Skip to content

Interface: SealdSDK

Properties

apiURL

apiURL: string

apiURL with which this SealdSDK instance was created. URL of the Seald API Servers to which it should connect.


appId

appId: string

appId with which this SealdSDK instance was created.


encryptionSessionCache

encryptionSessionCache: EncryptionSessionCache

Cache object to store encryption sessions


encryptionSessionCacheCleanupInterval

encryptionSessionCacheCleanupInterval: number

The cleanup interval of encryptionSession cache.


encryptionSessionCacheTTL

encryptionSessionCacheTTL: number

The lifetime of encryptionSession cache.


eventBus

eventBus: Emittery<Record<PropertyKey, any>, Record<PropertyKey, any> & _OmnipresentEventData, DatalessEventNames<Record<PropertyKey, any>>>

Event bus. See https://github.com/sindresorhus/emittery


goatee

goatee: any

Full Goatee library. For advanced use. See Goatee documentation, ask Seald Team.


hairlessURL

hairlessURL: string

hairlessURL with which this SealdSDK instance was created. URL of the Seald external decryption interface with which non-Seald users can decrypt documents.


intervals

intervals: object

Directly exposing the functions called periodically by "startIntervals". These functions cannot throw, so they are safe to "fire and forget": it's not necessary to await them.

checkMissingKeys()

Check if there are missing message keys for some of the current user's devices, and if so re-encrypts them.

Returns

Promise<void>

heartbeat()

Send a heartbeat to the server. Contrary to sdk.heartbeat(), this version of the heartbeat cannot throw: it will only print a warning in case of error.

Returns

Promise<void>


keySize

keySize: 1024 | 2048 | 4096

The configured key size for newly generated asymmetric keys.


numberPreGeneratedIdentityKeys

numberPreGeneratedIdentityKeys: number

Get the number of pre-generated keys currently in the pool


sscrypto

sscrypto: SSCrypto

Full SSCrypto library. For advanced use. See SSCrypto documentation at https://github.com/seald/sscrypto


utils

utils: object

Various utilities, for advanced use.

fetch

fetch: FetchFunction

The fetch implementation used by this SDK instance For advanced use.

scrypt

scrypt: SCrypt

SCrypt wrapper with reasonable parameters. For advanced use.

cleanEncryptionSessionCache()

Cleans the encryption session cache of entries with expired lifetime.

Returns

Promise<void>

deserializeSession()

Deserialize a serialized session. For advanced use.

Parameters

serialized: string

Returns

EncryptionSession

EncryptionSession

encodePassword()

Normalize and encode a string password into a Buffer. For advanced use.

Parameters

password: string

Returns

Buffer

generateB64EncodedSymKey()

Generate a symmetric key, and return it as a Base64 encoded string.

The key generate here can then be used as databaseRawKey when instantiating the SDK, as rawOverEncryptionKey when creating TMR accesses, as rawSymKey when adding SymEncKey accesses, or as rawTwoManRuleKey in the ssks2MR plugin.

Returns

Promise<string>

getRecipients()

Manually parse a Recipients parameter into Seald and External recipients, as well as rights, into the format used internally by Goatee. For advanced use.

Parameters

recipients: RecipientsWithRights

opts?

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

Returns

Promise<object>

hairlessRecipients

hairlessRecipients: EntrustedRecipient[]

recipients

recipients: string[]

rights

rights: Record<string, UserRights>

parseUserLicenseToken()

Parse a given userLicenseToken. For advanced use.

Parameters

userLicenseToken: string

Returns

object

domainValidationKeyId

domainValidationKeyId: string

nonce

nonce: string

token

token: string

readKeyBackup()

Read the internal key backup. For advanced use.

Returns

Promise<Buffer>

retrieveEncryptionSessionId()

Retrieve an encryption session id

Type Parameters

T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters

args

args.encryptedFile?: T

Optional. Arbitrary encrypted file from the session to retrieve.

args.encryptedMessage?: string

Optional. Arbitrary encrypted message from the session to retrieve.

Returns

Promise<string>

writeKeyBackup()

Write the internal key backup. For advanced use.

Parameters

encryptedKeyBackup: ArrayBuffer | Uint8Array | Buffer

Returns

Promise<void>


version

version: string

The SDK version

Methods

addGroupMembers()

addGroupMembers(groupId, newMembers, newAdmins?, silentKeyRenew?): Promise<void>

Add members to a group. Can only be done by a group administrator. Can also specify which of these group members should also be admins.

Parameters

groupId: string

id of the group

newMembers: Recipients

id of members to add

newAdmins?: Recipients

id of new members to also add as admins. This must be a subset of newMembers

silentKeyRenew?: boolean

Should renew the group key if needed, and the user is administrator of the group . Default to true.

Returns

Promise<void>


addMissingKeys()

addMissingKeys(deviceId, retryOptions?): void

Trigger the re-encryption of missing message keys for the given deviceId. This function does not return a promise. It only triggers the re-encryption. To be notified of the end of the re-encryption, you must wait for the 'addMissingKeys-done' event on the event-bus. For example: const { deviceId, failed, done, error } = await sdk.eventBus.once('addMissingKeys-done')

Parameters

deviceId: string

retryOptions?

Optional.

retryOptions.nRetries?: number

Optional. How many times to retry. Defaults to 3.

retryOptions.waitBetweenRetries?: number

Optional. Time to wait between retries in milliseconds. Defaults to 30000ms = 30 seconds.

Returns

void


checkGroupSelfAddSecret()

checkGroupSelfAddSecret(groupId): Promise<boolean>

Check if a self-add secret is set for a given group. Only accessible to group admins.

Parameters

groupId: string

Returns

Promise<boolean>


checkSigchainHash()

checkSigchainHash(recipient, sigchainHash, opts?): Promise<object>

Verify if a hash is included in the recipient sigchain. Use the position option to check the hash of a specific sigchain transaction.

Parameters

recipient: Recipients

sigchainHash: string

opts?

opts.position?: number

position of the sigchain transaction against which to check the hash.

Returns

Promise<object>

lastPosition

lastPosition: number

position

position: number


close()

close(): Promise<void>

Close the database. After this, this SDK instance will no longer be usable. This also calls stopIntervals.

Returns

Promise<void>


convertTmrAccesses()

convertTmrAccesses(tmrJWT, rawOverEncryptionKey, options?): Promise<object>

Convert all TMR accesses addressed to a given auth factor and matching specified filters to classic message keys. All TMR accesses matching the specified filters must have been encrypted with the same rawOverEncryptionKey.

Parameters

tmrJWT: string

The JWT given at 2FA

rawOverEncryptionKey: string

The 2-man-rule key. This MUST be a cryptographically random string of 64 bytes B64 encoded.

options?

options.createdById?: string

If specified, Seald ID of the user who created the TMR accesses to get

options.deleteOnConvert?: boolean

Delete the 2-man-rule keys after conversion. Defaults to true.

options.sessionId?: string

If specified, ID of the message for which to get TMR accesses

options.tmrAccessId?: string

If specified, ID of the TMR accesses to get

Returns

Promise<object>

errored

errored: Record<string, object>

succeeded

succeeded: Record<string, string[]>


createEncryptionSession()

createEncryptionSession(recipients, opts?): Promise<EncryptionSession>

Create an encryption session, with which you can then encrypt / decrypt multiple messages.

Parameters

recipients: RecipientsWithRights

Recipients for whom to encrypt.

opts?

Optional.

opts.allowDownload?: boolean

Optional. Whether or not to allow non-seald recipients with an email address to download a clear version of the file. Defaults to false.

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

opts.encryptForSelf?: boolean

Optional. Whether or not to include the current account as recipient. Defaults to true

opts.metadata?: string

Optional. Arbitrary metadata string, not encrypted, for later reference. Max 1024 characters long.

opts.selfDestructDate?: string

Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.

opts.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<EncryptionSession>


createGroup()

createGroup(args): Promise<object>

Create a group

Parameters

args

args.admins: Recipients

Administrators of the group. Administrators must also be members. It must include yourself.

args.customGroupSymKey?: string

Optional. For advanced use. Set a custom group SymKey manually. Do not use both customGroupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64.

args.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

args.groupName: string

Group name. Max 64 characters long.

args.members: Recipients

Members of the group. It must include yourself.

args.selfAddPassword?: string

Optional. Pass this if you want to enable self-add to this group. Derived automatically to a selfAddSecret and a customGroupSymKey. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. Useful if you want to pass it out-of-band to other users to use the self-add.

args.selfAddSecret?: string

Optional. For advanced use. Set a self-add secret manually. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.

Returns

Promise<object>

groupName

groupName: string

id

id: string


createSubIdentity()

createSubIdentity(opts?): Promise<object>

Create a sub-identity for the current identity, for example to use on another device. The created sub-identity Buffer can then be imported into another SDK instance using sdk.importIdentity.

A re-encryption of existing message keys must happen for the new sub-identity to be able to decrypt existing messages for this account:

  • If you do not pass any argument, or pass shouldReencrypt: true, it will happen automatically
  • Otherwise, you must trigger addMissingKeys with the newly created deviceId, in order for the re-encryption to happen.

Parameters

opts?

Optional.

opts.deviceName?: string

Optional. Name of the new device. Max 36 characters long.

opts.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

opts.nRetries?: number

Optional. How many times to retry re-encryption. Defaults to 3.

opts.shouldReencrypt?: boolean

Optional. Should trigger the re-encryption of missing message keys for the newly created device. Defaults to true.

opts.waitBetweenRetries?: number

Optional. Time to wait between retries in milliseconds. Defaults to 30000ms = 30 seconds.

Returns

Promise<object>

deviceId

deviceId: string

identity

identity: Buffer


decryptFile()

decryptFile<T>(encryptedFile, opts?): Promise<object>

Decrypt an encrypted file.

Type Parameters

T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters

encryptedFile: T

File to decrypt. Can be either a binary string, a Blob, a Buffer, or a stream. The function will return the decrypted file in same format.

opts?

Optional.

opts.fileSize?: number

Optional. Size of the file to decrypt. Needed when using progressCallback with a ReadableStream or NodeReadable as input type.

opts.lookupGroupKey?: boolean

should check for group rights

opts.lookupProxyKey?: boolean

should check for proxy rights

opts.progressCallback?

Optional. Progress callback. The progress is given between 0 and 1.

opts.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<object>

data

data: T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T

filename

filename: string

sessionId

sessionId: string

size

size: number

type

type: FileType


decryptMessage()

decryptMessage(encryptedString, opts?): Promise<string>

Decrypt a message.

Parameters

encryptedString: string

opts?

Optional.

opts.lookupGroupKey?: boolean

should check for group rights

opts.lookupProxyKey?: boolean

should check for proxy rights

opts.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<string>


deleteGroup()

deleteGroup(groupId): Promise<void>

Delete a group

Parameters

groupId: string

Returns

Promise<void>


dropDatabase()

dropDatabase(): Promise<void>

Drop local database, and delete locally saved backup key. It will also reset the current SDK instance. Call sdk.initialize() or sdk.initiateIdentity() afterward to continue with this sealdSDK instance.

Returns

Promise<void>


encryptFile()

encryptFile<T>(clearFile, filename, recipients, opts?): Promise<T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T>

Encrypt a file.

Type Parameters

T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters

clearFile: T

File to encrypt. Can be either a binary string, a Blob, a Buffer, or a stream. The function will return the encrypted file in same format.

filename: string

Name of the file. Max 256 characters long.

recipients: RecipientsWithRights

Recipients for whom to encrypt

opts?

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

opts.encryptForSelf?: boolean

Optional. Whether or not to include the current account as recipient. Defaults to true

opts.fileSize?: number

Optional. Size of the file to encrypt. Must be specified for ReadableStream and NodeReadable.

opts.metadata?: string

Optional. Arbitrary metadata string, not encrypted, for later reference. Takes filename as default value, use '' to override. Max 1024 characters long.

opts.progressCallback?

Optional. Progress callback. The progress is given between 0 and 1.

opts.selfDestructDate?: string

Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.

Returns

Promise<T extends ArrayBuffer | Uint8Array | Buffer ? Buffer : T>

Example

javascript
// Encrypt a string for another user of the app
const encryptedString = await seald.encryptFile(
  'Secret file content',
  'SecretFile.txt',
  { userIds: ['Other-User'] }
)

// Encrypt a Buffer for a Seald user
const encryptedBuffer = await seald.encryptFile(
  Buffer.from('Secret file content'),
  'SecretFile.txt',
  { sealdIds: [otherUserSealdId] }
)

// Encrypt a Blob for an external user
const encryptedBlob = await seald.encryptFile(
  new Blob(['Secret file content']),
  'SecretFile.txt',
  { emails: ['external@domain.com'] }
)

encryptMessage()

encryptMessage(clearString, recipients, opts?): Promise<string>

Encrypt a message.

Parameters

clearString: string

recipients: RecipientsWithRights

opts?

Optional.

opts.allowUnregisteredUsers?: boolean

Optional. Whether or not to allow non-seald, unregistered recipients. Defaults to false.

opts.encryptForSelf?: boolean

Optional. Whether or not to include the current account as recipient. Defaults to true

opts.metadata?: string

Optional.Arbitrary metadata string, not encrypted, for later reference. Max 1024 characters long.

opts.raw?: boolean

Optional. Whether to include or not the sessionID in the encrypted string. If set to true, the encrypted string cannot be used to retrieve the encryption session. Defaults to false.

opts.selfDestructDate?: string

Optional. Date at which the encrypted file should be automatically revoked. Format: 'YYYY-MM-DD'.

Returns

Promise<string>


exportIdentity()

exportIdentity(): Promise<Buffer>

Export the current identity, to handle it manually

Returns

Promise<Buffer>


getCurrentAccountInfo()

getCurrentAccountInfo(): Promise<AccountInfo>

Get account info of current SDK instance.

Returns

Promise<AccountInfo>


getRSAKeyPromise()

getRSAKeyPromise(size?): Promise<string>

Function which create a promise that resolves to a newly generated b64 encoded RSA key.

Parameters

size?: 1024 | 2048 | 4096

Returns

Promise<string>


getSigchainHash()

getSigchainHash(recipient?, opts?): Promise<object>

Get hash of a user last sigchain transaction. If no recipient is given, return the current user hash.

Parameters

recipient?: Recipients

opts?

opts.position?: number

get the hash at the given position. Default to last transaction

Returns

Promise<object>

hash

hash: string

position

position: number

sealdId

sealdId: string


heartbeat()

heartbeat(): Promise<void>

Send a heartbeat to the server.

Returns

Promise<void>


importIdentity()

importIdentity(identity): Promise<AccountInfo>

Import identity manually

Parameters

identity: ArrayBuffer | Uint8Array | Buffer

Returns

Promise<AccountInfo>


initialize()

initialize(): Promise<void>

Initialize the SDK. Must be called before any other method. Resolves when the initialization is done, and you can use the Seald SDK. If you use a persistent DB and do not know the registration status for certain, you may want to run sdk.registrationStatus after initialize, to check if you are in the 'no-account' or 'registered' state.

Returns

Promise<void>


initiateIdentity()

initiateIdentity(args): Promise<AccountInfo>

Create the account for the first time.

Parameters

args

args.displayName?: string

Name to display this user under on the dashboard. Defaults to userId.

args.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

args.signupJWT?: string

JWT to allow the current user to join your app's Seald Team. Must be generated by your server.

args.userId?: string

Deprecated. The unique ID of the current user inside your app. It will be used to identify this user. Required if you use a userLicenseToken. Forbidden if you use a signupJWT.

args.userLicenseToken?: string

Deprecated. The license token to allow the current user to join your app's Seald Team. Must be generated by your server.

Returns

Promise<AccountInfo>


listBackupKeys()

listBackupKeys(acceptBackupKeys?): Promise<object[]>

List admin backup keys

Parameters

acceptBackupKeys?: boolean

Returns

Promise<object[]>


listGroupMembers()

listGroupMembers(groupId): Promise<object[]>

List members of a group

Parameters

groupId: string

Returns

Promise<object[]>


listGroups()

listGroups(args?): Promise<object>

List all groups in team

Parameters

args?

Optional.

args.all?: boolean

Optional. Return all pages at once.

args.mine?: boolean

Optional. Show only groups of which the current user is a member

args.page?: number

Optional.

Returns

Promise<object>

lastPage

lastPage: number

results

results: object[]


preGenerateIdentityKeys()

preGenerateIdentityKeys(n?): void

Pre-generate identity keys and add them to the pool. Pre-generation is started for all keys as soon as this function is called. Keys are always added at the end of the pool, and used from the beginning of the pool.

Pre-generated identity keys will be used to accelerate all functions which need new identity keys: initiateIdentity, createSubIdentity, createGroup, renewGroupKey, renewKey.

Parameters

n?: number

Number of identity keys to pre-generate. Defaults to 1. Minimum 1. Maximum 10.

Returns

void


prepareRenew()

prepareRenew(): Promise<Buffer>

PrepareRenew prepare a private key renewal, so it can be stored on SSKS without risk of loss during the actual renew

Returns

Promise<Buffer>


pullPreGeneratedIdentityKeyFromPool()

pullPreGeneratedIdentityKeyFromPool(): PreGeneratedIdentityKey

Retrieve an identity key from the pool. If none are available, this will return null. Key is retrieved from the beginning of the pool.

Returns

PreGeneratedIdentityKey


pushJwt()

pushJwt(jwt): Promise<object>

Use a JWT on the current identity

Parameters

jwt: string

JWT to use. Must be generated by your server.

Returns

Promise<object>

joinedTeam

joinedTeam: boolean

userId?

optional userId: string


pushPreGeneratedIdentityKeyToPool()

pushPreGeneratedIdentityKeyToPool(key): void

Add a previously retrieved identity key into the pool. Key is added at the end of the pool.

Parameters

key: PreGeneratedIdentityKey

Returns

void


registrationStatus()

registrationStatus(): Promise<"no-account" | "no-team" | "registered">

Returns the registration status of the SDK instance. In the SDK, you should only get the values 'no-account' or 'registered'.

The state 'no-team' is deprecated, and should never be returned.

Returns

Promise<"no-account" | "no-team" | "registered">


removeGroupMembers()

removeGroupMembers(groupId, membersToRemove, silentKeyRenew?): Promise<void>

Remove members from a group. Can only be done by a group administrator. You should call renewGroupKey after this.

Parameters

groupId: string

id of the group

membersToRemove: Recipients

id of members to add

silentKeyRenew?: boolean

Should renew the group key if needed, and the user is administrator of the group . Default to true.

Returns

Promise<void>


renewGroupKey()

renewGroupKey(groupId, options?): Promise<void>

Renew group private key. Should be called after removing members.

Parameters

groupId: string

id of the group

options?

options.customGroupSymKey?: string

Optional. For advanced use. Set a custom group SymKey manually. Do not use both customGroupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64. MUST be the same as the one used during the group creation.

options.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

options.selfAddPassword?: string

Optional. Derived automatically to a customGroupSymKey. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. Useful if you want to pass it out-of-band to other users to use the self-add. MUST be the same as the one used during the group creation.

Returns

Promise<void>


renewKey()

renewKey(opts?): Promise<void>

Renew the key of this Identity. In order to avoid any failure, we recommande to first use sdk.prepareRenew(), then save the prepared renewal on SSKS, and finally call sdk.renewKey({ preparedRenewal }).

Be careful, if this Identity is stored on SSKS or with another plugin, you will have to store it again, as the old one will not be valid anymore.

Parameters

opts?

opts.expireAfter?: number

Time after creation after which the keys should expire, in seconds. Default to 3 years, maximum 5 years.

opts.preparedRenewal?: Buffer

Optional. A prepared renewal created using sdk.prepareRenew.

Returns

Promise<void>


retrieveEncryptionSession()

retrieveEncryptionSession<T>(args): Promise<EncryptionSession>

Retrieve an encryption session, with which you can then encrypt / decrypt multiple messages, either with an encrypted message of this session, or with the sessionId.

Type Parameters

T extends string | ArrayBuffer | Uint8Array | Blob | ReadableStream<any> | Readable | Buffer

Parameters

args

args.encryptedFile?: T

Optional. Arbitrary encrypted file from the session to retrieve.

args.encryptedMessage?: string

Optional. Arbitrary encrypted message from the session to retrieve.

args.lookupGroupKey?: boolean

should check for group rights

args.lookupProxyKey?: boolean

should check for proxy rights

args.sessionId?: string

Optional. sessionId of the session to retrieve.

args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<EncryptionSession>


retrieveEncryptionSessionByTmr()

retrieveEncryptionSessionByTmr(sessionId, tmrJWT, rawOverEncryptionKey, options?): Promise<EncryptionSession>

Retrieve an EncryptionSession with Two Man Rule. If your Auth Factor has multiple TMR accesses for this message ID, you have to specify filters, or set tryIfMultiple to true.

Parameters

sessionId: string

tmrJWT: string

The JWT given at 2FA

rawOverEncryptionKey: string

The 2-man-rule key. This MUST be a cryptographically random string of 64 bytes B64 encoded.

options?

options.createdById?: string

If specified, Seald ID of the user who created the TMR accesses to get

options.tmrAccessId?: string

If specified, ID of the TMR Message Key to get

options.tryIfMultiple?: boolean

If multiple TMR accesses are found matching the given criteria, try them all if true, throw an error if false.

options.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<EncryptionSession>


retrieveEncryptionSessionWithSymEncKey()

retrieveEncryptionSessionWithSymEncKey(args): Promise<EncryptionSession>

Retrieve an encryption session, with which you can then encrypt / decrypt multiple messages, with the sessionId and a SymEncKey.

You must pass either symEncKeyPassword, or both symEncKeyRawSecret and symEncKeyRawSymKey.

Parameters

args

args.sessionId: string

sessionId of the session to retrieve.

args.symEncKeyId: string

The symEncKeyId of the SymEncKey to use to retrieve the EncryptionSession.

args.symEncKeyPassword?: string

The password used to create this SymEncKey.

args.symEncKeyRawSecret?: string

The rawSecret used to create this SymEncKey.

args.symEncKeyRawSymKey?: string

The rawSymKey used to create this SymEncKey.

args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<EncryptionSession>


retrieveMultipleEncryptionSessions()

retrieveMultipleEncryptionSessions<T>(toRetrieve, args?): Promise<EncryptionSession[]>

Retrieve multiple encryption sessions.

The returned array of EncryptionSessions is in the same order as the input array.

Type Parameters

T extends string | Blob | ReadableStream<any> | Readable | Buffer

Parameters

toRetrieve: object[]

args?

args.lookupGroupKey?: boolean

should check for group rights

args.lookupProxyKey?: boolean

should check for proxy rights

args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<EncryptionSession[]>


selfAddGroup()

selfAddGroup(groupId, args): Promise<void>

Add self to a group with a self-add secret.

Parameters

groupId: string

args

Optional.

args.groupSymKey?: string

Optional. For advanced use. Set a custom group SymKey manually. Do not use both groupSymKey and selfAddPassword, as selfAddPassword is automatically derived into customGroupSymKey. Useful if you want to pass it out-of-band to other users to use the self-add. Should be 512 bits (64 bytes) of cryptographically secure random, encoded as Base64. MUST be the same as the one used during the group creation, and during every group keys renewal.

args.selfAddPassword?: string

Optional. Derived automatically to a selfAddSecret. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. MUST be the same as the one used during the group creation.

args.selfAddSecret?: string

Optional. For advanced use. Pass a self-add secret manually. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.

Returns

Promise<void>


selfAddToEncryptionSessionWithSymEncKey()

selfAddToEncryptionSessionWithSymEncKey(args): Promise<EncryptionSession>

Self-add to an encryption session, and return it, with the sessionId and a SymEncKey.

You can only call this if the SymEncKey has the forward right.

You must pass either symEncKeyPassword, or both symEncKeyRawSecret and symEncKeyRawSymKey.

Parameters

args

args.rights?: UserRights

Rights to assign to yourself on this session. Cannot contain rights that the SymEncKey does not have. Defaults to { read: true, forward: true, revoke: false }.

args.sessionId: string

sessionId of the session to retrieve.

args.symEncKeyId: string

The symEncKeyId of the SymEncKey to use to retrieve the EncryptionSession.

args.symEncKeyPassword?: string

The password used to create this SymEncKey.

args.symEncKeyRawSecret?: string

The rawSecret used to create this SymEncKey.

args.symEncKeyRawSymKey?: string

The rawSymKey used to create this SymEncKey.

args.useCache?: boolean

Whether or not to use the cache (if enabled globally). Default to true.

Returns

Promise<EncryptionSession>


setGroupAdmin()

setGroupAdmin(groupId, groupMember, statusToSet): Promise<void>

Set admin status of a group member. Can only be done one recipient at a time. Can only be done by a group administrator. This is deprecated. Use setGroupAdmins instead.

Parameters

groupId: string

groupMember: Recipients

statusToSet: boolean

Returns

Promise<void>

Deprecated


setGroupAdmins()

setGroupAdmins(groupId, groupMembers): Promise<void>

Set admin status of group members. Can only be done by a group administrator.

Parameters

groupId: string

groupMembers

groupMembers.addToAdmins?: Recipients

groupMembers.removeFromAdmins?: Recipients

Returns

Promise<void>


setGroupSelfAddSecret()

setGroupSelfAddSecret(groupId, args): Promise<boolean>

Set or change a self-add secret for a given group. Set selfAddSecret to null to disable. You must pass either a selfAddSecret, or a selfAddPassword that will be derived into one. Only accessible to group admins.

Parameters

groupId: string

args

Optional.

args.selfAddPassword?: string

Optional. Derived automatically to a selfAddSecret. The same selfAddPassword must be used for all operations, and will be automatically derived into both groupSymKey and groupSelfAddSecret when necessary. MUST be the same as the one used during the group creation.

args.selfAddSecret?: string

Optional. Set to null to disable self-add for this group. Non-null values are for advanced use, to manually set a self-add secret. Do not use both selfAddSecret and selfAddPassword, as selfAddPassword is automatically derived into selfAddSecret.

Returns

Promise<boolean>


setLogLevel()

setLogLevel(logLevel): void

This sets the log level. logLevel must be a string of value silly, debug, info, warn, error, none, or a template of the format ${namespace_1}:${logLevel_for_namespace_1},${namespace_2}:${logLevel_for_namespace_2},.... This will set the log level for all SDK and AnonymousSDK instances, not only the current one.

Parameters

logLevel: string

Returns

void


startIntervals()

startIntervals(): Promise<void>

Call the functions in "intervals", then setup intervals so they are called periodically. This function cannot throw, so it is safe to "fire and forget": it's not necessary to await it.

Returns

Promise<void>


stopIntervals()

stopIntervals(): void

Stop calling the functions in "intervals" periodically.

Returns

void


updateContacts()

updateContacts(r): Promise<void>

Update the local database for the specified recipients.

Parameters

r: Recipients

Returns

Promise<void>


updateCurrentDevice()

updateCurrentDevice(): Promise<void>

Updates the locally known information about the current device.

You should never have to call this manually, except if you getting null in sealdAccountInfo.deviceExpires, which can happen if migrating from an older version of the SDK, or if the internal call to sdk.updateCurrentDevice failed when calling sdk.importIdentity.

Returns

Promise<void>