Documentation ¶
Index ¶
- Constants
- Variables
- func DID2KID(did string) string
- type Crypto
- func (c *Crypto) ComputeMAC(data []byte, kh interface{}) ([]byte, error)
- func (c *Crypto) Decrypt(cipher []byte, aad []byte, nonce []byte, kh interface{}) ([]byte, error)
- func (c *Crypto) DeriveProof(messages [][]byte, bbsSignature []byte, nonce []byte, revealedIndexes []int, ...) ([]byte, error)
- func (c *Crypto) Encrypt(msg []byte, aad []byte, kh interface{}) ([]byte, []byte, error)
- func (c *Crypto) Sign(msg []byte, kh interface{}) (s []byte, err error)
- func (c *Crypto) SignMulti(messages [][]byte, kh interface{}) ([]byte, error)
- func (c *Crypto) UnwrapKey(recWK *crypto.RecipientWrappedKey, kh interface{}, opts ...crypto.WrapKeyOpts) ([]byte, error)
- func (c *Crypto) Verify(signature []byte, msg []byte, kh interface{}) (err error)
- func (c *Crypto) VerifyMAC(mac []byte, data []byte, kh interface{}) error
- func (c *Crypto) VerifyMulti(messages [][]byte, signature []byte, kh interface{}) error
- func (c *Crypto) VerifyProof(revealedMessages [][]byte, proof []byte, nonce []byte, kh interface{}) error
- func (c *Crypto) WrapKey(cek []byte, apu []byte, apv []byte, recPubKey *crypto.PublicKey, ...) (*crypto.RecipientWrappedKey, error)
- type Handle
- type Indy
- func (i *Indy) Close() error
- func (i *Indy) ConnectionStorage() api.ConnectionStorage
- func (i *Indy) CredentialStorage() api.CredentialStorage
- func (i *Indy) DIDStorage() api.DIDStorage
- func (i *Indy) GetOpenStores() []storage.Store
- func (i *Indy) GetStoreConfig(name string) (storage.StoreConfiguration, error)
- func (i *Indy) KMS() kms.KeyManager
- func (i *Indy) Open() error
- func (i *Indy) OpenStore(name string) (storage.Store, error)
- func (i *Indy) OurPackager() api.Packager
- func (i *Indy) SetStoreConfig(name string, config storage.StoreConfiguration) error
- type KMS
- func (k *KMS) Add(KID, verKey string)
- func (k *KMS) Create(kt kms.KeyType) (string, interface{}, error)
- func (k *KMS) CreateAndExportPubKeyBytes(kt kms.KeyType) (string, []byte, error)
- func (k *KMS) ExportPubKeyBytes(KID string) ([]byte, error)
- func (k *KMS) Get(KID string) (interface{}, error)
- func (k *KMS) ImportPrivateKey(privKey interface{}, kt kms.KeyType, opts ...kms.PrivateKeyOpts) (string, interface{}, error)
- func (k *KMS) PubKeyBytesToHandle(pubKey []byte, kt kms.KeyType) (interface{}, error)
- func (k *KMS) Rotate(kt kms.KeyType, KID string) (string, interface{}, error)
- type Packager
- func (p *Packager) Crypto() cryptoapi.Crypto
- func (p *Packager) KMS() kms.KeyManager
- func (p *Packager) PackMessage(envelope *transport.Envelope) (b []byte, err error)
- func (p *Packager) StorageProvider() storage.Provider
- func (p *Packager) UnpackMessage(encMessage []byte) (e *transport.Envelope, err error)
- func (p *Packager) VDRegistry() vdr.Registry
Constants ¶
const MethodPrefix = "did:sov:"
const SovVerKeyLen = 32
Variables ¶
var (
ErrWrongSignature error
)
Functions ¶
Types ¶
type Crypto ¶
type Crypto struct { }
func (*Crypto) ComputeMAC ¶
ComputeMAC computes message authentication code (MAC) for code data using a matching MAC primitive in kh key handle
func (*Crypto) Decrypt ¶
Decrypt will decrypt cipher with aad and given nonce using a matching AEAD primitive in kh key handle of a private key returns:
plainText in []byte error in case of errors
func (*Crypto) DeriveProof ¶
func (c *Crypto) DeriveProof(messages [][]byte, bbsSignature []byte, nonce []byte, revealedIndexes []int, kh interface{}) ([]byte, error)
DeriveProof will create a signature proof for a list of revealed messages using BBS signature (can be built using a Signer's SignMulti() call) and a matching signing primitive found in kh key handle of a public key. returns:
signature proof in []byte error in case of errors
func (*Crypto) Encrypt ¶
Encrypt will encrypt msg and aad using a matching AEAD primitive in kh key handle of a public key returns:
cipherText in []byte nonce in []byte error in case of errors during encryption
func (*Crypto) Sign ¶
Sign will sign msg using a matching signature primitive in kh key handle of a private key returns:
signature in []byte error in case of errors
func (*Crypto) SignMulti ¶
SignMulti will create a signature of messages using a matching signing primitive found in kh key handle of a private key. returns:
signature in []byte error in case of errors
func (*Crypto) UnwrapKey ¶
func (c *Crypto) UnwrapKey(recWK *crypto.RecipientWrappedKey, kh interface{}, opts ...crypto.WrapKeyOpts) ([]byte, error)
UnwrapKey unwraps a key in recWK using recipient private key kh. 'opts' allows setting the optional sender key handle using WithSender() option and the an authentication tag using WithTag() option. These allow ECDH-1PU key unwrapping (aka Authcrypt). The absence of these options uses ECDH-ES key unwrapping (aka Anoncrypt). There is no need to use WithXC20PKW() for UnwrapKey since the function will use the wrapping algorithm based on recWK.Alg. returns:
unwrapped key in raw bytes error in case of errors
func (*Crypto) Verify ¶
Verify will verify a signature for the given msg using a matching signature primitive in kh key handle of a public key returns:
error in case of errors or nil if signature verification was successful
func (*Crypto) VerifyMAC ¶
VerifyMAC determines if mac is a correct authentication code (MAC) for data using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
func (*Crypto) VerifyMulti ¶
VerifyMulti will verify a signature of messages using a matching signing primitive found in kh key handle of a public key. returns:
error in case of errors or nil if signature verification was successful
func (*Crypto) VerifyProof ¶
func (c *Crypto) VerifyProof(revealedMessages [][]byte, proof []byte, nonce []byte, kh interface{}) error
VerifyProof will verify a signature proof (generated e.g. by Verifier's DeriveProof() call) for revealedMessages using a matching signing primitive found in kh key handle of a public key. returns:
error in case of errors or nil if signature proof verification was successful
func (*Crypto) WrapKey ¶
func (c *Crypto) WrapKey(cek []byte, apu []byte, apv []byte, recPubKey *crypto.PublicKey, opts ...crypto.WrapKeyOpts) (*crypto.RecipientWrappedKey, error)
WrapKey will execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'. 'opts' allows setting the optional sender key handle using WithSender() option and the an authentication tag using WithTag() option. These allow ECDH-1PU key unwrapping (aka Authcrypt). The absence of these options uses ECDH-ES key wrapping (aka Anoncrypt). Another option that can be used is WithXC20PKW() to instruct the WrapKey to use XC20P key wrapping instead of the default A256GCM. returns:
RecipientWrappedKey containing the wrapped cek value error in case of errors
type Indy ¶
type Indy struct { Handle int // contains filtered or unexported fields }
func (*Indy) ConnectionStorage ¶
func (i *Indy) ConnectionStorage() api.ConnectionStorage
func (*Indy) CredentialStorage ¶
func (i *Indy) CredentialStorage() api.CredentialStorage
func (*Indy) DIDStorage ¶
func (i *Indy) DIDStorage() api.DIDStorage
func (*Indy) GetOpenStores ¶
func (*Indy) GetStoreConfig ¶
func (i *Indy) GetStoreConfig(name string) (storage.StoreConfiguration, error)
func (*Indy) KMS ¶
func (i *Indy) KMS() kms.KeyManager
func (*Indy) OpenStore ¶
We needed direct wrapping to because Go couldn't keep on with transitive type support of aggregated types.
func (*Indy) OurPackager ¶
func (*Indy) SetStoreConfig ¶
func (i *Indy) SetStoreConfig(name string, config storage.StoreConfiguration) error
type KMS ¶
type KMS struct {
// contains filtered or unexported fields
}
func NewKMS ¶
func NewKMS(storage api.AgentStorage) *KMS
func (*KMS) CreateAndExportPubKeyBytes ¶
func (*KMS) ImportPrivateKey ¶
func (*KMS) PubKeyBytesToHandle ¶
type Packager ¶
type Packager struct {
// contains filtered or unexported fields
}
func (*Packager) KMS ¶
func (p *Packager) KMS() kms.KeyManager