Documentation ¶
Index ¶
- func SetDebugOutput(out io.Writer)
- type HTTPClient
- type RemoteCrypto
- func (r *RemoteCrypto) ComputeMAC(data []byte, keyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) Decrypt(cipher, aad, nonce []byte, keyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, ...) ([]byte, error)
- func (r *RemoteCrypto) Encrypt(msg, aad []byte, keyURL interface{}) ([]byte, []byte, error)
- func (r *RemoteCrypto) Sign(msg []byte, keyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) SignMulti(messages [][]byte, signerKeyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) UnwrapKey(recWK *cryptoapi.RecipientWrappedKey, keyURL interface{}, ...) ([]byte, error)
- func (r *RemoteCrypto) Verify(signature, msg []byte, keyURL interface{}) error
- func (r *RemoteCrypto) VerifyMAC(mac, data []byte, keyURL interface{}) error
- func (r *RemoteCrypto) VerifyMulti(messages [][]byte, signature []byte, signerKeyURL interface{}) error
- func (r *RemoteCrypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, signerKeyURL interface{}) error
- func (r *RemoteCrypto) WrapKey(cek, apu, apv []byte, recPubKey *cryptoapi.PublicKey, ...) (*cryptoapi.RecipientWrappedKey, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SetDebugOutput ¶
SetDebugOutput used to set output of debug logs.
Types ¶
type HTTPClient ¶
HTTPClient interface for the http client.
type RemoteCrypto ¶
type RemoteCrypto struct {
// contains filtered or unexported fields
}
RemoteCrypto implementation of kms.KeyManager api.
func New ¶
func New(keystoreURL string, client HTTPClient, opts ...webkmsimpl.Opt) *RemoteCrypto
New creates a new remoteCrypto instance using http client connecting to keystoreURL.
func (*RemoteCrypto) ComputeMAC ¶
func (r *RemoteCrypto) ComputeMAC(data []byte, keyURL interface{}) ([]byte, error)
ComputeMAC remotely computes message authentication code (MAC) for code data with key at keyURL. using a matching MAC primitive in kh key handle.
func (*RemoteCrypto) Decrypt ¶
func (r *RemoteCrypto) Decrypt(cipher, aad, nonce []byte, keyURL interface{}) ([]byte, error)
Decrypt will remotely decrypt cipher with aad and given nonce using a matching AEAD primitive in a remote key handle at keyURL of a private key. returns:
plainText in []byte error in case of errors
func (*RemoteCrypto) DeriveProof ¶
func (r *RemoteCrypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, signerKeyURL interface{}) ([]byte, error)
DeriveProof will create a BBS+ signature proof for a list of revealed messages using BBS signature (can be built using a Signer's SignMulti() call) and the signer's public key handle found at signerKeyURL. returns:
signature proof in []byte error in case of errors
func (*RemoteCrypto) Encrypt ¶
func (r *RemoteCrypto) Encrypt(msg, aad []byte, keyURL interface{}) ([]byte, []byte, error)
Encrypt will remotely encrypt msg and aad using a matching AEAD primitive in a remote key handle at keyURL of a public key. returns:
cipherText in []byte nonce in []byte error in case of errors during encryption
func (*RemoteCrypto) Sign ¶
func (r *RemoteCrypto) Sign(msg []byte, keyURL interface{}) ([]byte, error)
Sign will remotely sign msg using a matching signature primitive in remote kh key handle at keyURL of a private key. returns:
signature in []byte error in case of errors
func (*RemoteCrypto) SignMulti ¶
func (r *RemoteCrypto) SignMulti(messages [][]byte, signerKeyURL interface{}) ([]byte, error)
SignMulti will create a BBS+ signature of messages using the signer's private key handle found at signerKeyURL. returns:
signature in []byte error in case of errors
func (*RemoteCrypto) UnwrapKey ¶
func (r *RemoteCrypto) UnwrapKey(recWK *cryptoapi.RecipientWrappedKey, keyURL interface{}, opts ...cryptoapi.WrapKeyOpts) ([]byte, error)
UnwrapKey remotely unwraps a key in recWK using recipient private key found at keyURL. 'opts' allows setting the option sender key handle using WithSender() optionwhere the sender key handle consists of a remote key located in the option as a keyURL. This options allows ECDH-1PU key unwrapping (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt). returns:
unwrapped key in raw bytes error in case of errors
func (*RemoteCrypto) Verify ¶
func (r *RemoteCrypto) Verify(signature, msg []byte, keyURL interface{}) error
Verify will remotely verify a signature for the given msg using a matching signature primitive in a remote key handle at keyURL of a public key. returns:
error in case of errors or nil if signature verification was successful
func (*RemoteCrypto) VerifyMAC ¶
func (r *RemoteCrypto) VerifyMAC(mac, data []byte, keyURL interface{}) error
VerifyMAC remotely determines if mac is a correct authentication code (MAC) for data using a key at KeyURL using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
func (*RemoteCrypto) VerifyMulti ¶
func (r *RemoteCrypto) VerifyMulti(messages [][]byte, signature []byte, signerKeyURL interface{}) error
VerifyMulti will BBS+ verify a signature of messages against the signer's public key handle found at signerKeyURL. returns:
error in case of errors or nil if signature verification was successful
func (*RemoteCrypto) VerifyProof ¶
func (r *RemoteCrypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, signerKeyURL interface{}) error
VerifyProof will verify a BBS+ signature proof (generated e.g. by Verifier's DeriveProof() call) for revealedMessages with the signer's public key handle found at signerKeyURL. returns:
error in case of errors or nil if signature proof verification was successful
func (*RemoteCrypto) WrapKey ¶
func (r *RemoteCrypto) WrapKey(cek, apu, apv []byte, recPubKey *cryptoapi.PublicKey, opts ...cryptoapi.WrapKeyOpts) (*cryptoapi.RecipientWrappedKey, error)
WrapKey will remotely execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'. 'opts' allows setting the option sender key handle using WithSender() option where the sender key handle consists of a remote key located in the option as a keyURL. This option allows ECDH-1PU key wrapping (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt).
RecipientWrappedKey containing the wrapped cek value error in case of errors