Skip to main content

KeyManager class

Agent plugin that implements IKeyManager methods.

This plugin orchestrates various implementations of AbstractKeyManagementSystem, using a KeyStore to remember the link between a key reference, its metadata, and the respective key management system that provides the actual cryptographic capabilities.

The methods of this plugin are used automatically by other plugins, such as DIDManager, CredentialPlugin, or DIDComm to perform their required cryptographic operations using the managed keys.

Signature:

export declare class KeyManager implements IAgentPlugin

Implements: IAgentPlugin

Constructors

ConstructorModifiersDescription
(constructor)(options)Constructs a new instance of the KeyManager class

Properties

PropertyModifiersTypeDescription
methodsreadonlyIKeyManagerPlugin methods
schemareadonly{ components: { schemas: { IKeyManagerCreateArgs: { type: string; properties: { type: { $ref: string; description: string; }; kms: { type: string; description: string; }; meta: { $ref: string; description: string; }; }; required: string[]; description: string; }; TKeyType: { type: string; enum: string[]; description: string; }; KeyMetadata: { type: string; properties: { algorithms: { type: string; items: { $ref: string; }; }; }; description: string; }; TAlg: { type: string; description: string; }; ManagedKeyInfo: { type: string; properties: { kid: { type: string; description: string; }; kms: { type: string; description: string; }; type: { $ref: string; description: string; }; publicKeyHex: { type: string; description: string; }; meta: { anyOf: ({ $ref: string; type?: undefined; } | { type: string; $ref?: undefined; })[]; description: string; }; }; required: string[]; description: string; }; IKeyManagerDecryptJWEArgs: { type: string; properties: { kid: { type: string; description: string; }; data: { type: string; description: string; }; }; required: string[]; description: string; }; IKeyManagerDeleteArgs: { type: string; properties: { kid: { type: string; description: string; }; }; required: string[]; description: string; }; IKeyManagerEncryptJWEArgs: { type: string; properties: { kid: { type: string; description: string; }; to: { type: string; properties: { kid: { type: string; description: string; }; type: { $ref: string; description: string; }; publicKeyHex: { type: string; description: string; }; privateKeyHex: { type: string; description: string; }; meta: { anyOf: ({ $ref: string; type?: undefined; } | { type: string; $ref?: undefined; })[]; description: string; }; }; required: string[]; description: string; }; data: { type: string; description: string; }; }; required: string[]; description: string; }; IKeyManagerGetArgs: { type: string; properties: { kid: { type: string; description: string; }; }; required: string[]; description: string; }; IKey: { type: string; properties: { kid: { type: string; description: string; }; kms: { type: string; description: string; }; type: { $ref: string; description: string; }; publicKeyHex: { type: string; description: string; }; privateKeyHex: { type: string; description: string; }; meta: { anyOf: ({ $ref: string; type?: undefined; } | { type: string; $ref?: undefined; })[]; description: string; }; }; required: string[]; description: string; }; MinimalImportableKey: { $ref: string; description: string; }; "RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>": { type: string; properties: { kid: { type: string; description: string; }; kms: { type: string; description: string; }; type: { $ref: string; description: string; }; publicKeyHex: { type: string; description: string; }; privateKeyHex: { type: string; description: string; }; meta: { anyOf: ({ $ref: string; type?: undefined; } | { type: string; $ref?: undefined; })[]; description: string; }; }; description: string; }; IKeyManagerSharedSecretArgs: { type: string; properties: { secretKeyRef: { type: string; description: string; }; publicKey: { type: string; properties: { publicKeyHex: { type: string; description: string; }; type: { $ref: string; description: string; }; }; required: string[]; description: string; }; }; required: string[]; description: string; }; IKeyManagerSignArgs: { type: string; properties: { keyRef: { type: string; description: string; }; algorithm: { type: string; description: string; }; data: { type: string; description: string; }; encoding: { type: string; enum: string[]; description: string; }; }; required: string[]; description: string; }; IKeyManagerSignEthTXArgs: { type: string; properties: { kid: { type: string; description: string; }; transaction: { type: string; description: string; }; }; required: string[]; description: string; }; IKeyManagerSignJWTArgs: { type: string; properties: { kid: { type: string; description: string; }; data: { anyOf: ({ type: string; properties?: undefined; required?: undefined; additionalProperties?: undefined; } | { type: string; properties: { BYTES_PER_ELEMENT: { type: string; }; buffer: { anyOf: ({ type: string; properties: { byteLength: { type: string; }; }; required: string[]; } | { type?: undefined; properties?: undefined; required?: undefined; })[]; }; byteLength: { type: string; }; byteOffset: { type: string; }; length: { type: string; }; }; required: string[]; additionalProperties: { type: string; }; })[]; description: string; }; }; required: string[]; description: string; }; }; methods: { keyManagerCreate: { description: string; arguments: { $ref: string; }; returnType: { $ref: string; }; }; keyManagerDecryptJWE: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; keyManagerDelete: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; keyManagerEncryptJWE: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; keyManagerGet: { description: string; arguments: { $ref: string; }; returnType: { $ref: string; }; }; keyManagerGetKeyManagementSystems: { description: string; arguments: { type: string; }; returnType: { type: string; items: { type: string; }; }; }; keyManagerImport: { description: string; arguments: { $ref: string; }; returnType: { $ref: string; }; }; keyManagerSharedSecret: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; keyManagerSign: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; keyManagerSignEthTX: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; keyManagerSignJWT: { description: string; arguments: { $ref: string; }; returnType: { type: string; }; }; }; }; }

Methods

MethodModifiersDescription
createX25519ECDH(secretKeyRef)
keyManagerCreate(args)Creates and returns a new key
keyManagerDecryptJWE({ kid, data })Decrypts data This API may change without a BREAKING CHANGE notice.
keyManagerDelete({ kid })Deletes a key
keyManagerEncryptJWE({ kid, to, data })Encrypts data This API may change without a BREAKING CHANGE notice.
keyManagerGet({ kid })Returns an existing key
keyManagerGetKeyManagementSystems()Lists available key management systems
keyManagerImport(key)Imports a created key
keyManagerSharedSecret(args)

Compute a shared secret with the public key of another party.

This computes the raw shared secret (the result of a Diffie-Hellman computation) To use this for symmetric encryption you MUST apply a KDF on the result.

keyManagerSign(args)Generates a signature according to the algorithm specified.
keyManagerSignEthTX({ kid, transaction })Signs Ethereum transaction
keyManagerSignJWT({ kid, data })Signs JWT