Class ServerSideSecretStorageImpl

Implementation of Server-side secret storage.

Secret sharing is not implemented here: this class is strictly about the storage component of SSSS.

See

https://spec.matrix.org/v1.6/client-server-api/#storage

Implements

ServerSideSecretStorage

Index

Constructors

Methods

addKey checkKey get getDefaultKeyId getKey hasKey isStored setDefaultKeyId store

Constructors

constructor

new ServerSideSecretStorageImpl(accountDataAdapter, callbacks): ServerSideSecretStorageImpl
Construct a new SecretStorage.

Normally, it is unnecessary to call this directly, since MatrixClient automatically constructs one. However, it may be useful to construct a new SecretStorage, if custom callbacks are required, for example.
Parameters
- accountDataAdapter: AccountDataClient
  interface for fetching and setting account data on the server. Normally an instance of MatrixClient.
- callbacks: SecretStorageCallbacks
  application level callbacks for retrieving secret keys
Returns ServerSideSecretStorageImpl
- Defined in src/secret-storage.ts:332

Methods

addKey

addKey(algorithm, opts, keyId?): Promise<SecretStorageKeyObject>
Add a key for encrypting secrets.
Parameters
- algorithm: string
  the algorithm used by the key.
- opts: AddSecretStorageKeyOpts
  the options for the algorithm. The properties used depend on the algorithm given.
- OptionalkeyId: string
  the ID of the key. If not given, a random ID will be generated.
Returns Promise<SecretStorageKeyObject>
An object with: keyId: the ID of the key keyInfo: details about the key (iv, mac, passphrase)
Implementation of ServerSideSecretStorage.addKey
- Defined in src/secret-storage.ts:385

checkKey

checkKey(key, info): Promise<boolean>
Check whether a key matches what we expect based on the key info
Parameters
- key: Uint8Array
  the key to check
- info: SecretStorageKeyDescriptionAesV1
  the key info
Returns Promise<boolean>
whether or not the key matches
Implementation of ServerSideSecretStorage.checkKey
- Defined in src/secret-storage.ts:470

get

get(name): Promise<undefined | string>
Get a secret from storage, and decrypt it.

SecretStorageCallbacks#getSecretStorageKey will be called to obtain a secret storage key to decrypt the secret.
Parameters
- name: string
  the name of the secret - i.e., the "event type" stored in the account data
Returns Promise<undefined | string>
the decrypted contents of the secret, or "undefined" if name is not found in the user's account data.
Implementation of ServerSideSecretStorage.get
- Defined in src/secret-storage.ts:545

getDefaultKeyId

getDefaultKeyId(): Promise<null | string>
Get the current default key ID for encrypting secrets.

Returns Promise<null | string>
The default key ID or null if no default key ID is set
Implementation of ServerSideSecretStorage.getDefaultKeyId
- Defined in src/secret-storage.ts:342

getKey

getKey(keyId?): Promise<null | SecretStorageKeyTuple>
Get the key information for a given ID.
Parameters
- OptionalkeyId: null | string
  The ID of the key to check for. Defaults to the default key ID if not provided.
Returns Promise<null | SecretStorageKeyTuple>
If the key was found, the return value is an array of the form [keyId, keyInfo]. Otherwise, null is returned. XXX: why is this an array when addKey returns an object?
Implementation of ServerSideSecretStorage.getKey
- Defined in src/secret-storage.ts:436

hasKey

hasKey(keyId?): Promise<boolean>
Check whether we have a key with a given ID.
Parameters
- OptionalkeyId: string
  The ID of the key to check for. Defaults to the default key ID if not provided.
Returns Promise<boolean>
Whether we have the key.
Implementation of ServerSideSecretStorage.hasKey
- Defined in src/secret-storage.ts:457

isStored

isStored(name): Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>
Check if a secret is stored on the server.
Parameters
- name: string
  the name of the secret
Returns Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>
map of key name to key info the secret is encrypted with, or null if it is not present or not encrypted with a trusted key
Implementation of ServerSideSecretStorage.isStored
- Defined in src/secret-storage.ts:593

setDefaultKeyId

setDefaultKeyId(keyId): Promise<void>
Set the default key ID for encrypting secrets.
Parameters
- keyId: string
  The new default key ID
Returns Promise<void>
Implementation of ServerSideSecretStorage.setDefaultKeyId
- Defined in src/secret-storage.ts:355

store

store(name, secret, keys?): Promise<void>
Store an encrypted secret on the server.

Details of the encryption keys to be used must previously have been stored in account data (for example, via ServerSideSecretStorageImpl#addKey. SecretStorageCallbacks#getSecretStorageKey will be called to obtain a secret storage key to decrypt the secret.
Parameters
- name: string
  The name of the secret - i.e., the "event type" to be stored in the account data
- secret: string
  The secret contents.
- Optionalkeys: null | string[]
  The IDs of the keys to use to encrypt the secret, or null/undefined to use the default key.
Returns Promise<void>
Implementation of ServerSideSecretStorage.store
- Defined in src/secret-storage.ts:495