Class NanoTDFClient

NanoTDF SDK Client

Example

import { clientSecretAuthProvider, NanoTDFClient } from '@opentdf/client';

const OIDC_ENDPOINT = 'http://localhost:65432/auth/realms/opentdf-demo';
const KAS_URL = 'http://localhost:65432/api/kas/';

const ciphertext = '...';
const client = new NanoTDFClient({
  authProvider: await clientSecretAuthProvider({
    clientId: 'tdf-client',
    clientSecret: '123-456',
    oidcOrigin: OIDC_ENDPOINT,
  }),
  kasEndpoint: KAS_URL
 }
);
client.decrypt(ciphertext)
  .then(plaintext => {
    console.log('Plaintext', plaintext);
  })
  .catch(err => {
    console.error('Some error occurred', err);
  })

Hierarchy

  • default
    • NanoTDFClient

Constructors

constructor

Properties

allowedKases authProvider dataAttributes dissems dpopEnabled ephemeralKeyPair iv? kasPubKey? kasUrl requestSignerKeyPair INITIAL_RELEASE_IV_SIZE IV_SIZE KAS_PROTOCOL KEY_ACCESS_REMOTE SDK_INITIAL_RELEASE

Methods

addAttribute decrypt decryptLegacyTDF encrypt fetchOIDCToken rewrapKey

Constructors

constructor

  • Create new NanoTDF Client

    The Ephemeral Key Pair can either be provided or will be generate when fetching the entity object. Once set it cannot be changed. If a new ephemeral key is desired it a new client should be initialized. There is no performance impact for creating a new client IFF the ephemeral key pair is provided.

    Parameters

    • optsOrOldAuthProvider: AuthProvider | ClientConfig
    • Optional kasUrl: string
    • Optional ephemeralKeyPair: CryptoKeyPair
    • dpopEnabled: boolean = false

    Returns NanoTDFClient

Properties

allowedKases

allowedKases: OriginAllowList

Readonly authProvider

authProvider: AuthProvider

dataAttributes

dataAttributes: string[] = []

dissems

dissems: string[] = []

Readonly dpopEnabled

dpopEnabled: boolean

Protected ephemeralKeyPair

ephemeralKeyPair: Promise<CryptoKeyPair>

Protected Optional iv

iv?: number

Optional kasPubKey

kasPubKey?: KasPublicKeyInfo

Protected kasUrl

kasUrl: string

Protected requestSignerKeyPair

requestSignerKeyPair: Promise<CryptoKeyPair>

Static Readonly INITIAL_RELEASE_IV_SIZE

INITIAL_RELEASE_IV_SIZE: 3 = 3

Static Readonly IV_SIZE

IV_SIZE: 12 = 12

Static Readonly KAS_PROTOCOL

KAS_PROTOCOL: "kas" = 'kas'

Static Readonly KEY_ACCESS_REMOTE

KEY_ACCESS_REMOTE: "remote" = 'remote'

Static Readonly SDK_INITIAL_RELEASE

SDK_INITIAL_RELEASE: "0.0.0" = '0.0.0'

Methods

addAttribute

  • Add attribute to the TDF file/data

    Parameters

    • attribute: string

      The attribute that decides the access control of the TDF.

    Returns void

decrypt

  • Decrypt ciphertext

    Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext

    Parameters

    • ciphertext: string | ArrayBuffer | TypedArray

      Ciphertext to decrypt

    Returns Promise<ArrayBuffer>

decryptLegacyTDF

  • Decrypt ciphertext of the legacy TDF, with the older, smaller i.v. calculation.

    Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext

    Parameters

    • ciphertext: string | ArrayBuffer | TypedArray

      Ciphertext to decrypt

    Returns Promise<ArrayBuffer>

encrypt

  • Encrypts the given data using the NanoTDF encryption scheme.

    Parameters

    • data: string | ArrayBuffer | TypedArray

      The data to be encrypted.

    • Optional options: EncryptOptions

      The encryption options (currently unused).

    Returns Promise<ArrayBuffer>

    A promise that resolves to the encrypted data as an ArrayBuffer.

    Throws

    If the initialization vector is not a number.

fetchOIDCToken

  • Explicitly get a new Entity Object using the supplied EntityAttributeService.

    This method is expected to be called at least once per encrypt/decrypt cycle. If the entityObject is expired then this will need to be called again.

    Returns Promise<void>

    Security

    the ephemeralKeyPair must be set in the constructor if desired to use here. If this is wished to be changed then a new client should be initialized.

    Performance

    key pair is generated when the entity object is fetched IFF the ephemeralKeyPair is not set. This will either be set on the first call or passed in the constructor.

rewrapKey

  • Rewrap key

    Parameters

    • nanoTdfHeader: ArrayBuffer | TypedArray

      the full header for the nanotdf

    • kasRewrapUrl: string

      key access server's rewrap endpoint

    • magicNumberVersion: ArrayBuffer | TypedArray

      nanotdf container version

    • clientVersion: string

      version of the client, as SemVer

    Returns Promise<CryptoKey>

    Important

    the fetchEntityObject method must be called prior to

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc