Versions Compared

Old Version 40

changes.mady.by.user BrightSign TechDocs

Saved on

compared with

New Version 41

changes.mady.by.user BrightSign TechDocs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The The securestore object  object provides a mechanism for securely storing customer data within the player. Data held in the the securestore are  are encrypted using root keys which are held securely within the player hardware and are unique to each unit. In general, the the securestore is  is used to hold a second-level key which in turn is used for subsequent decryption. The key itself cannot be retrieved, but the user can ask the the securestore to  to perform decryption using it.

The capacity of the the securestore is  is limited and customers should not store more than 256kB of keys.

securestore IDL

Code Block
languagejstitlesecurestore IDL
interface SecureStore {
    Promise<void> writePkcs8DecryptionKey(String name, Array<byte> data)
    Promise<Array<byte>> decryptWithPkcs8Key(String name, String algorithm, String hash, Array<byte> data)
    Promise<void> eraseSecureStore();
};
Panel
borderColor#3D3D3D
bgColor#F4F4F4
titleColor#3D3D3D
borderWidth0
titleBGColor#3D3D3D
borderStylesolid

ON THIS PAGE

Table of Contents
indent20px


Object Creation

To create a securestore object, load the @brightsign/securestore module using the

Node

Node.js® require() method:

Code Block
languagejs
var securestoreClass = require("@brightsign/securestore");
var securestore = new securestoreClass();

SecureStore

writePkcs8DecryptionKey()
Code Block
languagejs
Promise<void> writePkcs8DecryptionKey(String name, Array<byte> data)

Writes the key in pkcs8 format to the securestore.

  • [String] name: The filename of the key within the secure store.

  • [Array] data: The key as a Uint8 data array.

decryptWithPkcs8Key()
Code Block
languagejs
Promise<Array<byte>> decryptWithPkcs8Key(String name, String algorithm, String hash, Array<byte> data)

Decrypts a data array using the designated key stored in the securestore and using the designated algorithm and hash.

  • [String] name: The filename of the key within the secure store.

  • [String] algorithm: For the moment, the only algorithm supported is ""RSA-OAEP".  

  • [String] hash: Hash values can be any of the following: "SHA-1", "SHA-256", "SHA-384" or "SHA-512".

  • [Array] data: Uint8Array data

eraseSecureStore()
Code Block
languagejs
Promise<void> eraseSecureStore()

Completely deletes the securestore.

Examples

Write example:

Code Block
languagejs
window.crypto.subtle.generateKey(
    {
    name: "RSA-OAEP", 
    modulusLength: 2048, //can be 1024, 2048, or 4096
    publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
    hash: {name: "SHA-1"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
    },
    true, //whether the key is extractable (i.e. can be used in exportKey)
    ["encrypt", "decrypt"] //must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
)
.then(function(key){
    window.crypto.subtle.exportKey("pkcs8", key.privateKey)
    .then(function(exportKey) {
        var SecureClass = require("@brightsign/securestore");
        var secure = new SecureClass();
        secure.write("testkey.bin", Array.from(new Uint8Array(exportKey)))
        .then(function(store){

        ....

       }

    ....

    });

Decrypt example:

Code Block
languagejs
var SecureClass = require("@brightsign/securestore");
var secure = new SecureClass();

decryptWithPkcs8Key("testkey.bin", "RSA-OAEP", "SHA-1", Array.from(new Uint8Array(encrypted)))
    .then(function(decryptedArray){

        ....
})

Delete example:

Code Block
languagejs
var SecureClass = require("@brightsign/securestore");
var secure = new SecureClass();

secure.eraseSecureStore()