keystore

package

v0.0.3 Latest Latest Go to latest Published: Jun 20, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tbd54566975/ssi-service

Links

Open Source Insights

Documentation ¶

Index ¶

func DecryptKey(serviceKey, encryptedKey []byte) ([]byte, error)
func EncryptKey(serviceKey, key []byte) ([]byte, error)
func GenerateServiceKey(skPassword string) (key, salt string, err error)
func NewEncryption(db storage.ServiceStorage, cfg config.KeyStoreServiceConfig) (Encrypter, Decrypter, error)
func NewExternalEncrypter(ctx context.Context, cfg config.KeyStoreServiceConfig) (Encrypter, Decrypter, error)
type Decrypter
type Encrypter
type GetKeyDetailsRequest
type GetKeyDetailsResponse
type GetKeyRequest
type GetKeyResponse
type KeyDetails
type RevokeKeyRequest
type Service
- func NewKeyStoreService(config config.KeyStoreServiceConfig, s storage.ServiceStorage) (*Service, error)
- func (s Service) Config() config.KeyStoreServiceConfig
- func (s Service) GetKey(ctx context.Context, request GetKeyRequest) (*GetKeyResponse, error)
- func (s Service) GetKeyDetails(ctx context.Context, request GetKeyDetailsRequest) (*GetKeyDetailsResponse, error)
- func (s Service) RevokeKey(ctx context.Context, request RevokeKeyRequest) error
- func (s Service) Sign(ctx context.Context, keyID string, data any) (*keyaccess.JWT, error)
- func (s Service) Status() framework.Status
- func (s Service) StoreKey(ctx context.Context, request StoreKeyRequest) error
- func (s Service) Type() framework.Type
type ServiceKey
type Storage
- func NewKeyStoreStorage(db storage.ServiceStorage, e Encrypter, d Decrypter) (*Storage, error)
- func (kss *Storage) GetKey(ctx context.Context, id string) (*StoredKey, error)
- func (kss *Storage) GetKeyDetails(ctx context.Context, id string) (*KeyDetails, error)
- func (kss *Storage) RevokeKey(ctx context.Context, id string) error
- func (kss *Storage) StoreKey(ctx context.Context, key StoredKey) error
type StoreKeyRequest
type StoredKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecryptKey ¶

func DecryptKey(serviceKey, encryptedKey []byte) ([]byte, error)

DecryptKey encrypts another key with the service key using xchacha20-poly1305

func EncryptKey ¶

func EncryptKey(serviceKey, key []byte) ([]byte, error)

EncryptKey encrypts another key with the service key using xchacha20-poly1305

func GenerateServiceKey ¶

func GenerateServiceKey(skPassword string) (key, salt string, err error)

GenerateServiceKey using argon2 for key derivation generate a service key and corresponding salt, base58 encoding both values.

func NewEncryption ¶

func NewEncryption(db storage.ServiceStorage, cfg config.KeyStoreServiceConfig) (Encrypter, Decrypter, error)

func NewExternalEncrypter ¶

func NewExternalEncrypter(ctx context.Context, cfg config.KeyStoreServiceConfig) (Encrypter, Decrypter, error)

Types ¶

type Decrypter ¶

type Decrypter interface {
	// Decrypt decrypts ciphertext. The second parameter may be treated as associated data for AEAD (as abstracted in
	// https://datatracker.ietf.org/doc/html/rfc5116), or as contextInfofor HPKE (https://www.rfc-editor.org/rfc/rfc9180.html)
	Decrypt(ctx context.Context, ciphertext, contextInfo []byte) ([]byte, error)
}

Decrypter is the interface for any decrypter. May be AEAD or Hybrid.

type Encrypter ¶

type Encrypter interface {
	Encrypt(ctx context.Context, plaintext, contextData []byte) ([]byte, error)
}

Encrypter the interface for any encrypter implementation.

type GetKeyDetailsRequest ¶

type GetKeyDetailsRequest struct {
	ID string
}

type GetKeyDetailsResponse ¶

type GetKeyDetailsResponse struct {
	ID           string
	Type         crypto.KeyType
	Controller   string
	CreatedAt    string
	Revoked      bool
	RevokedAt    string
	PublicKeyJWK jwx.PublicKeyJWK
}

type GetKeyRequest ¶

type GetKeyRequest struct {
	ID string
}

type GetKeyResponse ¶

type GetKeyResponse struct {
	ID         string
	Type       crypto.KeyType
	Controller string
	CreatedAt  string
	Revoked    bool
	RevokedAt  string
	Key        gocrypto.PrivateKey
}

type KeyDetails ¶

type KeyDetails struct {
	ID           string           `json:"id"`
	Controller   string           `json:"controller"`
	KeyType      crypto.KeyType   `json:"keyType"`
	Revoked      bool             `json:"revoked"`
	RevokedAt    string           `json:"revokedAt"`
	CreatedAt    string           `json:"createdAt"`
	PublicKeyJWK jwx.PublicKeyJWK `json:"publicKeyJwk"`
}

KeyDetails represents a common data model to get information about a key, without revealing the key itself

type RevokeKeyRequest ¶

type RevokeKeyRequest struct {
	ID string
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewKeyStoreService ¶

func NewKeyStoreService(config config.KeyStoreServiceConfig, s storage.ServiceStorage) (*Service, error)

func (Service) Config ¶

func (s Service) Config() config.KeyStoreServiceConfig

func (Service) GetKey ¶

func (s Service) GetKey(ctx context.Context, request GetKeyRequest) (*GetKeyResponse, error)

func (Service) GetKeyDetails ¶

func (s Service) GetKeyDetails(ctx context.Context, request GetKeyDetailsRequest) (*GetKeyDetailsResponse, error)

func (Service) RevokeKey ¶

func (s Service) RevokeKey(ctx context.Context, request RevokeKeyRequest) error

TODO(gabe): expose this endpoint https://github.com/TBD54566975/ssi-service/issues/451

func (Service) Sign ¶

func (s Service) Sign(ctx context.Context, keyID string, data any) (*keyaccess.JWT, error)

Sign fetches the key in the store, and uses it to sign data. Data should be json or json-serializable.

func (Service) Status ¶

func (s Service) Status() framework.Status

func (Service) StoreKey ¶

func (s Service) StoreKey(ctx context.Context, request StoreKeyRequest) error

func (Service) Type ¶

func (s Service) Type() framework.Type

type ServiceKey ¶

type ServiceKey struct {
	Base58Key  string
	Base58Salt string
}

type Storage ¶

type Storage struct {
	// contains filtered or unexported fields
}

func NewKeyStoreStorage ¶

func NewKeyStoreStorage(db storage.ServiceStorage, e Encrypter, d Decrypter) (*Storage, error)

func (*Storage) GetKey ¶

func (kss *Storage) GetKey(ctx context.Context, id string) (*StoredKey, error)

func (*Storage) GetKeyDetails ¶

func (kss *Storage) GetKeyDetails(ctx context.Context, id string) (*KeyDetails, error)

func (*Storage) RevokeKey ¶

func (kss *Storage) RevokeKey(ctx context.Context, id string) error

RevokeKey revokes a key by setting the revoked flag to true.

func (*Storage) StoreKey ¶

func (kss *Storage) StoreKey(ctx context.Context, key StoredKey) error

type StoreKeyRequest ¶

type StoreKeyRequest struct {
	ID               string
	Type             crypto.KeyType
	Controller       string
	PrivateKeyBase58 string
}

type StoredKey ¶

type StoredKey struct {
	ID         string         `json:"id"`
	Controller string         `json:"controller"`
	KeyType    crypto.KeyType `json:"keyType"`
	Base58Key  string         `json:"key"`
	Revoked    bool           `json:"revoked"`
	RevokedAt  string         `json:"revokedAt"`
	CreatedAt  string         `json:"createdAt"`
}

StoredKey represents a common data model to store data on all key types

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL