NEQTO Docs
  • Languages iconEnglish
    • 日本語
  • Docs
  • Region API
  • Global API
  • FAQ

›neqto.js

Getting Started

  • NEQTO Hello World!
  • Step 1. Console Settings
  • Step 2. Device Setting & Start Service

    • When using NEQTO Bridge
    • When using Spresense
  • Step 3. Using Sensors

NEQTO

  • NEQTO Account Registration
  • API Usage
  • Batch Registration
  • Support Guidelines

NEQTO Console

  • Introduction
  • Fundamentals
  • Administrative Actions
  • Device Management
  • Scripts
  • Actions and Contacts
  • NEQTO Apps
  • Machine Driver
  • Recommended Browsers
  • Billing Information

SPRESENSE

    Hardware Specifications

    • 01. About Spresense

    Software Specifications

    • 01. Operational Flow
    • 02. Initial Installation
    • 03. Spresense Wi-Fi Initial Setup
    • 05. Debug Log Acquisition
    • 06. System LED Indications
    • 07. Event Messages
    • 08. Updating Firmware

    neqto.js

    • 01. About neqto.js
    • 02. Log
    • 03. Timers
    • 04. HTTP
    • 05. HTTPS
    • 06. MQTT
    • 07. Secure
    • 08. Storage
    • 10. RTC
    • 12. GPIO
    • 13. UART
    • 15. I2C
    • 17. Camera
    • 18. nqSpresense
    • 19. nqService
    • 20. nqMqtt
    • 21. nqFOTA
    • 22. nqWiFi

NEQTO Bridge Series

    Hardware Specifications

    • 01. NEQTO Bridge Module
    • 02. NEQTO Bridge Wi-Fi Module
    • 03. NEQTO Bridge LTE-1 Module
    • 04. NEQTO Bridge LTE-M/NB Module
    • 05. NEQTO Bridge IO Board
    • 06. NEQTO Bridge Digital IO Board

    Software Specifications

    • 01. Operational Flow
    • 02. NEQTO Bridge Wi-Fi Module Initial Setup
    • 03. NEQTO Bridge LTE Module Initial Setup
    • 04. Debug Log Acquisition
    • 05. System LED Indications
    • 06. Event Messages
    • 07. Updating Firmware

    neqto.js

    • 01. About neqto.js
    • 02. Log
    • 03. Timers
    • 04. HTTP
    • 05. HTTPS
    • 06. MQTT
    • 07. Secure
    • 08. Storage
    • 09. Sleep
    • 10. RTC
    • 11. UserSW
    • 12. GPIO
    • 13. UART
    • 14. SPI
    • 15. I2C
    • 16. ADC
    • 17. BLE
    • 18. nqBridge
    • 19. nqService
    • 20. nqMqtt
    • 21. nqFOTA
    • 22. nqWiFi
    • 23. nqLte
    • 24. nqLAN
    • 25. nqEx

neqto.js Libraries

    I2C

    • LIS2DW12 v2 Accelerometer
    • HTS221 v2 Temperature and Humidity Sensor
    • [Archive] LIS2DW12 Accelerometer
    • [Archive] HTS221 Temperature and Humidity Sensor

    Integration

    • AWS IoT Core v2 Library
    • AWS S3 v2 Library
    • Azure IoT v2 Library
    • GCP IoT Core Library
    • [Archive] AWS S3 Library
    • [Archive] AWS IoT Core Library

neqto.js Snippets

  • DataDog Snippet
  • Dropbox Snippet
  • Google Sheets Snippet
  • InfluxDB Snippet
  • Oracle Cloud Object Storage Snippet
  • Salesforce Snippet
  • SAP Cloud Platform Internet of Things Snippet
  • Splunk Snippet
  • Niagara Snippet

Release Notes

  • NEQTO Console Updates
  • NEQTO Firmware (Bridge Wi-Fi/LTE Module) Releases
  • NEQTO Firmware (Spresense Wi-Fi) Releases

07. Secure

The secure object is a built-in object that provides security-related operations and data encryption/decryption functionality.

Functional overview:

  • Supports HMAC operation.
  • Supports SHA-256 hash operation.
  • Supports Base64 encoding/decoding.
  • Supports data encryption/decryption.
  • Supports signature operation/verification.



secure Global Object

Methods()/PropertiesSummaryVersionNote
secure.setHmac()Sets up HMAC operation.01.00.00+
secure.hmacUpdate()Adds a data stream for HMAC operation.01.00.00+
secure.hmacDigest()Outputs the HMAC value.01.00.00+
secure.freeHmac()Releases HMAC operation resources.01.00.00+
secure.startSha256()Starts SHA-256 hash operation.01.00.00+
secure.updateSha256()Adds a data stream for SHA-256 hash operation.01.00.00+
secure.finishSha256()Outputs the SHA-256 hash value.01.00.00+
secure.base64Encode()Performs Base64 encoding on the given data.01.00.00+
secure.base64Decode()Performs Base64 decoding on the given data.01.00.00+
secure.genKey()Creates a key pair for asymmetric encryption.01.00.00+
secure.encPK()Encrypts data using the specified public key.01.00.00+
secure.decPK()Decrypts data using the specified private key.01.00.00+
secure.setSign()Sets up Signature operation/verification.01.00.00+
secure.signUpdate()Adds a data stream for signature operation/verification.01.00.00+
secure.signDigest()Outputs the signature value.01.00.00+
secure.verifyDigest()Outputs the result of signature verification.01.00.00+
secure.freeSign()Releases signature operation/verification resources.01.00.00+



Details

secure.setHmac(algo,key)

Sets up HMAC operation.
HMAC operation resources are allocated and methods related to HMAC operations are allowed.
Note that it is not possible to have multiple operation resources at the same time.
When setting up again, execute secure.hmacDigest() or secure.freeHmac() to release the operation resources once.

NameTypeM/OSummaryNote
algostringmandatoryAlgorithm name
Specify the name of the algorithm to be used.
The following hash algorithms are supported:
'sha256'
keystring, ArrayBuffermandatoryPrivate key
This argument can be specified as a string or binary.
returnundefined--When an error occurs, an exception is raised.

secure.hmacUpdate(message)

Adds the data stream for HMAC operation.
This method can be called continuously.

NameTypeM/OSummaryNote
messagestringmandatoryThe data stream to operate on
This argument can only be specified string.
returnundefined--When an error occurs, an exception is raised.

secure.hmacDigest()

Outputs the HMAC value in binary.
At the same time, HMAC operation resources are released.

NameTypeM/OSummaryNote
returnArrayBuffer-HMAC valueWhen an error occurs, an exception is raised.

secure.freeHmac()

Releases HMAC operation resources.
This method is used to abort the HMAC operation before calling secure.hmacDigest().

NameTypeM/OSummaryNote
returnundefined--

secure.startSha256(data)

Starts SHA-256 hash operation.
Hash operation resources are allocated and methods related to Hash operations are allowed.
Note that it is not possible to have multiple operation resources at the same time.
When restarting, execute secure.finishSha256() to release the operation resources once.

NameTypeM/OSummaryNote
datastring, ArrayBufferoptionalThe data stream to operate on
This argument can be specified as a string or binary.
returnundefined--When an error occurs, an exception is raised.

secure.updateSha256(data)

Adds a data stream for SHA-256 hash operation.
This method can be called continuously.

NameTypeM/OSummaryNote
datastring, ArrayBufferoptionalThe data stream to operate on
This argument can be specified as a string or binary.
returnundefined--When an error occurs, an exception is raised.

secure.finishSha256(data)

Outputs the SHA-256 hash value in binary.
At the same time, hash operation resources are released.

NameTypeM/OSummaryNote
datastring, ArrayBufferoptionalThe data stream to operate on
This argument can be specified as a string or binary.
returnArrayBuffer-SHA-256 hash valueWhen an error occurs, an exception is raised.

secure.base64Encode(data)

Performs Base64 encoding on the given data.

NameTypeM/OSummaryNote
datastring, ArrayBuffermandatoryThe data to encode
This argument can be specified as a string or binary.
returnstring-Encoded dataWhen an error occurs, an exception is raised.
If you run out of dynamic memory, reduce the amount of data.

secure.base64Decode(data)

Performs Base64 decoding on the given data. The output is in binary.

NameTypeM/OSummaryNote
datastringmandatoryEncoded data
This argument can only be specified string.
returnArrayBuffer-Decoded dataWhen an error occurs, an exception is raised.
If you run out of dynamic memory, reduce the amount of data.

secure.genKey(type[,length])

Creates a key pair for asymmetric encryption.
The created private key is stored in a temporary internal RAM and updated each time this method is executed.
This private key is retained while the script is running, but is destroyed when the script is reloaded, when the system is reset, or when the system enters standby mode.

NameTypeM/OSummaryNote
typestringmandatoryEncryption method name
Specify the name of the encryption method to be used.
The following encryption methods are supported:
'rsa'
lengthnumberoptionalKey length
Range: 1024 - 2048
The default value is 1024.
returnstring-Public key (PEM format)When an error occurs, an exception is raised.

secure.encPK(pubKey,data)

Encrypts data using the specified public key.

NameTypeM/OSummaryNote
pubKeystringmandatorySpecified public key (PEM format)Only RSA (PKCS #1 v2.1 RSAES-OAEP SHA-256) is supported.
datastringmandatoryPlain data
This argument can only be specified string.
Range: Key length/8-64-2 (*1)
*1: When key length = 1024, 1024 / 8 - 64 - 2 = 62
returnArrayBuffer-Encrypted dataWhen an error occurs, an exception is raised.

secure.decPK(encData)

Uses the private key generated with secure.genKey() to decrypt the data.

NameTypeM/OSummaryNote
encDataArrayBuffermandatoryEncrypted dataOnly RSA (PKCS #1 v2.1 RSAES-OAEP SHA-256) is supported.
returnstring-Decrypted dataWhen an error occurs, an exception is raised.

secure.setSign(algo)

Sets up signature operation/verification.
Signature operation/verification resources are allocated and methods related to signature operation/verification are allowed.
Note that it is not possible to have multiple operation resources at the same time.
When setting up again, execute secure.signDigest(), secure.verifyDigest() or secure.freeSign() to release the operation resources once.

NameTypeM/OSummaryNote
algostringmandatoryAlgorithm name
Specify the name of the algorithm to be used.
The following hash algorithms are supported:
'sha256'
returnundefined--When an error occurs, an exception is raised.

secure.signUpdate(message)

Adds the data stream for signature operation/verification.
This method can be called continuously.

NameTypeM/OSummaryNote
messagestringmandatoryThe data stream to operate/verify on
This argument can only be specified string.
returnundefined--When an error occurs, an exception is raised.

secure.signDigest([priKey])

Outputs the signature value in binary.
At the same time, signature operation resources are released.

NameTypeM/OSummaryNote
priKeystringoptionalSpecified private key (PEM format)
If omitted, the private key generated by secure.genKey() is used.
Only RSA (Key length:within 2048) is supported.
returnArrayBuffer-Signature valueWhen an error occurs, an exception is raised.

secure.verifyDigest(pubKey,signature)

Outputs the result of signature verification.
At the same time, signature verification resources are released.

NameTypeM/OSummaryNote
pubKeystringmandatorySpecified public key (PEM format)Only RSA (Key length:within 2048) is supported.
signatureArrayBuffermandatorySignature value
This argument can only be specified binary.
returnboolean-Result of signature verification
True if successful.
When an error occurs, an exception is raised.

secure.freeSign()

Releases signature operation/verification resources.
This method is used to abort the signature operation/verification before calling secure.signDigest() or secure.verifyDigest().

NameTypeM/OSummaryNote
returnundefined--



Object Usage Examples

Sample 1

This is a sample HMAC operation.

var private_key = '12345';
secure.setHmac('sha256', private_key);
var payload = 'Hello World!';
secure.hmacUpdate(payload);
var digest_bin = secure.hmacDigest();

Sample 2

This is a sample of the Sha-256 hash operation.

var inputData = ['abcde', 'fghijk', 'lmnopqr', 'stuvwxyz' ];
secure.startSha256();
for (var i = 0; i < inputData.length; i++){
  secure.updateSha256(inputData[i]);
}
var hashBin = secure.finishSha256();

Sample 3

This is a sample of Base64 encoding and decoding.

var orgStr = 'abcde';
var b64Str;

ab2string = function(ab) {
  var str = String.fromCharCode.apply(null, new Uint8Array(ab));
  return str;
}

b64Str = secure.base64Encode(orgStr);
print('base64 encode:' + b64Str);

var dec_bin;
decBin = secure.base64Decode(b64Str);
print(ab2string(decBin));

Sample 4

This is a sample of Base64URL encoding.

var b64Str = secure.base64Encode(targetData).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");

Sample 5

This is a sample RSA key pair creation, encryption and decryption.

var key_size = 1024;
var public_key;
public_key = secure.genKey('rsa', key_size);
print('public_key:' + public_key);

var plan_data = '......';//<=1024/8 - 64 -2
var enc_data = secure.encPK(public_key, plan_data);
var dec_data = secure.decPK(enc_data);
print('dec_data:' + dec_data);

Sample 6

This is a sample RSA key pair creation, signature operation and verification.

var message = 'Hello World!!!';
var key_size = 1024;
var public_key;
var signature;
//key-pair
public_key = secure.genKey('rsa', key_size);
//sign
secure.setSign('sha256');
secure.signUpdate(message);
signature = secure.signDigest();//->genKey()
//verify
var verify_result;
secure.setSign('sha256');
secure.signUpdate(message);
verify_result = secure.verifyDigest(public_key, signature);

print('result:' + verify_result);



Updated: 2020-06-04
← 06. MQTT08. Storage →
  • secure Global Object
  • Details
    • secure.setHmac(algo,key)
    • secure.hmacUpdate(message)
    • secure.hmacDigest()
    • secure.freeHmac()
    • secure.startSha256(data)
    • secure.updateSha256(data)
    • secure.finishSha256(data)
    • secure.base64Encode(data)
    • secure.base64Decode(data)
    • secure.genKey(type[,length])
    • secure.encPK(pubKey,data)
    • secure.decPK(encData)
    • secure.setSign(algo)
    • secure.signUpdate(message)
    • secure.signDigest([priKey])
    • secure.verifyDigest(pubKey,signature)
    • secure.freeSign()
  • Object Usage Examples
    • Sample 1
    • Sample 2
    • Sample 3
    • Sample 4
    • Sample 5
    • Sample 6
AboutNewsProductsFAQPrivacy Policy}
NEQTO Console
IntroductionFundamentalsAdministrative ActionsDevice Management NEQTO Apps
NEQTO Bridge Series
NEQTO Bridge ModuleNEQTO Bridge Wi-Fi ModuleNEQTO Bridge LTE-1 ModuleError Logging Event Messages
API Documentation
API UsageGlobal APIRegional APIAPI Terms of Service
Jigsaw, Inc.
© 2021 JIG-SAW INC.