Documentation
¶
Index ¶
Constants ¶
View Source
const DefKeySize = 32
DefKeySize is the default key size for crypto primitives.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Crypto ¶
type Crypto interface {
// Encrypt will encrypt msg and aad using a matching AEAD primitive in kh key handle of a public key
// returns:
// cipherText in []byte
// nonce in []byte
// error in case of errors during encryption
Encrypt(msg, aad []byte, kh interface{}) ([]byte, []byte, error)
// Decrypt will decrypt cipher with aad and given nonce using a matching AEAD primitive in kh key handle of a
// private key
// returns:
// plainText in []byte
// error in case of errors
Decrypt(cipher, aad, nonce []byte, kh interface{}) ([]byte, error)
// Sign will sign msg using a matching signature primitive in kh key handle of a private key
// returns:
// signature in []byte
// error in case of errors
Sign(msg []byte, kh interface{}) ([]byte, error)
// Verify will verify a signature for the given msg using a matching signature primitive in kh key handle of
// a public key
// returns:
// error in case of errors or nil if signature verification was successful
Verify(signature, msg []byte, kh interface{}) error
// ComputeMAC computes message authentication code (MAC) for code data
// using a matching MAC primitive in kh key handle
ComputeMAC(data []byte, kh interface{}) ([]byte, error)
// VerifyMAC determines if mac is a correct authentication code (MAC) for data
// using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
VerifyMAC(mac, data []byte, kh interface{}) error
// WrapKey will execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'.
// 'opts' allows setting the option sender key handle using WithSender() option. It allows ECDH-1PU key wrapping
// (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt). Another option that can
// be used is WithXC20PKW() to instruct the WrapKey to use XC20P key wrapping instead of the default A256GCM.
// returns:
// RecipientWrappedKey containing the wrapped cek value
// error in case of errors
WrapKey(cek, apu, apv []byte, recPubKey *PublicKey,
opts ...WrapKeyOpts) (*RecipientWrappedKey, error)
// UnwrapKey unwraps a key in recWK using recipient private key kh.
// 'opts' allows setting the option sender key handle using WithSender() option. It allows ECDH-1PU key unwrapping
// (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt). There is no need to
// use WithXC20PKW() for UnwrapKey since the function will use the wrapping algorithm based on recWK.Alg.
// returns:
// unwrapped key in raw bytes
// error in case of errors
UnwrapKey(recWK *RecipientWrappedKey, kh interface{}, opts ...WrapKeyOpts) ([]byte, error)
}
Crypto interface provides all crypto operations needed in the Aries framework.
type PublicKey ¶
type PublicKey struct {
KID string `json:"kid,omitempty"`
X []byte `json:"x,omitempty"`
Y []byte `json:"y,omitempty"`
Curve string `json:"curve,omitempty"`
Type string `json:"type,omitempty"`
}
PublicKey mainly to exchange EPK in RecipientWrappedKey.
type RecipientWrappedKey ¶
type RecipientWrappedKey struct {
KID string `json:"kid,omitempty"`
EncryptedCEK []byte `json:"encryptedcek,omitempty"`
EPK PublicKey `json:"epk,omitempty"`
Alg string `json:"alg,omitempty"`
APU []byte `json:"apu,omitempty"`
APV []byte `json:"apv,omitempty"`
}
RecipientWrappedKey contains recipient key material required to unwrap CEK.
type WrapKeyOpts ¶
type WrapKeyOpts func(opts *wrapKeyOpts)
WrapKeyOpts are the crypto.Wrap key options.
func WithSender ¶
func WithSender(senderKey interface{}) WrapKeyOpts
WithSender option is for setting a sender key with crypto wrapping (eg: AuthCrypt). For Anoncrypt, this option must not be set. Sender is a key used for ECDH-1PU key agreement for authenticating the sender. senderkey can be of the following there types:
- *keyset.Handle (requires private key handle for crypto.WrapKey())
- *crypto.PublicKey (available for UnwrapKey() only)
- *ecdsa.PublicKey (available for UnwrapKey() only)
func WithXC20PKW ¶
func WithXC20PKW() WrapKeyOpts
WithXC20PKW options is a flag option for crypto wrapping. When used, key wrapping will use XChacha20Poly1305 encryption as key wrapping. The absence of this option (default) uses AES256-GCM encryption as key wrapping. The KDF used in the crypto wrapping function is selected based on the type of recipient key argument of KeyWrap(), it is independent of this option.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package tinkcrypto provides the default implementation of the common pkg/common/api/crypto.Crypto interface and the SPI pkg/framework/aries.crypto interface It uses github.com/tink/go crypto primitives
|
Package tinkcrypto provides the default implementation of the common pkg/common/api/crypto.Crypto interface and the SPI pkg/framework/aries.crypto interface It uses github.com/tink/go crypto primitives |
|
primitive/composite/ecdh
Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives.
|
Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives. |
Click to show internal directories.
Click to hide internal directories.