Skip to content

Commit ced163d

Browse files
dmihalcik-virtrupflynn-virtru
dmihalcik-virtru
and
pflynn-virtru
authored
chore(docs): Adds documentation on some recent changes (#348)
 Co-authored-by: Paul Flynn <[email protected]>
1 parent 4e54c0d commit ced163d

File tree

2 files changed

+24
-1
lines changed

2 files changed

+24
-1
lines changed

lib/src/access.ts

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,19 +52,33 @@ export async function fetchWrappedKey(
5252

5353
export type KasPublicKeyAlgorithm = 'ec:secp256r1' | 'rsa:2048';
5454

55+
/**
56+
* Information about one of a KAS's published public keys.
57+
* A KAS may publish multiple keys with a given algorithm type.
58+
*/
5559
export type KasPublicKeyInfo = {
60+
/** The locator to the given KAS associated with this key */
5661
url: string;
62+
63+
/** The encryption algorithm the key is to be used with. */
5764
algorithm: KasPublicKeyAlgorithm;
65+
66+
/** If present, an identifier which is tied to this specific key. */
5867
kid?: string;
68+
69+
/** The key value, encoded within a PEM envelope */
5970
publicKey: string;
71+
72+
/** A subtle crypto version of the key.
73+
* This can be used for wrapping key data for key access objects (with RSA)
74+
* or to derive key data (with EC keys). */
6075
key: Promise<CryptoKey>;
6176
};
6277

6378
/**
6479
* If we have KAS url but not public key we can fetch it from KAS, fetching
6580
* the value from `${kas}/kas_public_key`.
6681
*/
67-
6882
export async function fetchECKasPubKey(kasEndpoint: string): Promise<KasPublicKeyInfo> {
6983
validateSecureUrl(kasEndpoint);
7084
const pkUrlV2 = `${kasEndpoint}/v2/kas_public_key?algorithm=ec:secp256r1&v=2`;

lib/src/nanotdf/models/ResourceLocator.ts

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,15 @@ export default class ResourceLocator {
3636
readonly idType: ResourceLocatorIdentifierEnum = ResourceLocatorIdentifierEnum.None
3737
) {}
3838

39+
/**
40+
* Construct a new URL or URL + identifier pair, for use with NanoTDF envelopes.
41+
* @param url The URL to encrypt; `http` and `https` schemes are supported
42+
* @param identifier An optional identifier.
43+
* For KAS URLs, this is usually a public key identifier (kid). Limit 32 characters
44+
* @returns a value representing the URL and identifier, if present.
45+
* This method throws an Error if the URL is invalid or of the wrong schema,
46+
* or if the identifier is an unsupported value.
47+
*/
3948
static fromURL(url: string, identifier?: string): ResourceLocator {
4049
const [protocolStr, body] = url.split('://');
4150

0 commit comments

Comments
 (0)