Interface CryptoApi<GenerateKeyInput, GenerateKeyOutput, GetPublicKeyInput, DigestInput, SignInput, VerifyInput>

The CryptoApi interface integrates key generation, hashing, and signing functionalities, designed for use with a Key Management System (KMS). It extends AsymmetricKeyGenerator for generating asymmetric keys, Hasher for hash digest computations, and Signer for signing and verifying operations.

Concrete implementations of this interface are intended to be used with a KMS, which is responsible for generating and storing cryptographic keys. The KMS is also responsible for performing cryptographic operations using the keys it manages. The KMS is typically a cloud service, but it can also be a hardware device or software application.

Guidelines for implementing this interface:

  • Must use JSON Web Keys (JWK) as the key format.
  • Must IANA registered JSON Object Signing and Encryption {@ link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | (JOSE)} names for algorithm, curves, etc. whenever possible.
  • All I/O that interacts with private or secret keys must be done via reference using a KeyIdentifier. Implementations can use any string as the key identifier (e.g. JWK thumbprint, UUID generated by hosted KMS, etc.).
  • Must support key generation, hashing, signing, and verifying operations.
  • May be extended to support other cryptographic operations.
  • Implementations of the CryptoApi interface can be passed as an argument to the public API methods of Web5 libraries that involve key material (e.g., DID creation, VC signing, arbitrary data signing/verification, etc.).
interface CryptoApi<GenerateKeyInput, GenerateKeyOutput, GetPublicKeyInput, DigestInput, SignInput, VerifyInput> {
    computePublicKey?(params): Promise<Jwk>;
    digest(params): Promise<Uint8Array>;
    generateKey(params?): Promise<GenerateKeyOutput>;
    getKeyUri(params): Promise<string>;
    getPublicKey(params): Promise<Jwk>;
    sign(params): Promise<Uint8Array>;
    verify(params): Promise<boolean>;
}

Type Parameters

Hierarchy (view full)

Implemented by

Methods

computePublicKey? digest generateKey getKeyUri getPublicKey sign verify

Methods

Optional computePublicKey

  • computePublicKey(params): Promise<Jwk>

  • Optional method that mathetmatically derives the public key in JWK format from a given private key.

    Parameters

    Returns Promise<Jwk>

    A Promise resolving to the public key in JWK format.

digest

  • digest(params): Promise<Uint8Array>

  • Generates a hash digest of the provided data.

    Parameters

    • params: DigestInput

      The parameters for the digest operation.

    Returns Promise<Uint8Array>

    A Promise which will be fulfilled with the hash digest.

    Remarks

    The digest() method of the Hasher interface generates a hash digest of the input data.

    A digest is the output of the hash function. It's a fixed-size string of bytes that uniquely represents the data input into the hash function. The digest is often used for data integrity checks, as any alteration in the input data results in a significantly different digest.

    It typically takes the data to digest as input and returns the digest of the data.

generateKey

  • generateKey(params?): Promise<GenerateKeyOutput>

  • Generates a cryptographic key based on the provided parameters.

    Parameters

    • Optional params: GenerateKeyInput

      Optional parameters for the key generation process, specific to the chosen algorithm.

    Returns Promise<GenerateKeyOutput>

    A Promise resolving to the generated private key in the specified output format.

    Remarks

    The generateKey() method of the KeyGenerator interface generates private keys suitable for various cryptographic operations. This method can adapt to different key generation algorithms and input parameters.

getKeyUri

  • getKeyUri(params): Promise<string>

  • Parameters

    Returns Promise<string>

    The key URI.

getPublicKey

  • getPublicKey(params): Promise<Jwk>

  • Extracts the public key portion from the given public key in JWK format.

    Parameters

    Returns Promise<Jwk>

    A Promise resolving to the public key in JWK format.

    Remarks

    Unlike computePublicKey(), the getPublicKey() method does not mathematically validate the private key, nor does it derive the public key from the private key. It simply extracts existing public key properties from the private key JWK object. This makes it suitable for scenarios where speed is critical and the private key's integrity is already assured.

sign

  • sign(params): Promise<Uint8Array>

  • Signs the provided data.

    Parameters

    • params: SignInput

      The parameters for the signing operation.

    Returns Promise<Uint8Array>

    A Promise resolving to the digital signature as a Uint8Array.

    Remarks

    The sign() method of the Signer interface generates a digital signature for the given data using a cryptographic key. This signature can be used to verify the data's authenticity and integrity.

verify

  • verify(params): Promise<boolean>

  • Verifies a digital signature associated the provided data.

    Parameters

    • params: VerifyInput

      The parameters for the verification operation.

    Returns Promise<boolean>

    A Promise resolving to a boolean indicating whether the signature is valid.

    Remarks

    The verify() method of the Signer interface checks the validity of a digital signature against the original data and a cryptographic key. It confirms whether the signature was created by the holder of the corresponding private key and that the data has not been tampered with.

Settings

Member Visibility

Theme

On This Page

computePublicKeydigestgenerateKeygetKeyUrigetPublicKeysignverify