webkms

package

v0.3.2 Latest Latest Go to latest Published: May 9, 2023 License: Apache-2.0 Imports: 3 Imported by: 20

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hyperledger/aries-framework-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreateKeyStore(httpClient HTTPClient, keyserverURL, controller, vaultURL string, ...) (string, []byte, error)
type CryptoBox
- func NewCryptoBox(w kms.KeyManager) (*CryptoBox, error)
type HTTPClient
type Opt
type Opts
- func NewOpt() *Opts
type RemoteKMS
- func New(keystoreURL string, client HTTPClient, opts ...Opt) *RemoteKMS

Constants ¶

View Source

const (
	// KeystoreEndpoint represents a remote keystore endpoint with swappable {serverEndpoint} value.
	KeystoreEndpoint = "{serverEndpoint}/v1/keystores"

	// ContentType is remoteKMS http content-type.
	ContentType = "application/json"
)

Variables ¶

This section is empty.

Functions ¶

func CreateKeyStore ¶

func CreateKeyStore(httpClient HTTPClient, keyserverURL, controller, vaultURL string,
	capability []byte, opts ...Opt) (string, []byte, error)

CreateKeyStore calls the key server's create keystore REST function and returns the resulting keystoreURL value. Arguments of this function are described below:

httpClient used to POST the request
keyserverURL representing the key server url
marshaller the marshal function used for marshaling content in the client. Usually: `json.Marshal`
headersOpt optional function setting any necessary http headers for key server authorization

Returns:

keystore URL (if successful)
error (if error encountered)

Types ¶

type CryptoBox ¶

type CryptoBox = webkms.CryptoBox

CryptoBox provides an elliptic-curve-based authenticated encryption scheme executed on a remote key server

Payloads are encrypted using symmetric encryption (XChacha20Poly1305) using a shared key derived from a shared secret created by Curve25519 Elliptic Curve Diffie-Hellman key exchange.

CryptoBox is created by a remote KMS, and remotely reads secret keys from the KMS for encryption/decryption, so clients do not need to see the secrets themselves.

func NewCryptoBox ¶

func NewCryptoBox(w kms.KeyManager) (*CryptoBox, error)

NewCryptoBox creates a CryptoBox which provides remote crypto box encryption using the given KMS's key.

type HTTPClient ¶ added in v0.1.6

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

HTTPClient interface for the http client.

type Opt ¶

type Opt = webkms.Opt

Opt are the remoteKMS option.

func WithCache ¶

func WithCache(cacheSize int) Opt

WithCache add cache. if size is zero cache content will not be purged.

func WithHeaders ¶

func WithHeaders(addHeadersFunc webkms.AddHeaders) Opt

WithHeaders option is for setting additional http request headers (since it's a function, it can call a remote authorization server to fetch the necessary info needed in these headers).

func WithMarshalFn ¶ added in v0.1.6

func WithMarshalFn(fn marshalFunc) Opt

WithMarshalFn allows providing marshal function.

type Opts ¶

type Opts = webkms.Opts

Opts represents option.

func NewOpt ¶

func NewOpt() *Opts

NewOpt creates a new empty option. Not to be used directly. It's intended for implementations of remoteKMS. Use WithHeaders() option function below instead.

type RemoteKMS ¶

type RemoteKMS = webkms.RemoteKMS

RemoteKMS implementation of kms.KeyManager api.

func New ¶

func New(keystoreURL string, client HTTPClient, opts ...Opt) *RemoteKMS

New creates a new remoteKMS instance using http client connecting to keystoreURL.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL