webkms

package

v0.3.2 Latest Latest Go to latest Published: May 9, 2023 License: Apache-2.0 Imports: 3 Imported by: 20

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hyperledger/aries-framework-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreateKeyStore(httpClient HTTPClient, keyserverURL, controller, vaultURL string, ...) (string, []byte, error)
type CryptoBox
- func NewCryptoBox(w kms.KeyManager) (*CryptoBox, error)
type HTTPClient
type Opt
type Opts
- func NewOpt() *Opts
type RemoteKMS
- func New(keystoreURL string, client HTTPClient, opts ...Opt) *RemoteKMS

Constants ¶

View Source

const (
	// KeystoreEndpoint represents a remote keystore endpoint with swappable {serverEndpoint} value.
	KeystoreEndpoint = "{serverEndpoint}/v1/keystores"

	// ContentType is remoteKMS http content-type.
	ContentType = "application/json"
)

Variables ¶

This section is empty.

Functions ¶

func CreateKeyStore ¶

func CreateKeyStore(httpClient HTTPClient, keyserverURL, controller, vaultURL string,
	capability []byte, opts ...Opt) (string, []byte, error)

CreateKeyStore calls the key server's create keystore REST function and returns the resulting keystoreURL value. Arguments of this function are described below:

httpClient used to POST the request
keyserverURL representing the key server url
marshaller the marshal function used for marshaling content in the client. Usually: `json.Marshal`
headersOpt optional function setting any necessary http headers for key server authorization

Returns:

keystore URL (if successful)
error (if error encountered)

Types ¶

type CryptoBox ¶

type CryptoBox = webkms.CryptoBox

CryptoBox provides an elliptic-curve-based authenticated encryption scheme executed on a remote key server

Payloads are encrypted using symmetric encryption (XChacha20Poly1305) using a shared key derived from a shared secret created by Curve25519 Elliptic Curve Diffie-Hellman key exchange.

CryptoBox is created by a remote KMS, and remotely reads secret keys from the KMS for encryption/decryption, so clients do not need to see the secrets themselves.

func NewCryptoBox ¶

func NewCryptoBox(w kms.KeyManager) (*CryptoBox, error)

NewCryptoBox creates a CryptoBox which provides remote crypto box encryption using the given KMS's key.

type HTTPClient ¶ added in v0.1.6

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

HTTPClient interface for the http client.

type Opt ¶

type Opt = webkms.Opt

Opt are the remoteKMS option.

func WithCache ¶

func WithCache(cacheSize int) Opt

WithCache add cache. if size is zero cache content will not be purged.

func WithHeaders ¶

func WithHeaders(addHeadersFunc webkms.AddHeaders) Opt

WithHeaders option is for setting additional http request headers (since it's a function, it can call a remote authorization server to fetch the necessary info needed in these headers).

func WithMarshalFn ¶ added in v0.1.6

func WithMarshalFn(fn marshalFunc) Opt

WithMarshalFn allows providing marshal function.

type Opts ¶

type Opts = webkms.Opts

Opts represents option.

func NewOpt ¶

func NewOpt() *Opts

NewOpt creates a new empty option. Not to be used directly. It's intended for implementations of remoteKMS. Use WithHeaders() option function below instead.

type RemoteKMS ¶

type RemoteKMS = webkms.RemoteKMS

RemoteKMS implementation of kms.KeyManager api.

func New ¶

func New(keystoreURL string, client HTTPClient, opts ...Opt) *RemoteKMS

New creates a new remoteKMS instance using http client connecting to keystoreURL.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL