Class NanoTDFDatasetClient

NanoTDF Dataset SDK Client

Example

import { clientSecretAuthProvider, NanoTDFDatasetClient } from '@opentdf/client';

const OIDC_ENDPOINT = 'http://localhost:65432/auth/realms/tdf';
const KAS_URL = 'http://localhost:65432/api/kas/';

const ciphertext = '...';
const client = new NanoTDFDatasetClient({
  authProvider: await clientSecretAuthProvider({
    clientId: 'tdf-client',
    clientSecret: '123-456',
    exchange: 'client',
    oidcOrigin: OIDC_ENDPOINT,
  }),
  kasEndpoint: KAS_URL,
});
const plaintext = client.decrypt(ciphertext);
console.log('Plaintext', plaintext);

Hierarchy

  • default
    • NanoTDFDatasetClient

Constructors

constructor

Properties

allowedKases authProvider cachedEphemeralKey? cachedHeader? dataAttributes dissems dpopEnabled ecdsaBinding ephemeralKeyPair iv? kasPubKey? kasUrl keyIterationCount maxKeyIteration requestSignerKeyPair symmetricKey? unwrappedKey? INITIAL_RELEASE_IV_SIZE IV_SIZE KAS_PROTOCOL KEY_ACCESS_REMOTE NTDF_MAX_KEY_ITERATIONS SDK_INITIAL_RELEASE

Methods

addAttribute decrypt encrypt fetchOIDCToken generateIV rewrapAndDecrypt rewrapKey

Constructors

constructor

  • Create new NanoTDF Dataset Client

    The Ephemeral Key Pair can either be provided or will be generate when fetching the entity object. Once set it cannot be changed. If a new ephemeral key is desired it a new client should be initialized. There is no performance impact for creating a new client IFF the ephemeral key pair is provided.

    Parameters

    Returns NanoTDFDatasetClient

Properties

allowedKases

allowedKases: OriginAllowList

Readonly authProvider

authProvider: AuthProvider

Private Optional cachedEphemeralKey

cachedEphemeralKey?: Uint8Array

Private Optional cachedHeader

cachedHeader?: default

dataAttributes

dataAttributes: string[] = []

dissems

dissems: string[] = []

Readonly dpopEnabled

dpopEnabled: boolean

Private ecdsaBinding

ecdsaBinding: boolean

Protected ephemeralKeyPair

ephemeralKeyPair: Promise<CryptoKeyPair>

Protected Optional iv

iv?: number

Optional kasPubKey

kasPubKey?: KasPublicKeyInfo

Protected kasUrl

kasUrl: string

Private keyIterationCount

keyIterationCount: number

Private maxKeyIteration

maxKeyIteration: number

Protected requestSignerKeyPair

requestSignerKeyPair: Promise<CryptoKeyPair>

Private Optional symmetricKey

symmetricKey?: CryptoKey

Private Optional unwrappedKey

unwrappedKey?: CryptoKey

Static Readonly INITIAL_RELEASE_IV_SIZE

INITIAL_RELEASE_IV_SIZE: 3 = 3

Static Readonly IV_SIZE

IV_SIZE: 12 = 12

Static Readonly KAS_PROTOCOL

KAS_PROTOCOL: "kas" = 'kas'

Static Readonly KEY_ACCESS_REMOTE

KEY_ACCESS_REMOTE: "remote" = 'remote'

Static Readonly NTDF_MAX_KEY_ITERATIONS

NTDF_MAX_KEY_ITERATIONS: 8388606 = 8388606

Static Readonly SDK_INITIAL_RELEASE

SDK_INITIAL_RELEASE: "0.0.0" = '0.0.0'

Methods

addAttribute

  • Add attribute to the TDF file/data

    Parameters

    • attribute: string

      The attribute that decides the access control of the TDF.

    Returns void

decrypt

  • Decrypt ciphertext

    Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext

    Parameters

    • ciphertext: string | ArrayBuffer | TypedArray

      Ciphertext to decrypt

    Returns Promise<ArrayBuffer>

encrypt

  • Encrypt data

    Pass a string, TypedArray, or ArrayBuffer data and get a promise which resolves ciphertext

    Parameters

    • data: string | ArrayBuffer | TypedArray

      to decrypt

    • Optional options: EncryptOptions

    Returns Promise<ArrayBuffer>

fetchOIDCToken

  • Explicitly get a new Entity Object using the supplied EntityAttributeService.

    This method is expected to be called at least once per encrypt/decrypt cycle. If the entityObject is expired then this will need to be called again.

    Returns Promise<void>

    Security

    the ephemeralKeyPair must be set in the constructor if desired to use here. If this is wished to be changed then a new client should be initialized.

    Performance

    key pair is generated when the entity object is fetched IFF the ephemeralKeyPair is not set. This will either be set on the first call or passed in the constructor.

generateIV

  • Returns Uint8Array

rewrapAndDecrypt

  • Parameters

    • nanotdf: default

    Returns Promise<ArrayBuffer>

rewrapKey

  • Rewrap key

    Parameters

    • nanoTdfHeader: ArrayBuffer | TypedArray

      the full header for the nanotdf

    • kasRewrapUrl: string

      key access server's rewrap endpoint

    • magicNumberVersion: ArrayBuffer | TypedArray

      nanotdf container version

    • clientVersion: string

      version of the client, as SemVer

    Returns Promise<CryptoKey>

    Important

    the fetchEntityObject method must be called prior to

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc