keyup

package module
v0.4.20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2019 License: MIT Imports: 48 Imported by: 9

README

keyup

GoDoc

Keyup is a go package for cryptographic key management, signing and encryption. It supports the Saltpack format.

☢ This project is in development and has not been audited or reviewed. Use at your own risk. ☢

Documentation

Visit docs.keyup.app.

Repositories
github.com/keyup-app/keyup This package, including keyup/saltpack and keyup/keyring.
github.com/keyup-app/keyups Keyup extensions, command line, service (gRPC), DB, Firestore, REST API, etc.
github.com/keyup-app/keyup-app Keyup apps (in development).

Documentation

Index

Examples

Constants

View Source 
const (
	// SecretKeyType is a nacl.secretbox compabile secret key.
	SecretKeyType string = "secret-key"
	// SignKeyType is a nacl.sign compatible sign key.
	SignKeyType string = "sign-key"
	// SignPublicKeyType is the public key part of sign key (pair).
	SignPublicKeyType string = "sign-public-key"
	// BoxKeyType is the nacl.box compatible public/private key.
	BoxKeyType string = "box-key"
	// BoxPublicKeyType is the public key part of a nacl.box compatible key.
	BoxPublicKeyType string = "box-public-key"
	// CertificateKeyType is the private key for a certificate.
	CertificateKeyType string = "cert-key"
	// CertificatePublicKeyType is the public PEM encoded certificate.
	CertificatePublicKeyType string = "cert-public-key"
	// PassphraseType is a string passphrase on any length.
	PassphraseType string = "passphrase"
	// KeyType is the type for a Key.
	KeyType string = "key"
	// PublicKeyType is the type for a PublicKey.
	PublicKeyType string = "public-key"
	// SigchainType is a the type for a Sigchain.
	SigchainType string = "sigchain"
)
View Source 
const BoxPrivateKeySize = 32

BoxPrivateKeySize is the size for private key bytes

View Source 
const BoxPublicKeySigchainType = "bpk"

BoxPublicKeySigchainType is a type for sigchain statement.

View Source 
const BoxPublicKeySize = 32

BoxPublicKeySize is the size for public key bytes

View Source 
const (
	// RFC3339Milli is RFC3339 with millisecond precision
	RFC3339Milli = "2006-01-02T15:04:05.000Z07:00"
)
View Source 
const RevokeLabel = "revoke"

RevokeLabel is label for revoking an earlier statement

View Source 
const SecretKeySize = 32

SecretKeySize is the size of nacl.secretbox key bytes

View Source 
const SeedSize = 32

SeedSize is the size of the SignKey seed bytes.

View Source 
const SignKeySize = 64

SignKeySize is the size of the SignKey private key bytes.

View Source 
const SignPublicKeySize = 32

SignPublicKeySize is the size of the SignKey public key bytes.

Variables

View Source 
var ErrNoKeyring = errors.New("no keyring set")

ErrNoKeyring if no keyring is set.

View Source 
var ErrUserAlreadySet = errors.New("user set in sigchain already")

ErrUserAlreadySet is user already set in sigchain.

Functions

func BoxOpen 

func BoxOpen(encrypted []byte, sender BoxPublicKey, recipient *BoxKey) ([]byte, error)

BoxOpen decrypts a message from a sender.

func BoxSeal 

func BoxSeal(b []byte, recipient BoxPublicKey, sender *BoxKey) []byte

BoxSeal encrypts a message to a recipient.

Example 
aliceBK := GenerateKey().BoxKey()
bobBK := GenerateKey().BoxKey()

msg := "Hey bob, it's alice. The passcode is 12345."
encrypted := BoxSeal([]byte(msg), bobBK.PublicKey, aliceBK)

out, err := BoxOpen(encrypted, aliceBK.PublicKey, bobBK)
if err != nil {
	log.Fatal(err)
}

fmt.Printf("%s\n", string(out))

Output:

Hey bob, it's alice. The passcode is 12345.

func Bytes16 

func Bytes16(b []byte) *[16]byte

Bytes16 converts byte slice to [16]byte.

func Bytes24 

func Bytes24(b []byte) *[24]byte

Bytes24 converts byte slice to [24]byte.

func Bytes32 

func Bytes32(b []byte) *[32]byte

Bytes32 converts byte slice to [32]byte.

func BytesToPhrase 

func BytesToPhrase(b []byte) (string, error)

BytesToPhrase returns a phrase for bytes

func Decode 

func Decode(s string, encoding Encoding) ([]byte, error)

Decode decodes string to bytes using encoding

func Encode 

func Encode(b []byte, encoding Encoding) (string, error)

Encode encodes bytes to an Encoding.

func EncodeSignPublicKey 

func EncodeSignPublicKey(spk SignPublicKey) string

EncodeSignPublicKey encodes SignPublicKey as a string.

func FirstPathComponent added in v0.4.20 

func FirstPathComponent(path string) string

FirstPathComponent returns first path component.

func HMACSHA256 

func HMACSHA256(key []byte, msg []byte) []byte

HMACSHA256 does a HMAC-SHA256 on msg with key.

func IDsToString 

func IDsToString(ids []ID, delim string) string

IDsToString returns string for joined Ikeys.

func IDsToStrings 

func IDsToStrings(ids []ID) []string

IDsToStrings returns []strings for []ID.

func IsASCII 

func IsASCII(b []byte) bool

IsASCII returns true if bytes are ASCII.

func IsTemporaryError 

func IsTemporaryError(err error) bool

IsTemporaryError returns true if the error has Temporary() function and that returns true

func IsValidID 

func IsValidID(s string) bool

IsValidID returns true if string is a valid ID

func IsValidPhrase 

func IsValidPhrase(phrase string, sanitize bool) bool

IsValidPhrase checks is phrase is valid

func LastPathComponent 

func LastPathComponent(path string) string

LastPathComponent returns last path component.

func Marshal 

func Marshal(es []MarshalValue) []byte

Marshal map entries.

func MustEncode added in v0.4.3 

func MustEncode(b []byte, encoding Encoding) string

MustEncode returns encoding or panics on error.

func NewBoxKeyItem 

func NewBoxKeyItem(boxKey *BoxKey) *keyring.Item

NewBoxKeyItem creates keyring item for BoxKey.

func NewBoxPublicKeyItem 

func NewBoxPublicKeyItem(publicKey BoxPublicKey) *keyring.Item

NewBoxPublicKeyItem creates keyring item for BoxPublicKey.

func NewCertificateKeyItem 

func NewCertificateKeyItem(id string, privateKey string, publicKey string) *keyring.Item

NewCertificateKeyItem creates an Item for a certificate private key. The publicKey is a PEM encoded X.509v3 certificate. The privateKey is a PEM encoded EC private key ASN.1, DER format.

func NewErrNotFound 

func NewErrNotFound(id ID, typ string) error

NewErrNotFound constructs a ErrNotFound.

func NewKeyItem 

func NewKeyItem(key Key) *keyring.Item

NewKeyItem creates keyring item for Key.

func NewPassphraseItem 

func NewPassphraseItem(id string, passphrase string) *keyring.Item

NewPassphraseItem creates keyring item for a passphrase.

func NewSecretKeyItem 

func NewSecretKeyItem(kid ID, secretKey SecretKey) *keyring.Item

NewSecretKeyItem creates keyring item for SecretKey.

func NewSignKeyItem 

func NewSignKeyItem(signKey *SignKey) *keyring.Item

NewSignKeyItem creates keyring item for SignKey.

func NewSignPublicKeyItem 

func NewSignPublicKeyItem(publicKey SignPublicKey) *keyring.Item

NewSignPublicKeyItem creates keyring item for SignPublicKey.

func Path 

func Path(paths ...interface{}) string

Path returns a path string from the specified paths or path components. The components can be strings, values with a String() function.

For example, 

Path("a", "b") => "/a/b"
Path("") => "/"
Path("/a/") => "/a"
Path("/a//b") => "/a/b"

func PathComponents 

func PathComponents(path string) []string

PathComponents returns the components of a path.

func PhraseToBytes 

func PhraseToBytes(phrase string, sanitize bool) (*[32]byte, error)

PhraseToBytes decodes a bip39 mnemonic into bytes

func Rand16 

func Rand16() *[16]byte

Rand16 generates random 16 bytes

func Rand24 

func Rand24() *[24]byte

Rand24 generates random 24 bytes

func Rand32 

func Rand32() *[32]byte

Rand32 generates random 32 bytes

func Rand32P4 

func Rand32P4(n uint32) *[32]byte

Rand32P4 is random 32 bytes with 4 byte prefix

func RandBytes 

func RandBytes(length int) []byte

RandBytes returns random bytes of length.

func RandKey 

func RandKey() *[SecretKeySize]byte

RandKey generates a random secret key.

func RandPassphrase 

func RandPassphrase(length int) string

RandPassphrase returns random bytes base62 encoded of length. This will panic, if length < 12.

func RandPhrase 

func RandPhrase() string

RandPhrase creates random phrase (bip39 encoded random 32 bytes).

func RandString 

func RandString(n int) string

RandString generates a random string

func RandTempPath 

func RandTempPath(ext string) string

RandTempPath returns a unique random path

func RandUsername 

func RandUsername(length int) string

RandUsername returns random lowercase string of length

func RandWords 

func RandWords(numWords int) string

RandWords returns random wor Returns max of 24 words, even if numWords specifies more.

func RetryE 

func RetryE(fn func() error) error

RetryE will retry the fn (error) if the error is temporary (such as a temporary net.Error)

func RetrySE 

func RetrySE(fn func() (string, error)) (string, error)

RetrySE will retry the fn (string, error) if the error is temporary (such as a temporary net.Error)

func SHA256 

func SHA256(b []byte) []byte

SHA256 for bytes.

func SecretBoxOpen 

func SecretBoxOpen(encrypted []byte, secretKey SecretKey) ([]byte, error)

SecretBoxOpen decrypt using SecretKey.

func SecretBoxSeal 

func SecretBoxSeal(b []byte, secretKey SecretKey) []byte

SecretBoxSeal encrypt using SecretKey.

func SeedPhrase 

func SeedPhrase(key Key) string

SeedPhrase returns a BIP39 mnemonic representation of the seed.

func SetLogger 

func SetLogger(l Logger)

SetLogger sets logger for the package.

func SigchainHash 

func SigchainHash(st *Statement) (*[32]byte, error)

SigchainHash returns hash for Sigchain Statement.

func Sign 

func Sign(b []byte, sk *SignKey) []byte

Sign bytes.

Example 
aliceSK := GenerateKey().SignKey()
msg := "I'm alice 🤓"
sig := Sign([]byte(msg), aliceSK)
out, err := Verify(sig, aliceSK.PublicKey)
if err != nil {
	log.Fatal(err)
}
fmt.Printf("%s\n", string(out))

Output:

I'm alice 🤓

func SignDetached 

func SignDetached(b []byte, sk *SignKey) []byte

SignDetached sign bytes detached.

func Spew 

func Spew(iter DocumentIterator, opts *SpewOpts) (*bytes.Buffer, error)

Spew writes DocumentIterator to buffer.

func SpewOut 

func SpewOut(iter DocumentIterator, opts *SpewOpts, out io.Writer) error

SpewOut writes DocumentIterator to io.Writer. You need to specify a path or prefix, since listing root is not supported.

func StatementKeyPath added in v0.4.7 

func StatementKeyPath(kid ID, seq int) string

StatementKeyPath returns path for Statement kid,seq in a key/value store. If seq is <= 0, then there is no key path. Path looks like "/sigchain/PbS3oWv4b6mmCwsAQ9dguCA4gU4MwfTStUQVj8hGrtah-000000000000001".

func TimeFromMillis 

func TimeFromMillis(m TimeMs) time.Time

TimeFromMillis returns time.Time from milliseconds since epoch.

func TypeDescription 

func TypeDescription(typ string) string

TypeDescription is the description for a type string.

func UserCheckWithKey added in v0.4.18 

func UserCheckWithKey(ctx context.Context, usr *User, spk SignPublicKey, req Requestor) error

UserCheckWithKey verified the user statement URL.

func ValidateUserStatement added in v0.4.18 

func ValidateUserStatement(st *Statement) error

ValidateUserStatement returns error if statement is not a valid user statement.

func Verify 

func Verify(b []byte, spk SignPublicKey) ([]byte, error)

Verify verifies a message and signature with public key.

func VerifyDetached 

func VerifyDetached(sig []byte, b []byte, spk SignPublicKey) error

VerifyDetached verifies a detached message.

Types

type Address 

type Address struct {
	// contains filtered or unexported fields
}

Address is a list of recipient Ikeys.

func NewAddress 

func NewAddress(recipients ...ID) (*Address, error)

NewAddress returns address from recipient ids.

func ParseAddress 

func ParseAddress(saddrs ...string) (*Address, error)

ParseAddress returns address from a string.

func (*Address) Contains 

func (a *Address) Contains(id ID) bool

Contains returns true if address contains the specified id.

func (*Address) RecipientStrings 

func (a *Address) RecipientStrings() []string

RecipientStrings returns recipient IDs as strings.

func (Address) Recipients 

func (a Address) Recipients() []ID

Recipients returns Ikeys.

func (*Address) String 

func (a *Address) String() string

String returns a canonical string representation of an address. The first address part is less than the second part. 

NewAddress("bob", "alice").String() => "alice:bob"

type BoxKey 

type BoxKey struct {
	PublicKey BoxPublicKey

	ID
	// contains filtered or unexported fields
}

BoxKey is a nacl.box compatible public/private key

func AsBoxKey 

func AsBoxKey(item *keyring.Item) (*BoxKey, error)

AsBoxKey returns BoxKey for keyring Item.

func GenerateBoxKey 

func GenerateBoxKey() *BoxKey

GenerateBoxKey creates a new BoxKey

func NewBoxKeyFromPrivateKey 

func NewBoxKeyFromPrivateKey(privateKey *[32]byte) *BoxKey

NewBoxKeyFromPrivateKey creates a BoxKey from private key bytes.

func (*BoxKey) Open 

func (k *BoxKey) Open(b []byte, nonce *[24]byte, sender BoxPublicKey) ([]byte, bool)

Open decrypts message with nacl.box Open.

func (BoxKey) PrivateKey 

func (k BoxKey) PrivateKey() BoxPrivateKey

PrivateKey returns private key part of this BoxKey

func (*BoxKey) Seal 

func (k *BoxKey) Seal(b []byte, nonce *[24]byte, recipient BoxPublicKey) []byte

Seal encrypts message with nacl.box Seal.

type BoxPrivateKey 

type BoxPrivateKey *[BoxPrivateKeySize]byte

BoxPrivateKey is the private key part of a nacl.box compatible key

type BoxPublicKey 

type BoxPublicKey *[BoxPublicKeySize]byte

BoxPublicKey is the public key part of a nacl.box compatible key

func DecodeBoxPublicKey 

func DecodeBoxPublicKey(s string) (BoxPublicKey, error)

DecodeBoxPublicKey returns BoxPublicKey from a string.

type CertificateKey 

type CertificateKey struct {
	// contains filtered or unexported fields
}

CertificateKey with is a PEM encoded X.509v3 certificate (public key) and a PEM encoded EC private key.

func AsCertificateKey 

func AsCertificateKey(item *keyring.Item) (*CertificateKey, error)

AsCertificateKey returns CertificateKey for keyring Item.

func GenerateCertificateKey 

func GenerateCertificateKey(commonName string, isCA bool, parent *x509.Certificate) (*CertificateKey, error)

GenerateCertificateKey creates a certificate key.

func NewCertificateKey 

func NewCertificateKey(private string, public string) (*CertificateKey, error)

NewCertificateKey from PEM encoded X.509v3 certificate data and PEM encoded EC private key ASN.1, DER format

func (CertificateKey) Private 

func (c CertificateKey) Private() string

Private returns a PEM encoded EC private key ASN.1, DER format.

func (CertificateKey) Public 

func (c CertificateKey) Public() string

Public returns a PEM encoded X.509v3 certificate.

func (CertificateKey) TLSCertificate 

func (c CertificateKey) TLSCertificate() tls.Certificate

TLSCertificate returns a tls.Certificate.

func (CertificateKey) X509Certificate 

func (c CertificateKey) X509Certificate() (*x509.Certificate, error)

X509Certificate returns a x509.Certificate.

type Change added in v0.4.12 

type Change struct {
	Path      string    `json:"path" firestore:"path"`
	Timestamp time.Time `json:"ts" firestore:"ts"`
}

Change is used to track changes at a path. If this format changes, you should also change in firestore and other backends that don't directly use this struct on set.

type Changes added in v0.4.12 

type Changes interface {
	ChangeAdd(ctx context.Context, name string, ref string) error
	Change(ctx context.Context, name string, ref string) (*Change, error)
	Changes(ctx context.Context, name string, from time.Time, limit int) ([]*Change, time.Time, error)
}

Changes describes changes to a path.

type Collection added in v0.4.20 

type Collection struct {
	// Path to Document's.
	Path string
}

Collection is a location for Document's.

type CollectionIterator added in v0.4.20 

type CollectionIterator interface {
	// Next collection, or nil.
	Next() (*Collection, error)
	// Release resources associated with the iterator.
	Release()
}

CollectionIterator is an iterator for Collection's.

func NewCollectionIterator added in v0.4.20 

func NewCollectionIterator(cols []*Collection) CollectionIterator

NewCollectionIterator returns an iterator for a Collection slice.

type ContextLogger added in v0.4.20 

type ContextLogger interface {
	Debugf(ctx context.Context, format string, args ...interface{})
	Infof(ctx context.Context, format string, args ...interface{})
	Warningf(ctx context.Context, format string, args ...interface{})
	Errorf(ctx context.Context, format string, args ...interface{})
}

ContextLogger interface used in this package with request context.

func NewContextLogger added in v0.4.20 

func NewContextLogger(lev LogLevel) ContextLogger

NewContextLogger ...

type CryptoProvider 

type CryptoProvider interface {
	SignProvider
	SealProvider
}

CryptoProvider defines a provider for signing and encyption.

type CryptoStore added in v0.4.20 

type CryptoStore struct {
	DocumentStore
	// contains filtered or unexported fields
}

CryptoStore is a DocumentStore with a CryptoProvider.

func NewCryptoStore added in v0.4.20 

func NewCryptoStore(ds DocumentStore, crypto CryptoProvider) *CryptoStore

NewCryptoStore creates a CryptoStore.

func (*CryptoStore) Now added in v0.4.20 

func (d *CryptoStore) Now() time.Time

Now returns current time.

func (*CryptoStore) Open added in v0.4.20 

func (d *CryptoStore) Open(ctx context.Context, path string) (*Opened, error)

Open ...

func (*CryptoStore) Seal added in v0.4.20 

func (d *CryptoStore) Seal(ctx context.Context, path string, b []byte, sender Key, recipients ...PublicKey) ([]byte, error)

Seal ...

func (*CryptoStore) SetTimeNow added in v0.4.20 

func (d *CryptoStore) SetTimeNow(nowFn func() time.Time)

SetTimeNow to use a custom time.Now.

func (*CryptoStore) Sign added in v0.4.20 

func (d *CryptoStore) Sign(ctx context.Context, path string, b []byte, key *SignKey) ([]byte, error)

Sign ...

func (*CryptoStore) Verify added in v0.4.20 

func (d *CryptoStore) Verify(ctx context.Context, path string) (*Verified, error)

Verify ...

type CryptoStreamProvider 

type CryptoStreamProvider interface {
	SignStreamProvider
	SealStreamProvider
}

CryptoStreamProvider defines a streaming provider for signing and encryption.

type Document added in v0.4.19 

type Document struct {
	// Path of document.
	Path string
	// Data ...
	Data []byte

	// CreatedAt (read only). The time at which the document was created.
	CreatedAt time.Time
	// UpdatedAt (read only). The time at which the document was last changed.
	UpdatedAt time.Time
}

Document is a data at a path with metadata.

func NewDocument added in v0.4.19 

func NewDocument(path string, data []byte) *Document

NewDocument creates a datastore document.

func (*Document) Contains added in v0.4.19 

func (d *Document) Contains(contains string) bool

Contains returns true if path or value contains the string.

func (*Document) Pretty added in v0.4.19 

func (d *Document) Pretty() []byte

Pretty returns "prettified" output, if data is a format that supports it.

func (Document) String added in v0.4.20 

func (d Document) String() string

type DocumentIterator added in v0.4.19 

type DocumentIterator interface {
	// Next document, or nil.
	Next() (*Document, error)
	// Release resources associated with the iterator.
	Release()
}

DocumentIterator is an iterator for Document's.

func NewDocumentIterator added in v0.4.19 

func NewDocumentIterator(docs []*Document) DocumentIterator

NewDocumentIterator returns an iterator for a Document slice.

type DocumentStore added in v0.4.20 

type DocumentStore interface {
	// Create data at path.
	// ErrPathExists if path already exists.
	Create(ctx context.Context, path string, b []byte) error

	// Create or set data at path.
	Set(ctx context.Context, path string, b []byte) error

	// Get path.
	// If not found, returns nil.
	Get(ctx context.Context, path string) (*Document, error)

	// GetAll at paths.
	GetAll(ctx context.Context, paths []string) ([]*Document, error)

	// Exists, if exists at path.
	Exists(ctx context.Context, path string) (bool, error)

	// Delete at path.
	Delete(ctx context.Context, path string) (bool, error)

	// Documents for Document's.
	Documents(ctx context.Context, parent string, opts *DocumentsOpts) (DocumentIterator, error)

	// Collections are parents of Document's.
	Collections(ctx context.Context, parent string) (CollectionIterator, error)
}

DocumentStore is a place for Document's.

type DocumentsOpts added in v0.4.20 

type DocumentsOpts struct {
	// Prefix to filter on.
	Prefix string
	// Index is offset into number of documents.
	Index int
	// Limit is number of documents (max) to return.
	Limit int
	// PathOnly to only include only path in Document (no data).
	PathOnly bool
}

DocumentsOpts are options for iterating documents.

type Encoding 

type Encoding string

Encoding is an encoding for bytes to and from a string 

const (
	// NoEncoding ...
	NoEncoding Encoding = ""
	// Hex (Base16) encoding
	Hex Encoding = "base16"
	// Base32 encoding
	Base32 Encoding = "base32"
	// Base58 encoding
	Base58 Encoding = "base58"
	// Base62 encoding
	Base62 Encoding = "base62"
	// Base64 encoding (with padding)
	Base64 Encoding = "base64"
	// Saltpack encoding
	Saltpack Encoding = "saltpack"
	// BIP39 encoding
	BIP39 Encoding = "bip39"
)

func NewEncoding 

func NewEncoding(s string) Encoding

NewEncoding returns an Encoding from a string

func ParseEncoding 

func ParseEncoding(s string) (Encoding, error)

ParseEncoding returns an Encoding from a string

func ParseEncodingOr 

func ParseEncodingOr(s string, d Encoding) (Encoding, error)

ParseEncodingOr returns an Encoding from a string, or if empty, a default

type ErrHTTP added in v0.4.18 

type ErrHTTP struct {
	StatusCode int
}

ErrHTTP is an HTTP Error

func (ErrHTTP) Error added in v0.4.18 

func (e ErrHTTP) Error() string

type ErrInvalidPhrase added in v0.4.10 

type ErrInvalidPhrase struct {
	// contains filtered or unexported fields
}

ErrInvalidPhrase if phrase is invalid.

func (ErrInvalidPhrase) Cause added in v0.4.10 

func (e ErrInvalidPhrase) Cause() error

Cause for ErrInvalidPhrase

func (ErrInvalidPhrase) Error added in v0.4.10 

func (e ErrInvalidPhrase) Error() string

type ErrNotFound 

type ErrNotFound struct {
	ID   ID
	Type string
}

ErrNotFound describes a key not found error when a key is required.

func (ErrNotFound) Error 

func (e ErrNotFound) Error() string

type ErrPathExists added in v0.4.10 

type ErrPathExists struct {
	Path string
}

ErrPathExists is trying to set value that already exists.

func NewErrPathExists added in v0.4.10 

func NewErrPathExists(path string) ErrPathExists

NewErrPathExists ...

func (ErrPathExists) Error added in v0.4.10 

func (e ErrPathExists) Error() string

type ErrTemporary added in v0.4.18 

type ErrTemporary struct {
	// contains filtered or unexported fields
}

ErrTemporary means there was a temporary error

func NewErrTemporary added in v0.4.18 

func NewErrTemporary(msg string) ErrTemporary

NewErrTemporary creates temporary error

func (ErrTemporary) Error added in v0.4.18 

func (e ErrTemporary) Error() string

func (ErrTemporary) Temporary added in v0.4.18 

func (e ErrTemporary) Temporary() bool

Temporary returns true

type ErrTimeout added in v0.4.18 

type ErrTimeout struct {
	// contains filtered or unexported fields
}

ErrTimeout is a timeout error

type ID 

type ID string

ID is a 32 byte Base58 (19/26-rate) encoded string of 44 characters

func BoxPublicKeyID 

func BoxPublicKeyID(bpk BoxPublicKey) ID

BoxPublicKeyID returns ID for BoxPublicKey.

func MustID 

func MustID(b []byte) ID

MustID returns ID from bytes, or panics if invalid.

func NewID 

func NewID(b []byte) (ID, error)

NewID creates ID from bytes

func ParseID 

func ParseID(s string) (ID, error)

ParseID parses a string and validates an ID.

func ParseIDs 

func ParseIDs(strs []string) ([]ID, error)

ParseIDs returns IDs from strings.

func RandID 

func RandID() ID

RandID returns random ID

func SignPublicKeyID 

func SignPublicKeyID(spk SignPublicKey) ID

SignPublicKeyID returns ID for SignPublicKey.

func (ID) Bytes 

func (i ID) Bytes() []byte

Bytes ...

func (ID) Index 

func (i ID) Index() uint32

Index is first 4 bytes as uint32

func (ID) String 

func (i ID) String() string

func (ID) WithSeq 

func (i ID) WithSeq(seq int) string

WithSeq returns ID with a sequence value appended

type IDSet added in v0.4.10 

type IDSet struct {
	// contains filtered or unexported fields
}

IDSet is a set of strings.

func NewIDSet added in v0.4.10 

func NewIDSet(ids ...ID) *IDSet

NewIDSet creates IDSet.

func NewIDSetWithCapacity added in v0.4.10 

func NewIDSetWithCapacity(capacity int) *IDSet

NewIDSetWithCapacity ..

func (*IDSet) Add added in v0.4.10 

func (s *IDSet) Add(id ID)

Add to set.

func (*IDSet) Clear added in v0.4.10 

func (s *IDSet) Clear()

Clear set.

func (*IDSet) Contains added in v0.4.10 

func (s *IDSet) Contains(id ID) bool

Contains returns true if set contains string.

func (*IDSet) IDs added in v0.4.10 

func (s *IDSet) IDs() []ID

IDs returns IDs in set.

func (*IDSet) Size added in v0.4.11 

func (s *IDSet) Size() int

Size for set.

type Key 

type Key interface {
	// ID for key, which is equal to the Base58 encoded sign public key bytes.
	ID() ID
	// Seed used to generate the sign and box key material.
	Seed() *[32]byte
	// SignKey for signing. The signing key remains fixed.
	SignKey() *SignKey
	// BoxKey for (assymetric encryption).
	BoxKey() *BoxKey
	// SecretKey for (symmetric) encryption.
	SecretKey() SecretKey

	// PublicKey is the public parts of this key.
	PublicKey() PublicKey
}

Key for signing and encryption.

func AsKey 

func AsKey(item *keyring.Item) (Key, error)

AsKey return Key from keyring.Item.

func GenerateKey 

func GenerateKey() Key

GenerateKey generates a new Key.

func NewKey 

func NewKey(seed *[32]byte) (Key, error)

NewKey creates a Key from seed bytes. To create a new Key, see GenerateKey, which calls this with random seed bytes.

The key is derived in the same way as a [Keybase Per-User Key (PUK)](https://keybase.io/docs/teams/puk).

We keep the seed available, for generating a (BIP39) recovery phrase (see SeedPhrase). This phrase can be used to recover a Key.

func NewKeyFromPassword added in v0.4.9 

func NewKeyFromPassword(password string, salt []byte) (Key, error)

NewKeyFromPassword creates a key from a password.

func NewKeyFromSeedPhrase 

func NewKeyFromSeedPhrase(seedPhrase string, sanitize bool) (Key, error)

NewKeyFromSeedPhrase creates Key from bip39 phrase of the seed.

type KeyringFn 

type KeyringFn func() keyring.Keyring

KeyringFn returns a keyring.

type Keystore 

type Keystore struct {
	// contains filtered or unexported fields
}

Keystore can create, update, and search for keys, and include public key stores.

func NewKeystore 

func NewKeystore() *Keystore

NewKeystore constructs a Keystore.

func NewMemKeystore 

func NewMemKeystore() *Keystore

NewMemKeystore returns Keystore backed by an in memory keyring.

func (*Keystore) BoxKey 

func (k *Keystore) BoxKey(kid ID) (*BoxKey, error)

BoxKey returns a box key for an identifier

func (*Keystore) CertificateKey 

func (k *Keystore) CertificateKey(id ID) (*CertificateKey, error)

CertificateKey for identifier.

func (*Keystore) Delete 

func (k *Keystore) Delete(id string) (bool, error)

Delete removes an item from the keystore.

func (*Keystore) GenerateBoxKey 

func (k *Keystore) GenerateBoxKey() (*BoxKey, error)

GenerateBoxKey generates and saves a BoxKey to the Keystore.

func (*Keystore) GenerateKey 

func (k *Keystore) GenerateKey(generateSigchain bool, ts time.Time) (Key, error)

GenerateKey generates and saves key material to the keystore.

func (*Keystore) GenerateSecretKey 

func (k *Keystore) GenerateSecretKey(kid ID) (SecretKey, error)

GenerateSecretKey generates and saves a SecretKey to the Keystore.

func (*Keystore) GenerateSignKey 

func (k *Keystore) GenerateSignKey() (*SignKey, error)

GenerateSignKey generates and saves a SignKey to the Keystore.

func (*Keystore) Get 

func (k *Keystore) Get(id ID) (*keyring.Item, error)

Get returns a keyring Item for an id.

func (*Keystore) Key 

func (k *Keystore) Key(id ID) (Key, error)

Key returns key.

func (*Keystore) Keyring 

func (k *Keystore) Keyring() keyring.Keyring

Keyring ...

func (Keystore) Keys 

func (k Keystore) Keys() ([]Key, error)

Keys returns all keys in the Keystore.

func (*Keystore) List 

func (k *Keystore) List(opts *keyring.ListOpts) ([]*keyring.Item, error)

List returns items in the keyring.

func (Keystore) PublicKey 

func (k Keystore) PublicKey(kid ID) (PublicKey, error)

PublicKey returns a PublicKey (from a Sigchain).

func (*Keystore) SaveBoxKey 

func (k *Keystore) SaveBoxKey(boxKey *BoxKey) error

SaveBoxKey saves a nacl.box BoxKey to the Keystore.

func (*Keystore) SaveCertificateKey 

func (k *Keystore) SaveCertificateKey(id ID, cert *CertificateKey) error

SaveCertificateKey saves a certificate key to the Keystore.

func (*Keystore) SaveKey 

func (k *Keystore) SaveKey(key Key, generateSigchain bool, ts time.Time) error

SaveKey saves key.

func (*Keystore) SavePassphrase 

func (k *Keystore) SavePassphrase(id ID, passphrase string) error

SavePassphrase saves a passphrase to the Keystore.

func (*Keystore) SaveSecretKey 

func (k *Keystore) SaveSecretKey(kid ID, secretKey SecretKey) error

SaveSecretKey saves a secret key to the Keystore.

func (*Keystore) SaveSignKey 

func (k *Keystore) SaveSignKey(signKey *SignKey) error

SaveSignKey saves a nacl.sign SignKey to the Keystore.

func (*Keystore) SecretKey 

func (k *Keystore) SecretKey(kid ID) (SecretKey, error)

SecretKey returns secret key for an identifier

func (*Keystore) Set 

func (k *Keystore) Set(item *keyring.Item) error

Set an item in the keyring.

func (*Keystore) SetKeyring 

func (k *Keystore) SetKeyring(kr keyring.Keyring)

SetKeyring sets the keyring.

func (*Keystore) SetKeyringFn 

func (k *Keystore) SetKeyringFn(keyringFn KeyringFn)

SetKeyringFn sets a keyring provider.

func (*Keystore) SetSigchainStore 

func (k *Keystore) SetSigchainStore(scs SigchainStore)

SetSigchainStore sets the sigchain store.

func (*Keystore) SignKey 

func (k *Keystore) SignKey(kid ID) (*SignKey, error)

SignKey returns sign key for a key identifier.

type LogLevel added in v0.4.20 

type LogLevel int

LogLevel ... 

const (
	// DebugLevel ...
	DebugLevel LogLevel = 3
	// InfoLevel ...
	InfoLevel LogLevel = 2
	// WarnLevel ...
	WarnLevel LogLevel = 1
	// ErrLevel ...
	ErrLevel LogLevel = 0
)

func (LogLevel) String added in v0.4.20 

func (l LogLevel) String() string

type Logger 

type Logger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warningf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
	Fatalf(format string, args ...interface{})
}

Logger interface used in this package.

func NewLogger added in v0.4.20 

func NewLogger(lev LogLevel) Logger

NewLogger ...

type MarshalValue 

type MarshalValue interface {
	Marshal() string
}

MarshalValue to string.

func NewIntEntry 

func NewIntEntry(key string, value int) MarshalValue

NewIntEntry ...

func NewStringEntry 

func NewStringEntry(key string, value string) MarshalValue

NewStringEntry ...

type Mem 

type Mem struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Mem is an in memory DocumentStore implementation.

func NewMem 

func NewMem() *Mem

NewMem creates an in memory DocumentStore implementation.

func (*Mem) Change added in v0.4.12 

func (m *Mem) Change(ctx context.Context, name string, ref string) (*Change, error)

Change ...

func (*Mem) ChangeAdd added in v0.4.12 

func (m *Mem) ChangeAdd(ctx context.Context, name string, ref string) error

ChangeAdd ...

func (*Mem) Changes added in v0.4.12 

func (m *Mem) Changes(ctx context.Context, name string, from time.Time, limit int) ([]*Change, time.Time, error)

Changes ...

func (*Mem) Collections added in v0.4.20 

func (m *Mem) Collections(ctx context.Context, parent string) (CollectionIterator, error)

Collections ...

func (*Mem) Create added in v0.4.19 

func (m *Mem) Create(ctx context.Context, path string, b []byte) error

Create at path. ErrPathExists if entry already exists.

func (*Mem) Delete 

func (m *Mem) Delete(ctx context.Context, path string) (bool, error)

Delete ...

func (*Mem) Documents added in v0.4.20 

func (m *Mem) Documents(ctx context.Context, parent string, opts *DocumentsOpts) (DocumentIterator, error)

Documents ...

func (*Mem) Exists 

func (m *Mem) Exists(ctx context.Context, path string) (bool, error)

Exists returns true if path exists.

func (*Mem) Get 

func (m *Mem) Get(ctx context.Context, path string) (*Document, error)

Get data at path.

func (*Mem) GetAll 

func (m *Mem) GetAll(ctx context.Context, paths []string) ([]*Document, error)

GetAll paths

func (*Mem) Now 

func (m *Mem) Now() time.Time

Now returns current time.

func (*Mem) Set 

func (m *Mem) Set(ctx context.Context, path string, b []byte) error

Set data at path.

func (*Mem) SetTimeNow 

func (m *Mem) SetTimeNow(nowFn func() time.Time)

SetTimeNow to use a custom time.Now.

func (*Mem) StopWatching 

func (m *Mem) StopWatching(path string)

StopWatching ...

func (*Mem) StopWatchingAll 

func (m *Mem) StopWatchingAll()

StopWatchingAll ...

func (*Mem) URI 

func (m *Mem) URI() string

URI ...

func (*Mem) Watch 

func (m *Mem) Watch(path string, ln WatchLn) error

Watch ...

type Opened 

type Opened struct {
	Data     []byte
	Signer   ID
	Document *Document
}

Opened contains decrypted data with the PublicKey used to sign, and the originating DocumentStore Entry.

type PathType 

type PathType string

PathType denotes the type of path. 

const KeyPathType PathType = "key"

KeyPathType is a path with 2 components, meant for a syncable key/value store, like Firebase or leveldb. 

const URLPathType PathType = "url"

URLPathType is a path with more than 2 components for web APIs.

type PublicKey 

type PublicKey interface {
	// ID is the key identifier.
	ID() ID
	// SignPublicKey is the sign public key.
	SignPublicKey() SignPublicKey
	// BoxPublicKey is the (current) encryption public key.
	BoxPublicKey() BoxPublicKey
	// User (statements) signed with this key (optional).
	Users() []*User
}

PublicKey defines a public key parts.

type Requestor added in v0.4.18 

type Requestor interface {
	RequestURL(ctx context.Context, u *url.URL) ([]byte, error)
}

Requestor ...

func NewHTTPRequestor added in v0.4.18 

func NewHTTPRequestor() Requestor

NewHTTPRequestor ...

type SealProvider added in v0.4.13 

type SealProvider interface {
	// Seal encrypts data to recipients (public keys) from a sender (key).
	// For an anonymous sender, you can specify sender as nil.
	Seal(b []byte, sender Key, recipients ...PublicKey) ([]byte, error)
	// Open decrypts data encrypted by Seal.
	Open(b []byte) ([]byte, ID, error)
}

SealProvider defines a provider for encryption.

type SealStreamProvider added in v0.4.13 

type SealStreamProvider interface {
	// NewSealStream returns an io.Writer capable of encrypting data.
	NewSealStream(w io.Writer, sender Key, recipients ...PublicKey) (io.WriteCloser, error)
	// NewOpenStream returns a io.Reader capable of decrypting data.
	NewOpenStream(r io.Reader) (io.Reader, ID, error)
}

SealStreamProvider defines a streaming provider for encryption. 

type Search struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Search index for sigchain information.

func NewSearch added in v0.4.18 

func NewSearch(dst DocumentStore, scs SigchainStore) *Search

NewSearch creates a Search.

func (*Search) Expired added in v0.4.18 

func (s *Search) Expired(ctx context.Context, dt time.Duration) ([]ID, error)

Expired returns KIDs that haven't been checked in a duration.

func (*Search) Get added in v0.4.18 

func (s *Search) Get(ctx context.Context, kid ID) (*SearchResult, error)

Get search result for KID.

func (*Search) Search added in v0.4.18 

func (s *Search) Search(ctx context.Context, req *SearchRequest) ([]*SearchResult, error)

Search for users.

func (*Search) SetNowFn added in v0.4.18 

func (s *Search) SetNowFn(nowFn func() time.Time)

SetNowFn sets time.Now function.

func (*Search) SetRequestor added in v0.4.18 

func (s *Search) SetRequestor(req Requestor)

SetRequestor sets the Requestor implementation. For example, on GCP this would use the urlfetch package.

func (*Search) Update added in v0.4.18 

func (s *Search) Update(ctx context.Context, kid ID) error

Update search index for sigchain KID.

type SearchRequest added in v0.4.18 

type SearchRequest struct {
	Query string
	Index int
	Limit int
	KIDs  bool
}

SearchRequest ...

type SearchResult added in v0.4.18 

type SearchResult struct {
	KID   ID      `json:"kid"`
	Users []*User `json:"users,omitempty"`
}

SearchResult ...

type SecretKey 

type SecretKey *[SecretKeySize]byte

SecretKey is a symmetric key compatible with nacl.secretbox

func AsSecretKey 

func AsSecretKey(item *keyring.Item) (SecretKey, error)

AsSecretKey returns SecretKey for keyring Item.

func GenerateSecretKey 

func GenerateSecretKey() SecretKey

GenerateSecretKey generates a SecretKey.

func NewSecretKey 

func NewSecretKey(b []byte) (SecretKey, error)

NewSecretKey from bytes

type Sigchain 

type Sigchain struct {
	// contains filtered or unexported fields
}

Sigchain is a chain of signed statements by a sign key.

func GenerateSigchain 

func GenerateSigchain(key Key, ts time.Time) *Sigchain

GenerateSigchain ...

func NewSigchain 

func NewSigchain(spk SignPublicKey) *Sigchain

NewSigchain returns a new Sigchain for a SignPublicKey.

Example 
clock := newClock()
alice := GenerateKey()
sc := NewSigchain(alice.PublicKey().SignPublicKey())

// Create root statement
st, err := GenerateStatement(sc, []byte("hi! 🤓"), alice.SignKey(), "", clock.Now())
if err != nil {
	log.Fatal(err)
}
if err := sc.Add(st); err != nil {
	log.Fatal(err)
}

// Add 2nd statement
st2, err := GenerateStatement(sc, []byte("2nd message"), alice.SignKey(), "", clock.Now())
if err != nil {
	log.Fatal(err)
}
if err := sc.Add(st2); err != nil {
	log.Fatal(err)
}

// Revoke 2nd statement
_, err = sc.Revoke(2, alice.SignKey())
if err != nil {
	log.Fatal(err)
}

// spew, err := Spew(sc.EntryIterator(URLPathType), nil)
// if err != nil {
// 	log.Fatal(err)
// }
// fmt.Println(spew.String())

Output:

func NewSigchainForKID 

func NewSigchainForKID(kid ID) (*Sigchain, error)

NewSigchainForKID returns a new Sigchain for a sign public key ID.

func (*Sigchain) Add 

func (s *Sigchain) Add(st *Statement) error

Add signed statement to the Sigchain.

func (*Sigchain) AddAll 

func (s *Sigchain) AddAll(statements []*Statement) error

AddAll pushes signed statements to the Sigchain.

func (*Sigchain) BoxPublicKey 

func (s *Sigchain) BoxPublicKey() BoxPublicKey

BoxPublicKey returns current box public key.

func (*Sigchain) BoxPublicKeys added in v0.4.18 

func (s *Sigchain) BoxPublicKeys() []BoxPublicKey

BoxPublicKeys returns all box public keys (not revoked) in the sigchain.

func (*Sigchain) DocumentIterator added in v0.4.19 

func (s *Sigchain) DocumentIterator(ptyp PathType) DocumentIterator

DocumentIterator returns iterator for statements as Document's.

func (Sigchain) FindAll added in v0.4.7 

func (s Sigchain) FindAll(typ string) []*Statement

FindAll returns statements of type.

func (Sigchain) FindLast 

func (s Sigchain) FindLast(typ string) *Statement

FindLast search from the last statement to the first, returning after If type is specified, we will search for that statement type. If we found a statement and it was revoked, we return nil.

func (*Sigchain) ID 

func (s *Sigchain) ID() ID

ID is the sign public key ID.

func (Sigchain) IsRevoked 

func (s Sigchain) IsRevoked(seq int) bool

IsRevoked returns true if statement was revoked.

func (*Sigchain) KID added in v0.4.10 

func (s *Sigchain) KID() ID

KID is the sign public key ID.

func (Sigchain) Last 

func (s Sigchain) Last() *Statement

Last returns last statement or nil if none.

func (Sigchain) LastSeq 

func (s Sigchain) LastSeq() int

LastSeq returns last signed statment seq (or 0 if no signed statements exist).

func (Sigchain) Length 

func (s Sigchain) Length() int

Length of Sigchain.

func (*Sigchain) PublicKey added in v0.4.18 

func (s *Sigchain) PublicKey() PublicKey

PublicKey from the Sigchain. The Sigchain implements the PublicKey interface, so it returns itself.

func (*Sigchain) Revoke 

func (s *Sigchain) Revoke(revoke int, sk *SignKey) (*Statement, error)

Revoke a signed statement in the Sigchain.

func (*Sigchain) SetReadOnly 

func (s *Sigchain) SetReadOnly(b bool)

SetReadOnly to set read only.

func (*Sigchain) SignPublicKey 

func (s *Sigchain) SignPublicKey() SignPublicKey

SignPublicKey is sign public key for sigchain.

func (Sigchain) Statements 

func (s Sigchain) Statements() []*Statement

Statements are all the signed statements.

func (*Sigchain) Users added in v0.4.18 

func (s *Sigchain) Users() []*User

Users (statements) signed into the sigchain.

func (Sigchain) Verify 

func (s Sigchain) Verify(st *Statement, prev *Statement) error

Verify verifies a signed statement against a previous statement (in a Sigchain).

type SigchainStore 

type SigchainStore interface {
	// KIDs returns all the sigchain KIDs.
	KIDs() ([]ID, error)

	// Sigchain for kid.
	Sigchain(kid ID) (*Sigchain, error)
	// AddStatement adds to sigchain.
	AddStatement(st *Statement, sk *SignKey) error
	// RevokeStatement revokes a statement.
	RevokeStatement(revoke int, sk *SignKey) (*Statement, error)

	// SaveSigchain saves sigchain to the store.
	SaveSigchain(sc *Sigchain) error
	// DeleteSigchain deletes sigchain from the store.
	DeleteSigchain(kid ID) (bool, error)

	// SigchainExists if true, has sigchain
	SigchainExists(kid ID) (bool, error)

	Now() time.Time
}

SigchainStore provides access to sigchains, usually backed by a DocumentStore, such as a local db.

func NewSigchainStore 

func NewSigchainStore(dst DocumentStore) SigchainStore

NewSigchainStore creates a SigchainStore from a DocumentStore.

type SignKey 

type SignKey struct {
	PublicKey SignPublicKey
	ID        ID
	// contains filtered or unexported fields
}

SignKey a public/private boxKey which can sign and verify using nacl.sign.

func AsSignKey 

func AsSignKey(item *keyring.Item) (*SignKey, error)

AsSignKey returns SignKey for keyring Item.

func GenerateSignKey 

func GenerateSignKey() *SignKey

GenerateSignKey generates a SignKey (using ed25519).

func NewSignKey 

func NewSignKey(privateKey []byte) (*SignKey, error)

NewSignKey constructs SignKey from a private key. The public key is derived from the private key.

func NewSignKeyFromHexString 

func NewSignKeyFromHexString(s string) (*SignKey, error)

NewSignKeyFromHexString creates SignKey from hex encoded string (of private key).

func NewSignKeyFromSeed 

func NewSignKeyFromSeed(seed *[SeedSize]byte) (*SignKey, error)

NewSignKeyFromSeed constructs SignKey from an ed25519 seed. The private key is derived from this seed and the public key is derived from the private key.

func NewSignKeyFromSeedPhrase 

func NewSignKeyFromSeedPhrase(seedPhrase string, sanitize bool) (*SignKey, error)

NewSignKeyFromSeedPhrase creates SignKey from bip39 phrase of the nacl.sign seed.

func (SignKey) PrivateKey 

func (k SignKey) PrivateKey() *[SignKeySize]byte

PrivateKey returns private key part.

func (SignKey) Seed 

func (k SignKey) Seed() []byte

Seed returns information on how to generate this key from ed25519 package seed.

func (SignKey) SeedPhrase 

func (k SignKey) SeedPhrase() string

SeedPhrase returns bip39 phrase.

func (*SignKey) Sign 

func (k *SignKey) Sign(b []byte) []byte

Sign bytes with the (sign) private key.

func (*SignKey) SignDetached 

func (k *SignKey) SignDetached(b []byte) []byte

SignDetached sign bytes detached.

type SignPrivateKey 

type SignPrivateKey *[SignKeySize]byte

SignPrivateKey is the private part of nacl.sign key pair.

type SignProvider added in v0.4.13 

type SignProvider interface {
	// Sign data from a key.
	Sign(b []byte, key *SignKey) ([]byte, error)
	// Verify data for a public key.
	Verify(b []byte) ([]byte, SignPublicKey, error)
	// SignDetached data for a key.
	SignDetached(b []byte, key *SignKey) ([]byte, error)
	// VerifyDetached data for a public key.
	VerifyDetached(b []byte, sig []byte) (SignPublicKey, error)
}

SignProvider defines a provider for signing.

type SignPublicKey 

type SignPublicKey *[SignPublicKeySize]byte

SignPublicKey is the public part of nacl.sign key pair.

func DecodeSignPublicKey 

func DecodeSignPublicKey(s string) (SignPublicKey, error)

DecodeSignPublicKey returns SignPublicKey from a string.

type SignStreamProvider added in v0.4.13 

type SignStreamProvider interface {
	// NewSignStream returns an io.Writer capable of signing data.
	NewSignStream(w io.Writer, key *SignKey, detached bool) (io.WriteCloser, error)
	// NewVerifyStream returns a io.Reader capable of verifying data.
	NewVerifyStream(r io.Reader) (io.Reader, SignPublicKey, error)
}

SignStreamProvider defines a streaming provider for signing.

type SpewFormat 

type SpewFormat string

SpewFormat is format for Spew. 

const (
	// SpewFormatDefault ...
	SpewFormatDefault SpewFormat = ""
	// SpewFormatTable is in a grid, each entry separated by newlines.
	SpewFormatTable SpewFormat = "table"
	// SpewFormatFlat are fields separated by newlines and entries separated by empty lines.
	SpewFormatFlat SpewFormat = "flat"
)

type SpewOpts 

type SpewOpts struct {
	Format SpewFormat
}

SpewOpts are options for Spew.

type Statement 

type Statement struct {
	// Sig is the signature bytes.
	Sig []byte

	// Data.
	Data []byte
	// KID is the key that signed.
	KID ID

	// Seq in a sigchain (1 is root).
	Seq int
	// Prev is a hash of the previous item in the sigchain.
	Prev []byte
	// Revoke refers to a previous signed seq to revoke.
	Revoke int

	// Type (optional).
	Type string

	// Timestamp (optional).
	Timestamp time.Time
	// contains filtered or unexported fields
}

Statement in a Sigchain.

func GenerateRevoke 

func GenerateRevoke(sc *Sigchain, revoke int, sk *SignKey) (*Statement, error)

GenerateRevoke creates a revoke Statement.

func GenerateStatement 

func GenerateStatement(sc *Sigchain, b []byte, sk *SignKey, typ string, ts time.Time) (*Statement, error)

GenerateStatement creates Statement to be added to the Sigchain.

func GenerateUserStatement added in v0.4.18 

func GenerateUserStatement(sc *Sigchain, usr *User, sk *SignKey, ts time.Time) (*Statement, error)

GenerateUserStatement for a user to add to the sigchain.

func NewStatement 

func NewStatement(sig []byte, data []byte, kid ID, seq int, prev []byte, revoke int, typ string, ts time.Time) (*Statement, error)

NewStatement creates a new statement from specified parameters. Use GenerateStatement for an easier construction.

func StatementFromBytes 

func StatementFromBytes(b []byte) (*Statement, error)

StatementFromBytes returns Statement from JSON bytes.

func (*Statement) Bytes 

func (s *Statement) Bytes() []byte

Bytes is the serialized Statement.

func (Statement) KeyPath 

func (s Statement) KeyPath() string

KeyPath returns path for Statement in a key/value store. If Seq is not set, then there is no key path. Path looks like "/sigchain/PbS3oWv4b6mmCwsAQ9dguCA4gU4MwfTStUQVj8hGrtah-000000000000001".

func (Statement) MarshalJSON 

func (s Statement) MarshalJSON() ([]byte, error)

MarshalJSON marshals statement to JSON.

func (Statement) URLPath 

func (s Statement) URLPath() string

URLPath returns path for Statement in the HTTP API. If Seq is not set, then there is no url path. Path looks like "/sigchain/QBrbzCWK5Mf5fzzFayCqV4fnZaGUTMRjvAxyEqf388st/1".

func (*Statement) UnmarshalJSON 

func (s *Statement) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a statement from JSON.

func (*Statement) Verify 

func (s *Statement) Verify() error

Verify statement.

type StringSet 

type StringSet struct {
	// contains filtered or unexported fields
}

StringSet is a set of strings.

func NewStringSet 

func NewStringSet(s ...string) *StringSet

NewStringSet creates StringSet.

func NewStringSetSplit 

func NewStringSetSplit(s string, delim string) *StringSet

NewStringSetSplit creates StringSet for split string.

func NewStringSetWithCapacity added in v0.4.10 

func NewStringSetWithCapacity(capacity int) *StringSet

NewStringSetWithCapacity ..

func (*StringSet) Add 

func (s *StringSet) Add(str string)

Add to set.

func (*StringSet) Clear 

func (s *StringSet) Clear()

Clear set.

func (*StringSet) Contains 

func (s *StringSet) Contains(str string) bool

Contains returns true if set contains string.

func (*StringSet) Remove added in v0.4.10 

func (s *StringSet) Remove(str string)

Remove from set.

func (*StringSet) Size added in v0.4.10 

func (s *StringSet) Size() int

Size for set.

func (*StringSet) Sorted added in v0.4.10 

func (s *StringSet) Sorted() []string

Sorted returns strings in set, sorted.

func (*StringSet) Strings added in v0.4.7 

func (s *StringSet) Strings() []string

Strings returns strings in set.

type TimeMs added in v0.4.19 

type TimeMs int64

TimeMs is time as number of milliseconds from epoch.

func TimePtrToMillis added in v0.4.19 

func TimePtrToMillis(t *time.Time) TimeMs

TimePtrToMillis returns milliseconds since epoch from time.Time. If t is nil or t.IsZero() we return 0.

func TimeToMillis added in v0.4.19 

func TimeToMillis(t time.Time) TimeMs

TimeToMillis returns milliseconds since epoch from time.Time. If t.IsZero() we return 0.

type User added in v0.4.18 

type User struct {
	Name      string
	KID       ID
	Seq       int
	Service   string
	URL       string
	CheckedAt time.Time
}

User describes a name on a service with a signed statement at a URL, signed into a sigchain at (KID, seq).

func NewUser added in v0.4.18 

func NewUser(kid ID, service string, name string, rawurl string, seq int) (*User, error)

NewUser returns User used in a signing statement.

func NewUserForSigning added in v0.4.18 

func NewUserForSigning(kid ID, service string, name string) (*User, error)

NewUserForSigning returns User for signing (doesn't have remote URL yet).

func UserCheck added in v0.4.18 

func UserCheck(ctx context.Context, sc *Sigchain, req Requestor, nowFn func() time.Time) ([]*User, error)

UserCheck returns verified user statements URL in sigchain.

func VerifyUser added in v0.4.18 

func VerifyUser(msg string, spk SignPublicKey, usr *User) (*User, error)

VerifyUser armored message for a user. If usr is specified, we will verify it matches the User in the verified message.

func (User) Bytes added in v0.4.18 

func (u User) Bytes() []byte

Bytes is a serialized User.

func (User) MarshalJSON added in v0.4.18 

func (u User) MarshalJSON() ([]byte, error)

MarshalJSON marshals user to JSON.

func (*User) Sign added in v0.4.18 

func (u *User) Sign(key *SignKey) (string, error)

Sign user into an armored message.

func (User) String added in v0.4.18 

func (u User) String() string

func (*User) UnmarshalJSON added in v0.4.18 

func (u *User) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a user from JSON.

type Verified 

type Verified struct {
	Data     []byte
	Document *Document
	Signer   ID
}

Verified data with signer ID and the originating DocumentStore Entry.

type Watch 

type Watch interface {
	Watch(path string, ln WatchLn) error
	StopWatching(path string)
	StopWatchingAll()
}

Watch for changes at path

type WatchEvent 

type WatchEvent struct {
	Status WatchStatus
	Path   string
}

WatchEvent gives updates to watch status and version

type WatchLn 

type WatchLn func(*WatchEvent)

WatchLn is a listener that receives WatchEvent

type WatchStatus 

type WatchStatus string

WatchStatus is status for watch 

const (
	// WatchStatusNone is an known status
	WatchStatusNone WatchStatus = ""
	// WatchStatusOutage is a status for a remote outage that persists
	WatchStatusOutage WatchStatus = "outage"
	// WatchStatusDisrupted is a status for a temporary disruption
	WatchStatusDisrupted WatchStatus = "disrupted"
	// WatchStatusStarting is a status for when watch is starting
	WatchStatusStarting WatchStatus = "starting"
	// WatchStatusStopping is a status for when watch is stopping
	WatchStatusStopping WatchStatus = "stopping"
	// WatchStatusData is a status for when data has changed
	WatchStatusData WatchStatus = "data"
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.