PKI-Lite - v1.0.5
    Preparing search index...

    Class EnvelopedDataBuilder

    Builder class for creating CMS EnvelopedData structures.

    This builder allows setting the data to be encrypted, the content encryption algorithm, and adding multiple recipients who can decrypt the data. It also supports including certificates and revocation information in the originator info.


    const recipientCert1 = Certificate.fromPem(`-----BEGIN CERTIFICATE-----')
    const recipientCert2 = Certificate.fromPem(`-----BEGIN CERTIFICATE-----')

    const builder = new EnvelopedDataBuilder()
    builder.setData("Secret message")
    builder.setContentEncryptionAlgorithm({ type: 'AES_256_GCM', params: { nonce: randomBytes(12) } })
    builder.addRecipient({ certificate: recipientCert1 })
    builder.addRecipient({
        certificate: recipientCert2,
        keyEncryptionAlgorithm: {
            type: 'RSA_OAEP',
            params: { hash: 'SHA-384' }
        }
    })
    const envelopedData = await builder.build()
    const der = envelopedData.toDer

    Implements

    Index

    Constructors

    constructor

    Properties

    certificates? contentEncryptionAlgorithm? contentType crls data? recipients DEFAULT_KEY_ENCRYPTION_ALGORITHM

    Accessors

    originatorInfo

    Methods

    addCrl addOcsp addRecipient build setContentEncryptionAlgorithm setContentType setData

    Constructors

    Properties

    certificates?: CertificateChoices[]

    Optional certificates to include in originator info

    contentEncryptionAlgorithm?: SymmetricEncryptionAlgorithmParams

    Algorithm used to encrypt the content

    contentType: ObjectIdentifier = ...

    Content type identifier, defaults to PKCS#7 data

    crls: RevocationInfoChoice[] = []

    Certificate Revocation Lists to include

    data?: Uint8Array<ArrayBufferLike>

    The data to be encrypted

    recipients: EnvelopedDataBuilderRecipient[] = []

    Recipients who can decrypt the enveloped data

    DEFAULT_KEY_ENCRYPTION_ALGORITHM: KeyEncryptionAlgorithmIdentifier = ...

    Default key encryption algorithm (RSA-OAEP with SHA-1). Used when no specific key encryption algorithm is provided for a recipient.

    Accessors

    Methods

    • Builds the EnvelopedData structure by encrypting the content and creating recipient infos.

      The build process:

      1. Generates a random symmetric key for content encryption
      2. Encrypts the data with the symmetric key
      3. For each recipient, encrypts the symmetric key with their public key
      4. Creates the final EnvelopedData structure

      Returns Promise<EnvelopedData>

      Promise resolving to the constructed EnvelopedData

      Error if no data is set or no recipients are specified

      const envelopedData = await builder
          .setData("Confidential document")
          .addRecipient({ certificate: recipientCert })
          .build()

      // The enveloped data can now be transmitted securely
      const der = envelopedData.toASN1().toDER()

    • Sets the data to be encrypted and optionally the content type.

      Parameters

      • data: string | Uint8Array<ArrayBufferLike>

        The data to encrypt, either as bytes or string

      • OptionalcontentType: ObjectIdentifierString

        Optional content type identifier

      Returns this

      This builder instance for method chaining

      builder.setData("Secret message")
      builder.setData(documentBytes, "1.2.840.113549.1.7.1") // PKCS#7 data

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Accessors
    Methods