Page tree
Skip to end of metadata
Go to start of metadata


The keystore object allows you to register client certificates with the player.

While CA packages (added using the AddCAPackage() method) are persistent, individual certificates (added using the AddCACertificate() and AddClientCertificate() methods) are not; individual certificates must be registered with the certificate database after each reboot.

keystore IDL
] interface KeyStore {
    Promise<> addCaCertificate(DOMString filename);
    Promise<> addCaPackage(DOMString filename);
    Promise<> removeCaPackage(DOMString filename);
    Promise<PackageList> getCaPackagesInstalled();
    Promise<> addClientCertificate(ClientCertificateObject object);

interface ClientCertificateObject {
    attribute DOMString certificateFile;
    attribute DOMString passphrase;
    attribute DOMString obfuscatedPassphrase;

Object Creation

To create a keystore object, first load the brightsign/keystore module using the Require() method. Then create an instance of the keystore class.

var keystoreClass = require("@brightsign/keystore");
var keystore = new keystoreClass();


Use this interface to add certificates to the certificate database.

Promise<> addCaCertificate(DOMString filename)

Registers the specified CA certificate with the certificate database. Client certificates can be either self-signed or signed using a 3rd-party certificate issuer (Versign, DigiCert, etc.). 

Promise<> addCaPackage(DOMString filename)

Adds the specified CA package file to the certificate database. The package name resides in the file and does not need to be the same as the filename. See the roKeyStore page for more information on generating CA packages.


Attempting to modify a CA package file that has been added to the database will invalidate it. If a package is invalidated, it will need to be removed from the database (using the removeCaPackage() method) and added again.


Promise<> removeCaPackage(DOMString filename)

Removes the specified CA package from the certificate database. Use the getCaPackagesInstalled() method to retrieve a list of package names in the database.


Promise<PackageList> getCaPackagesInstalled()

Returns a list of names of CA packages contained in the certificate database.


Promise<> addClientCertificate(ClientCertificateObject object)

Registers a .p12 client certificate with the certificate database. 


This interface represents a .p12 certificate file.

  • [DOMString] certificateFile: The file name and path of the .p12 client certificate
  • [DOMString] passphrase: A passphrase for the .p12 client certificate
  • [DOMString] obfuscatedPassphrase: An obfuscated passphrase for the .p12 client certificate


Provide the passphrase using either the "passphrase" or "obfuscated_passphrase" parameter (not both). We recommend using the "obfuscated_passphrase" in production environments, while the "passphrase" should be used for testing purposes only. Contact to learn more about generating a key for obfuscation and storing it on the player.


ksf = require('@brightsign/keystore');
k = new ksf()
k.addCaPackage("/storage/sd/example.bsca").then(() => console.log('ok'), () => console.log('failed'))
k.getCaPackagesInstalled().then((pkgs) => console.log(pkgs))
k.removeCaPackage('example').then(() => console.log('ok'), () => console.log('failed'))
  • No labels