Class EnvelopedData

Represents the EnvelopedData structure described in RFC5652


The following example demonstrates how to create and encrypt CMS Enveloped Data

const cmsEnveloped = new pkijs.EnvelopedData();

// Add recipient
cmsEnveloped.addRecipientByCertificate(cert, { oaepHashAlgorithm: "SHA-256" });

// Secret key algorithm
const alg = {
name: "AES-GCM",
length: 256,
await cmsEnveloped.encrypt(alg, dataToEncrypt);

// Add Enveloped Data into CMS Content Info
const cmsContent = new pkijs.ContentInfo();
cmsContent.contentType = pkijs.ContentInfo.ENVELOPED_DATA;
cmsContent.content = cmsEnveloped.toSchema();

const cmsContentRaw = cmsContent.toSchema().toBER();


The following example demonstrates how to decrypt CMS Enveloped Data

// Get a "crypto" extension
const crypto = pkijs.getCrypto();

// Parse CMS Content Info
const cmsContent = pkijs.ContentInfo.fromBER(cmsContentRaw);
if (cmsContent.contentType !== pkijs.ContentInfo.ENVELOPED_DATA) {
throw new Error("CMS is not Enveloped Data");
// Parse CMS Enveloped Data
const cmsEnveloped = new pkijs.EnvelopedData({ schema: cmsContent.content });

// Export private key to PKCS#8
const pkcs8 = await crypto.exportKey("pkcs8", keys.privateKey);

// Decrypt data
const decryptedData = await cmsEnveloped.decrypt(0, {
recipientCertificate: cert,
recipientPrivateKey: pkcs8,





encryptedContentInfo: EncryptedContentInfo

Encrypted content information

originatorInfo?: OriginatorInfo

Optionally provides information about the originator. It is present only if required by the key management algorithm. It may contain certificates and CRLs.

policy: Required<EncryptedContentInfoSplit>
recipientInfos: RecipientInfo[]

Collection of per-recipient information. There MUST be at least one element in the collection.

unprotectedAttrs?: Attribute[]

Collection of attributes that are not encrypted

version: number

Version number.

The appropriate value depends on originatorInfo, RecipientInfo, and unprotectedAttrs.

The version MUST be assigned as follows:

IF (originatorInfo is present) AND
((any certificates with a type of other are present) OR
(any crls with a type of other are present))
THEN version is 4
IF ((originatorInfo is present) AND
(any version 2 attribute certificates are present)) OR
(any RecipientInfo structures include pwri) OR
(any RecipientInfo structures include ori)
THEN version is 3
IF (originatorInfo is absent) AND
(unprotectedAttrs is absent) AND
(all RecipientInfo structures are version 0)
THEN version is 0
ELSE version is 2
CLASS_NAME: string = "EnvelopedData"

Name of the class


  • get className(): string
  • Returns string


  • Helpers function for filling "RecipientInfo" based on recipient's certificate. Problem with WebCrypto is that for RSA certificates we have only one option - "key transport" and for ECC certificates we also have one option - "key agreement". As soon as Google will implement DH algorithm it would be possible to use "key agreement" also for RSA certificates.


    • certificate: Certificate

      Recipient's certificate

    • Optional parameters: {}

      Additional parameters necessary for "fine tunning" of encryption process

      • Optional variant: number

        Variant = 1 is for "key transport", variant = 2 is for "key agreement". In fact the "variant" is unnecessary now because Google has no DH algorithm implementation. Thus key encryption scheme would be choosen by certificate type only: "key transport" for RSA and "key agreement" for ECC certificates.

      • crypto: ICryptoEngine = ...

        Crypto engine

      Returns boolean

    • Add a "RecipientInfo" using a KeyAgreeRecipientInfo of type RecipientKeyIdentifier.


      • Optional key: CryptoKey

        Recipient's public key

      • Optional keyId: ArrayBuffer

        The id for the recipient's public key

      • Optional parameters: any

        Additional parameters for "fine tuning" the encryption process

      • crypto: ICryptoEngine = ...

        Crypto engine

      Returns void

    • Add recipient based on pre-defined data like password or KEK


      • preDefinedData: ArrayBuffer

        ArrayBuffer with pre-defined data

      • parameters: { hmacHashAlgorithm?: string; iterationCount?: number; keyEncryptionAlgorithm?: AesKeyGenParams; keyEncryptionAlgorithmParams?: any; keyIdentifier?: ArrayBuffer } = {}

        Additional parameters necessary for "fine tunning" of encryption process

        • Optional hmacHashAlgorithm?: string
        • Optional iterationCount?: number
        • Optional keyEncryptionAlgorithm?: AesKeyGenParams
        • Optional keyEncryptionAlgorithmParams?: any
        • Optional keyIdentifier?: ArrayBuffer
      • variant: number

        Variant = 1 for pre-defined "key encryption key" (KEK). Variant = 2 for password-based encryption.

      • crypto: ICryptoEngine = ...

        Crypto engine

      Returns void

    • Creates a new CMS Enveloped Data content with encrypted data


      • contentEncryptionAlgorithm: Algorithm

        WebCrypto algorithm. For the moment here could be only "AES-CBC" or "AES-GCM" algorithms.

      • contentToEncrypt: ArrayBuffer

        Content to encrypt

      • crypto: ICryptoEngine = ...

        Crypto engine

      Returns Promise<(void | { ecdhPrivateKey: CryptoKey })[]>

    • Parameters

      • encoding: "base64" | "base64url" | "hex" = "hex"

      Returns string

    • Compare values with default values for all class members


      • memberName: string

        String name for a class member

      • memberValue: any

        Value to compare with default value

      Returns boolean

    • Creates PKI object from the raw data


      Initialized and filled current class object

      Type Parameters


      • this: PkiObjectConstructor<T>
      • raw: BufferSource

        ASN.1 encoded raw data

      Returns T

    Generated using TypeDoc