Myna. KeyStore

Manages keys sets and encypts,decrypts,signs,and verfies data.

A KeyStore is a named collection of encryption keys and metadata. KeyStores can be used for encryption/decryption (purpose:”crypt”) or signing/verifying data (purpose:”sign”). See create for more information.

Any number of keys can be generated. Keys have the following statuses

PRIMARY	The currently active key that will be used for signing/encrypting. Only one key can be primary.
ACTIVE	means this key can be used to decrypt/verify cyphertext or a signature a previously generated with this key. Any number of keys can be active
INACTIVE	means this key can be used to decrypt/verify cyphertext or a signature a previously generated with this key. Any number of keys can be inactive

You can use the promote and demote functions to alter the status of keys

Encrypting/Signing String values produces String output Encrypting/Signing Binary (byte[]) values produces Binary(byte[]) output

Example

var ks = new Myna.KeyStore("test_crypt");
ks.create(crypt);
ks.addKey("primary"); //version 1
ks.addKey(); //status: ACTIVE, version 2
ks.addKey(); //status: ACTIVE, version 3

ks.demote(1); //makes key 1 ACTIVE, now there is no PRIMARY key
ks.promote(2); //makes key 2 PRIMARY,

var ct = ks.encrypt("Super secret type information")
Myna.println("cypher = " +ct);
ks.promote(3); // makes key 3 PRIMARY, key 2 is demoted to ACTIVE

// this works because the key number is embedded in the cyphertext, so
// KeyStore knows to use key2 for decryption
var pt = ks.decrypt(ct);
Myna.println("plain = " +pt);
Myna.printDump(ks.getKeyInfo())

Myna.print("<h2>public key crypto test</h2>")
var ks = new Myna.KeyStore("test_private");
ks.create("crypt","default");
ks.addKey("primary");

var publicKeys = ks.exportPublicKeys()

//this part is normally done on a seperate Myna instance, the "client"

var pks = new Myna.KeyStore("test_public1");
pks.importPublicKeys(publicKeys);

//encrypt with public key
var ct = pks.encrypt("woot!")
Myna.println("cypher = " +ct);

//decrypt with private key
var pt = ks.decrypt(ct);
Myna.println("plain = " +pt);

Summary

Myna. KeyStore	Manages keys sets and encypts,decrypts,signs,and verfies data.
Functions
Myna. KeyStore	Constructor function for KeyStore class
init	Initialized the keystore from the database.
create	Creates this KeyStore and sets its type
addKey	generate a new key in this keystore
promote	increase the status of a key
demote	decrease the status of a key
revoke	permanently removes a key
importPublicKeys	import a public keystore as generated by exportPublicKeys
exportPublicKeys	export a set of public keys that match this keystore
getKeyInfo	returns an object containing metadata for this KeyStore
encrypt	encrypts data with this KeyStore
decrypt	decrypts data with this KeyStore
sign	signs data with this KeyStore
verify	verifies that data matches sig with this KeyStore

Functions

Myna. KeyStore

Myna.KeyStore = function( name )

Constructor function for KeyStore class

Parameters

name	Optional default null A name for this keystore. This should be defined unless you intend to importPublicKeys

init

Myna.KeyStore.prototype.init = function()

Initialized the keystore from the database.

Should not be called directly

create

Myna.KeyStore.prototype.create = function( purpose,
asymmetric )

Creates this KeyStore and sets its type

Parameters

purpose	”crypt” or “sign”
asymmetric	Optional, default false If true, this creates a private/public keystore.

addKey

Myna.KeyStore.prototype.addKey = function( status )

generate a new key in this keystore

Parameters

status

Optional, default ACTIVE one of “primary”,”active”,”inactive”

See

promote
demote
revoke

promote

Myna.KeyStore.prototype.promote = function( keyNum )

increase the status of a key

INACTIVE

> ACTIVE -> PRIMARY

demote

Myna.KeyStore.prototype.demote = function( keyNum )

decrease the status of a key

PRIMARY -> ACTIVE -> INACTIVE

revoke

Myna.KeyStore.prototype.revoke = function( keyNum )

permanently removes a key

Use this only for compromised keys! Any data encrypted with this key will be lost!

importPublicKeys

Myna.KeyStore.prototype.importPublicKeys = function( pkjson )

import a public keystore as generated by exportPublicKeys

Parameters

pkjson

a JSON string containing a set of public keys generated by exportPublicKeys

This function should only be called in a new KeyStore object

exportPublicKeys

Myna.KeyStore.prototype.exportPublicKeys = function()

export a set of public keys that match this keystore

This function is only valid on asymmetric KeyStores

getKeyInfo

Myna.KeyStore.prototype.getKeyInfo = function()

returns an object containing metadata for this KeyStore

encrypt

Myna.KeyStore.prototype.encrypt=function( data )

encrypts data with this KeyStore

Parameters

data	data to encrypt. Can be either a String or a byte array. The output will be the same type as the input

This function is only valid on “crypt” KeyStores.

decrypt

Myna.KeyStore.prototype.decrypt=function( cypherText )

decrypts data with this KeyStore

Parameters

data	data to decrypt. Can be either a String or a byte array. The output will be the same type as the input

This function is only valid on “crypt” KeyStores.

sign

Myna.KeyStore.prototype.sign=function( data )

signs data with this KeyStore

Parameters

data	data to sign. Can be either a String or a byte array. The output will be the same type as the input

This function is only valid on “sign” KeyStores.

verify

Myna.KeyStore.prototype.verify=function( data,
sig )

verifies that data matches sig with this KeyStore

Parameters

data	data to verify. Can be either a String or a byte array, but must match sig.
sig	signature to verify. Can be either a String or a byte array, but must match data.

This function is only valid on “sign” KeyStores.