@dfinity/vetkeys - v0.1.0
    Preparing search index...

    Class KeyManager

    The KeyManager frontend library facilitates interaction with a KeyManager-enabled canister on the Internet Computer (ICP). It allows web applications to securely request, decrypt, and manage VetKeys while handling access control and key sharing.

    • Retrieve And Decrypt VetKeys: Fetch encrypted VetKeys and decrypt them locally using a transport secret key.
    • Access Shared Keys Information: Query which keys a user has access to.
    • Manage Key Access: Assign, modify, and revoke user rights on stored keys.
    • Retrieve VetKey Verification Key: Fetch the public verification key for validating encrypted VetKeys.
    • Access Rights should be carefully managed to prevent unauthorized access.
    • VetKeys should be decrypted only in trusted environments such as user browsers to prevent leaks.
    import { KeyManager } from "@dfinity/vetkeys/key_manager";

    // Initialize the KeyManager
    const keyManager = new KeyManager(keyManagerClientInstance);

    // Retrieve shared keys
    const sharedKeys = await keyManager.getAccessibleSharedKeyIds();

    // Request and decrypt a VetKey
    const keyOwner = Principal.fromText("aaaaa-aa");
    const vetkeyName = "my_secure_key";
    const vetkey = await keyManager.getVetKey(keyOwner, vetkeyName);

    // Manage user access rights
    const user = Principal.fromText("bbbbbb-bb");
    const accessRights = { ReadWrite: null };
    const result = await keyManager.setUserRights(keyOwner, vetkeyName, user, accessRights);
    Index

    Constructors

    constructor

    Properties

    canisterClient

    Methods

    getAccessibleSharedKeyIds getUserRights getVetkey getVetkeyVerificationKey removeUser setUserRights

    Constructors

    Properties

    canisterClient: KeyManagerClient

    The client instance for interacting with the KeyManager canister.

    Methods

    • Retrieves a list of keys that were shared with the user and the user still has access to.

      Returns Promise<[Principal, Uint8Array<ArrayBufferLike>][]>

      Promise resolving to an array of [Principal, Uint8Array] pairs representing accessible key identifiers.

      const sharedKeys = await keyManager.getAccessibleSharedKeyIds();
      console.log("Shared Keys:", sharedKeys);

    • Checks a user's access rights.

      Parameters

      • owner: Principal

        The principal of the key owner

      • vetkeyName: Uint8Array

        The name/identifier of the VetKey

      • user: Principal

        The principal of the user to check rights for

      Returns Promise<AccessRights>

      Promise resolving to the user's access rights if they exist

      const userRights = await keyManager.get_user_rights(owner, keyName, user);
      console.log("User Access Rights:", userRights);

      Error if the operation fails

    • Fetches and decrypts an encrypted VetKey.

      Parameters

      • keyOwner: Principal

        The principal of the key owner

      • vetkeyName: Uint8Array

        The name/identifier of the VetKey

      Returns Promise<Uint8Array<ArrayBufferLike>>

      Promise resolving to the decrypted VetKey bytes

      const keyOwner = Principal.fromText("aaaaa-aa");
      const vetkeyName = "my_secure_key";

      const vetkey = await keyManager.getVetkey(
        keyOwner,
        vetkeyName,
      );
      console.log("Decrypted VetKey:", vetkey);

      Error if the key retrieval or decryption fails

    • Retrieves the public verification key for validating encrypted VetKeys. The vetkeys obtained via getVetkey are verified using this key, and, therefore, this method is not needed for using getVetkey.

      Returns Promise<Uint8Array<ArrayBufferLike>>

      Promise resolving to the verification key bytes

      const verificationKey = await keyManager.getVetkeyVerificationKey();
      console.log("Verification Key:", verificationKey);

    • Revokes a user's access.

      Parameters

      • owner: Principal

        The principal of the key owner

      • vetkeyName: Uint8Array

        The name/identifier of the VetKey

      • user: Principal

        The principal of the user to remove

      Returns Promise<AccessRights>

      Promise resolving to the previous access rights if they existed

      const removalResult = await keyManager.removeUser(owner, keyName, user);
      console.log("User Removed:", removalResult);

      Error if the operation fails

    • Grants or modifies access rights for a user.

      Parameters

      • owner: Principal

        The principal of the key owner

      • vetkeyName: Uint8Array

        The name/identifier of the VetKey

      • user: Principal

        The principal of the user to grant/modify rights for

      • userRights: AccessRights

        The access rights to grant

      Returns Promise<AccessRights>

      Promise resolving to the previous access rights if they existed

      const owner = Principal.fromText("aaaaa-aa");
      const keyName = "my_secure_key";
      const user = Principal.fromText("bbbbbb-bb");
      const accessRights = { ReadWrite: null };

      const result = await keyManager.setUserRights(
        owner,
        keyName,
        user,
        accessRights,
      );
      console.log("Replaced Access Rights:", result);

      Error if the operation fails

    Settings

    Member Visibility

    On This Page

    Core FeaturesSecurity Considerations
    Constructors
    Properties
    Methods