-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnode-secure-enclave.d.ts
99 lines (87 loc) · 3.59 KB
/
node-secure-enclave.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/// <reference types="node" />
declare class KeyOperationArg {
/**
* Key tag, a unique identifier that tells the Keychain where the key is. Must be globally unique.
* The tag data is constructed from a string, using reverse DNS notation, though any unique tag will do.
* More about this parameter: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys#2863927
*/
keyTag: string;
}
declare class EncryptArg extends KeyOperationArg {
/**
* Data you want to encrypt, no padding needed.
*/
data: Buffer;
}
declare class DecryptArg extends KeyOperationArg {
/**
* Data you want to decrypt.
*/
data: Buffer;
/**
* Localized text that will be shown during biometric authentication, it will be presented in two forms:
* - on the Touch Bar: "Touch ID to {touchIdPrompt}"
* - in the modal dialog: "{app} is trying to {touchIdPrompt}"
* For example, it can be: "decrypt data", "open file"
*/
touchIdPrompt: string;
}
declare class ResultWithPublicKey {
/**
* Serialized public key. Note that the private key is not present here
* because it's stored on the chip and is never exported from there.
*/
publicKey: Buffer;
}
declare class NodeSecureEnclave {
/**
* Checks if biometric authentication and hardware-based encryption is supported.
* Should return true on MacBooks with Touch Bar
*/
static isSupported: boolean;
/**
* Creates a new key in the keychain. If a key with this keyTag already exists, an error is thrown.
* @param options key creation options
* @returns created public key
*/
static createKeyPair(options: KeyOperationArg): Promise<ResultWithPublicKey>;
/**
* Finds an existing key based on key tag.
* @param options key tag
* @returns object with publicKey, or null, if the key is not found
*/
static findKeyPair(options: KeyOperationArg): Promise<ResultWithPublicKey | null>;
/**
* Deletes a key from Keychain and Secure Enclave.
* @param options key tag
* @returns true if the key was deleted, false if it's not found, otherwise throws an error
*/
static deleteKeyPair(options: KeyOperationArg): Promise<boolean>;
/**
* Encrypts data on Secure Enclave with a key identified by keyTag
* using ECIESEncryptionCofactorVariableIVX963SHA256AESGCM algorithm.
* Data doesn't have to be padded, any non-empty Buffer should work.
* Throws an error if the requested key is not found
* or there was an encryption error.
* @param options
* @returns encrypted data
*/
static encrypt(options: EncryptArg): Promise<Buffer>;
/**
* Decrypts data on Secure Enclave with a key identified by keyTag
* using ECIESEncryptionCofactorVariableIVX963SHA256AESGCM algorithm.
* Accepts data returned by `encrypt`, no padding or encoding is required.
* This method will show the Touch ID prompt and wait until it's approved or rejected.
* Possible cases that can cause an error:
* - the requested key is not found => error.keyNotFound = true
* - data is invalid or cannot be decrypted with this key => error.badParam = true
* - user rejected the Touch ID request using the Cancel button => error.rejected = true
* - there was a decryption error
* - system refused to show the Touch ID prompt
* - Touch ID request timed out
* @param options
* @returns decrypted data
*/
static decrypt(options: DecryptArg): Promise<Buffer>;
}
export = NodeSecureEnclave;