Class PrivateKey

Private key objects (object class CKO_PRIVATE_KEY) hold private keys

Hierarchy (view full)

Constructors

constructor

Properties

alwaysAuthenticate alwaysSensitive class decrypt derive endDate extractable handle id label lib local mechanism modifiable neverExtractable private sensitive session sign signRecover startDate subject token type unwrap wrapTrusted

Accessors

allowedMechanisms size template

Methods

copy destroy get getAttribute getInfo set setAttribute toType

Constructors

constructor

Properties

alwaysAuthenticate

alwaysAuthenticate: boolean

if true, the user has to supply the PIN for each use (sign or decrypt) with the key. Default is false

alwaysSensitive

alwaysSensitive: boolean

true if key has always had the CKA_SENSITIVE attribute set to true

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

class

class: ObjectClass

Object class (type)

decrypt

decrypt: boolean

true if key supports decryption

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

derive

derive: boolean

CK_TRUE if key supports key derivation (i.e., if other keys can be derived from this one (default CK_FALSE)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

Returns

boolean

endDate

endDate: Date

End date for the key (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

extractable

extractable: boolean

true if key is extractable and can be wrapped

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Attribute cannot be changed once set to false. It becomes a read only attribute.
  • Default value is token-specific, and may depend on the values of other attributes.

handle

handle: Buffer

ID of PKCS#11 object

id

id: Buffer

Key identifier for key (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

label

label: string

Description of the object (default empty)

lib

lib: PKCS11

PKCS#11 module

local

local: boolean

CK_TRUE only if key was either * generated locally (i.e., on the token) with a C_GenerateKey or C_GenerateKeyPair call * created with a C_CopyObject call as a copy of a key which had its CKA_LOCAL attribute set to CK_TRUE

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

mechanism

mechanism: KeyGenMechanism

Identifier of the mechanism used to generate the key material.

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

modifiable

modifiable: boolean

true if object can be modified. Default is false

neverExtractable

neverExtractable: boolean

true if key has never had the CKA_EXTRACTABLE attribute set to true

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

private

private: boolean

true if object is a private object and false if object is a public object. Default value is token-specific, and may depend on the values of other attributes of the object.

sensitive

sensitive: boolean

true if key is sensitive

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Attribute cannot be changed once set to CK_TRUE. It becomes a read only attribute.
  • Default value is token-specific, and may depend on the values of other attributes.

session

session: Session

PKCS#11 session

sign

sign: boolean

true if key supports signatures where the signature is an appendix to the data

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

signRecover

signRecover: boolean

true if key supports signatures where the data can be recovered from the signature

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

startDate

startDate: Date

Start date for the key (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

subject

subject: Buffer

DER-encoding of the key subject name (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

token

token: boolean

true if object is a token object and false if object is a session object. Default is false.

type

type: KeyType

Type of key

  • Must be specified when object is created with C_CreateObject
  • Must be specified when object is unwrapped with C_UnwrapKey

unwrap

unwrap: boolean

true if key supports unwrapping (i.e., can be used to unwrap other keys)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

wrapTrusted

wrapTrusted: boolean

true if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to true. Default is false.

  • Attribute cannot be changed once set to true. It becomes a read only attribute.

Accessors

allowedMechanisms

  • get allowedMechanisms(): void

  • Returns void

  • set allowedMechanisms(v): void

  • Parameters

    • v: void

    Returns void

size

  • get size(): number

  • Gets the size of an object in bytes

    Returns number

template

  • get template(): void

  • For wrapping keys. The attribute template to apply to any keys unwrapped using this wrapping key. Any user supplied template is applied after this template as if the object has already been created.

    Returns void

  • set template(v): void

  • Parameters

    • v: void

    Returns void

Methods

copy

destroy

get

getAttribute

  • getAttribute(type): Buffer

  • Returns attribute value

    Parameters

    • type: number

      Attribute type

    Returns Buffer

    Attribute value in Buffer format

  • getAttribute(name): any

  • Returns attribute value

    Parameters

    Returns any

    Attribute value. Depends on the attribute name

  • getAttribute(attrs): ITemplate

  • Returns a list of attributes

    Parameters

    • attrs: ITemplate

      The list of attributes for receiving

    Returns ITemplate

    The list of attributes

ProtectedgetInfo

  • getInfo(): void

  • Retrieves information about PKCS#11 object and fills fields

    Returns void

set

  • set(type, value): void

  • Alias for setAttribute

    Parameters

    • type: number
    • value:
          | string
          | number
          | boolean
          | Buffer

    Returns void

  • set(name, value): void

  • Parameters

    • name: string
    • value: any

    Returns void

setAttribute

  • setAttribute(type, value): void

  • Sets attribute value

    Parameters

    • type: number

      Attribute type

    • value:
          | string
          | number
          | boolean
          | Buffer

      Attribute value

    Returns void

  • setAttribute(name, value): void

  • Sets attribute value

    Parameters

    • name: string

      Attribute name. See ITemplate

    • value: any

      Attribute value. Depends on attribute name

    Returns void

  • setAttribute(attrs): void

  • Sets attributes from the list of attributes

    Parameters

    Returns void

toType

Settings

Member Visibility

On This Page

Constructors
Properties
Accessors
Methods