user

package

v1.0.4 Latest Latest Go to latest Published: Dec 14, 2022 License: GPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/haggj/go-it-crypto

Links

Open Source Insights

Documentation ¶

Index ¶

func Decrypt(jwe string, receiver AuthenticatedUser, fetchUser FetchUser) (SingedLog, error)
func Encrypt(jwsSignedLog SingedLog, sender AuthenticatedUser, receivers []RemoteUser) (string, error)
type AuthenticatedUser
type FetchUser
type RemoteUser
- func GenerateRemoteUser() (RemoteUser, error)
- func ImportRemoteUser(id string, encryptionCertificate string, VerificationCertificate string, ...) (RemoteUser, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(jwe string, receiver AuthenticatedUser, fetchUser FetchUser) (SingedLog, error)

Decrypt takes a given JWE token and decrypts it by means of the Inverse Transparency E2EE. It tries to decrypt the given token with the key material provided by the passed receiving user. This function returns a SignedAccessLog if all verification steps are successful.

func Encrypt ¶

func Encrypt(jwsSignedLog SingedLog, sender AuthenticatedUser, receivers []RemoteUser) (string, error)

Encrypt encrypts a given SingedLog for the specified set of receivers in the name of the passed sender. This function might be used either by a monitor (which initially encrypts the log for the owner) or by the owner (which wants to share the AccessLog with others). The provided SingedLog is assumed to be signed by a monitor.

Types ¶

type AuthenticatedUser ¶

type AuthenticatedUser struct {
	RemoteUser
	DecryptionKey *ecdsa.PrivateKey
	SigningKey    *ecdsa.PrivateKey
}

AuthenticatedUser represents an authenticated user, which has access to all private and public keys. Thus, this user has all capabilities of a RemoteUser because it contains a remote user a nested object. This user is additionally able to: - sign data using its signingKey - decrypt data using its decryptionKey

func GenerateAuthenticatedUser ¶

func GenerateAuthenticatedUser() (AuthenticatedUser, error)

GenerateAuthenticatedUser generates a random AuthenticatedUser. It is used during testing.

func GenerateAuthenticatedUserById ¶ added in v1.0.2

func GenerateAuthenticatedUserById(id string) (AuthenticatedUser, error)

GenerateAuthenticatedUserById generates a random AuthenticatedUser with the given identity. It is used during testing.

func ImportAuthenticatedUser ¶

func ImportAuthenticatedUser(id string, encryptionCertificate string, VerificationCertificate string, decryptionKey string, signingKey string) (AuthenticatedUser, error)

ImportAuthenticatedUser imports a user based on its certificates and keys. The returned user can be used to sign and encrypt logs.

func (AuthenticatedUser) DecryptLog ¶ added in v1.0.2

func (user AuthenticatedUser) DecryptLog(jwe string, fn FetchUser) (SingedLog, error)

DecryptLog decrypts a given JWE token.

func (AuthenticatedUser) EncryptLog ¶ added in v1.0.2

func (user AuthenticatedUser) EncryptLog(log SingedLog, receivers []RemoteUser) (string, error)

EncryptLog encrypts a SignedAccessLog for the given set of receivers.

func (AuthenticatedUser) SignData ¶

func (user AuthenticatedUser) SignData(data []byte) (string, error)

SignData cryptographically signs the provided data.

func (AuthenticatedUser) SignLog ¶ added in v1.0.2

func (user AuthenticatedUser) SignLog(log AccessLog) (SingedLog, error)

SignLog cryptographically signs a raw AccessLog object.

type FetchUser ¶

type FetchUser func(string) RemoteUser

type RemoteUser ¶

type RemoteUser struct {
	Id                      string
	EncryptionCertificate   *ecdsa.PublicKey
	VerificationCertificate *ecdsa.PublicKey
	IsMonitor               bool
}

RemoteUser represents a remote User, which has access to the certificates of the user. The certificates can be used to: - encrypt data for this user (encryptionCertificate) - verify data which was signed by this user (verificationCertificate)

**NOTE**: Do not instantiate this interface by yourself since the provided certificate need to be validated against a trusted CA. Use the *User.importRemoteUser()* function instead.

func GenerateRemoteUser ¶

func GenerateRemoteUser() (RemoteUser, error)

GenerateRemoteUser generates a random RemoteUser. It is used during testing.

func ImportRemoteUser ¶

func ImportRemoteUser(id string, encryptionCertificate string, VerificationCertificate string, isMonitor bool, trustedCertificate string) (RemoteUser, error)

ImportRemoteUser imports a user based on its public certificates. This function also verifies if the provided certificates are singed by the trusted certificate authority.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL