CovenantSQL: Index | Files

package kms

import ""

Package kms implements Key Management System According the best practices from "sections 3.5 and 3.6 of the PCI DSS standard" and "ANSI X9.17 - Financial Institution Key Management". we store a Elliptic Curve Master Key as the "Key Encrypting Key". The KEK is used to encrypt/decrypt and sign the PrivateKey which will be use with ECDH to generate Data Encrypting Key.


Package Files

anonymous.go doc.go localkeystore.go privatekeystore.go pubkeystore.go


var (
    // AnonymousNodeID is the anonymous node id
    AnonymousNodeID = proto.NodeID(strings.Repeat("f", 64))
    // AnonymousRawNodeID is the anonymous node id
    AnonymousRawNodeID = AnonymousNodeID.ToRawNodeID()
var (
    // ErrNotKeyFile indicates specified key file is empty
    ErrNotKeyFile = errors.New("private key file empty")
    // ErrHashNotMatch indicates specified key hash is wrong
    ErrHashNotMatch = errors.New("private key hash not match")
    // ErrInvalidBase58Version indicates specified key is not base58 version
    ErrInvalidBase58Version = errors.New("invalid base58 version")
    // PrivateKeyStoreVersion defines the private key version byte.
    PrivateKeyStoreVersion byte = 0x23
var (
    // ErrPKSNotInitialized indicates public keystore not initialized
    ErrPKSNotInitialized = errors.New("public keystore not initialized")
    // ErrNilNode indicates input node is nil
    ErrNilNode = errors.New("nil node")
    // ErrKeyNotFound indicates key not found
    ErrKeyNotFound = errors.New("key not found")
    // ErrNodeIDKeyNonceNotMatch indicates node id, key, nonce not match
    ErrNodeIDKeyNonceNotMatch = errors.New("nodeID, key, nonce not match")
var (

    // BP hold the initial BP info
    BP *conf.BPInfo
var (
    // ErrNilField indicates field is nil
    ErrNilField = errors.New("local field is nil")
var (

    // Unittest is a test flag
    Unittest bool

func ClosePublicKeyStore Uses

func ClosePublicKeyStore()

ClosePublicKeyStore closes the public key store.

func DecodePrivateKey Uses

func DecodePrivateKey(keyBytes []byte, masterKey []byte) (key *asymmetric.PrivateKey, err error)

DecodePrivateKey loads private key from private key bytes form.

func DelNode Uses

func DelNode(id proto.NodeID) (err error)

DelNode removes PublicKey to the id.

func EncodePrivateKey Uses

func EncodePrivateKey(key *asymmetric.PrivateKey, masterKey []byte) (keyBytes []byte, err error)

EncodePrivateKey encode private to key to string format.

func GetAllNodeID Uses

func GetAllNodeID() (nodeIDs []proto.NodeID, err error)

GetAllNodeID get all node ids exist in store.

func GetLocalNodeID Uses

func GetLocalNodeID() (rawNodeID proto.NodeID, err error)

GetLocalNodeID gets current node ID in hash string format.

func GetLocalNodeIDBytes Uses

func GetLocalNodeIDBytes() (rawNodeID []byte, err error)

GetLocalNodeIDBytes get current node ID copy in []byte.

func GetLocalNonce Uses

func GetLocalNonce() (nonce *mine.Uint256, err error)

GetLocalNonce gets current node nonce copy.

func GetLocalPrivateKey Uses

func GetLocalPrivateKey() (private *asymmetric.PrivateKey, err error)

GetLocalPrivateKey gets local private key, if not set yet returns nil

all call to this func will be logged.

func GetLocalPublicKey Uses

func GetLocalPublicKey() (public *asymmetric.PublicKey, err error)

GetLocalPublicKey gets local public key, if not set yet returns nil.

func GetNodeInfo Uses

func GetNodeInfo(id proto.NodeID) (nodeInfo *proto.Node, err error)

GetNodeInfo gets node info of given id Returns an error if the id was not found.

func GetPublicKey Uses

func GetPublicKey(id proto.NodeID) (publicKey *asymmetric.PublicKey, err error)

GetPublicKey gets a PublicKey of given id Returns an error if the id was not found.

func InitBP Uses

func InitBP()

InitBP initializes kms.BP struct with conf.GConf.

func InitLocalKeyPair Uses

func InitLocalKeyPair(privateKeyPath string, masterKey []byte) (err error)

InitLocalKeyPair initializes local private key.

func InitPublicKeyStore Uses

func InitPublicKeyStore(dbPath string, initNodes []proto.Node) (err error)

InitPublicKeyStore opens a db file, if not exist, creates it. and creates a bucket if not exist.

func IsIDPubNonceValid Uses

func IsIDPubNonceValid(id *proto.RawNodeID, nonce *mine.Uint256, key *asymmetric.PublicKey) bool

IsIDPubNonceValid returns if `id == HashBlock(key, nonce)`.

func LoadPrivateKey Uses

func LoadPrivateKey(keyFilePath string, masterKey []byte) (key *asymmetric.PrivateKey, err error)

LoadPrivateKey loads private key from keyFilePath, and verifies the hash head.

func ResetBucket Uses

func ResetBucket() error

ResetBucket this bucket.

func ResetLocalKeyStore Uses

func ResetLocalKeyStore()


func SavePrivateKey Uses

func SavePrivateKey(keyFilePath string, key *asymmetric.PrivateKey, masterKey []byte) (err error)

SavePrivateKey saves private key with its hash on the head to keyFilePath, default perm is 0600.

func SetLocalKeyPair Uses

func SetLocalKeyPair(private *asymmetric.PrivateKey, public *asymmetric.PublicKey)

SetLocalKeyPair sets private and public key, this is a one time thing.

func SetLocalNodeIDNonce Uses

func SetLocalNodeIDNonce(rawNodeID []byte, nonce *mine.Uint256)

SetLocalNodeIDNonce sets private and public key, this is a one time thing.

func SetNode Uses

func SetNode(nodeInfo *proto.Node) (err error)

SetNode verifies nonce and sets {proto.Node.ID: proto.Node}.

func SetPublicKey Uses

func SetPublicKey(id proto.NodeID, nonce mine.Uint256, publicKey *asymmetric.PublicKey) (err error)

SetPublicKey verifies nonce and set Public Key.

type LocalKeyStore Uses

type LocalKeyStore struct {
    // contains filtered or unexported fields

LocalKeyStore is the type hold local private & public key.

type PublicKeyStore Uses

type PublicKeyStore struct {
    // contains filtered or unexported fields

PublicKeyStore holds db and bucket name.

Package kms imports 21 packages (graph) and is imported by 22 packages. Updated 2019-06-19. Refresh now. Tools for package owners.