Documentation ¶
Overview ¶
Package crypto implements IPIN encryption as per EBS It supports libraries in different languages including: Go, Python, JavaScript, Java and Dart. The code is battle-tested and has been used in production for years.
Signing and Verifying ¶
In addition to the EBS encryption support, crypto also supports signing and verifying for keys. Most notably, noebs uses crypto to sign users for token refresh.
Index ¶
- func DecryptNoebs(privkey string, payload string) (string, error)
- func Encrypt(pubkey string, payload string) (string, error)
- func EncryptNoebs(pubkey string, payload string) (string, error)
- func Sign(privkey string) (string, error)
- func Verify(pubkey string, signature, message string) (bool, error)
- func VerifyWithHeaders(pubkey string, signature, message string) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptNoebs ¶
DecryptNoebs given a private key and payload to EBS compatible RSA payload you must provide the payload in:
msg := uuid + pin
so that it is compatible with EBS' standard encryption
func Encrypt ¶
Encrypt given a public key and payload, encrypt encrypts to EBS compatible RSA payload you must provide the payload in:
msg := uuid + pin
so that it is compatible with EBS' standard encryption
func EncryptNoebs ¶
EncryptNoebs given a private key and payload to EBS compatible RSA payload you must provide the payload in:
msg := uuid + pin
so that it is compatible with EBS' standard encryption
func Sign ¶
Sign is a reference implementation of how our signing and verification works it is used by noebs clients (android app) to send signed messages that we can verify in noebs to ensure that the message is actually correct. Note that: - we don't really sign a message, it is always hardcoded - we used sha256 to sign the hash of the message, instead of the actual message WE expect that the client side will abide by this same interface we are designing here
NOTES ¶
Ideally, implementer should use a secure mechanism to generate private - public keys and sign messages. In android, this is done via `Android keystore`, in particular
val ks: Keystore = Keystore.getInstance("AndroidKeyStore").apply { load(null) } val aliases: Enumeration<String> = ks.aliases()
Using secure facilities such as android keystore offers the utmost level of security and ensures our compliance with payment standards.
func Verify ¶
Verify used by noebs systems to verify the authenticity of the clients. We are currently using it to ensure that noebs mobile clients are valid (providing their keys are valid) this is a rather very tricky api, but it is the only way we can ensure a simple way of authenticating our users
pubkey is base64 string encoding for the public key! [signature]: is base64 encoded [message]: is the message that we want to sign
Types ¶
This section is empty.