webkms

package
v0.0.0-...-8c61271 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 30, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SetDebugOutput

func SetDebugOutput(out io.Writer)

SetDebugOutput used to set output of debug logs.

Types

type HTTPClient

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

HTTPClient interface for the http client.

type RemoteCrypto

type RemoteCrypto struct {
	// contains filtered or unexported fields
}

RemoteCrypto implementation of kms.KeyManager api.

func New

func New(keystoreURL string, client HTTPClient, opts ...webkmsimpl.Opt) *RemoteCrypto

New creates a new remoteCrypto instance using http client connecting to keystoreURL.

func (*RemoteCrypto) ComputeMAC

func (r *RemoteCrypto) ComputeMAC(data []byte, keyURL interface{}) ([]byte, error)

ComputeMAC remotely computes message authentication code (MAC) for code data with key at keyURL. using a matching MAC primitive in kh key handle.

func (*RemoteCrypto) Decrypt

func (r *RemoteCrypto) Decrypt(cipher, aad, nonce []byte, keyURL interface{}) ([]byte, error)

Decrypt will remotely decrypt cipher with aad and given nonce using a matching AEAD primitive in a remote key handle at keyURL of a private key. returns:

plainText in []byte
error in case of errors

func (*RemoteCrypto) DeriveProof

func (r *RemoteCrypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int,
	signerKeyURL interface{}) ([]byte, error)

DeriveProof will create a BBS+ signature proof for a list of revealed messages using BBS signature (can be built using a Signer's SignMulti() call) and the signer's public key handle found at signerKeyURL. returns:

signature proof in []byte
error in case of errors

func (*RemoteCrypto) Encrypt

func (r *RemoteCrypto) Encrypt(msg, aad []byte, keyURL interface{}) ([]byte, []byte, error)

Encrypt will remotely encrypt msg and aad using a matching AEAD primitive in a remote key handle at keyURL of a public key. returns:

cipherText in []byte
nonce in []byte
error in case of errors during encryption

func (*RemoteCrypto) Sign

func (r *RemoteCrypto) Sign(msg []byte, keyURL interface{}) ([]byte, error)

Sign will remotely sign msg using a matching signature primitive in remote kh key handle at keyURL of a private key. returns:

signature in []byte
error in case of errors

func (*RemoteCrypto) SignMulti

func (r *RemoteCrypto) SignMulti(messages [][]byte, signerKeyURL interface{}) ([]byte, error)

SignMulti will create a BBS+ signature of messages using the signer's private key handle found at signerKeyURL. returns:

signature in []byte
error in case of errors

func (*RemoteCrypto) UnwrapKey

func (r *RemoteCrypto) UnwrapKey(recWK *cryptoapi.RecipientWrappedKey, keyURL interface{},
	opts ...cryptoapi.WrapKeyOpts) ([]byte, error)

UnwrapKey remotely unwraps a key in recWK using recipient private key found at keyURL. 'opts' allows setting the option sender key handle using WithSender() optionwhere the sender key handle consists of a remote key located in the option as a keyURL. This options allows ECDH-1PU key unwrapping (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt). returns:

unwrapped key in raw bytes
error in case of errors

func (*RemoteCrypto) Verify

func (r *RemoteCrypto) Verify(signature, msg []byte, keyURL interface{}) error

Verify will remotely verify a signature for the given msg using a matching signature primitive in a remote key handle at keyURL of a public key. returns:

error in case of errors or nil if signature verification was successful

func (*RemoteCrypto) VerifyMAC

func (r *RemoteCrypto) VerifyMAC(mac, data []byte, keyURL interface{}) error

VerifyMAC remotely determines if mac is a correct authentication code (MAC) for data using a key at KeyURL using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.

func (*RemoteCrypto) VerifyMulti

func (r *RemoteCrypto) VerifyMulti(messages [][]byte, signature []byte, signerKeyURL interface{}) error

VerifyMulti will BBS+ verify a signature of messages against the signer's public key handle found at signerKeyURL. returns:

error in case of errors or nil if signature verification was successful

func (*RemoteCrypto) VerifyProof

func (r *RemoteCrypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, signerKeyURL interface{}) error

VerifyProof will verify a BBS+ signature proof (generated e.g. by Verifier's DeriveProof() call) for revealedMessages with the signer's public key handle found at signerKeyURL. returns:

error in case of errors or nil if signature proof verification was successful

func (*RemoteCrypto) WrapKey

func (r *RemoteCrypto) WrapKey(cek, apu, apv []byte, recPubKey *cryptoapi.PublicKey,
	opts ...cryptoapi.WrapKeyOpts) (*cryptoapi.RecipientWrappedKey, error)

WrapKey will remotely execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'. 'opts' allows setting the option sender key handle using WithSender() option where the sender key handle consists of a remote key located in the option as a keyURL. This option allows ECDH-1PU key wrapping (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt).

RecipientWrappedKey containing the wrapped cek value
error in case of errors

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL