryptionSessionByTmr(sessionId, tmrJWT, rawOverEncryptionKey, options?): Promise<EncryptionSession>

Retrieve an EncryptionSession with Two Man Rule. If your Auth Factor has multiple TMR accesses for this message ID, you have to specify filters, or set tryIfMultiple to true.

Parameters ​

• sessionId: string

• tmrJWT: string

The JWT given at 2FA

• rawOverEncryptionKey: string

The 2-man-rule key. This MUST be a cryptographically random string of 64 bytes B64 encoded.

• options?: Object

• options.createdById?: string

If specified, Seald ID of the user who created the TMR accesses to get

• options.tmrAccessId?: string

If specified, ID of the TMR Message Key to get

• options.tryIfMultiple?: boolean

If multiple TMR accesses are found matching the given criteria, try them all if true, throw an error if false.

• options.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<EncryptionSession>

retrieveEncryptionSessionWithSymEncKey() ​

retrieveEncryptionSessionWithSymEncKey(args): Promise<EncryptionSession>

Retrieve an encryption session, with which you can then encrypt / decrypt multiple messages, with the sessionId and a SymEncKey.

You must pass either symEncKeyPassword, or both symEncKeyRawSecret and symEncKeyRawSymKey.

Parameters ​

• args: Object

• args.sessionId: string

sessionId of the session to retrieve.

• args.symEncKeyId: string

The symEncKeyId of the SymEncKey to use to retrieve the EncryptionSession.

• args.symEncKeyPassword?: string

The password used to create this SymEncKey.

• args.symEncKeyRawSecret?: string

The rawSecret used to create this SymEncKey.

• args.symEncKeyRawSymKey?: string

The rawSymKey used to create this SymEncKey.

• args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<EncryptionSession>

retrieveMultipleEncryptionSessions() ​

retrieveMultipleEncryptionSessions<T>(toRetrieve, args?): Promise<EncryptionSession[]>

Retrieve multiple encryption sessions.

The returned array of EncryptionSessions is in the same order as the input array.

Type parameters ​

• T extends string | Blob | ReadableStream<any> | Readable | Buffer

Parameters ​

• toRetrieve: Object[]

• args?: Object

• args.lookupGroupKey?: boolean

should check for group rights

• args.lookupProxyKey?: boolean

should check for proxy rights

• args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<EncryptionSession[]>

selfAddGroup() ​

selfAddGroup(groupId, args): Promise<void>

Add self to a group with a self-add secret.

Parameters ​

• groupId: string

• args: Object

Optional.

• args.groupSymKey?: string

Optional. For advanced use. Set a custom group SymKey manually. Do not use both groupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64. MUST be the same as the one used during the group creation, and during every group keys renewal.

• args.selfAddPassword?: string

Optional. Derived automatically to a selfAddSecret. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. MUST be the same as the one used during the group creation.

• args.selfAddSecret?: string

Optional. For advanced use. Pass a self-add secret manually. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.

Returns ​

Promise<void>

selfAddToEncryptionSessionWithSymEncKey() ​

selfAddToEncryptionSessionWithSymEncKey(args): Promise<EncryptionSession>

Self-add to an encryption session, and return it, with the sessionId and a SymEncKey.

You can only call this if the SymEncKey has the forward right.

You must pass either symEncKeyPassword, or both symEncKeyRawSecret and symEncKeyRawSymKey.

Parameters ​

• args: Object

• args.rights?: UserRights

Rights to assign to yourself on this session. Cannot contain rights that the SymEncKey does not have. Defaults to { read: true, forward: true, revoke: false }.

• args.sessionId: string

sessionId of the session to retrieve.

• args.symEncKeyId: string

The symEncKeyId of the SymEncKey to use to retrieve the EncryptionSession.

• args.symEncKeyPassword?: string

The password used to create this SymEncKey.

• args.symEncKeyRawSecret?: string

The rawSecret used to create this SymEncKey.

• args.symEncKeyRawSymKey?: string

The rawSymKey used to create this SymEncKey.

• args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns ​

Promise<EncryptionSession>

setGroupAdmin() ​

setGroupAdmin(groupId, groupMember, statusToSet): Promise<void>

Set admin status of a group member. Can only be done one recipient at a time. Can only be done by a group administrator. This is deprecated. Use setGroupAdmins instead.

Parameters ​

• groupId: string

• groupMember: Recipients

• statusToSet: boolean

Returns ​

Promise<void>

Deprecated ​

setGroupAdmins() ​

setGroupAdmins(groupId, groupMembers): Promise<void>

Set admin status of group members. Can only be done by a group administrator.

Parameters ​

• groupId: string

• groupMembers: Object

• groupMembers.addToAdmins?: Recipients

• groupMembers.removeFromAdmins?: Recipients

Returns ​

Promise<void>

setGroupSelfAddSecret() ​

setGroupSelfAddSecret(groupId, args): Promise<boolean>

Set or change a self-add secret for a given group. Set selfAddSecret to null to disable. You must pass either a selfAddSecret, or a selfAddPassword that will be derived into one. Only accessible to group admins.

Parameters ​

• groupId: string

• args: Object

Optional.

• args.selfAddPassword?: string

Optional. Derived automatically to a selfAddSecret. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. MUST be the same as the one used during the group creation.

• args.selfAddSecret?: string

Optional. Set to null to disable self-add for this group. Non-null values are for advanced use, to manually set a self-add secret. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.

Returns ​

Promise<boolean>

setLogLevel() ​

setLogLevel(logLevel): void

This sets the log level. logLevel must be a string of value silly, debug, info, warn, error, none, or a template of the format ${namespace_1}:${logLevel_for_namespace_1},${namespace_2}:${logLevel_for_namespace_2},.... This will set the log level for all SDK and AnonymousSDK instances, not only the current one.

Parameters ​

• logLevel: string

Returns ​

void

startIntervals() ​

startIntervals(): Promise<void>

Call the functions in "intervals", then setup intervals so they are called periodically. This function cannot throw, so it is safe to "fire and forget": it's not necessary to await it.

Returns ​

Promise<void>

stopIntervals() ​

stopIntervals(): void

Stop calling the functions in "intervals" periodically.

Returns ​

void

updateContacts() ​

updateContacts(r): Promise<void>

Update the local database for the specified recipients.

Parameters ​

• r: Recipients

Returns ​

Promise<void>

updateCurrentDevice() ​

updateCurrentDevice(): Promise<void>

Updates the locally known information about the current device.

You should never have to call this manually, except if you getting null in sealdAccountInfo.deviceExpires, which can happen if migrating from an older version of the SDK, or if the internal call to sdk.updateCurrentDevice failed when calling sdk.importIdentity.

Returns ​

Promise<void>