Skip to content

stormshield/stormshield-sdk-samples

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
examples/base
examples/base
 
 
idp
idp
 
 
kmaas
kmaas
 
 
pdp
pdp
 
 
stormshield-sdk
stormshield-sdk
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 
docker-compose.yml
docker-compose.yml
 
 
exemple-schema.png
exemple-schema.png
 
 

Repository files navigation

Example of using the Stormshield SDK (Base)

This repository contains a small TypeScript project illustrating the main features of the Stormshield SDK:

  • SDK configuration
  • File encryption
  • File decryption
  • Attribute‑Based Access Control (ABAC)

The project follows the official SDK documentation: https://documentation.stormshield.eu/SEP/en/Content/SDK_doc/.

Example scenario

Two companies, alice-company and bob-company, need to share and protect confidential documents (invoices, confidential PDFs, etc.). The example demonstrates how to:

  • configure the Stormshield SDK for both parties
  • encrypt documents to one or multiple KAS instances based on a mapping of data attributes, allowing selective encryption for specific recipients or groups
  • decrypt the document by authorized users
  • example of file decryption by an unauthorized user, decryption rejected by PDP or IDP

Explanation of the example

Data encryption is performed locally; a Data Encryption Key (DEK) is randomly generated by the Stormshield SDK. This DEK is then encrypted using the public key(s); this operation is always performed locally.

During decryption, the Stormdshield SDK calls the KAS instance to decrypt the DEK with the private key.

The DEK is decrypted only after the authentication has been validated by the IdP and the authorization has been granted by the PDP.

exemple-workflow

In this example, we consider two companies and three users with the following attributes:

Company Username Password team
bob-company finn.fischer password finance
bob-company leon.weber password r&d
alice-company jean.martin password finance

We want to encrypt two documents such as:

  • The file “alice‑bob‑invoice.jpg” should be encrypted for both companies, and only members of each company’s finance team should be able to decrypt it.
  • The file alice-company-confidential-data.pdf must be encrypted so that only users of the finance team of alice-company can decrypt it.

Prerequisites

  • Docker (for the provided docker-compose.yml) – used to run the SEP platform.
  • stormshield/kmaas:4.6.0.309 Docker image – must be loaded from a tgz archive (see note below).
  • stormshield-sdk/sdsdk.tgz – the SDK archive must be supplied by the user and placed in the stormshield-sdk/ directory.

Contact us for more informations about KMaaS and the Stormshield SDK.

Installation

Before starting, load the required KMaaS image from the supplied tgz archive:

docker load -i stormshield-kmaas.tgz

If you need to use a different version or image name, edit the image: field in docker-compose.yml accordingly.

All required components are run inside Docker containers; no local Node.js or npm dependencies are needed.

Starting the SEP stack

First, start the SEP services (IDP, PDP, KMAAS instances) using the sep profile:

docker compose --profile sep up -d

Running the examples

After the SEP stack is up, run the examples inside the example-base container:

# Encryption (2_encrypt.ts)
docker compose run --rm example-base encrypt

# Decryption (3_decrypt.ts)
docker compose run --rm example-base decrypt

# PDD denial (4_pdp-denial.ts)
docker compose run --rm example-base pdp-denial

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages