securestore

the securestore object provides a mechanism for securely storing customer data within the player data held in the securestore are encrypted using root keys which are held securely within the player hardware and are unique to each unit in general, the securestore is used to hold a second level key which in turn is used for subsequent decryption the key itself cannot be retrieved, but the user can ask the securestore to perform decryption using it the capacity of the securestore is limited and customers should not store more than 256kb of keys securestore idl interface securestore { promise\<void> writepkcs8decryptionkey(string name, array\<byte> data) promise\<array\<byte>> decryptwithpkcs8key(string name, string algorithm, string hash, array\<byte> data) promise\<void> erasesecurestore(); }; object creation to create a securestore object, load the @brightsign/securestore module using the node js® require() method var securestoreclass = require("@brightsign/securestore"); var securestore = new securestoreclass(); securestore writepkcs8decryptionkey() promise\<void> writepkcs8decryptionkey(string name, array\<byte> data) writes the key in pkcs8 format to the securestore name string string the filename of the key within the secure store data array array the key as a uint8 data array decryptwithpkcs8key() promise\<array\<byte>> decryptwithpkcs8key(string name, string algorithm, string hash, array\<byte> data) decrypts a data array using the designated key stored in the securestore and using the designated algorithm and hash name string string the filename of the key within the secure store algorithm string string for the moment, the only algorithm supported is ""rsa oaep" hash string string hash values can be any of the following "sha 1", "sha 256", "sha 384" or "sha 512" data array array uint8array data erasesecurestore() promise\<void> erasesecurestore() completely deletes the securestore examples write example window\ crypto subtle generatekey( { name "rsa oaep", moduluslength 2048, //can be 1024, 2048, or 4096 publicexponent new uint8array(\[0x01, 0x00, 0x01]), hash {name "sha 1"}, //can be "sha 1", "sha 256", "sha 384", or "sha 512" }, true, //whether the key is extractable (i e can be used in exportkey) \["encrypt", "decrypt"] //must be \["encrypt", "decrypt"] or \["wrapkey", "unwrapkey"] ) then(function(key){ window\ crypto subtle exportkey("pkcs8", key privatekey) then(function(exportkey) { var secureclass = require("@brightsign/securestore"); var secure = new secureclass(); secure write("testkey bin", array from(new uint8array(exportkey))) then(function(store){ } }); decrypt example var secureclass = require("@brightsign/securestore"); var secure = new secureclass(); decryptwithpkcs8key("testkey bin", "rsa oaep", "sha 1", array from(new uint8array(encrypted))) then(function(decryptedarray){ }) delete example var secureclass = require("@brightsign/securestore"); var secure = new secureclass(); secure erasesecurestore()