KeyChain

KeyChain

new KeyChain(homedir)

Source:

A GPG keychain

Parameters:
Name Type Description
homedir string

Path to use as GPG homedir. Defaults to a tmp directory. See node-tmp for more info on temp folder creation.

Methods

(static) getKeyByField(list, field, value) → {Object}

Source:

Find a key by a field value

Parameters:
Name Type Description
list Array(Object)

List of parsed GPG output packets
field string

Name/path to field
value string
Returns:

Parsed key from GPG output packets

Type
Object

(static) getKeyBySubKeyId(list, sub_key_id, subField) → {Object}

Source:

Find a key based on id of a sub-key

Parameters:
Name Type Default Description
list Array(Object)

List of parsed GPG output packets
sub_key_id string

Sub key id to search for
subField * ssb

Subkey field (typically ssb or sub)
Returns:

Parsed key from GPG output packets

Type
Object

(static) getSubKeyIdByCapability(key, cap, subField) → {Array(string)}

Source:

Find a subkey id with specific capabilities

Parameters:
Name Type Default Description
key Object
cap string

Capabilities (a, c, e, d)
subField string ssb

Field name/path
Returns:

List of subkey ids

Type
Array(string)

(static) isKeyFromCard(key, cardInfo)

Source:

Check if the specified secure card matches the supplied key

Parameters:
Name Type Description
key Object

A parsed key with ssb field
cardInfo Object

Card info from KeyChain.cardStatus

(async) call(input, args, nonbatch) → {ExecResult}

Source:

Call a GPG command

Parameters:
Name Type Default Description
input string

STDIN input text
args Array(string)

Command line arguments
nonbatch boolean false

Do not use the --batch flag
Returns:
Type
ExecResult

(async) cardStatus() → {Object}

Source:

Retrieve secure card metadata

Returns:
Type
Object

(async) decrypt(input, options) → {Buffer}

Source:

Decrypt cipher text

Parameters:
Name Type Description
input string
options Object
Properties
Name Type Attributes Default Description
from Array.<string>

List of keyid, fpr or uid(email) of allowed message signers. Defaults to allowing any trusted signer
trust 'pgp' | 'classic' | 'tofu' | 'tofu+pgp' | 'direct' | 'always' | 'auto' <optional>
 pgp

Trust model See gpg --trust-model
level Object

Acceptable signer trust levels. Trust level of a specific signature is computed with respect to configured trust model

Properties
Name Type Attributes Default Description
none boolean <optional>
 false

Accept signers with no trust
unknown boolean <optional>
 false

Accept signers with unknown/undefined trust
never boolean <optional>
 false

Accept untrustowrthy signers, potentially with revoked or bad keys
marginal boolean <optional>
 true

Accept signers with marginal trust
full boolean <optional>
 true

Accept signers with full trust
ultimate boolean <optional>
 true

Accept signers with ultimate trust
allow Object

Acceptable signature/signer expiry/revoke status

Properties
Name Type Attributes Default Description
allow_expired_sig boolean <optional>
 false

Accept expired signatures
allow_expired_key boolean <optional>
 false

Accept expired signer key
allow_revoked_key boolean <optional>
 false

Accept revoked signer key
Returns:
Type
Buffer

(async) encrypt(input, to, from) → {string}

Source:

Encrypt, sign, and armor input

Parameters:
Name Type Attributes Default Description
input string
to Array(string)

List of keyid, fpr or uid of message recipients
from string

Local keyid or uid to use in message signing
options.trust 'pgp' | 'classic' | 'tofu' | 'tofu+pgp' | 'direct' | 'always' | 'auto' <optional>
 pgp

Trust model See gpg --trust-model
Returns:

ciphertext

Type
string

(async) exportPublicKey(keyId) → {string}

Source:

Export ascii armor PGP public key

Parameters:
Name Type Description
keyId string
Returns:
Type
string

(async) exportSecretKey(keyId) → {string}

Source:

Export ascii armor PGP secret key

Parameters:
Name Type Description
keyId string
Returns:
Type
string

(async) generateKey(options)

Source:

Create public/private key pair

Parameters:
Name Type Description
options Object
Properties
Name Type Attributes Default Description
email string
name string
expire string
passphrase string
keyType string <optional>
 RSA
keySize string <optional>
 4096
unattend string <optional>
 false

(async) hasCard() → {boolean}

Source:

Check if a secure card is inserted

Returns:
Type
boolean

(async) importKey(key) → {boolean}

Source:

Import PGP key

Parameters:
Name Type Description
key string
Returns:
Type
boolean

(async) isCardTrusted() → {boolean}

Source:

Is the inserted secure card set to owner trust

Returns:
Type
boolean

(async) listPublicKeys(ultimate, keyId) → {Array(Objects)}

Source:

List of public keys

Parameters:
Name Type Default Description
ultimate boolean false

Only list keys with owner trust
keyId string

Query text, accepts keyid, fingerprints or email addresses
Returns:

Parsed gpg output packets

Type
Array(Objects)

(async) listSecretKeys(ultimate, keyId) → {Array(Objects)}

Source:

List of secret keys

Parameters:
Name Type Default Description
ultimate boolean true

Only list keys with owner trust
keyId string

Query text, accepts keyid, fingerprints or email addresses
Returns:

Parsed gpg output packets

Type
Array(Objects)

(async) lookupKey(text, exact, serveropt) → {string}

Source:

Lookup keys. This uses the KeyServerClient rather than GPG to ensure we don't accidently modify the keychain

Parameters:
Name Type Attributes Default Description
text string

Search text HKPIndexSchema
exact boolean false

Exact matches only
server string <optional>
 KeyServerClient.Addresses.ubuntu
Returns:

Parsed csv-to-json search results

Type
string

(async) open()

Source:

Open or create the GPG keychain

(async) recvKey(fingerprint, serveropt)

Source:

Recieve key specified by fingerprint

Parameters:
Name Type Attributes Default Description
fingerprint string

Fingerpint/email/grip of key to recieve
server string <optional>
 hkps://keyserver.ubuntu.com:443

(async) refreshKeys(serveropt)

Source:

Refresh keyring public keys from specified server

Parameters:
Name Type Attributes Default Description
server string <optional>
 hkps://keyserver.ubuntu.com:443

(async) resolveEmails(list) → {Array.<string>}

Source:

Takes a list of emails, keyid, fingerprints and converts the emails to fingerprints

Parameters:
Name Type Description
list Array.<string>

List of emails to resolve, keyid or fingerprints will be ignored
Returns:

Array of resolved fingerprints from the public keys on the key ring

Type
Array.<string>

(async) sendKeys(serveropt, fpr)

Source:

Transmit

Parameters:
Name Type Attributes Default Description
server string <optional>
 hkps://keyserver.ubuntu.com:443
fpr string

(async) signKey(to, from)

Source:

Sign a key

Parameters:
Name Type Description
to string
from string

(async) tar(options) → {ExecResult}

Source:
Properties:
Name Type Description
cwd string
outputPath string
to string
sign string
encrypt string
decrypt string
extractPath string
inputPaths string

Encrypt/decrypt gpgtar files

Parameters:
Name Type Description
options Object
Returns:
Type
ExecResult

(async) trustCard()

Source:

Trust the currently inserted secure card

(async) trustKey(keyId, level)

Source:

Import the supplied key with owner trust

Parameters:
Name Type Description
keyId string

Fingerprint/grip/email of desired key
level string

Trust level code (1 - 5)

(async) verify(input, sender)

Source:
Parameters:
Name Type Description
input string
sender string

(async) whoami() → {Array(string)}

Source:

List of uid.email for every secret key with owner trust

Returns:
Type
Array(string)