Documentation ¶
Index ¶
- func Decrypt(jwe string, receiver AuthenticatedUser, fetchUser FetchUser) (SingedLog, error)
- func Encrypt(jwsSignedLog SingedLog, sender AuthenticatedUser, receivers []RemoteUser) (string, error)
- type AuthenticatedUser
- func (user AuthenticatedUser) DecryptLog(jwe string, fn FetchUser) (SingedLog, error)
- func (user AuthenticatedUser) EncryptLog(log SingedLog, receivers []RemoteUser) (string, error)
- func (user AuthenticatedUser) SignData(data []byte) (string, error)
- func (user AuthenticatedUser) SignLog(log AccessLog) (SingedLog, error)
- type FetchUser
- type RemoteUser
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
func Decrypt(jwe string, receiver AuthenticatedUser, fetchUser FetchUser) (SingedLog, error)
Decrypt takes a given JWE token and decrypts it by means of the Inverse Transparency E2EE. It tries to decrypt the given token with the key material provided by the passed receiving user. This function returns a SignedAccessLog if all verification steps are successful.
func Encrypt ¶
func Encrypt(jwsSignedLog SingedLog, sender AuthenticatedUser, receivers []RemoteUser) (string, error)
Encrypt encrypts a given SingedLog for the specified set of receivers in the name of the passed sender. This function might be used either by a monitor (which initially encrypts the log for the owner) or by the owner (which wants to share the AccessLog with others). The provided SingedLog is assumed to be signed by a monitor.
Types ¶
type AuthenticatedUser ¶
type AuthenticatedUser struct { RemoteUser DecryptionKey *ecdsa.PrivateKey SigningKey *ecdsa.PrivateKey }
AuthenticatedUser represents an authenticated user, which has access to all private and public keys. Thus, this user has all capabilities of a RemoteUser because it contains a remote user a nested object. This user is additionally able to: - sign data using its signingKey - decrypt data using its decryptionKey
func GenerateAuthenticatedUser ¶
func GenerateAuthenticatedUser() (AuthenticatedUser, error)
GenerateAuthenticatedUser generates a random AuthenticatedUser. It is used during testing.
func GenerateAuthenticatedUserById ¶ added in v1.0.2
func GenerateAuthenticatedUserById(id string) (AuthenticatedUser, error)
GenerateAuthenticatedUserById generates a random AuthenticatedUser with the given identity. It is used during testing.
func ImportAuthenticatedUser ¶
func ImportAuthenticatedUser(id string, encryptionCertificate string, VerificationCertificate string, decryptionKey string, signingKey string) (AuthenticatedUser, error)
ImportAuthenticatedUser imports a user based on its certificates and keys. The returned user can be used to sign and encrypt logs.
func (AuthenticatedUser) DecryptLog ¶ added in v1.0.2
func (user AuthenticatedUser) DecryptLog(jwe string, fn FetchUser) (SingedLog, error)
DecryptLog decrypts a given JWE token.
func (AuthenticatedUser) EncryptLog ¶ added in v1.0.2
func (user AuthenticatedUser) EncryptLog(log SingedLog, receivers []RemoteUser) (string, error)
EncryptLog encrypts a SignedAccessLog for the given set of receivers.
func (AuthenticatedUser) SignData ¶
func (user AuthenticatedUser) SignData(data []byte) (string, error)
SignData cryptographically signs the provided data.
func (AuthenticatedUser) SignLog ¶ added in v1.0.2
func (user AuthenticatedUser) SignLog(log AccessLog) (SingedLog, error)
SignLog cryptographically signs a raw AccessLog object.
type FetchUser ¶
type FetchUser func(string) RemoteUser
type RemoteUser ¶
type RemoteUser struct { Id string EncryptionCertificate *ecdsa.PublicKey VerificationCertificate *ecdsa.PublicKey IsMonitor bool }
RemoteUser represents a remote User, which has access to the certificates of the user. The certificates can be used to: - encrypt data for this user (encryptionCertificate) - verify data which was signed by this user (verificationCertificate)
**NOTE**: Do not instantiate this interface by yourself since the provided certificate need to be validated against a trusted CA. Use the *User.importRemoteUser()* function instead.
func GenerateRemoteUser ¶
func GenerateRemoteUser() (RemoteUser, error)
GenerateRemoteUser generates a random RemoteUser. It is used during testing.
func ImportRemoteUser ¶
func ImportRemoteUser(id string, encryptionCertificate string, VerificationCertificate string, isMonitor bool, trustedCertificate string) (RemoteUser, error)
ImportRemoteUser imports a user based on its public certificates. This function also verifies if the provided certificates are singed by the trusted certificate authority.