Skip to content

Interface: EncryptionSession

Contents

Properties

_sessionSymKey

_sessionSymKey: SymKey

Instance of the symKey for this EncryptionSession instance. For internal use only. Do not use directly.


retrievalDetails

retrievalDetails: EncryptionSessionRetrievalDetails

Information on how the key was retrieved


sessionId

sessionId: string

The sessionId for this EncryptionSession instance.

Methods

addRecipients()

addRecipients(recipients, opts?): Promise<AuthorizeRecipientResult>

Add new recipients to this session. These recipients will be able to read all encrypted messages of this session.

Parameters

recipients: RecipientsWithRights

opts?: Object

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

opts.useCache?: boolean

Returns

Promise<AuthorizeRecipientResult>


addSymEncKey()

addSymEncKey(args): Promise<string>

Adds a SymEncKey for this session, which allows to retrieve the session without being a recipient, and/or to self-add to the session.

You must pass either a password, or both a rawSecret and rawSymKey.

Returns the id of the newly added SymEncKey.

Parameters

args: Object

args.password?: string

Optional. Derived automatically to a rawSecret and a rawSymKey.

args.rawSecret?: string

Optional. For advanced use. Set a SymEncKey secret manually. Do not use both rawSecret and password, as password is automatically derived into rawSecret.

args.rawSymKey?: string

Optional. For advanced use. Set a SymEncKey raw Symmetric key manually. Do not use both rawSymKey and password, as password is automatically derived into rawSymKey. MUST be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64.

args.rights?: UserRights

Optional. Rights to assign to this SymEncKey. Defaults to { read: true, forward: true, revoke: false }.

Returns

Promise<string>


changeRecipientsRights()

changeRecipientsRights(recipients, opts?): Promise<void>

Change rights for recipients. These recipients must already be allowed on this session. You can add rights by setting them to true, remove rights by setting them to false. Unspecified rights will be left unchanged. To add a right, you must have the right in question plus the forward right. To remove a right, you must have the revoke right.

Parameters

recipients: RecipientsWithRights

opts?: Object

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

Returns

Promise<void>


changeSymEncKeyRights()

changeSymEncKeyRights(symEncKeyId, rights): Promise<void>

Change rights for a SymEncKey. You can add rights by setting them to true, remove rights by setting them to false. Unspecified rights will be left unchanged. To add a right, you must have the right in question plus the forward right. To remove a right, you must have the revoke right.

Parameters

symEncKeyId: string

rights: UserRights

Returns

Promise<void>


decryptFile()

decryptFile<T>(encryptedFile, progressCallback?, fileSize?): Promise<Object>

Decrypts an encrypted file

Type parameters

T extends string | Blob | ReadableStream<any> | Readable | Buffer

Parameters

encryptedFile: T

progressCallback?: (progress) => void

Optional. Progress callback. The progress is given between 0 and 1.

fileSize?: number

Optional. Size of the file to decrypt. Needed when using progressCallback with a ReadableStream or NodeReadable as input type.

Returns

Promise<Object>

data

data: T

filename

filename: string

sessionId

sessionId: string

size

size: number

type

type: FileType


decryptMessage()

decryptMessage(encryptedMessage, options?): Promise<string>

Decrypts an encrypted message string into the corresponding clear-text string.

Parameters

encryptedMessage: string

options?: Object

options.raw?: boolean

Optional. Whether or not the message was encrypted raw. Defaults to false.

Returns

Promise<string>


deleteSymEncKey()

deleteSymEncKey(symEncKeyId): Promise<void>

Deletes a SymEncKey from this session.

Parameters

symEncKeyId: string

Returns

Promise<void>


encryptFile()

encryptFile<T>(clearFile, filename, opts?): Promise<T>

Encrypts a file

Type parameters

T extends string | Blob | ReadableStream<any> | Readable | Buffer

Parameters

clearFile: T

filename: string

Name of the file. Max 256 characters long.

opts?: Object

opts.fileSize?: number

Optional. Needed when using stream.

opts.progressCallback?: (p) => void

Returns

Promise<T>


encryptMessage()

encryptMessage(clearString, options?): Promise<string>

Encrypts a clear-text string into an encrypted message, for the recipients of this session.

Parameters

clearString: string

options?: Object

options.raw?: boolean

Optional. Whether to include or not the sessionID in the encrypted string. If set to true, the encrypted string cannot be used to retrieve the encryption session. Defaults to false.

Returns

Promise<string>


listRecipients()

listRecipients(): Promise<RecipientsList>

Retrieve the list of recipients.

You need to have the 'forward' right on this session to list recipients besides yourself.

Returns

Promise<RecipientsList>


listSymEncKeys()

listSymEncKeys(): Promise<Object[]>

List all SymEncKeys added to this session.

Returns

Promise<Object[]>


revoke()

revoke(): Promise<RevokeResult>

Entirely revoke this session. You can only do it if you are this session's administrator.

Returns

Promise<RevokeResult>


revokeRecipients()

revokeRecipients(recipients, opts?): Promise<RevokeResult>

Revoke recipients from this session. You can only do it if you added these recipients yourself, or if you are this session's administrator.

Parameters

recipients: Recipients

opts?: Object

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

Returns

Promise<RevokeResult>


serialize()

serialize(): string

Serialize session to a string. This is for advanced use. May be used to keep sessions in a cache. WARNING: a user could use this cache to work around being revoked. Use with caution. WARNING: if the cache is accessible to another user, they could use it to decrypt messages they are not supposed to have access to. Make sure only the current user in question can access this cache, for example by encrypting it.

Returns

string


setManagingGroup()

setManagingGroup(groupId, user?): Promise<Object>

DEPRECATED: assign revoke rights to the group instead.

Give the rights to manage this session with the same rights as the given user to anyone belonging to given group. A common way to use this, and the default, is to set user = group : this allows any member of the group to act as the owner of the group's MessageAccess

Warning : this can only be done by the user who created the session. If it is done by anyone else, the behavior is not guaranteed. Also, this will only have the expected behavior if the group is the only direct recipient of the session, which means that, during session creation, the group was the only recipient listed, and that encryptForSelf was set to false.

Parameters

groupId: string

user?: Recipients

Must be one of your descendants, possibly the group itself. Defaults to the group

Returns

Promise<Object>

status

status: "ok"

Deprecated