Tresor management
Tresors are the basic unit of key handling and sharing. They can be referenced by a server generated id, returned on tresor creation. We provide no means to list a user's tresors, so the application should save these ids. Both tresor creation and sharing needs administrative approval to be effective. Since the encrypted data has the tresor id included, it can be decrypted even if the tresorId is lost from the application database.
createTresor()
The createTresor call will create a tresor with the logged in user as a member, but it will only be usable once it's approved. The resolved value of the returned promise should be saved, as it is the only way to identify the tresor.
Parameters:
Returns:
Promise.<string>: Resolves to the tresorId of the newly created tresor. This id can be used to approve the tresor creation and to encrypt/decrypt using the tresor.
Rejections:
| Code | Reason |
|---|---|
| NotLoggedIn | There is no user logged in |
shareTresor(tresorId: string, userId: string)
The shareTresor method will share the tresor with the given user. The operation will only be effective after it is approved using the returned OperationId. This uploads a modified tresor, but the new version is downloadable only after it has been approved. This should be done as soon as possible, as approving any operation to a tresor may invalidate any pending ones.
Parameters:
- tresorId: The id of the tresor to invite the user to.
- userId: The id of the user to invite.
Returns:
Promise.<string>: Resolves to the OperationId that can be used to approve this share.
Rejections:
| Code | Reason |
|---|---|
| BadInput | Invalid tresor or userId |
| TresorNotExists | Couldn't find a tresor by the give tresorId |
| UserNotFound | There is no user by that id |
| CantInviteYourself | You can't invite yourself to a tresor |
| AlreadyAMember | The invitee is already a member of the tresor |
| CallerUserIsNotAMemberOfTresor | The caller user is not a member of the tresor |
| NotLoggedIn | There is no user logged in |
kickFromTresor(tresorId: string, userId: string): Promise<string>
This method will remove a user from a tresor you are a member of. The operation will only be effective after it is approved using the returned OperationId. This uploads a modified tresor, but the new version is downloadable only after it has been approved. This should be done as soon as possible, as approving any operation to a tresor may invalidate any pending ones.
Parameters:
- tresorId: The id of the tresor to invite the user to.
- userId: The id of the user to kick.
Returns:
Promise.<string>: Resolves to the OperationId that can be used to approve this share.
Rejections:
| Code | Reason |
|---|---|
| BadInput | Invalid tresor or userId |
| TresorNotExists | Couldn't find a tresor by the give tresorId |
| UserNotFound | There is no user by that id |
| CantKickYourself | You can't kick yourself from a tresor |
| NotMember | The user to kick is not a member of the tresor |
| CallerUserIsNotAMemberOfTresor | The caller user is not a member of the tresor |
| NotLoggedIn | There is no user logged in |