README
¶
开发说明
导语 - 密钥 & 选项
签名密钥: &ecdsaPrivateKey{}
type ecdsaPrivateKey struct {
privateKey *ecdsa.PrivateKey
}
签名验证公钥: &ecdsaPublicKey{}
type ecdsaPublicKey struct {
publicKey *ecdsa.PublicKey
}
加密密钥: &aesKey{}
type aesKey struct {
key []byte
}
1. 签名机制
签名的生成以及验证是利用 ECDSA 算法实现的,目前仅支持 P256 椭圆曲线上的签名算法,将来也不打算支持 P224、P384 和 P521 曲线。
1.1 签名密钥的生成
生成签名密钥需要提供选项:&ECDSAKeyGenOpts{Temporary bool},该选项可以帮助程序找到对应的 ECDSA 密钥生成器:&ecdsaKeyGenerator,该密钥生成器可以生成一个密钥 Key (&ecdsaPrivateKey{}):
func (kg *ecdsaKeyGenerator) KeyGen(opts KeyGenOpts) (Key, error) {
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, fmt.Errorf("failed generating ecdsa key: [%s]", err.Error())
}
return &ecdsaPrivateKey{privateKey: privateKey}, nil
}
选项 &ECDSAKeyGenOpts{Temporary bool} 中的 Temporary 用来指示生成的 ECDSA 密钥是否需要被保存到 KeyStore 中,如果 Temporary 的值是 false,则表明该密钥不是临时的,需要被持久化到 KeyStore 中。
注意:&ecdsaKeyGenerator 只生成 P256 椭圆曲线上的密钥。
1.2 签名密钥的派生
衍生出一个新的 ECDSA 签名密钥需要提供两个参数:一个是原始密钥 Key,包括 ECDSA 的公私钥 &ecdsaPublicKey{} 和 &ecdsaPrivateKey{};另一个是衍生出新密钥时提供随机因子的选项 KeyDerivOpts,包括 &ECDSAKeyDerivOpts{Temporary, Expansion}。
ECDSA 密钥衍生遵循的算法如下所示:
# 生成元:G
# 原始私钥:sk
# 原始公钥:pk
# 提供一个随机因子:k
# 给定 ECDSA 算法的模数:n
# 新的私钥:sk'
# 新的公钥:pk'
k = k mod (n-1)
k = k + 1
sk' = sk + k
sk' = sk' mod n
pk' = sk' * G
选项 &ECDSAKeyDerivOpts{Temporary, Expansion} 里的 Expansion 字段的数据类型是 []byte,它其实就是上述密钥衍生算法里的随即因子 k。Temporary 字段的数据类型是 bool,这个字段用来表示衍生出的新密钥是否需要持久化到 KeyStore 中,如果 Temporary 的值是 true,则表示衍生出的新密钥是临时密钥,不需要被持久化。
1.3 签名密钥的导入
导入签名密钥需要提供选项 &KeyImportOpts{},包括 &ECDSAPKIXPublicKeyImportOpts{Temporary bool} 和 &ECDSAPrivateKeyImportOpts{Temporary bool},通过选项,程序可以找到对应的密钥导入器,前者对应的密钥导入器是 &ecdsaPKIXPublicKeyImporter{},它负责导入 &ecdsaPublicKey{},后者对应的密钥导入器是 &ecdsaPrivateKeyImporter{},它可以导入 &ecdsaPrivateKey{}。
选项中的 Temporary 字段用来指示导入的密钥是否是临时的,如果不是临时的,则导入的密钥需要持久化到 KeyStore 中。
1.4 签名的生成与验证
1.4.1 生成签名
生成签名需要签名密钥 &ecdsaPrivateKey{} 的支撑,提供此种类型密钥,可以帮助程序找到对应的签名生成器 &ecdsaSigner{},该密钥生成器可以生成椭圆曲线签名。
1.4.2 验证签名
一般情况下,验证签名需要与签名密钥对应的公钥 &ecdsaPublicKey{} 的支撑,但是签名密钥 &ecdsaPrivateKey{} 也可以验证签名的合法性。前者可以帮助程序找到签名验证器 &ecdsaPublicKeyVerifier{},后者则可以帮助程序找到签名验证器 &ecdsaPrivateKeyVerifier{}。两种签名验证器验证签名的思路都是利用公钥去验证椭圆曲线签名的合法性。
2. 加密机制
加解密是基于堆成密码算法 AES 实现的,目前仅支持 256 比特长的密钥,将来也不打算支持其他长度的 AES 密钥。
2.1 加密密钥的生成
生成加密密钥需要提供选项:&AESKeyGenOpts{Temporary bool},该选项可以帮助程序找到对应的 AES 密钥生成器:&aesKeyGenerator{},该密钥生成器可以生成一个比特位数为 256 的 AES 密钥 Key (&aesKey{}):
func (kg *aesKeyGenerator) KeyGen(opts KeyGenOpts) (Key, error) {
key, err := GetRandomBytes(32)
if err != nil {
return nil, fmt.Errorf("failed generating aes key: [%s]", err.Error())
}
return &aesKey{key: key, exportable: false}, nil
}
选项 &AESKeyGenOpts{Temporary bool} 中的 Temporary 用来指示生成的 AES 密钥是否需要被保存到 KeyStore 中,如果 Temporary 的值是 false,则表明该密钥不是临时的,需要被持久化到 KeyStore 中。
2.2 加密密钥的派生
衍生出一个新的 AES 加密密钥需要提供两个参数:一个是原始密钥 Key,即 &aesKey{};另一个是衍生出新密钥时提供随机因子的选项 KeyDerivOpts,即 &AESKeyDerivOpts{Temporary, Arg}。
AES 密钥衍生的过程如下:
# 提供一个随即因子:k
# 原始密钥:sk
# 新的密钥:sk'
# 实例化一个 HMAC
mac := hmac.New(sha256.New, sk)
# 加入随机因子
mac.Write(k)
# 得到新密钥
sk' = mac.Sum(nil)
选项 &AESKeyDerivOpts{Temporary, Arg} 里的 Arg 字段的数据类型是 []byte,它其实就是上述密钥衍生算法里的随即因子 k。Temporary 字段的数据类型是 bool,这个字段用来表示衍生出的新密钥是否需要持久化到 KeyStore 中,如果 Temporary 的值是 true,则表示衍生出的新密钥是临时密钥,不需要被持久化。
2.3 加密密钥的导入
导入加密密钥需要提供选项 &KeyImportOpts{},即 &AESKeyImportOpts{Temporary bool},通过选项,程序可以找到对应的密钥导入器 &aesKeyImporter{},它负责导入 &aesKey{}。
选项中的 Temporary 字段用来指示导入的密钥是否是临时的,如果不是临时的,则导入的密钥需要持久化到 KeyStore 中。
2.4 密文的生成与解密
2.4.1 加密
生成密文需要加密密钥 &aesKey{} 的支撑,提供此种类型的密钥,可以帮助程序找到对应的密文生成器 &aescbcpkcs7Encryptor{},该密文生成器可以按照 AES 算法对明文进行加密。在生成密文时需要提供一个选项 EncryptOpts,即 &AESCBCPKCS7ModeOpts{IV, PRNG},该选项对于生成密文具有大作用,其中的 IV 字段的数据类型是 []byte,如果该字段不为空的话,则会将 IV 作为 AES 加密算法中的初始向量,但是,如果 IV 是空的话,则会利用 PRNG 这个伪随机数发生器来随机产生一个初始向量,PRNG 的数据类型是 io.Reader。
2.4.2 解密
解密密文需要提供解密密钥 &aesKey{},提供此种类型的密钥,可以帮助程序找到对应的解密器 &aescbcpkcs7Decryptor{}。
3. 密钥存储机制
KeyStore 接口定义了 KeyStore 的功能:
ReadOnly() bool:反映当前的KeyStore是否支持存储新密钥的功能。GetKey(ski []byte) (Key, error):从KeyStore中取出对应的密钥。StoreKey(key Key) error:在KeyStore中存储密钥。
结构体 fileBasedKeyStore 实现了 KeyStore 接口所定义的功能:
type fileBasedKeyStore struct {
path string
readOnly bool
isOpen bool
logger *hlogging.HyperchainLogger
mutex sync.Mutex
}
Documentation
¶
Index ¶
- Constants
- func AESCBCPKCS7Decrypt(key, ciphertext []byte) ([]byte, error)
- func AESCBCPKCS7Encrypt(key, plaintext []byte) ([]byte, error)
- func AESCBCPKCS7EncryptWithIV(iv []byte, key, plaintext []byte) ([]byte, error)
- func AESCBCPKCS7EncryptWithRand(prng io.Reader, key, plaintext []byte) ([]byte, error)
- func GetRandomBytes(size int) ([]byte, error)
- func MarshalECDSASignature(r, s *big.Int) ([]byte, error)
- func NewCryptoSigner(csp BCCSP, key Key) (crypto.Signer, error)
- func NewFakeKeyStore() *fakeKeyStore
- func PreSetKeyStorePath(path string)
- func UnmarshalECDSASignature(raw []byte) (r *big.Int, s *big.Int, err error)
- type AESCBCPKCS7ModeOpts
- type AESKeyDerivOpts
- type AESKeyGenOpts
- type AESKeyImportOpts
- type BCCSP
- type CSP
- func (csp *CSP) AddWrapper(typ reflect.Type, wrapper interface{}) error
- func (csp *CSP) Decrypt(key Key, ciphertext []byte, opts DecryptOpts) (plaintext []byte, err error)
- func (csp *CSP) Encrypt(key Key, plaintext []byte, opts EncryptOpts) ([]byte, error)
- func (csp *CSP) GetHash(opts HashOpts) (h hash.Hash, err error)
- func (csp *CSP) GetKey(ski []byte) (key Key, err error)
- func (csp *CSP) Hash(msg []byte, opts HashOpts) (digest []byte, err error)
- func (csp *CSP) KeyDeriv(key Key, opts KeyDerivOpts) (dkey Key, err error)
- func (csp *CSP) KeyGen(opts KeyGenOpts) (key Key, err error)
- func (csp *CSP) KeyImport(raw interface{}, opts KeyImportOpts) (key Key, err error)
- func (csp *CSP) Sign(key Key, digest []byte, opts SignerOpts) (signature []byte, err error)
- func (csp *CSP) Verify(key Key, signature, digest []byte, opts SignerOpts) (valid bool, err error)
- type DecryptOpts
- type Decrypter
- type ECDSAKeyDerivOpts
- type ECDSAKeyGenOpts
- type ECDSAPKIXPublicKeyImportOpts
- type ECDSAPrivateKeyImportOpts
- type ECDSASignature
- type EidNymAuditOpts
- type EncryptOpts
- type Encrypter
- type HashOpts
- type Hasher
- type IdemixAttribute
- type IdemixAttributeType
- type IdemixCRISignerOpts
- type IdemixCredentialRequestSignerOpts
- type IdemixCredentialSignerOpts
- type IdemixIssuerKeyGenOpts
- type IdemixIssuerKeyImportOpts
- type IdemixIssuerPublicKeyImportOpts
- type IdemixNymKeyDerivationOpts
- type IdemixNymKeyImportOpts
- type IdemixNymPublicKeyImportOpts
- type IdemixNymSignerOpts
- type IdemixRevocationKeyGenOpts
- type IdemixRevocationKeyImportOpts
- type IdemixRevocationPublicKeyImportOpts
- type IdemixSignerMetadata
- type IdemixSignerOpts
- type IdemixUserSecretKeyGenOpts
- type IdemixUserSecretKeyImportOpts
- type Key
- type KeyDerivOpts
- type KeyDeriver
- type KeyGenOpts
- type KeyGenerator
- type KeyImportOpts
- type KeyImporter
- type KeyStore
- type NymEIDAuditData
- type RevocationAlgorithm
- type SHA256Opts
- type SignatureType
- type Signer
- type SignerOpts
- type VerificationType
- type Verifier
- type X509PublicKeyImportOpts
Constants ¶
const ( ECDSAReRand = "ECDSA_RERAND" ECDSA = "ECDSA" X509Certificate = "X509Certificate" SHA2 = "SHA2" SHA256 = "SHA256" AES = "AES" AESReRand = "AES_RERAND" IDEMIX = "IDEMIX" )
Variables ¶
This section is empty.
Functions ¶
func AESCBCPKCS7Decrypt ¶
AESCBCPKCS7Decrypt 利用给定的密钥和密文,对密文进行解密。
func AESCBCPKCS7Encrypt ¶
AESCBCPKCS7Encrypt 利用给定的密钥对明文进行 AES 加密。
func AESCBCPKCS7EncryptWithIV ¶
AESCBCPKCS7EncryptWithIV 利用给定的初始向量、密钥和明文,对明文进行 AES 加密。
func AESCBCPKCS7EncryptWithRand ¶
AESCBCPKCS7EncryptWithRand 利用给定的伪随机数产生器、密钥和明文,对明文进行 AES 加密,伪随机数产生器用于产生初始向量 IV。
func NewFakeKeyStore ¶
func NewFakeKeyStore() *fakeKeyStore
func PreSetKeyStorePath ¶
func PreSetKeyStorePath(path string)
Types ¶
type AESCBCPKCS7ModeOpts ¶
type AESKeyDerivOpts ¶
AESKeyDerivOpts 包含 HMAC 截断 256 比特密钥派生的选项。
func (*AESKeyDerivOpts) Algorithm ¶
func (opts *AESKeyDerivOpts) Algorithm() string
func (*AESKeyDerivOpts) Argument ¶
func (opts *AESKeyDerivOpts) Argument() []byte
func (*AESKeyDerivOpts) Ephemeral ¶
func (opts *AESKeyDerivOpts) Ephemeral() bool
type AESKeyGenOpts ¶
type AESKeyGenOpts struct {
Temporary bool
}
AESKeyGenOpts 生成 256 比特 aes 密钥的选项。
func (*AESKeyGenOpts) Algorithm ¶
func (opts *AESKeyGenOpts) Algorithm() string
func (*AESKeyGenOpts) Ephemeral ¶
func (opts *AESKeyGenOpts) Ephemeral() bool
type AESKeyImportOpts ¶
type AESKeyImportOpts struct {
Temporary bool
}
func (*AESKeyImportOpts) Algorithm ¶
func (opts *AESKeyImportOpts) Algorithm() string
func (*AESKeyImportOpts) Ephemeral ¶
func (opts *AESKeyImportOpts) Ephemeral() bool
type BCCSP ¶
type BCCSP interface {
// KeyGen 提供选项,生成与选项对应的密钥:
// - ECDSAKeyGenOpts:&ecdsaPrivateKey{}
// - AESKeyGenOpts:&aesKey{}
KeyGen(opts KeyGenOpts) (Key, error)
// KeyDeriv 根据密钥衍生算法衍生出新的密钥,需要提供选项,目前支持的选项:
// - AESKeyDerivOpts:衍生出新的 AES 密钥
// - ECDSAKeyDerivOpts:衍生出新的 ECDSA 密钥
KeyDeriv(key Key, opts KeyDerivOpts) (Key, error)
// KeyImport 导入密钥,需要提供选项,目前支持的选项:
// - ECDSAPKIXPublicKeyImportOpts:导入 ECDSA 公钥
// - ECDSAPrivateKeyImportOpts:导入 ECDSA 私钥
// - AESKeyImportOpts:导入 AES 密钥
// - X509PublicKeyImportOpts:导入 x509 公钥
KeyImport(raw interface{}, opts KeyImportOpts) (Key, error)
// GetKey 根据密钥的唯一标识符获取密钥。
GetKey(ski []byte) (Key, error)
// Hash 根据提供的选项,直接对消息进行哈希运算,得到消息的摘要,目前仅支持的选项是:
// - SHA256Opts:生成 256 比特的消息摘要。
Hash(msg []byte, opts HashOpts) ([]byte, error)
// GetHash 获得一个哈希函数,用于计算消息的哈希值,传入的选项目前仅支持:
// - SHA256Opts:获得一个 SHA256 哈希函数的实例
GetHash(opts HashOpts) (hash.Hash, error)
// Sign 根据提供的签名密钥,对消息摘要进行签名。
Sign(key Key, digest []byte, opts SignerOpts) ([]byte, error)
// Verify 根据提供的密钥:
// - *ecdsaPrivateKey:提取其中的公钥,用公钥验证签名的合法性
// - *ecdsaPublickey:直接用公钥验证签名的合法性
Verify(key Key, signature, digest []byte, opts SignerOpts) (bool, error)
// Encrypt 根据提供的密钥对明文进行加密获得密文,需要提供选项 EncryptOpts,目前仅支持:
// - AESCBCPKCS7ModeOpts:要么提供初始向量,要么提供伪随机数生成器,辅助加密过程
Encrypt(key Key, plaintext []byte, opts EncryptOpts) ([]byte, error)
// Decrypt 根据提供的密钥对密文进行解密。
Decrypt(key Key, ciphertext []byte, opts DecryptOpts) ([]byte, error)
}
type CSP ¶
type CSP struct {
KeyGenerators map[reflect.Type]KeyGenerator
KeyDerivers map[reflect.Type]KeyDeriver
KeyImporters map[reflect.Type]KeyImporter
Encrypters map[reflect.Type]Encrypter
Decrypters map[reflect.Type]Decrypter
Signers map[reflect.Type]Signer
Verifiers map[reflect.Type]Verifier
Hashers map[reflect.Type]Hasher
// contains filtered or unexported fields
}
func (*CSP) AddWrapper ¶
AddWrapper 重新注册 KeyGenerator KeyImporter KeyDeriver Encrypter Decrypter Signer Verifier Hasher。
func (*CSP) KeyImport ¶
func (csp *CSP) KeyImport(raw interface{}, opts KeyImportOpts) (key Key, err error)
type DecryptOpts ¶
type DecryptOpts interface{}
type Decrypter ¶
type Decrypter interface {
Decrypt(key Key, ciphertext []byte, opts DecryptOpts) (plaintext []byte, err error)
}
type ECDSAKeyDerivOpts ¶
ECDSAKeyDerivOpts 用于衍生出新的 ecdsa 密钥的选项。
func (*ECDSAKeyDerivOpts) Algorithm ¶
func (opts *ECDSAKeyDerivOpts) Algorithm() string
func (*ECDSAKeyDerivOpts) Ephemeral ¶
func (opts *ECDSAKeyDerivOpts) Ephemeral() bool
func (*ECDSAKeyDerivOpts) ExpansionValue ¶
func (opts *ECDSAKeyDerivOpts) ExpansionValue() []byte
type ECDSAKeyGenOpts ¶
type ECDSAKeyGenOpts struct {
Temporary bool
}
ECDSAKeyGenOpts 生成 256 比特 ecdsa 密钥的选项。
func (*ECDSAKeyGenOpts) Algorithm ¶
func (opts *ECDSAKeyGenOpts) Algorithm() string
func (*ECDSAKeyGenOpts) Ephemeral ¶
func (opts *ECDSAKeyGenOpts) Ephemeral() bool
type ECDSAPKIXPublicKeyImportOpts ¶
type ECDSAPKIXPublicKeyImportOpts struct {
Temporary bool
}
func (*ECDSAPKIXPublicKeyImportOpts) Algorithm ¶
func (opts *ECDSAPKIXPublicKeyImportOpts) Algorithm() string
func (*ECDSAPKIXPublicKeyImportOpts) Ephemeral ¶
func (opts *ECDSAPKIXPublicKeyImportOpts) Ephemeral() bool
type ECDSAPrivateKeyImportOpts ¶
type ECDSAPrivateKeyImportOpts struct {
Temporary bool
}
func (*ECDSAPrivateKeyImportOpts) Algorithm ¶
func (opts *ECDSAPrivateKeyImportOpts) Algorithm() string
func (*ECDSAPrivateKeyImportOpts) Ephemeral ¶
func (opts *ECDSAPrivateKeyImportOpts) Ephemeral() bool
type ECDSASignature ¶
type EidNymAuditOpts ¶
func (*EidNymAuditOpts) HashFunc ¶
func (o *EidNymAuditOpts) HashFunc() crypto.Hash
type Encrypter ¶
type Encrypter interface {
Encrypt(key Key, plaintext []byte, opts EncryptOpts) (ciphertext []byte, err error)
}
type IdemixAttribute ¶
type IdemixAttribute struct {
// Type is the attribute's type
Type IdemixAttributeType
// Value is the attribute's value
Value interface{}
}
type IdemixAttributeType ¶
type IdemixAttributeType int
IdemixAttributeType represents the type of an idemix attribute
const ( // IdemixHiddenAttribute represents an hidden attribute IdemixHiddenAttribute IdemixAttributeType = iota // IdemixStringAttribute represents a sequence of bytes IdemixBytesAttribute // IdemixIntAttribute represents an int IdemixIntAttribute )
type IdemixCRISignerOpts ¶
type IdemixCRISignerOpts struct {
Epoch int
RevocationAlgorithm RevocationAlgorithm
UnrevokedHandles [][]byte
// H is the hash function to be used
H crypto.Hash
}
IdemixCRISignerOpts contains the options to generate an Idemix CRI. The CRI is supposed to be generated by the Issuing authority and can be verified publicly by using the revocation public key.
func (*IdemixCRISignerOpts) HashFunc ¶
func (o *IdemixCRISignerOpts) HashFunc() crypto.Hash
type IdemixCredentialRequestSignerOpts ¶
type IdemixCredentialRequestSignerOpts struct {
// 证书中包含的属性的索引列表。
Attributes []int
// 签发者的公钥。
IssuerPK Key
// IssuerNonce 由签发人生成,客户端使用它来生成凭据请求。签发人收到凭据请求后,会检查 nonce 是否相同。
IssuerNonce []byte
// 被使用的哈希函数。
H crypto.Hash
}
func (*IdemixCredentialRequestSignerOpts) HashFunc ¶
func (o *IdemixCredentialRequestSignerOpts) HashFunc() crypto.Hash
func (*IdemixCredentialRequestSignerOpts) IssuerPublicKey ¶
func (o *IdemixCredentialRequestSignerOpts) IssuerPublicKey() Key
type IdemixCredentialSignerOpts ¶
type IdemixCredentialSignerOpts struct {
// Attributes to include in the credentials. IdemixHiddenAttribute is not allowed here
Attributes []IdemixAttribute
// IssuerPK is the public-key of the issuer
IssuerPK Key
// HashFun is the hash function to be used
H crypto.Hash
}
IdemixCredentialSignerOpts contains the options to produce a credential starting from a credential request
func (*IdemixCredentialSignerOpts) HashFunc ¶
func (o *IdemixCredentialSignerOpts) HashFunc() crypto.Hash
HashFunc returns an identifier for the hash function used to produce the message passed to Signer.Sign, or else zero to indicate that no hashing was done.
func (*IdemixCredentialSignerOpts) IssuerPublicKey ¶
func (o *IdemixCredentialSignerOpts) IssuerPublicKey() Key
type IdemixIssuerKeyGenOpts ¶
type IdemixIssuerKeyGenOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
// AttributeNames is a list of attributes
AttributeNames []string
}
IdemixIssuerKeyGenOpts contains the options for the Idemix Issuer key-generation. A list of attribytes may be optionally passed
func (*IdemixIssuerKeyGenOpts) Algorithm ¶
func (*IdemixIssuerKeyGenOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixIssuerKeyGenOpts) Ephemeral ¶
func (o *IdemixIssuerKeyGenOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixIssuerKeyImportOpts ¶
type IdemixIssuerKeyImportOpts struct {
Temporary bool
// AttributeNames is a list of attributes to ensure the import public key has
AttributeNames []string
}
IdemixIssuerKeyImportOpts contains the options for importing of an Idemix issuer public key.
func (*IdemixIssuerKeyImportOpts) Algorithm ¶
func (*IdemixIssuerKeyImportOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixIssuerKeyImportOpts) Ephemeral ¶
func (o *IdemixIssuerKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixIssuerPublicKeyImportOpts ¶
type IdemixIssuerPublicKeyImportOpts struct {
Temporary bool
// AttributeNames is a list of attributes to ensure the import public key has
AttributeNames []string
}
IdemixIssuerPublicKeyImportOpts contains the options for importing of an Idemix issuer public key.
func (*IdemixIssuerPublicKeyImportOpts) Algorithm ¶
func (*IdemixIssuerPublicKeyImportOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixIssuerPublicKeyImportOpts) Ephemeral ¶
func (o *IdemixIssuerPublicKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixNymKeyDerivationOpts ¶
type IdemixNymKeyDerivationOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
// IssuerPK is the public-key of the issuer
IssuerPK Key
}
IdemixNymKeyDerivationOpts contains the options to create a new unlinkable pseudonym from a credential secret key with the respect to the specified issuer public key
func (*IdemixNymKeyDerivationOpts) Algorithm ¶
func (*IdemixNymKeyDerivationOpts) Algorithm() string
Algorithm returns the key derivation algorithm identifier (to be used).
func (*IdemixNymKeyDerivationOpts) Ephemeral ¶
func (o *IdemixNymKeyDerivationOpts) Ephemeral() bool
Ephemeral returns true if the key to derive has to be ephemeral, false otherwise.
func (*IdemixNymKeyDerivationOpts) IssuerPublicKey ¶
func (o *IdemixNymKeyDerivationOpts) IssuerPublicKey() Key
IssuerPublicKey returns the issuer public key used to derive a new unlinkable pseudonym from a credential secret key
type IdemixNymKeyImportOpts ¶
type IdemixNymKeyImportOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
}
IdemixNymKeyImportOpts contains the options to import a pseudonym
func (*IdemixNymKeyImportOpts) Algorithm ¶
func (*IdemixNymKeyImportOpts) Algorithm() string
Algorithm returns the key derivation algorithm identifier (to be used).
func (*IdemixNymKeyImportOpts) Ephemeral ¶
func (o *IdemixNymKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to derive has to be ephemeral, false otherwise.
type IdemixNymPublicKeyImportOpts ¶
type IdemixNymPublicKeyImportOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
}
IdemixNymPublicKeyImportOpts contains the options to import the public part of a pseudonym
func (*IdemixNymPublicKeyImportOpts) Algorithm ¶
func (*IdemixNymPublicKeyImportOpts) Algorithm() string
Algorithm returns the key derivation algorithm identifier (to be used).
func (*IdemixNymPublicKeyImportOpts) Ephemeral ¶
func (o *IdemixNymPublicKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to derive has to be ephemeral, false otherwise.
type IdemixNymSignerOpts ¶
type IdemixNymSignerOpts struct {
// Nym is the pseudonym to be used
Nym Key
// IssuerPK is the public-key of the issuer
IssuerPK Key
// H is the hash function to be used
H crypto.Hash
}
IdemixNymSignerOpts contains the options to generate an idemix pseudonym signature.
func (*IdemixNymSignerOpts) HashFunc ¶
func (o *IdemixNymSignerOpts) HashFunc() crypto.Hash
HashFunc returns an identifier for the hash function used to produce the message passed to Signer.Sign, or else zero to indicate that no hashing was done.
type IdemixRevocationKeyGenOpts ¶
type IdemixRevocationKeyGenOpts struct {
// Temporary tells if the key is ephemeral
Temporary bool
}
IdemixRevocationKeyGenOpts contains the options for the Idemix revocation key-generation.
func (*IdemixRevocationKeyGenOpts) Algorithm ¶
func (*IdemixRevocationKeyGenOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixRevocationKeyGenOpts) Ephemeral ¶
func (o *IdemixRevocationKeyGenOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixRevocationKeyImportOpts ¶
type IdemixRevocationKeyImportOpts struct {
Temporary bool
}
IdemixRevocationKeyImportOpts contains the options for importing of an Idemix revocation key pair.
func (*IdemixRevocationKeyImportOpts) Algorithm ¶
func (*IdemixRevocationKeyImportOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixRevocationKeyImportOpts) Ephemeral ¶
func (o *IdemixRevocationKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixRevocationPublicKeyImportOpts ¶
type IdemixRevocationPublicKeyImportOpts struct {
Temporary bool
}
IdemixRevocationPublicKeyImportOpts contains the options for importing of an Idemix revocation public key.
func (*IdemixRevocationPublicKeyImportOpts) Algorithm ¶
func (*IdemixRevocationPublicKeyImportOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixRevocationPublicKeyImportOpts) Ephemeral ¶
func (o *IdemixRevocationPublicKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixSignerMetadata ¶
type IdemixSignerMetadata struct {
NymEIDAuditData *NymEIDAuditData
}
type IdemixSignerOpts ¶
type IdemixSignerOpts struct {
// Nym is the pseudonym to be used
Nym Key
// IssuerPK is the public-key of the issuer
IssuerPK Key
// Credential is the byte representation of the credential signed by the issuer
Credential []byte
// Attributes specifies which attribute should be disclosed and which not.
// If Attributes[i].Type = IdemixHiddenAttribute
// then the i-th credential attribute should not be disclosed, otherwise the i-th
// credential attribute will be disclosed.
// At verification time, if the i-th attribute is disclosed (Attributes[i].Type != IdemixHiddenAttribute),
// then Attributes[i].Value must be set accordingly.
Attributes []IdemixAttribute
// RhIndex is the index of attribute containing the revocation handler.
// Notice that this attributed cannot be discloused
RhIndex int
// EidIndex contains the index of the EID attrbiute
EidIndex int
// CRI contains the credential revocation information
CRI []byte
// Epoch is the revocation epoch the signature should be produced against
Epoch int
// RevocationPublicKey is the revocation public key
RevocationPublicKey Key
// H is the hash function to be used
H crypto.Hash
// SigType is the type of signature that shall be generated
SigType SignatureType
// IdemixSignerMetadata contains metadata about the signature
Metadata *IdemixSignerMetadata
// VerificationType controls what type of verification the caller expects
VerificationType VerificationType
}
IdemixSignerOpts contains the options to generate an Idemix signature
func (*IdemixSignerOpts) HashFunc ¶
func (o *IdemixSignerOpts) HashFunc() crypto.Hash
type IdemixUserSecretKeyGenOpts ¶
type IdemixUserSecretKeyGenOpts struct {
Temporary bool
}
IdemixUserSecretKeyGenOpts contains the options for the generation of an Idemix credential secret key.
func (*IdemixUserSecretKeyGenOpts) Algorithm ¶
func (*IdemixUserSecretKeyGenOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixUserSecretKeyGenOpts) Ephemeral ¶
func (o *IdemixUserSecretKeyGenOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type IdemixUserSecretKeyImportOpts ¶
type IdemixUserSecretKeyImportOpts struct {
Temporary bool
}
IdemixUserSecretKeyImportOpts contains the options for importing of an Idemix credential secret key.
func (*IdemixUserSecretKeyImportOpts) Algorithm ¶
func (*IdemixUserSecretKeyImportOpts) Algorithm() string
Algorithm returns the key generation algorithm identifier (to be used).
func (*IdemixUserSecretKeyImportOpts) Ephemeral ¶
func (o *IdemixUserSecretKeyImportOpts) Ephemeral() bool
Ephemeral returns true if the key to generate has to be ephemeral, false otherwise.
type Key ¶
type Key interface {
// Bytes 在允许的情况下,将密钥转换为原始的字节切片形式。
Bytes() ([]byte, error)
// SKI 返回该密钥的唯一标识符。
// - AES 返回其私钥的哈希值
// - ECDSA 返回其公钥的哈希值
SKI() []byte
// Symmetric 用来标识该密钥是否是对称密钥,如果是的话,则返回 true,否则返回 false。
Symmetric() bool
// IsPrivate 用来标识该密钥是否是私钥,如果是的话,则返回 true,否则返回 false。
IsPrivate() bool
// PublicKey 返回非对称密钥中的公钥,如果该密钥是对称密钥,调用该方法会返回错误。
PublicKey() (Key, error)
}
type KeyDerivOpts ¶
type KeyDeriver ¶
type KeyDeriver interface {
KeyDeriv(key Key, opts KeyDerivOpts) (dkey Key, err error)
}
type KeyGenOpts ¶
type KeyGenerator ¶
type KeyGenerator interface {
KeyGen(opts KeyGenOpts) (key Key, err error)
}
type KeyImportOpts ¶
type KeyImporter ¶
type KeyImporter interface {
KeyImport(raw interface{}, opts KeyImportOpts) (Key, error)
}
type KeyStore ¶
type NymEIDAuditData ¶
type RevocationAlgorithm ¶
type RevocationAlgorithm int32
RevocationAlgorithm identifies the revocation algorithm
type SHA256Opts ¶
type SHA256Opts struct{}
func (*SHA256Opts) Algorithm ¶
func (opts *SHA256Opts) Algorithm() string
type SignatureType ¶
type SignatureType int
SignatureType describes the type of idemix signature
const ( // Standard is the base signature type Standard SignatureType = iota // EidNym adds a hiding and binding commitment to the enrollment id and proves its correctness EidNym )
type Signer ¶
type Signer interface {
Sign(key Key, digest []byte, opts SignerOpts) (signature []byte, err error)
}
type SignerOpts ¶
type SignerOpts interface {
crypto.SignerOpts
}
type VerificationType ¶
type VerificationType int
VerificationType describes the type of verification that is required
const ( // Basic performs the verification without any of the extensions (e.g. it ignores the nym eid) Basic VerificationType = iota // BestEffort performs all verifications possible given the available information in the signature/opts BestEffort // ExpectStandard expects a SignatureType of type Standard ExpectStandard // ExpectEidNym expects a SignatureType of type EidNym ExpectEidNym )
type X509PublicKeyImportOpts ¶
type X509PublicKeyImportOpts struct {
Temporary bool
}
func (*X509PublicKeyImportOpts) Algorithm ¶
func (opts *X509PublicKeyImportOpts) Algorithm() string
func (*X509PublicKeyImportOpts) Ephemeral ¶
func (opts *X509PublicKeyImportOpts) Ephemeral() bool
Source Files