README
¶
Vey - Email Verifying Keyserver
Vey is an Email Verifying Keyserver. It is an HTTP API server that provides APIs to get, delete and put public keys for verified email addresses.
Saving a public key requires access to the email address and the private key. You prove that you have access to the email address and the private key by receiving a challenge in email and signing it with the private key.
Deleting a key requires access to the email address. You have to be able to receive an email that includes a token.
Goals
- Do not store emails
- Realistic authentication to put and delete your keys
Interface
The rough idea of Vey's interface.
// Vey represent the public API of Email Verifying Keyserver.
// Structs that implement Vey interface may use Cache, Verifier, Store interface to implement the API.
type Vey interface {
GetKeys(email string) ([]PublicKey, error)
BeginDelete(email string, publicKey PublicKey) (token []byte, err error)
CommitDelete(token []byte) error
BeginPut(email string, publicKey PublicKey) (challenge []byte, err error)
CommitPut(challenge, signature []byte) error
}
// Cache is a short-term key value store.
type Cache interface {
Set([]byte, Cached) error
Get([]byte) (Cached, error)
Del([]byte) error
}
type Cached struct {
EmailDigest
PublicKey
}
// Verifier verifies the signature with the public key.
type Verifier interface {
Verify(publicKey PublicKey, signature, challenge []byte) bool
}
// Store stores the public keys for a given email address hash.
// We do not have to store the email. The hash of it is enough.
type Store interface {
Get(EmailDigest) ([]PublicKey, error)
Delete(EmailDigest, PublicKey) error
Put(EmailDigest, PublicKey) error
}
type PublicKeyType int
const (
SSHEd25519 PublicKeyType = iota
)
type PublicKey struct {
PublicKey []byte
Type PublicKeyType
}
// EmailDigest is a hash of an email address.
type EmailDigest string
// Digester takes an email and returns a hash of it.
type Digester interface {
Of(email string) EmailDigest
}
Vey?
From "Verify Email keYserver". Pronounce like "Hey" replacing H with V.
Documentation
¶
Index ¶
- Variables
- func IsNotFound(err error) bool
- func NewChallenge() ([]byte, error)
- func NewToken() ([]byte, error)
- func VeyTest(t *testing.T, v Vey)
- type Cache
- type Cached
- type Digest
- type Digester
- type DynamoDbCache
- type DynamoDbCacheItem
- type DynamoDbStore
- type DynamoDbStoreItem
- type EmailDigest
- type Logger
- type MemCache
- type MemStore
- type PublicKey
- type PublicKeyType
- type SSHEd25519Verifier
- type Store
- type Verifier
- type Vey
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNotFound indicates that the token or challenge is not found in the cache, or it has expired. ErrNotFound = errors.New("not found") // ErrVerifyFailed indicates that the signature is invalid. ErrVerifyFailed = errors.New("verify failed") ErrInvalidEmail = errors.New("invalid email") )
Functions ¶
func IsNotFound ¶
func NewChallenge ¶
Types ¶
type Cache ¶
Cache is a short-term key value store.
func NewDynamoDbCache ¶
NewDynamoDbCache creates a new Cache implementation that is backed by DynamoDB. expiresIn is the duration after which the item expires, using DynamoDB TTL.
func NewMemCache ¶
type Cached ¶
type Cached struct {
EmailDigest
PublicKey
}
type Digest ¶
type Digest struct {
// contains filtered or unexported fields
}
Digest implements Digester interface.
func (Digest) Of ¶
func (d Digest) Of(email string) EmailDigest
type Digester ¶
type Digester interface {
Of(email string) EmailDigest
}
Digester takes an email and returns a hash of it.
func NewDigester ¶
type DynamoDbCache ¶
type DynamoDbCache struct {
TableName string
D *dynamodb.DynamoDB
// contains filtered or unexported fields
}
func (*DynamoDbCache) Del ¶
func (s *DynamoDbCache) Del(b []byte) error
type DynamoDbCacheItem ¶
type DynamoDbCacheItem struct {
ID []byte
Cached Cached
// ExpiresAt is used by DynamoDB TTL to expire the item after DynamoDbCache.expiresIn duration.
ExpiresAt time.Time `dynamodbav:",unixtime"`
}
DynamoDbCacheItem represents a single item in the DynamoDB cache table.
type DynamoDbStore ¶
func (*DynamoDbStore) Delete ¶
func (s *DynamoDbStore) Delete(d EmailDigest, publicKey PublicKey) error
Delete atomically deletes the public key from the set of public keys for the email digest.
func (*DynamoDbStore) Get ¶
func (s *DynamoDbStore) Get(d EmailDigest) ([]PublicKey, error)
func (*DynamoDbStore) Put ¶
func (s *DynamoDbStore) Put(d EmailDigest, publicKey PublicKey) error
Put atomically adds the public key in the set of public keys for the email digest.
type DynamoDbStoreItem ¶
type DynamoDbStoreItem struct {
ID []byte
// PublicKeys is a set of PublicKeys marshalled into []byte.
// The first byte is the PublicKey.Type and the rest is the PublicKey.Key .
PublicKeys [][]byte `dynamodbav:"publickeys,omitempty,binaryset"`
}
DynamoDbStoreItem represents a single item in the DynamoDB store table.
func (DynamoDbStoreItem) Keys ¶
func (item DynamoDbStoreItem) Keys() ([]PublicKey, error)
type EmailDigest ¶
type EmailDigest []byte
EmailDigest is a hash of an email address. EmailDigest is a []byte, it cannot be used as a map key.
type MemCache ¶
type MemCache struct {
// contains filtered or unexported fields
}
MemCache implements Cache interface. MemCache is for testing purposes only. MemCache lacks expiry.
type PublicKey ¶
type PublicKey struct {
// Key is in OpenSSH authorized_keys format.
// SSHEd25519 is only supported now, so Key should start with "ssh-ed25519 ".
Key []byte `json:"key"`
Type PublicKeyType `json:"type"`
}
type SSHEd25519Verifier ¶
type SSHEd25519Verifier struct{}
SSHEd25519Verifier implements Verifier interface.
type Store ¶
type Store interface {
Get(EmailDigest) ([]PublicKey, error)
Delete(EmailDigest, PublicKey) error
Put(EmailDigest, PublicKey) error
}
Store stores a unique set of public keys for a given email address hash. We do not have to store the email. The hash of it is enough.
func NewMemStore ¶
func NewMemStore() Store
type Verifier ¶
Verifier verifies the signature with the public key.
func NewVerifier ¶
func NewVerifier(t PublicKeyType) Verifier
type Vey ¶
type Vey interface {
GetKeys(email string) ([]PublicKey, error)
BeginDelete(email string, publicKey PublicKey) (token []byte, err error)
CommitDelete(token []byte) error
BeginPut(email string, publicKey PublicKey) (challenge []byte, err error)
CommitPut(challenge, signature []byte) error
}
Vey represent the public API of Email Verifying Keyserver. Structs that implement Vey interface may use Cache, Verifier, Store interface to implement the API.
Source Files
Directories