Interface: SealdSDK
Properties
apiURL
apiURL:
string
apiURL with which this SealdSDK instance was created. URL of the Seald API Servers to which it should connect.
appId
appId:
string
appId with which this SealdSDK instance was created.
encryptionSessionCache
encryptionSessionCache:
EncryptionSessionCache
Cache object to store encryption sessions
encryptionSessionCacheCleanupInterval
encryptionSessionCacheCleanupInterval:
number
The cleanup interval of encryptionSession cache.
encryptionSessionCacheTTL
encryptionSessionCacheTTL:
number
The lifetime of encryptionSession cache.
eventBus
eventBus:
Emittery<Record<PropertyKey,any>,Record<PropertyKey,any> &_OmnipresentEventData,DatalessEventNames<Record<PropertyKey,any>>>
Event bus. See https://github.com/sindresorhus/emittery
goatee
goatee:
any
Full Goatee library. For advanced use. See Goatee documentation, ask Seald Team.
hairlessURL
hairlessURL:
string
hairlessURL with which this SealdSDK instance was created. URL of the Seald external decryption interface with which non-Seald users can decrypt documents.
intervals
intervals:
object
Directly exposing the functions called periodically by "startIntervals". These functions cannot throw, so they are safe to "fire and forget": it's not necessary to await them.
checkMissingKeys()
Check if there are missing message keys for some of the current user's devices, and if so re-encrypts them.
Returns
Promise<void>
heartbeat()
Send a heartbeat to the server. Contrary to sdk.heartbeat(), this version of the heartbeat cannot throw: it will only print a warning in case of error.
Returns
Promise<void>
keySize
keySize:
1024|2048|4096
The configured key size for newly generated asymmetric keys.
numberPreGeneratedIdentityKeys
numberPreGeneratedIdentityKeys:
number
Get the number of pre-generated keys currently in the pool
sscrypto
sscrypto:
SSCrypto
Full SSCrypto library. For advanced use. See SSCrypto documentation at https://github.com/seald/sscrypto
utils
utils:
object
Various utilities, for advanced use.
fetch
fetch:
FetchFunction
The fetch implementation used by this SDK instance For advanced use.
scrypt
scrypt:
SCrypt
SCrypt wrapper with reasonable parameters. For advanced use.
cleanEncryptionSessionCache()
Cleans the encryption session cache of entries with expired lifetime.
Returns
Promise<void>
deserializeSession()
Deserialize a serialized session. For advanced use.
Parameters
• serialized: string
Returns
EncryptionSession
encodePassword()
Normalize and encode a string password into a Buffer. For advanced use.
Parameters
• password: string
Returns
Buffer
generateB64EncodedSymKey()
Generate a symmetric key, and return it as a Base64 encoded string.
The key generate here can then be used as databaseRawKey when instantiating the SDK, as rawOverEncryptionKey when creating TMR accesses, as rawSymKey when adding SymEncKey accesses, or as rawTwoManRuleKey in the ssks2MR plugin.
Returns
Promise<string>
getRecipients()
Manually parse a Recipients parameter into Seald and External recipients, as well as rights, into the format used internally by Goatee. For advanced use.
Parameters
• recipients: RecipientsWithRights
• opts?
• opts.allowUnregisteredUsers?: boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.
Returns
Promise<object>
hairlessRecipients
hairlessRecipients:
EntrustedRecipient[]
recipients
recipients:
string[]
rights
rights:
Record<string,UserRights>
parseUserLicenseToken()
Parse a given userLicenseToken. For advanced use.
Parameters
• userLicenseToken: string
Returns
object
domainValidationKeyId
domainValidationKeyId:
string
nonce
nonce:
string
token
token:
string
readKeyBackup()
Read the internal key backup. For advanced use.
Returns
Promise<Buffer>
retrieveEncryptionSessionId()
Retrieve an encryption session id
Type Parameters
• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer
Parameters
• args
• args.encryptedFile?: T
Optional. Arbitrary encrypted file from the session to retrieve.
• args.encryptedMessage?: string
Optional. Arbitrary encrypted message from the session to retrieve.
Returns
Promise<string>
writeKeyBackup()
Write the internal key backup. For advanced use.
Parameters
• encryptedKeyBackup: ArrayBuffer | Uint8Array | Buffer
Returns
Promise<void>
version
version:
string
The SDK version
Methods
addGroupMembers()
addGroupMembers(
groupId,newMembers,newAdmins?,silentKeyRenew?):Promise<void>
Add members to a group. Can only be done by a group administrator. Can also specify which of these group members should also be admins.
Parameters
• groupId: string
id of the group
• newMembers: Recipients
id of members to add
• newAdmins?: Recipients
id of new members to also add as admins. This must be a subset of newMembers
• silentKeyRenew?: boolean
Should renew the group key if needed, and the user is administrator of the group . Default to true.
Returns
Promise<void>
addMissingKeys()
addMissingKeys(
deviceId,retryOptions?):void
Trigger the re-encryption of missing message keys for the given deviceId. This function does not return a promise. It only triggers the re-encryption. To be notified of the end of the re-encryption, you must wait for the 'addMissingKeys-done' event on the event-bus. For example: const { deviceId, failed, done, error } = await sdk.eventBus.once('addMissingKeys-done')
Parameters
• deviceId: string
• retryOptions?
Optional.
• retryOptions.nRetries?: number
Optional. How many times to retry. Defaults to 3.
• retryOptions.waitBetweenRetries?: number
Optional. Time to wait between retries in milliseconds. Defaults to 30000ms = 30 seconds.
Returns
void
checkGroupSelfAddSecret()
checkGroupSelfAddSecret(
groupId):Promise<boolean>
Check if a self-add secret is set for a given group. Only accessible to group admins.
Parameters
• groupId: string
Returns
Promise<boolean>
checkSigchainHash()
checkSigchainHash(
recipient,sigchainHash,opts?):Promise<object>
Verify if a hash is included in the recipient sigchain. Use the position option to check the hash of a specific sigchain transaction.
Parameters
• recipient: Recipients
• sigchainHash: string
• opts?
• opts.position?: number
position of the sigchain transaction against which to check the hash.
Returns
Promise<object>
lastPosition
lastPosition:
number
position
position:
number
close()
close():
Promise<void>
Close the database. After this, this SDK instance will no longer be usable. This also calls stopIntervals.
Returns
Promise<void>
convertTmrAccesses()
convertTmrAccesses(
tmrJWT,rawOverEncryptionKey,options?):Promise<object>
Convert all TMR accesses addressed to a given auth factor and matching specified filters to classic message keys. All TMR accesses matching the specified filters must have been encrypted with the same rawOverEncryptionKey.
Parameters
• tmrJWT: string
The JWT given at 2FA
• rawOverEncryptionKey: string
The 2-man-rule key. This MUST be a cryptographically random string of 64 bytes B64 encoded.
• options?
• options.createdById?: string
If specified, Seald ID of the user who created the TMR accesses to get
• options.deleteOnConvert?: boolean
Delete the 2-man-rule keys after conversion. Defaults to true.
• options.sessionId?: string
If specified, ID of the message for which to get TMR accesses
• options.tmrAccessId?: string
If specified, ID of the TMR accesses to get
Returns
Promise<object>
errored
errored:
Record<string,object>
succeeded
succeeded:
Record<string,string[]>
createEncryptionSession()
createEncryptionSession(
recipients,opts?):Promise<EncryptionSession>
Create an encryption session, with which you can then encrypt / decrypt multiple messages.
Parameters
• recipients: RecipientsWithRights
Recipients for whom to encrypt.
• opts?
Optional.
• opts.allowDownload?: boolean
Optional. Whether or not to allow non-seald recipients with an email address to download a clear version of the file. Defaults to false.
• opts.allowUnregisteredUsers?: boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.
• opts.encryptForSelf?: boolean
Optional. Whether or not to include the current account as recipient. Defaults to true
• opts.metadata?: string
Optional. Arbitrary metadata string, not encrypted, for later reference. Max 1024 characters long.
• opts.selfDestructDate?: string
Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.
• opts.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<EncryptionSession>
createGroup()
createGroup(
args):Promise<object>
Create a group
Parameters
• args
• args.admins: Recipients
Administrators of the group. Administrators must also be members. It must include yourself.
• args.customGroupSymKey?: string
Optional. For advanced use. Set a custom group SymKey manually. Do not use both customGroupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64.
• args.expireAfter?: number
Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.
• args.groupName: string
Group name. Max 64 characters long.
• args.members: Recipients
Members of the group. It must include yourself.
• args.selfAddPassword?: string
Optional. Pass this if you want to enable self-add to this group. Derived automatically to a selfAddSecret and a customGroupSymKey. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. Useful if you want to pass it out-of-band to other users to use the self-add.
• args.selfAddSecret?: string
Optional. For advanced use. Set a self-add secret manually. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.
Returns
Promise<object>
groupName
groupName:
string
id
id:
string
createSubIdentity()
createSubIdentity(
opts?):Promise<object>
Create a sub-identity for the current identity, for example to use on another device. The created sub-identity Buffer can then be imported into another SDK instance using sdk.importIdentity.
A re-encryption of existing message keys must happen for the new sub-identity to be able to decrypt existing messages for this account:
- If you do not pass any argument, or pass
shouldReencrypt: true, it will happen automatically - Otherwise, you must trigger
addMissingKeyswith the newly createddeviceId, in order for the re-encryption to happen.
Parameters
• opts?
Optional.
• opts.deviceName?: string
Optional. Name of the new device. Max 36 characters long.
• opts.expireAfter?: number
Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.
• opts.nRetries?: number
Optional. How many times to retry re-encryption. Defaults to 3.
• opts.shouldReencrypt?: boolean
Optional. Should trigger the re-encryption of missing message keys for the newly created device. Defaults to true.
• opts.waitBetweenRetries?: number
Optional. Time to wait between retries in milliseconds. Defaults to 30000ms = 30 seconds.
Returns
Promise<object>
deviceId
deviceId:
string
identity
identity:
Buffer
decryptFile()
decryptFile<
T>(encryptedFile,opts?):Promise<object>
Decrypt an encrypted file.
Type Parameters
• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer
Parameters
• encryptedFile: T
File to decrypt. Can be either a binary string, a Blob, a Buffer, or a stream. The function will return the decrypted file in same format.
• opts?
Optional.
• opts.fileSize?: number
Optional. Size of the file to decrypt. Needed when using progressCallback with a ReadableStream or NodeReadable as input type.
• opts.lookupGroupKey?: boolean
should check for group rights
• opts.lookupProxyKey?: boolean
should check for proxy rights
• opts.progressCallback?
Optional. Progress callback. The progress is given between 0 and 1.
• opts.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<object>
data
data:
TextendsArrayBuffer|Uint8Array|Buffer?Buffer:T
filename
filename:
string
sessionId
sessionId:
string
size
size:
number
type
type:
FileType
decryptMessage()
decryptMessage(
encryptedString,opts?):Promise<string>
Decrypt a message.
Parameters
• encryptedString: string
• opts?
Optional.
• opts.lookupGroupKey?: boolean
should check for group rights
• opts.lookupProxyKey?: boolean
should check for proxy rights
• opts.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<string>
deleteGroup()
deleteGroup(
groupId):Promise<void>
Delete a group
Parameters
• groupId: string
Returns
Promise<void>
dropDatabase()
dropDatabase():
Promise<void>
Drop local database, and delete locally saved backup key. It will also reset the current SDK instance. Call sdk.initialize() or sdk.initiateIdentity() afterward to continue with this sealdSDK instance.
Returns
Promise<void>
encryptFile()
encryptFile<
T>(clearFile,filename,recipients,opts?):Promise<TextendsArrayBuffer|Uint8Array|Buffer?Buffer:T>
Encrypt a file.
Type Parameters
• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer
Parameters
• clearFile: T
File to encrypt. Can be either a binary string, a Blob, a Buffer, or a stream. The function will return the encrypted file in same format.
• filename: string
Name of the file. Max 256 characters long.
• recipients: RecipientsWithRights
Recipients for whom to encrypt
• opts?
• opts.allowUnregisteredUsers?: boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.
• opts.encryptForSelf?: boolean
Optional. Whether or not to include the current account as recipient. Defaults to true
• opts.fileSize?: number
Optional. Size of the file to encrypt. Must be specified for ReadableStream and NodeReadable.
• opts.metadata?: string
Optional. Arbitrary metadata string, not encrypted, for later reference. Takes filename as default value, use '' to override. Max 1024 characters long.
• opts.progressCallback?
Optional. Progress callback. The progress is given between 0 and 1.
• opts.selfDestructDate?: string
Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.
Returns
Promise<T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T>
Example
// Encrypt a string for another user of the app
const encryptedString = await seald.encryptFile(
'Secret file content',
'SecretFile.txt',
{ userIds: ['Other-User'] }
)
// Encrypt a Buffer for a Seald user
const encryptedBuffer = await seald.encryptFile(
Buffer.from('Secret file content'),
'SecretFile.txt',
{ sealdIds: [otherUserSealdId] }
)
// Encrypt a Blob for an external user
const encryptedBlob = await seald.encryptFile(
new Blob(['Secret file content']),
'SecretFile.txt',
{ emails: ['external@domain.com'] }
)encryptMessage()
encryptMessage(
clearString,recipients,opts?):Promise<string>
Encrypt a message.
Parameters
• clearString: string
• recipients: RecipientsWithRights
• opts?
Optional.
• opts.allowUnregisteredUsers?: boolean
Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.
• opts.encryptForSelf?: boolean
Optional. Whether or not to include the current account as recipient. Defaults to true
• opts.metadata?: string
Optional.Arbitrary metadata string, not encrypted, for later reference. Max 1024 characters long.
• opts.raw?: boolean
Optional. Whether to include or not the sessionID in the encrypted string. If set to true, the encrypted string cannot be used to retrieve the encryption session. Defaults to false.
• opts.selfDestructDate?: string
Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.
Returns
Promise<string>
exportIdentity()
exportIdentity():
Promise<Buffer>
Export the current identity, to handle it manually
Returns
Promise<Buffer>
getCurrentAccountInfo()
getCurrentAccountInfo():
Promise<AccountInfo>
Get account info of current SDK instance.
Returns
Promise<AccountInfo>
getRSAKeyPromise()
getRSAKeyPromise(
size?):Promise<string>
Function which create a promise that resolves to a newly generated b64 encoded RSA key.
Parameters
• size?: 1024 | 2048 | 4096
Returns
Promise<string>
getSigchainHash()
getSigchainHash(
recipient?,opts?):Promise<object>
Get hash of a user last sigchain transaction. If no recipient is given, return the current user hash.
Parameters
• recipient?: Recipients
• opts?
• opts.position?: number
get the hash at the given position. Default to last transaction
Returns
Promise<object>
hash
hash:
string
position
position:
number
sealdId
sealdId:
string
heartbeat()
heartbeat():
Promise<void>
Send a heartbeat to the server.
Returns
Promise<void>
importIdentity()
importIdentity(
identity):Promise<AccountInfo>
Import identity manually
Parameters
• identity: ArrayBuffer | Uint8Array | Buffer
Returns
Promise<AccountInfo>
initialize()
initialize():
Promise<void>
Initialize the SDK. Must be called before any other method. Resolves when the initialization is done, and you can use the Seald SDK. If you use a persistent DB and do not know the registration status for certain, you may want to run sdk.registrationStatus after initialize, to check if you are in the 'no-account' or 'registered' state.
Returns
Promise<void>
initiateIdentity()
initiateIdentity(
args):Promise<AccountInfo>
Create the account for the first time.
Parameters
• args
• args.displayName?: string
Name to display this user under on the dashboard. Defaults to userId.
• args.expireAfter?: number
Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.
• args.signupJWT?: string
JWT to allow the current user to join your app's Seald Team. Must be generated by your server.
• args.userId?: string
Deprecated. The unique ID of the current user inside your app. It will be used to identify this user. Required if you use a userLicenseToken. Forbidden if you use a signupJWT.
• args.userLicenseToken?: string
Deprecated. The license token to allow the current user to join your app's Seald Team. Must be generated by your server.
Returns
Promise<AccountInfo>
listBackupKeys()
listBackupKeys(
acceptBackupKeys?):Promise<object[]>
List admin backup keys
Parameters
• acceptBackupKeys?: boolean
Returns
Promise<object[]>
listGroupMembers()
listGroupMembers(
groupId):Promise<object[]>
List members of a group
Parameters
• groupId: string
Returns
Promise<object[]>
listGroups()
listGroups(
args?):Promise<object>
List all groups in team
Parameters
• args?
Optional.
• args.all?: boolean
Optional. Return all pages at once.
• args.mine?: boolean
Optional. Show only groups of which the current user is a member
• args.page?: number
Optional.
Returns
Promise<object>
lastPage
lastPage:
number
results
results:
object[]
preGenerateIdentityKeys()
preGenerateIdentityKeys(
n?):void
Pre-generate identity keys and add them to the pool. Pre-generation is started for all keys as soon as this function is called. Keys are always added at the end of the pool, and used from the beginning of the pool.
Pre-generated identity keys will be used to accelerate all functions which need new identity keys: initiateIdentity, createSubIdentity, createGroup, renewGroupKey, renewKey.
Parameters
• n?: number
Number of identity keys to pre-generate. Defaults to 1. Minimum 1. Maximum 10.
Returns
void
prepareRenew()
prepareRenew():
Promise<Buffer>
PrepareRenew prepare a private key renewal, so it can be stored on SSKS without risk of loss during the actual renew
Returns
Promise<Buffer>
pullPreGeneratedIdentityKeyFromPool()
pullPreGeneratedIdentityKeyFromPool():
PreGeneratedIdentityKey
Retrieve an identity key from the pool. If none are available, this will return null. Key is retrieved from the beginning of the pool.
Returns
pushJwt()
pushJwt(
jwt):Promise<object>
Use a JWT on the current identity
Parameters
• jwt: string
JWT to use. Must be generated by your server.
Returns
Promise<object>
joinedTeam
joinedTeam:
boolean
userId?
optionaluserId:string
pushPreGeneratedIdentityKeyToPool()
pushPreGeneratedIdentityKeyToPool(
key):void
Add a previously retrieved identity key into the pool. Key is added at the end of the pool.
Parameters
• key: PreGeneratedIdentityKey
Returns
void
registrationStatus()
registrationStatus():
Promise<"no-account"|"no-team"|"registered">
Returns the registration status of the SDK instance. In the SDK, you should only get the values 'no-account' or 'registered'.
The state 'no-team' is deprecated, and should never be returned.
Returns
Promise<"no-account" | "no-team" | "registered">
removeGroupMembers()
removeGroupMembers(
groupId,membersToRemove,silentKeyRenew?):Promise<void>
Remove members from a group. Can only be done by a group administrator. You should call renewGroupKey after this.
Parameters
• groupId: string
id of the group
• membersToRemove: Recipients
id of members to add
• silentKeyRenew?: boolean
Should renew the group key if needed, and the user is administrator of the group . Default to true.
Returns
Promise<void>
renewGroupKey()
renewGroupKey(
groupId,options?):Promise<void>
Renew group private key. Should be called after removing members.
Parameters
• groupId: string
id of the group
• options?
• options.customGroupSymKey?: string
Optional. For advanced use. Set a custom group SymKey manually. Do not use both customGroupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64. MUST be the same as the one used during the group creation.
• options.expireAfter?: number
Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.
• options.selfAddPassword?: string
Optional. Derived automatically to a customGroupSymKey. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. Useful if you want to pass it out-of-band to other users to use the self-add. MUST be the same as the one used during the group creation.
Returns
Promise<void>
renewKey()
renewKey(
opts?):Promise<void>
Renew the key of this Identity. In order to avoid any failure, we recommande to first use sdk.prepareRenew(), then save the prepared renewal on SSKS, and finally call sdk.renewKey({ preparedRenewal }).
Be careful, if this Identity is stored on SSKS or with another plugin, you will have to store it again, as the old one will not be valid anymore.
Parameters
• opts?
• opts.expireAfter?: number
Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.
• opts.preparedRenewal?: Buffer
Optional. A prepared renewal created using sdk.prepareRenew.
Returns
Promise<void>
retrieveEncryptionSession()
retrieveEncryptionSession<
T>(args):Promise<EncryptionSession>
Retrieve an encryption session, with which you can then encrypt / decrypt multiple messages, either with an encrypted message of this session, or with the sessionId.
Type Parameters
• T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer
Parameters
• args
• args.encryptedFile?: T
Optional. Arbitrary encrypted file from the session to retrieve.
• args.encryptedMessage?: string
Optional. Arbitrary encrypted message from the session to retrieve.
• args.lookupGroupKey?: boolean
should check for group rights
• args.lookupProxyKey?: boolean
should check for proxy rights
• args.sessionId?: string
Optional. sessionId of the session to retrieve.
• args.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<EncryptionSession>
retrieveEncryptionSessionByTmr()
retrieveEncryptionSessionByTmr(
sessionId,tmrJWT,rawOverEncryptionKey,options?):Promise<EncryptionSession>
Retrieve an EncryptionSession with Two Man Rule. If your Auth Factor has multiple TMR accesses for this message ID, you have to specify filters, or set tryIfMultiple to true.
Parameters
• sessionId: string
• tmrJWT: string
The JWT given at 2FA
• rawOverEncryptionKey: string
The 2-man-rule key. This MUST be a cryptographically random string of 64 bytes B64 encoded.
• options?
• options.createdById?: string
If specified, Seald ID of the user who created the TMR accesses to get
• options.tmrAccessId?: string
If specified, ID of the TMR Message Key to get
• options.tryIfMultiple?: boolean
If multiple TMR accesses are found matching the given criteria, try them all if true, throw an error if false.
• options.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<EncryptionSession>
retrieveEncryptionSessionWithSymEncKey()
retrieveEncryptionSessionWithSymEncKey(
args):Promise<EncryptionSession>
Retrieve an encryption session, with which you can then encrypt / decrypt multiple messages, with the sessionId and a SymEncKey.
You must pass either symEncKeyPassword, or both symEncKeyRawSecret and symEncKeyRawSymKey.
Parameters
• args
• args.sessionId: string
sessionId of the session to retrieve.
• args.symEncKeyId: string
The symEncKeyId of the SymEncKey to use to retrieve the EncryptionSession.
• args.symEncKeyPassword?: string
The password used to create this SymEncKey.
• args.symEncKeyRawSecret?: string
The rawSecret used to create this SymEncKey.
• args.symEncKeyRawSymKey?: string
The rawSymKey used to create this SymEncKey.
• args.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<EncryptionSession>
retrieveMultipleEncryptionSessions()
retrieveMultipleEncryptionSessions<
T>(toRetrieve,args?):Promise<EncryptionSession[]>
Retrieve multiple encryption sessions.
The returned array of EncryptionSessions is in the same order as the input array.
Type Parameters
• T extends string | Blob | ReadableStream<any> | Readable | Buffer
Parameters
• toRetrieve: object[]
• args?
• args.lookupGroupKey?: boolean
should check for group rights
• args.lookupProxyKey?: boolean
should check for proxy rights
• args.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<EncryptionSession[]>
selfAddGroup()
selfAddGroup(
groupId,args):Promise<void>
Add self to a group with a self-add secret.
Parameters
• groupId: string
• args
Optional.
• args.groupSymKey?: string
Optional. For advanced use. Set a custom group SymKey manually. Do not use both groupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64. MUST be the same as the one used during the group creation, and during every group keys renewal.
• args.selfAddPassword?: string
Optional. Derived automatically to a selfAddSecret. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. MUST be the same as the one used during the group creation.
• args.selfAddSecret?: string
Optional. For advanced use. Pass a self-add secret manually. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.
Returns
Promise<void>
selfAddToEncryptionSessionWithSymEncKey()
selfAddToEncryptionSessionWithSymEncKey(
args):Promise<EncryptionSession>
Self-add to an encryption session, and return it, with the sessionId and a SymEncKey.
You can only call this if the SymEncKey has the forward right.
You must pass either symEncKeyPassword, or both symEncKeyRawSecret and symEncKeyRawSymKey.
Parameters
• args
• args.rights?: UserRights
Rights to assign to yourself on this session. Cannot contain rights that the SymEncKey does not have. Defaults to { read: true, forward: true, revoke: false }.
• args.sessionId: string
sessionId of the session to retrieve.
• args.symEncKeyId: string
The symEncKeyId of the SymEncKey to use to retrieve the EncryptionSession.
• args.symEncKeyPassword?: string
The password used to create this SymEncKey.
• args.symEncKeyRawSecret?: string
The rawSecret used to create this SymEncKey.
• args.symEncKeyRawSymKey?: string
The rawSymKey used to create this SymEncKey.
• args.useCache?: boolean
Whether or not to use the cache (if enabled globally). Default to true.
Returns
Promise<EncryptionSession>
setGroupAdmin()
setGroupAdmin(
groupId,groupMember,statusToSet):Promise<void>
Set admin status of a group member. Can only be done one recipient at a time. Can only be done by a group administrator. This is deprecated. Use setGroupAdmins instead.
Parameters
• groupId: string
• groupMember: Recipients
• statusToSet: boolean
Returns
Promise<void>
Deprecated
setGroupAdmins()
setGroupAdmins(
groupId,groupMembers):Promise<void>
Set admin status of group members. Can only be done by a group administrator.
Parameters
• groupId: string
• groupMembers
• groupMembers.addToAdmins?: Recipients
• groupMembers.removeFromAdmins?: Recipients
Returns
Promise<void>
setGroupSelfAddSecret()
setGroupSelfAddSecret(
groupId,args):Promise<boolean>
Set or change a self-add secret for a given group. Set selfAddSecret to null to disable. You must pass either a selfAddSecret, or a selfAddPassword that will be derived into one. Only accessible to group admins.
Parameters
• groupId: string
• args
Optional.
• args.selfAddPassword?: string
Optional. Derived automatically to a selfAddSecret. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. MUST be the same as the one used during the group creation.
• args.selfAddSecret?: string
Optional. Set to null to disable self-add for this group. Non-null values are for advanced use, to manually set a self-add secret. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.
Returns
Promise<boolean>
setLogLevel()
setLogLevel(
logLevel):void
This sets the log level. logLevel must be a string of value silly, debug, info, warn, error, none, or a template of the format ${namespace_1}:${logLevel_for_namespace_1},${namespace_2}:${logLevel_for_namespace_2},.... This will set the log level for all SDK and AnonymousSDK instances, not only the current one.
Parameters
• logLevel: string
Returns
void
startIntervals()
startIntervals():
Promise<void>
Call the functions in "intervals", then setup intervals so they are called periodically. This function cannot throw, so it is safe to "fire and forget": it's not necessary to await it.
Returns
Promise<void>
stopIntervals()
stopIntervals():
void
Stop calling the functions in "intervals" periodically.
Returns
void
updateContacts()
updateContacts(
r):Promise<void>
Update the local database for the specified recipients.
Parameters
• r: Recipients
Returns
Promise<void>
updateCurrentDevice()
updateCurrentDevice():
Promise<void>
Updates the locally known information about the current device.
You should never have to call this manually, except if you getting null in sealdAccountInfo.deviceExpires, which can happen if migrating from an older version of the SDK, or if the internal call to sdk.updateCurrentDevice failed when calling sdk.importIdentity.
Returns
Promise<void>