Class SecretKey

Secret key objects (object class CKO_SECRET_KEY) hold secret keys.

Hierarchy (view full)

Constructors

constructor

Properties

alwaysSensitive checkValue class decrypt derive encrypt endDate extractable handle id label lib local mechanism modifiable neverExtractable private sensitive session sign startDate token trusted type unwrap verify wrap wrapTrusted

Accessors

allowedMechanisms size unwrapTemplate wrapTemplate

Methods

copy destroy get getAttribute getInfo set setAttribute toType

Constructors

constructor

Properties

alwaysSensitive

alwaysSensitive: boolean

true if key has always had the CKA_SENSITIVE attribute set to true

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

checkValue

checkValue: Buffer

Key checksum

class

class: ObjectClass

Object class (type)

decrypt

decrypt: boolean

true if key supports decryption

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

derive

derive: boolean

CK_TRUE if key supports key derivation (i.e., if other keys can be derived from this one (default CK_FALSE)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

Returns

boolean

encrypt

encrypt: boolean

true if key supports encryption

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

endDate

endDate: Date

End date for the key (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

extractable

extractable: boolean

true if key is extractable and can be wrapped

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Attribute cannot be changed once set to false. It becomes a read only attribute.
  • Default value is token-specific, and may depend on the values of other attributes.

handle

handle: Buffer

ID of PKCS#11 object

id

id: Buffer

Key identifier for key (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

label

label: string

Description of the object (default empty)

lib

lib: PKCS11

PKCS#11 module

local

local: boolean

CK_TRUE only if key was either * generated locally (i.e., on the token) with a C_GenerateKey or C_GenerateKeyPair call * created with a C_CopyObject call as a copy of a key which had its CKA_LOCAL attribute set to CK_TRUE

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

mechanism

mechanism: KeyGenMechanism

Identifier of the mechanism used to generate the key material.

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

modifiable

modifiable: boolean

true if object can be modified. Default is false

neverExtractable

neverExtractable: boolean

true if key has never had the CKA_EXTRACTABLE attribute set to true

  • Must not be specified when object is created with C_CreateObject.
  • Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
  • Must not be specified when object is unwrapped with C_UnwrapKey.

private

private: boolean

true if object is a private object and false if object is a public object. Default value is token-specific, and may depend on the values of other attributes of the object.

sensitive

sensitive: boolean

true if key is sensitive

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Attribute cannot be changed once set to true. It becomes a read only attribute.

session

session: Session

PKCS#11 session

sign

sign: boolean

true if key supports signatures (i.e., authentication codes) where the signature is an appendix to the data

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

startDate

startDate: Date

Start date for the key (default empty)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.

token

token: boolean

true if object is a token object and false if object is a session object. Default is false.

trusted

trusted: boolean

The wrapping key can be used to wrap keys with CKA_WRAP_WITH_TRUSTED set to true.

  • Can only be set to CK_TRUE by the SO user.

type

type: KeyType

Type of key

  • Must be specified when object is created with C_CreateObject
  • Must be specified when object is unwrapped with C_UnwrapKey

unwrap

unwrap: boolean

true if key supports unwrapping (i.e., can be used to unwrap other keys)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

verify

verify: boolean

true if key supports verification (i.e., of authentication codes) where the signature is an appendix to the data

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

wrap

wrap: boolean

true if key supports wrapping (i.e., can be used to wrap other keys)

  • May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
  • Default value is token-specific, and may depend on the values of other attributes.

wrapTrusted

wrapTrusted: boolean

true if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to true. Default is false.

  • Attribute cannot be changed once set to true. It becomes a read only attribute.

Accessors

allowedMechanisms

  • get allowedMechanisms(): void

  • Returns void

  • set allowedMechanisms(v): void

  • Parameters

    • v: void

    Returns void

size

  • get size(): number

  • Gets the size of an object in bytes

    Returns number

unwrapTemplate

  • get unwrapTemplate(): void

  • For wrapping keys. The attribute template to apply to any keys unwrapped using this wrapping key. Any user supplied template is applied after this template as if the object has already been created.

    Returns void

  • set unwrapTemplate(v): void

  • Parameters

    • v: void

    Returns void

wrapTemplate

  • get wrapTemplate(): void

  • For wrapping keys. The attribute template to match against any keys wrapped using this wrapping key. Keys that do not match cannot be wrapped.

    Returns void

  • set wrapTemplate(v): void

  • Parameters

    • v: void

    Returns void

Methods

copy

destroy

get

getAttribute

  • getAttribute(type): Buffer

  • Returns attribute value

    Parameters

    • type: number

      Attribute type

    Returns Buffer

    Attribute value in Buffer format

  • getAttribute(name): any

  • Returns attribute value

    Parameters

    Returns any

    Attribute value. Depends on the attribute name

  • getAttribute(attrs): ITemplate

  • Returns a list of attributes

    Parameters

    • attrs: ITemplate

      The list of attributes for receiving

    Returns ITemplate

    The list of attributes

ProtectedgetInfo

  • getInfo(): void

  • Retrieves information about PKCS#11 object and fills fields

    Returns void

set

  • set(type, value): void

  • Alias for setAttribute

    Parameters

    • type: number
    • value:
          | string
          | number
          | boolean
          | Buffer

    Returns void

  • set(name, value): void

  • Parameters

    • name: string
    • value: any

    Returns void

setAttribute

  • setAttribute(type, value): void

  • Sets attribute value

    Parameters

    • type: number

      Attribute type

    • value:
          | string
          | number
          | boolean
          | Buffer

      Attribute value

    Returns void

  • setAttribute(name, value): void

  • Sets attribute value

    Parameters

    • name: string

      Attribute name. See ITemplate

    • value: any

      Attribute value. Depends on attribute name

    Returns void

  • setAttribute(attrs): void

  • Sets attributes from the list of attributes

    Parameters

    Returns void

toType

Settings

Member Visibility

On This Page

Constructors
Properties
Accessors
Methods