Class TDF3Client

Index

Constructors

Properties

allowedKases? authProvider? clientConfig clientId? cryptoService dpopEnabled dpopKeys easEndpoint? fileStreamServiceWorker? kasEndpoint kasKeys platformUrl? policyEndpoint readerUrl?

Methods

decrypt encrypt getPolicyId loadTDFStream

Constructors

constructor

new TDF3Client(config: ClientConfig): TDF3Client
An abstraction for protecting and accessing data using TDF3 services.
Parameters
- config: ClientConfig
  - keypair
    keypair generated for signing. Optional, will be generated by sdk if not passed
  - clientId
  - kasEndpoint
    Key Access Server url
  - refreshToken
    After logging in to browser OIDC interface user receives fresh token that needed by SDK for auth needs
  - externalJwt
    JWT from external authority (eg Google)
  - oidcOrigin
    Endpoint of authentication service
Returns TDF3Client
- Defined in tdf3/src/client/index.ts:286

Properties

`Optional` `Readonly`allowedKases

allowedKases?: OriginAllowList

List of allowed KASes to connect to for rewrap requests. Defaults to [this.kasEndpoint].

`Optional` `Readonly`authProvider

authProvider?: AuthProvider

`Readonly`clientConfig

clientConfig: ClientConfig

`Optional` `Readonly`clientId

clientId?: string

`Readonly`cryptoService

cryptoService: CryptoService

`Readonly`dpopEnabled

dpopEnabled: boolean

`Readonly`dpopKeys

dpopKeys: Promise<CryptoKeyPair>

Session binding keys. Used for DPoP and signed request bodies.

`Optional` `Readonly`easEndpoint

easEndpoint?: string

`Optional` `Readonly`fileStreamServiceWorker

fileStreamServiceWorker?: string

`Readonly`kasEndpoint

kasEndpoint: string

Default kas endpoint, if present. Required for encrypt.

`Readonly`kasKeys

kasKeys: Record<string, Promise<KasPublicKeyInfo>[]> = {}

`Optional` `Readonly`platformUrl

platformUrl?: string

URL of the platform, required to fetch list of allowed KASes when allowedKases is empty

`Readonly`policyEndpoint

policyEndpoint: string

Policy service endpoint, if present. Required for autoconfiguration with ABAC.

`Optional` `Readonly`readerUrl

readerUrl?: string

Methods

decrypt

decrypt(__namedParameters: DecryptParams): Promise<DecoratedReadableStream>
Decrypt TDF ciphertext into plaintext. One of the core operations of the Virtru SDK.
Parameters
- __namedParameters: DecryptParams
Returns Promise<DecoratedReadableStream>
a https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable stream containing the decrypted plaintext.

See
DecryptParamsBuilder
- Defined in tdf3/src/client/index.ts:536

encrypt

encrypt(opts?: EncryptParams): Promise<DecoratedReadableStream>
Encrypt plaintext into TDF ciphertext. One of the core operations of the Virtru SDK.
Parameters
- Optionalopts: EncryptParams
  Test only
Returns Promise<DecoratedReadableStream>
a https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable a new stream containing the TDF ciphertext
- Defined in tdf3/src/client/index.ts:385

getPolicyId

getPolicyId(source: { source: DecryptSource }): Promise<any>
Get the unique policyId associated with TDF ciphertext. Useful for managing authorization policies of encrypted data.

The policyId is embedded in the ciphertext so this is a local operation.
Parameters
- source: { source: DecryptSource }
  Required. TDF data stream, generated using DecryptParamsBuilder#build|DecryptParamsBuilder's build().
Returns Promise<any>
- the unique policyId, which can be used for tracking purposes or policy management operations.
See
DecryptParamsBuilder
- Defined in tdf3/src/client/index.ts:589

loadTDFStream

loadTDFStream(
__namedParameters: { source: DecryptSource },
): Promise<InspectedTDFOverview>
Parameters
- __namedParameters: { source: DecryptSource }
Returns Promise<InspectedTDFOverview>
- Defined in tdf3/src/client/index.ts:598

Class TDF3Client

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

keypair

clientId

kasEndpoint

refreshToken

externalJwt

oidcOrigin

Returns TDF3Client

Properties

Optional ReadonlyallowedKases

Optional ReadonlyauthProvider

ReadonlyclientConfig

Optional ReadonlyclientId

ReadonlycryptoService

ReadonlydpopEnabled

ReadonlydpopKeys

Optional ReadonlyeasEndpoint

Optional ReadonlyfileStreamServiceWorker

ReadonlykasEndpoint

ReadonlykasKeys

Optional ReadonlyplatformUrl

ReadonlypolicyEndpoint

Optional ReadonlyreaderUrl

Methods

decrypt

Parameters

Returns Promise<DecoratedReadableStream>

See

encrypt

Parameters

Returns Promise<DecoratedReadableStream>

getPolicyId

Parameters

Returns Promise<any>

See

loadTDFStream

Parameters

Returns Promise<InspectedTDFOverview>

Settings

On This Page

`Optional` `Readonly`allowedKases

`Optional` `Readonly`authProvider

`Readonly`clientConfig

`Optional` `Readonly`clientId

`Readonly`cryptoService

`Readonly`dpopEnabled

`Readonly`dpopKeys

`Optional` `Readonly`easEndpoint

`Optional` `Readonly`fileStreamServiceWorker

`Readonly`kasEndpoint

`Readonly`kasKeys

`Optional` `Readonly`platformUrl

`Readonly`policyEndpoint

`Optional` `Readonly`readerUrl