Documentation
¶
Index ¶
- Constants
- Variables
- func DecryptLocker(envelope *DataEnvelope, key *model.AESKey) (*model.Locker, error)
- func DecryptValue(envelope *DataEnvelope, key *model.AESKey, id *string) (string, error)
- func GenerateHostedKeyFromNode(node slip10.Node) *model.AESKey
- func GenerateIDHMACKey() []byte
- func GenerateKeysFromRecoveryPhrase(recoveryPhrase string) (*model.AESKey, ed25519.PublicKey, ed25519.PrivateKey, error)
- func GenerateManagedFromHostedKey(hostedKey *model.AESKey) *model.AESKey
- func HashID(id string, secret []byte) string
- func HashUserPassword(passphrase string) string
- func IsCorrectIdentityType(val string) bool
- func ReHashPassphrase(acct *Account, hashFunction PasswordHashFunction) error
- type Account
- func ChangePassphrase(acct *Account, currentPassphrase, newPassphrase string, isHash bool) (*Account, error)
- func Recover(acct *Account, cryptoKey *model.AESKey, newPassphrase string) (*Account, error)
- func RecoverManaged(acct *Account, managedCryptoKey *model.AESKey, hashedNewPassphrase string) (*Account, error)
- type DataEnvelope
- func EncryptIdentity(idy *Identity, idSecret []byte, key *model.AESKey) (*DataEnvelope, error)
- func EncryptLocker(locker *model.Locker, idSecret []byte, key *model.AESKey) (*DataEnvelope, error)
- func EncryptValue(key string, val string, lvl model.AccessLevel, idSecret []byte, ...) (*DataEnvelope, error)
- type EntropyFunction
- type GenerationResponse
- type Identity
- type Option
- func WithCustomEntropy(entropyFunc EntropyFunction) Option
- func WithDIDMethod(method string) Option
- func WithFirstBlock(firstBlock int64) Option
- func WithHashedPassphraseAuth(hashedPassphrase string) Option
- func WithLogger(logInstance *zerolog.Logger) Option
- func WithMaster(parentAcct *Account, masterNode slip10.Node) Option
- func WithPassphraseAuth(passphrase string) Option
- func WithRegistrationCode(regCode string) Option
- func WithRootIdentity(rootIdentity *model.DID) Option
- func WithSLRK(secondLevelRecoveryKey []byte) Option
- type Options
- type PasswordHashFunction
- type RecoveryCode
- type RecoveryRequest
- type SecretStore
- func (ss *SecretStore) Copy() *SecretStore
- func (ss *SecretStore) ExtractPayloadKey(passphrase string) (*model.AESKey, error)
- func (ss *SecretStore) GetPayload(key *model.AESKey) (*SecretStorePayload, error)
- func (ss *SecretStore) UpdatePayload(payload *SecretStorePayload, key *model.AESKey) error
- func (ss *SecretStore) Validate() error
- type SecretStorePayload
Constants ¶
View Source
const ( CurrentAccountVersion uint32 = 4 Type = "Account" StateActive = "active" StateSuspended = "suspended" StateDeleted = "deleted" StateRecovery = "recovery" )
View Source
const ( IdentityTypeRoot = "Root" IdentityTypeVerinym = "Verinym" IdentityTypePersona = "Persona" IdentityTypeDigitalTwin = "DigitalTwin" IdentityTypePairwise = "PairwiseIdentity" IdentityTypeAnonymous = "AnonymousIdentity" )
Variables ¶
View Source
var ( Version = CurrentAccountVersion ErrInvalidPassphrase = errors.New("invalid passphrase") )
Functions ¶
func DecryptLocker ¶
func DecryptValue ¶
func GenerateIDHMACKey ¶
func GenerateIDHMACKey() []byte
func HashUserPassword ¶
func IsCorrectIdentityType ¶
func ReHashPassphrase ¶
func ReHashPassphrase(acct *Account, hashFunction PasswordHashFunction) error
Note: this call is expensive when invoked with the default hashing function (recommended).
Types ¶
type Account ¶
type Account struct {
ID string `json:"id,omitempty"`
Type string `json:"type"`
Version uint32 `json:"version,omitempty"`
Email string `json:"email"`
EncryptedPassword string `json:"encryptedPassword"`
MasterAccount string `json:"master,omitempty"`
ParentAccount string `json:"parent,omitempty"`
State string `json:"state,omitempty"`
RegisteredAt *time.Time `json:"registeredAt"`
Name string `json:"name"`
GivenName string `json:"givenName,omitempty"`
FamilyName string `json:"familyName,omitempty"`
AccessLevel model.AccessLevel `json:"level"`
RecoveryPublicKey string `json:"recoveryPublicKey,omitempty"`
EncryptedRecoverySecret string `json:"encryptedRecoverySecret,omitempty"`
DefaultVault string `json:"defaultVault,omitempty"`
ManagedSecretStore *SecretStore `json:"managedSecretStore,omitempty"`
HostedSecretStore *SecretStore `json:"hostedSecretStore,omitempty"`
DerivationIndex uint32 `json:"derivationIndex,omitempty"`
}
Account represents a MetaLocker account. Its JSON representation can be used to store accounts in the MetaLocker backend. Generally, it doesn't contain any secrets that may give access to the account's data, but some fields, such as EncryptedPassword, should be protected to avoid dictionary attacks. It's recommended to store account definition in an encrypted form.
func ChangePassphrase ¶
func RecoverManaged ¶ added in v1.2.0
func RecoverManaged(acct *Account, managedCryptoKey *model.AESKey, hashedNewPassphrase string) (*Account, error)
RecoverManaged recovers a managed account for clients that don't have access to advanced cryptography.
func (*Account) ExtractManagedKey ¶
func (*Account) RestrictedCopy ¶
type DataEnvelope ¶
type DataEnvelope struct {
Hash string `json:"hash"`
AccessLevel model.AccessLevel `json:"lvl"`
EncryptedID string `json:"id,omitempty"`
EncryptedBody string `json:"data"`
}
func EncryptIdentity ¶
func EncryptLocker ¶
func EncryptValue ¶
func EncryptValue(key string, val string, lvl model.AccessLevel, idSecret []byte, aesKey *model.AESKey) (*DataEnvelope, error)
func (DataEnvelope) Bytes ¶
func (ie DataEnvelope) Bytes() []byte
func (DataEnvelope) Validate ¶
func (ie DataEnvelope) Validate() error
type EntropyFunction ¶
type EntropyFunction func() []byte
func DefaultEntropyFunction ¶
func DefaultEntropyFunction() EntropyFunction
type GenerationResponse ¶
type GenerationResponse struct {
Account *Account
RegistrationCode string
RecoveryPhrase string
SecondLevelRecoveryCode string
RootIdentities []*Identity
EncryptedIdentities []*DataEnvelope
EncryptedLockers []*DataEnvelope
}
func GenerateAccount ¶
func GenerateAccount(acctTemplate *Account, opts ...Option) (*GenerationResponse, error)
type Identity ¶
type Identity struct {
// DID is the identity's full DID definition, including its keys.
DID *model.DID `json:"did"`
// Created is the time when the identity was created.
Created *time.Time `json:"created"`
// Name is the name of the identity (only accessible to the account owner
// for navigation/documentation purposes).
Name string `json:"name,omitempty"`
// Type is the identity's type.
Type string `json:"type"`
// AccessLevel is the identity's access level. Data wallet needs to
// be unlocked to a specific access level to gain access to identities
// at this level or higher.
AccessLevel model.AccessLevel `json:"level"`
// Lockers field is only used for imports to consolidate
// the data in one structure (Identity). This field is always
// empty, when Data Wallet returns the identity.
Lockers []*model.Locker `json:"lockers,omitempty"`
}
func DecryptIdentity ¶
func DecryptIdentity(envelope *DataEnvelope, key *model.AESKey) (*Identity, error)
type Option ¶
type Option func(opts *accountOptions) error
Option is for defining parameters when creating new accounts
func WithCustomEntropy ¶
func WithCustomEntropy(entropyFunc EntropyFunction) Option
func WithDIDMethod ¶
func WithFirstBlock ¶
func WithLogger ¶
func WithPassphraseAuth ¶
func WithRegistrationCode ¶
func WithRootIdentity ¶
type PasswordHashFunction ¶
type RecoveryCode ¶
type RecoveryCode struct {
Code string `json:"code"`
UserID string `json:"userID"`
ExpiresAt *time.Time `json:"expiresAt"`
}
func NewRecoveryCode ¶
func NewRecoveryCode(userID string, secondsTTL int64) (*RecoveryCode, error)
func (RecoveryCode) Bytes ¶
func (rc RecoveryCode) Bytes() []byte
type RecoveryRequest ¶
type RecoveryRequest struct {
UserID string `json:"userID"`
RecoveryCode string `json:"recoveryCode"`
VerificationSignature string `json:"signature"`
EncryptedPassword string `json:"encryptedPassword"`
ManagedCryptoKey string `json:"managedCryptoKey,omitempty"`
}
func BuildRecoveryRequest ¶
func BuildRecoveryRequest(userID, recoveryCode string, privKey ed25519.PrivateKey, newPassphrase string, cryptoKey *model.AESKey) *RecoveryRequest
BuildRecoveryRequest creates a recovery request structure that can be sent to /v1/recover-account endpoint to regain access to a MetaLocker account. if cryptoKey is passed, the request will contain the account's managed crypto key in a cleartext form. This enables server side recovery for managed accounts for clients that don't have access to advanced cryptography.
func (*RecoveryRequest) Valid ¶
func (req *RecoveryRequest) Valid(recoveryPublicKey []byte) bool
type SecretStore ¶
type SecretStore struct {
AccessLevel model.AccessLevel `json:"level"`
MasterKeyParams string `json:"masterKeyParams,omitempty"`
EncryptedPayloadKey string `json:"encryptedPayloadKey,omitempty"`
EncryptedPayload string `json:"encryptedPayload,omitempty"`
}
func (*SecretStore) Copy ¶
func (ss *SecretStore) Copy() *SecretStore
func (*SecretStore) ExtractPayloadKey ¶
func (ss *SecretStore) ExtractPayloadKey(passphrase string) (*model.AESKey, error)
func (*SecretStore) GetPayload ¶
func (ss *SecretStore) GetPayload(key *model.AESKey) (*SecretStorePayload, error)
func (*SecretStore) UpdatePayload ¶
func (ss *SecretStore) UpdatePayload(payload *SecretStorePayload, key *model.AESKey) error
func (*SecretStore) Validate ¶
func (ss *SecretStore) Validate() error
type SecretStorePayload ¶
type SecretStorePayload struct {
Identities []*Identity `json:"ii,omitempty"`
ManagedHMACKey string `json:"mhk,omitempty"`
ManagedEncryptionKey string `json:"mek,omitempty"`
HostedHMACKey string `json:"hhk,omitempty"`
HostedEncryptionKey string `json:"hek,omitempty"`
AccountRootKey string `json:"ark,omitempty"`
ManagedRootLocker string `json:"marl,omitempty"`
HostedRootLocker string `json:"harl,omitempty"`
}
func (*SecretStorePayload) Zero ¶
func (ssp *SecretStorePayload) Zero()
Source Files
Click to show internal directories.
Click to hide internal directories.