Documentation ¶
Index ¶
- Constants
- type BaseKMS
- func (w *BaseKMS) Close() error
- func (w *BaseKMS) ConvertToEncryptionKey(verKey []byte) ([]byte, error)
- func (w *BaseKMS) CreateKeySet() (string, string, error)
- func (w *BaseKMS) DeriveKEK(alg, apu, fromPubKey, toPubKey []byte) ([]byte, error)
- func (w *BaseKMS) FindVerKey(candidateKeys []string) (int, error)
- func (w *BaseKMS) GetEncryptionKey(verKey []byte) ([]byte, error)
- func (w *BaseKMS) SignMessage(message []byte, fromVerKey string) ([]byte, error)
- type CryptoBox
- func (b *CryptoBox) Easy(payload, nonce, theirPub, myPub []byte) ([]byte, error)
- func (b *CryptoBox) EasyOpen(cipherText, nonce, theirPub, myPub []byte) ([]byte, error)
- func (b *CryptoBox) Seal(payload, theirPub []byte, randSource io.Reader) ([]byte, error)
- func (b *CryptoBox) SealOpen(cipherText, myPub []byte) ([]byte, error)
- type DocOpts
- type KMS
- type KeyConverter
- type KeyManager
- type Signer
Constants ¶
const (
// KeyStoreNamespace is keystore namespace
KeyStoreNamespace = "keystore"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BaseKMS ¶
type BaseKMS struct {
// contains filtered or unexported fields
}
BaseKMS Base Key Management Service implementation
func (*BaseKMS) ConvertToEncryptionKey ¶
ConvertToEncryptionKey converts an ed25519 keypair present in the LegacyKMS, persists the resulting keypair, and returns the result public key.
func (*BaseKMS) CreateKeySet ¶
CreateKeySet creates a new public/private encryption and signature keypairs combo. returns:
string: encryption key id base58 encoded of the marshaled cryptoutil.KayPairCombo stored in the LegacyKMS store string: signature key id base58 encoded of the marshaled cryptoutil.KayPairCombo stored in the LegacyKMS store error: in case of errors
func (*BaseKMS) DeriveKEK ¶
DeriveKEK will derive an ephemeral symmetric key (kek) using a private key fetched from the LegacyKMS corresponding to fromPubKey and derived with toPubKey This implementation is for curve 25519 only
func (*BaseKMS) FindVerKey ¶
FindVerKey selects a signing key which is present in candidateKeys that is present in the LegacyKMS
func (*BaseKMS) GetEncryptionKey ¶
GetEncryptionKey will return the public encryption key corresponding to the public verKey argument
type CryptoBox ¶
type CryptoBox struct {
// contains filtered or unexported fields
}
CryptoBox provides an elliptic-curve-based authenticated encryption scheme
Payloads are encrypted using symmetric encryption (XChacha20Poly1305) using a shared key derived from a shared secret created by
Curve25519 Elliptic Curve Diffie-Hellman key exchange.
CryptoBox is created by a LegacyKMS, and reads secret keys from the LegacyKMS
for encryption/decryption, so clients do not need to see the secrets themselves.
func NewCryptoBox ¶
func NewCryptoBox(w KeyManager) (*CryptoBox, error)
NewCryptoBox creates a CryptoBox which provides crypto box encryption using the given LegacyKMS's keypairs
func (*CryptoBox) Easy ¶
Easy seals a message with a provided nonce theirPub is used as a public key, while myPub is used to identify the private key that should be used
func (*CryptoBox) EasyOpen ¶
EasyOpen unseals a message sealed with Easy, where the nonce is provided theirPub is the public key used to decrypt directly, while myPub is used to identify the private key to be used
func (*CryptoBox) Seal ¶
Seal seals a payload using the equivalent of libsodium box_seal
Generates an ephemeral keypair to use for the sender, and includes the ephemeral sender public key in the message.
type DocOpts ¶
type DocOpts func(opts *createDIDOpts)
DocOpts is a create DID option
func WithServiceType ¶
WithServiceType service type of DID document to be created
type KeyConverter ¶
type KeyConverter interface { // ConvertToEncryptionKey creates and persists a Curve25519 keypair created from the given SigningPubKey's // Ed25519 keypair, returning the EncryptionPubKey for this new keypair. ConvertToEncryptionKey(key []byte) ([]byte, error) }
KeyConverter provides methods for converting signing to encryption keys
type KeyManager ¶
type KeyManager interface { KeyConverter // CreateKeySet create a new public/private encryption and signature key pairs set. // // Returns: // string: enc public key of the encryption keypair // string: sig public key of the signature keypair // error: error CreateKeySet() (string, string, error) // DeriveKEK will derive an ephemeral symmetric key (kek) using a private from key fetched from // from the LegacyKMS corresponding to fromPubKey and derived with toPubKey. // // This function assumes both fromPubKey and toPubKey to be on curve25519. // // returns: // kek []byte the key encryption key used to decrypt a cek (a shared key) // error in case of errors DeriveKEK(alg, apu, fromPubKey, toPubKey []byte) ([]byte, error) // FindVerKey will search the LegacyKMS to find stored keys that match any of candidateKeys and // return the index of the first match // returns: // int index of candidateKeys that matches the first key found in the LegacyKMS // error in case of errors (including ErrKeyNotFound) // // in case of error, the index will be -1 FindVerKey(candidateKeys []string) (int, error) // GetEncryptionKey will return the public encryption key corresponding to the public verKey argument GetEncryptionKey(verKey []byte) ([]byte, error) }
KeyManager interface provides key management operations (create, find, get, derive, etc.)
type Signer ¶
type Signer interface { // SignMessage sign a message using the private key associated with a given verification key. // // Args: // // message: The message to sign // // fromVerKey: Sign using the private key related to this verification key // // Returns: // // []byte: The signature // // error: error SignMessage(message []byte, fromVerKey string) ([]byte, error) }
Signer interface provides signing capabilities