Interface CryptoProvider

Interface defining the cryptographic operations required by the PKI library.

This interface abstracts cryptographic operations to allow different implementations based on available platforms and algorithm requirements. The default WebCryptoProvider uses the Web Crypto API, while extended providers can support additional algorithms and legacy cryptographic functions.

Implementations must provide:

Hashing operations for message digests
Digital signature creation and verification
Asymmetric encryption and decryption
Symmetric encryption and decryption
Key derivation functions
Random number generation

Example

class CustomCryptoProvider implements CryptoProvider {
    async digest(data: Uint8Array, algorithm: HashAlgorithm): Promise<Uint8Array> {
        // Custom hash implementation
        return customHash(data, algorithm)
    }

    // Implement other required methods...
}

// Use custom provider
setCryptoProvider(new CustomCryptoProvider())

interface CryptoProvider {
    contentEncryptionAlgorithm(
        encryptionParams: SymmetricEncryptionAlgorithmParams,
    ): AlgorithmIdentifier;
    decrypt(
        data: Uint8Array,
        privateKeyInfo: PrivateKeyInfo,
        algorithm: AsymmetricEncryptionAlgorithmParams,
    ): Promise<Uint8Array<ArrayBufferLike>>;
    decryptSymmetric(
        data: Uint8Array,
        key: Uint8Array,
        algorithm:
            | SymmetricEncryptionAlgorithmParams
            | {
                params: {
                    derivationAlgorithm: {
                        params: {
                            hash: HashAlgorithm;
                            iterationCount: number;
                            keyLength?: number;
                            salt: Uint8Array;
                        };
                        type: "PBKDF2";
                    };
                    encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
                };
                type: "PBES2";
            },
    ): Promise<Uint8Array<ArrayBufferLike>>;
    deriveKey(
        password: string | Uint8Array<ArrayBufferLike>,
        algorithm: {
            params: {
                derivationAlgorithm: {
                    params: {
                        hash: HashAlgorithm;
                        iterationCount: number;
                        keyLength?: number;
                        salt: Uint8Array;
                    };
                    type: "PBKDF2";
                };
                encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
            };
            type: "PBES2";
        },
    ): Promise<Uint8Array<ArrayBufferLike>>;
    digest(
        data: Uint8Array,
        hash: HashAlgorithm,
    ): Promise<Uint8Array<ArrayBufferLike>>;
    digestAlgorithm(
        algorithm: HashAlgorithm,
    ): Uint8Array<ArrayBufferLike> | AlgorithmIdentifier;
    encrypt(
        data: Uint8Array,
        publicKeyInfo: SubjectPublicKeyInfo,
        algorithm: AsymmetricEncryptionAlgorithmParams,
    ): Promise<Uint8Array<ArrayBufferLike>>;
    encryptSymmetric(
        data: Uint8Array,
        key: Uint8Array,
        algorithm:
            | SymmetricEncryptionAlgorithmParams
            | {
                params: {
                    derivationAlgorithm: {
                        params: {
                            hash: HashAlgorithm;
                            iterationCount: number;
                            keyLength?: number;
                            salt: Uint8Array;
                        };
                        type: "PBKDF2";
                    };
                    encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
                };
                type: "PBES2";
            },
    ): Promise<Uint8Array<ArrayBufferLike>>;
    generateKeyPair(options: KeyPairGenOptions): Promise<KeyPair>;
    generateSymmetricKey(
        algorithm: SymmetricEncryptionAlgorithmParams,
    ): Uint8Array;
    getEcCurveParameters(
        algorithm: AsymmetricEncryptionAlgorithmParams,
    ): Uint8Array<ArrayBufferLike> | ObjectIdentifier;
    getEcNamedCurve(
        algorithm: AlgorithmIdentifier,
        publicKeyInfo?: SubjectPublicKeyInfo,
    ): NamedCurve;
    getRandomValues(length: number): Uint8Array;
    keyEncryptionAlgorithm(
        encryptionParams: AsymmetricEncryptionAlgorithmParams,
    ): AlgorithmIdentifier;
    sign(
        data: Uint8Array,
        privateKeyInfo: PrivateKeyInfo,
        algorithm: AsymmetricEncryptionAlgorithmParams,
    ): Promise<Uint8Array<ArrayBufferLike>>;
    signatureAlgorithm(
        algorithm: AsymmetricEncryptionAlgorithmParams,
    ): Uint8Array<ArrayBufferLike> | AlgorithmIdentifier;
    toAsymmetricEncryptionAlgorithmParams(
        algorithm: AlgorithmIdentifier,
        publicKeyInfo?: SubjectPublicKeyInfo,
    ): AsymmetricEncryptionAlgorithmParams;
    toHashAlgorithm(algorithm: AlgorithmIdentifier): HashAlgorithm;
    toSymmetricEncryptionAlgorithmParams(
        algorithm: AlgorithmIdentifier,
    ): SymmetricEncryptionAlgorithmParams;
    verify(
        data: Uint8Array,
        publicKeyInfo: SubjectPublicKeyInfo,
        signature: Uint8Array,
        algorithm: AsymmetricEncryptionAlgorithmParams,
    ): Promise<boolean>;
}

Implemented by

WebCryptoProvider

Methods

contentEncryptionAlgorithm

contentEncryptionAlgorithm(
encryptionParams: SymmetricEncryptionAlgorithmParams,
): AlgorithmIdentifier
Converts symmetric encryption algorithm parameters to a content encryption algorithm identifier.
Parameters
- encryptionParams: SymmetricEncryptionAlgorithmParams
  The symmetric encryption algorithm parameters
Returns AlgorithmIdentifier
Content encryption algorithm as an AlgorithmIdentifier
- Defined in packages/pki-lite/src/core/crypto/types.ts:440

decrypt

decrypt(
    data: Uint8Array,
    privateKeyInfo: PrivateKeyInfo,
    algorithm: AsymmetricEncryptionAlgorithmParams,
): Promise<Uint8Array<ArrayBufferLike>>
Decrypts the given data using the specified private key and asymmetric algorithm.
Parameters
- data: Uint8Array
  The data to decrypt
- privateKeyInfo: PrivateKeyInfo
  The private key information
- algorithm: AsymmetricEncryptionAlgorithmParams
  The decryption algorithm to use
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the decrypted data as a Uint8Array
- Defined in packages/pki-lite/src/core/crypto/types.ts:332

decryptSymmetric

decryptSymmetric(
    data: Uint8Array,
    key: Uint8Array,
    algorithm:
        | SymmetricEncryptionAlgorithmParams
        | {
            params: {
                derivationAlgorithm: {
                    params: {
                        hash: HashAlgorithm;
                        iterationCount: number;
                        keyLength?: number;
                        salt: Uint8Array;
                    };
                    type: "PBKDF2";
                };
                encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
            };
            type: "PBES2";
        },
): Promise<Uint8Array<ArrayBufferLike>>
Decrypts the given data using the specified symmetric key and algorithm.
Parameters
- data: Uint8Array
  The data to decrypt
- key: Uint8Array
  The symmetric key to use for decryption
- algorithm:
      | SymmetricEncryptionAlgorithmParams
      | {
          params: {
              derivationAlgorithm: {
                  params: {
                      hash: HashAlgorithm;
                      iterationCount: number;
                      keyLength?: number;
                      salt: Uint8Array;
                  };
                  type: "PBKDF2";
              };
              encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
          };
          type: "PBES2";
      }
  The decryption algorithm to use
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the decrypted data as a Uint8Array
- Defined in packages/pki-lite/src/core/crypto/types.ts:360

deriveKey

deriveKey(
    password: string | Uint8Array<ArrayBufferLike>,
    algorithm: {
        params: {
            derivationAlgorithm: {
                params: {
                    hash: HashAlgorithm;
                    iterationCount: number;
                    keyLength?: number;
                    salt: Uint8Array;
                };
                type: "PBKDF2";
            };
            encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
        };
        type: "PBES2";
    },
): Promise<Uint8Array<ArrayBufferLike>>
Derives a cryptographic key from a password using the specified algorithm.
Parameters
- password: string | Uint8Array<ArrayBufferLike>
  The password or key material to derive from
- algorithm: {
      params: {
          derivationAlgorithm: {
              params: {
                  hash: HashAlgorithm;
                  iterationCount: number;
                  keyLength?: number;
                  salt: Uint8Array;
              };
              type: "PBKDF2";
          };
          encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
      };
      type: "PBES2";
  }
  The key derivation algorithm parameters
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the derived key as a Uint8Array
- Defined in packages/pki-lite/src/core/crypto/types.ts:391

digest

digest(
data: Uint8Array,
hash: HashAlgorithm,
): Promise<Uint8Array<ArrayBufferLike>>
Computes the cryptographic hash digest of the given data.
Parameters
- data: Uint8Array
  The data to hash
- hash: HashAlgorithm
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the hash digest bytes
- Defined in packages/pki-lite/src/core/crypto/types.ts:270

digestAlgorithm

digestAlgorithm(
algorithm: HashAlgorithm,
): Uint8Array<ArrayBufferLike> | AlgorithmIdentifier
Converts a hash algorithm to a digest algorithm identifier.
Parameters
- algorithm: HashAlgorithm
  The hash algorithm
Returns Uint8Array<ArrayBufferLike> | AlgorithmIdentifier
Digest algorithm as a Uint8Array or AlgorithmIdentifier
- Defined in packages/pki-lite/src/core/crypto/types.ts:422

encrypt

encrypt(
    data: Uint8Array,
    publicKeyInfo: SubjectPublicKeyInfo,
    algorithm: AsymmetricEncryptionAlgorithmParams,
): Promise<Uint8Array<ArrayBufferLike>>
Encrypts data using asymmetric (public key) cryptography.
Parameters
- data: Uint8Array
  The data to encrypt
- publicKeyInfo: SubjectPublicKeyInfo
  The public key information
- algorithm: AsymmetricEncryptionAlgorithmParams
  The encryption algorithm to use
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the encrypted data as a Uint8Array
- Defined in packages/pki-lite/src/core/crypto/types.ts:318

encryptSymmetric

encryptSymmetric(
    data: Uint8Array,
    key: Uint8Array,
    algorithm:
        | SymmetricEncryptionAlgorithmParams
        | {
            params: {
                derivationAlgorithm: {
                    params: {
                        hash: HashAlgorithm;
                        iterationCount: number;
                        keyLength?: number;
                        salt: Uint8Array;
                    };
                    type: "PBKDF2";
                };
                encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
            };
            type: "PBES2";
        },
): Promise<Uint8Array<ArrayBufferLike>>
Encrypts the given data using the specified symmetric key and algorithm.
Parameters
- data: Uint8Array
  The data to encrypt
- key: Uint8Array
  The symmetric key to use for encryption
- algorithm:
      | SymmetricEncryptionAlgorithmParams
      | {
          params: {
              derivationAlgorithm: {
                  params: {
                      hash: HashAlgorithm;
                      iterationCount: number;
                      keyLength?: number;
                      salt: Uint8Array;
                  };
                  type: "PBKDF2";
              };
              encryptionAlgorithm: SymmetricEncryptionAlgorithmParams;
          };
          type: "PBES2";
      }
  The encryption algorithm to use
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the encrypted data as a Uint8Array
- Defined in packages/pki-lite/src/core/crypto/types.ts:346

generateKeyPair

generateKeyPair(options: KeyPairGenOptions): Promise<KeyPair>
Generates an asymmetric key pair for the specified algorithm and options.
Parameters
- options: KeyPairGenOptions
  Configuration options including algorithm, key size, and other parameters
Returns Promise<KeyPair>
A Promise that resolves to an object containing the public and private keys
- Defined in packages/pki-lite/src/core/crypto/types.ts:382

generateSymmetricKey

generateSymmetricKey(algorithm: SymmetricEncryptionAlgorithmParams): Uint8Array
Generates a symmetric key for the specified encryption algorithm.
Parameters
- algorithm: SymmetricEncryptionAlgorithmParams
  The encryption algorithm to use
Returns Uint8Array
The generated symmetric key as a Uint8Array
- Defined in packages/pki-lite/src/core/crypto/types.ts:372

getEcCurveParameters

getEcCurveParameters(
algorithm: AsymmetricEncryptionAlgorithmParams,
): Uint8Array<ArrayBufferLike> | ObjectIdentifier
Gets the EC curve parameters for a given asymmetric encryption algorithm.
Parameters
- algorithm: AsymmetricEncryptionAlgorithmParams
  The asymmetric encryption algorithm parameters
Returns Uint8Array<ArrayBufferLike> | ObjectIdentifier
EC curve parameters as a Uint8Array or ObjectIdentifier
- Defined in packages/pki-lite/src/core/crypto/types.ts:402

getEcNamedCurve

getEcNamedCurve(
algorithm: AlgorithmIdentifier,
publicKeyInfo?: SubjectPublicKeyInfo,
): NamedCurve
Extracts the EC named curve from an algorithm identifier or public key.
Parameters
- algorithm: AlgorithmIdentifier
  The ASN.1 algorithm identifier
- OptionalpublicKeyInfo: SubjectPublicKeyInfo
  Optional public key information to extract curve from
Returns NamedCurve
The EC named curve identifier
- Defined in packages/pki-lite/src/core/crypto/types.ts:473

getRandomValues

getRandomValues(length: number): Uint8Array
Generates cryptographically secure random bytes.
Parameters
- length: number
  The number of random bytes to generate
Returns Uint8Array
Array containing the random bytes
- Defined in packages/pki-lite/src/core/crypto/types.ts:278

keyEncryptionAlgorithm

keyEncryptionAlgorithm(
encryptionParams: AsymmetricEncryptionAlgorithmParams,
): AlgorithmIdentifier
Converts asymmetric encryption algorithm parameters to a key encryption algorithm identifier.
Parameters
- encryptionParams: AsymmetricEncryptionAlgorithmParams
  The asymmetric encryption algorithm parameters
Returns AlgorithmIdentifier
Key encryption algorithm as an AlgorithmIdentifier
- Defined in packages/pki-lite/src/core/crypto/types.ts:430

sign

sign(
    data: Uint8Array,
    privateKeyInfo: PrivateKeyInfo,
    algorithm: AsymmetricEncryptionAlgorithmParams,
): Promise<Uint8Array<ArrayBufferLike>>
Creates a digital signature for the given data.
Parameters
- data: Uint8Array
  The data to sign
- privateKeyInfo: PrivateKeyInfo
  The signer's private key
- algorithm: AsymmetricEncryptionAlgorithmParams
  The signature algorithm and parameters
Returns Promise<Uint8Array<ArrayBufferLike>>
Promise resolving to the signature bytes
- Defined in packages/pki-lite/src/core/crypto/types.ts:288

signatureAlgorithm

signatureAlgorithm(
algorithm: AsymmetricEncryptionAlgorithmParams,
): Uint8Array<ArrayBufferLike> | AlgorithmIdentifier
Converts asymmetric encryption algorithm parameters to a signature algorithm identifier.
Parameters
- algorithm: AsymmetricEncryptionAlgorithmParams
  The asymmetric encryption algorithm parameters
Returns Uint8Array<ArrayBufferLike> | AlgorithmIdentifier
Signature algorithm as a Uint8Array or AlgorithmIdentifier
- Defined in packages/pki-lite/src/core/crypto/types.ts:412

toAsymmetricEncryptionAlgorithmParams

toAsymmetricEncryptionAlgorithmParams(
algorithm: AlgorithmIdentifier,
publicKeyInfo?: SubjectPublicKeyInfo,
): AsymmetricEncryptionAlgorithmParams
Converts an ASN.1 algorithm identifier to asymmetric encryption algorithm parameters.
Parameters
- algorithm: AlgorithmIdentifier
  The ASN.1 algorithm identifier
- OptionalpublicKeyInfo: SubjectPublicKeyInfo
  Optional public key information for context
Returns AsymmetricEncryptionAlgorithmParams
Asymmetric encryption algorithm parameters
- Defined in packages/pki-lite/src/core/crypto/types.ts:461

toHashAlgorithm

toHashAlgorithm(algorithm: AlgorithmIdentifier): HashAlgorithm
Converts an ASN.1 algorithm identifier to a hash algorithm.
Parameters
- algorithm: AlgorithmIdentifier
  The ASN.1 algorithm identifier
Returns HashAlgorithm
The hash algorithm
- Defined in packages/pki-lite/src/core/crypto/types.ts:484

toSymmetricEncryptionAlgorithmParams

toSymmetricEncryptionAlgorithmParams(
algorithm: AlgorithmIdentifier,
): SymmetricEncryptionAlgorithmParams
Converts an ASN.1 algorithm identifier to symmetric encryption algorithm parameters.
Parameters
- algorithm: AlgorithmIdentifier
  The ASN.1 algorithm identifier
Returns SymmetricEncryptionAlgorithmParams
Symmetric encryption algorithm parameters
- Defined in packages/pki-lite/src/core/crypto/types.ts:450

verify

verify(
    data: Uint8Array,
    publicKeyInfo: SubjectPublicKeyInfo,
    signature: Uint8Array,
    algorithm: AsymmetricEncryptionAlgorithmParams,
): Promise<boolean>
Verifies a digital signature against the original data.
Parameters
- data: Uint8Array
  The original data that was signed
- publicKeyInfo: SubjectPublicKeyInfo
  The signer's public key
- signature: Uint8Array
  The signature to verify
- algorithm: AsymmetricEncryptionAlgorithmParams
  The signature algorithm and parameters
Returns Promise<boolean>
Promise resolving to true if signature is valid
- Defined in packages/pki-lite/src/core/crypto/types.ts:303

Interface CryptoProvider

Example

Implemented by

Index

Methods

Methods

contentEncryptionAlgorithm

Parameters

Returns AlgorithmIdentifier

decrypt

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

decryptSymmetric

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

deriveKey

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

digest

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

digestAlgorithm

Parameters

Returns Uint8Array<ArrayBufferLike> | AlgorithmIdentifier

encrypt

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

encryptSymmetric

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

generateKeyPair

Parameters

Returns Promise<KeyPair>

generateSymmetricKey

Parameters

Returns Uint8Array

getEcCurveParameters

Parameters

Returns Uint8Array<ArrayBufferLike> | ObjectIdentifier

getEcNamedCurve

Parameters

Returns NamedCurve

getRandomValues

Parameters

Returns Uint8Array

keyEncryptionAlgorithm

Parameters

Returns AlgorithmIdentifier

sign

Parameters

Returns Promise<Uint8Array<ArrayBufferLike>>

signatureAlgorithm

Parameters

Returns Uint8Array<ArrayBufferLike> | AlgorithmIdentifier

toAsymmetricEncryptionAlgorithmParams

Parameters

Returns AsymmetricEncryptionAlgorithmParams

toHashAlgorithm

Parameters

Returns HashAlgorithm

toSymmetricEncryptionAlgorithmParams

Parameters

Returns SymmetricEncryptionAlgorithmParams

verify

Parameters

Returns Promise<boolean>

Settings

On This Page