Documentation ¶
Index ¶
- Constants
- Variables
- func VerifySecp256k1Signature(publicKeyDerBase58, messageBase64, signatureBase58 string) (bool, error)
- type AppendOptions
- type Base64Encoder
- type Canonicalizer
- type Ed25519Signer
- type Ed25519Verifier
- type EmbeddedProofMarshaler
- type EncodeOptions
- type Encoder
- type GenericProvable
- type HeaderPrepender
- type JCSCanonicalizer
- type JWSEncoder
- type JWSProofMarshaler
- type KeyType
- type LDSignatureEncoder
- type LDSignatureSuite
- type Marshaler
- type MessageDigest
- type ModelVersion
- type NonceAppender
- type OptionsAppender
- type Proof
- type ProofFactory
- type ProofOptions
- type ProofPurpose
- type Provable
- type RDFCanonicalizer
- type SHA256Encoder
- type SecP256K1KMSSigner
- type Secp256K1Verifier
- type SignatureSuite
- type SignatureSuiteFactory
- type SignatureType
- type Signer
- type Verifier
- type WithoutProofMarshaler
Constants ¶
const ( // The only key type that should be used for Ed25519 keys Ed25519KeyType KeyType = "Ed25519VerificationKey2018" JCSEdSignatureType SignatureType = "JcsEd25519Signature2020" Ed25519SignatureType SignatureType = "Ed25519Signature2018" EcdsaSecp256k1KeyType KeyType = "EcdsaSecp256k1VerificationKey2019" EcdsaSecp256k1SignatureType SignatureType = "EcdsaSecp256k1Signature2019" // Deprecated: do not use this signature type Ed25519KeySignatureType SignatureType = "Ed25519VerificationKey2018" // Deprecated: Do not create more keys of this type. The system can still use these keys // for support of existing DID Documents. WorkEdKeyType KeyType = "WorkEd25519VerificationKey2020" // Deprecated: Do not create more signatures of this type. The system can still verify these // signatures in existing signed documents. WorkEdSignatureType SignatureType = "WorkEd25519Signature2020" V1 ModelVersion = 1 V2 ModelVersion = 2 AuthenticationPurpose ProofPurpose = "authentication" AssertionMethodPurpose ProofPurpose = "assertionMethod" )
Variables ¶
var (
EmptyProof = Proof{}
)
Functions ¶
func VerifySecp256k1Signature ¶
func VerifySecp256k1Signature(publicKeyDerBase58, messageBase64, signatureBase58 string) (bool, error)
TODO This method should be deprecated in place of signature suite validation VerifySecp256k1Signature decodes the base64 message and verifies that the Secp256k1 digital signature was generated by the private key associated with publicKeyDerBase58.
Types ¶
type AppendOptions ¶
type Base64Encoder ¶
type Base64Encoder struct{}
TODO(gabe) consider moving the Base64 encoding into the Canonicalizer instead of as a Digest. Base64Encoder base64 encodes the payload. This is only included to be compatible with the existing proof signatures on verifiable credentials. There's no benefit to base64 encoding a byte array that represents utf-8 characters, since little- and big-endianness does not apply.
type Canonicalizer ¶
Canonicalizer transforms a JSON byte array into its canonical form.
type Ed25519Signer ¶
type Ed25519Signer struct { // The fully qualified key id (e.g. did:work:abcd#key-1) KeyID string PrivateKey ed25519.PrivateKey }
Unification type for all ed25519 based signers Intended to be constructed via the `NewEd25519Signer` method
func (*Ed25519Signer) ID ¶
func (s *Ed25519Signer) ID() string
func (*Ed25519Signer) Type ¶
func (s *Ed25519Signer) Type() KeyType
type Ed25519Verifier ¶
func (*Ed25519Verifier) Type ¶
func (v *Ed25519Verifier) Type() KeyType
type EmbeddedProofMarshaler ¶
type EmbeddedProofMarshaler struct{}
EmbeddedProofMarshaler transforms the Provable into JSON, and leaves an embedded Proof sans the signature value. This will effectively pass the Proof Options (metadata) into the signing algorithm as part of the canonicalized JSON payload.
type EncodeOptions ¶
type EncodeOptions struct {
JWSHeader string
}
type GenericProvable ¶
A generic holder for an object with an embedded proof. The JSON cannot be assumed to be canonical and it is recommended that it is run through the appropriate canonicalizer before signing.
func (*GenericProvable) GetProof ¶
func (g *GenericProvable) GetProof() *Proof
func (*GenericProvable) SetProof ¶
func (g *GenericProvable) SetProof(p *Proof)
type HeaderPrepender ¶
type HeaderPrepender struct{}
HeaderPrepender prepends a header to the data for a JWS
func (*HeaderPrepender) Append ¶
func (h *HeaderPrepender) Append(data []byte, options *AppendOptions) []byte
type JCSCanonicalizer ¶
type JCSCanonicalizer struct{}
JCSCanonicalizer transforms a JSON byte array using the JSON Canonicalization Scheme algorithm.
func (*JCSCanonicalizer) Canonicalize ¶
func (c *JCSCanonicalizer) Canonicalize(jsonBytes []byte) ([]byte, error)
type JWSEncoder ¶
type JWSEncoder struct {
// contains filtered or unexported fields
}
func (*JWSEncoder) DecodeSignature ¶
func (e *JWSEncoder) DecodeSignature(provable Provable) ([]byte, error)
func (*JWSEncoder) Encode ¶
func (e *JWSEncoder) Encode(provable Provable) ([]byte, error)
Prepare a provable for JWSification https://w3c-ccg.github.io/ld-proofs/#create-verify-hash-algorithm
func (*JWSEncoder) SetSignatureValue ¶
func (e *JWSEncoder) SetSignatureValue(provable Provable, signature []byte) error
type JWSProofMarshaler ¶
type JWSProofMarshaler struct{}
type KeyType ¶
type KeyType string
Type is the type of cryptographic key that is listed in a DID Document.
type LDSignatureEncoder ¶
type LDSignatureEncoder struct {
// contains filtered or unexported fields
}
func (*LDSignatureEncoder) DecodeSignature ¶
func (e *LDSignatureEncoder) DecodeSignature(provable Provable) ([]byte, error)
func (*LDSignatureEncoder) Encode ¶
func (e *LDSignatureEncoder) Encode(provable Provable) ([]byte, error)
func (*LDSignatureEncoder) SetSignatureValue ¶
func (e *LDSignatureEncoder) SetSignatureValue(provable Provable, signature []byte) error
type LDSignatureSuite ¶
type LDSignatureSuite struct { SignatureType SignatureType KeyType KeyType ProofFactory ProofFactory Encoder Encoder }
LDSignatureSuite is a SignatureSuite based on the Linked-Data Signatures specification. See https://w3c-ccg.github.io/ld-proofs/#linked-data-signatures.
func (LDSignatureSuite) Sign ¶
func (s LDSignatureSuite) Sign(provable Provable, signer Signer, opts *ProofOptions) error
Sign adds a digital signature to the provable object in the form of a Proof. The type of Proof is determined by the ProofFactory used to construct this suite. Returns an error if the provable object already contains a Proof or if any error is encountered when generating the digital signature.
func (LDSignatureSuite) Type ¶
func (s LDSignatureSuite) Type() SignatureType
Type returns the SignatureType that this suite is capable of generating and verifying.
type Marshaler ¶
Marshaler turns a Provable object into a JSON byte array. The JSON is not expected to be in canonical form; we have a separate Canonicalizer for that. Instead, this method gives the flexibility to add custom marshaling over the standard json.Marshal(). For example, some suites expect an embedded Proof object, while others do not. This type of manipulation should be handled here (or in OptionAppender if after canonicalization).
type MessageDigest ¶
MessageDigest transforms a byte array into a more compact byte array using a hashing digest algorithm, such as sha256. This creates a smaller payload for the digital signature.
It should be noted that some ProofAlgorithms natively use a digest, such as the Ed25519 Ecdsa, which uses SHA512 under the hood. Therefore, we don't need to use a separate MessageDigest when signing with Ed25519 keys.
type ModelVersion ¶
type ModelVersion int
type NonceAppender ¶
type NonceAppender struct{}
NonceAppender appends ".<nonce>" to the payload before signing or verifying. The nonce adds randomness in order to prevent a replay attack. Workday's earlier signature algorithms only included this field and did not sign over the other proof metadata fields.
func (*NonceAppender) Append ¶
func (n *NonceAppender) Append(data []byte, options *AppendOptions) []byte
type OptionsAppender ¶
type OptionsAppender interface {
Append(data []byte, options *AppendOptions) []byte
}
OptionsAppender appends the proof options (metadata) to the payload before signing or verifying.
type Proof ¶
type Proof struct { // Created is the datetime (RFC3339) when the signature was generated. Created string `json:"created,omitempty"` // required // ProofPurpose is the specific intent for the proof, the reason why an entity created it. // Acts as a safeguard to prevent the proof from being misused for a purpose other than the one it was intended for. ProofPurpose ProofPurpose `json:"proofPurpose,omitempty"` // required // Deprecated: Creator is a reference to the public key used to verify this signature. Creator string `json:"creator,omitempty"` // VerificationMethod is a reference to the public key used to verify this signature. VerificationMethod string `json:"verificationMethod,omitempty"` // required // Deprecated (use challenge): Nonce is a random value (e.g. uuid) used to prevent replay attacks. Nonce string `json:"nonce,omitempty"` // SignatureValue is the digital signature. SignatureValue string `json:"signatureValue,omitempty"` // Type is the algorithm used to generate and verify the signature. Type SignatureType `json:"type"` // JWS represents an optional field for an encoded JSON Web Signature JWS string `json:"jws,omitempty"` // Domain is a string value specifying the restricted domain of the proof. Domain string `json:"domain,omitempty"` // Challenge is a random or pseudo-random value used by some authentication protocols to mitigate replay attacks. Challenge string `json:"challenge,omitempty"` }
Proof represents a verifiable digital signature conforming to https://www.w3.org/TR/vc-data-model/#proofs-signatures
func (*Proof) GetVerificationMethod ¶
Utility for backwards compatibility of the "creator" property, which has been replaced by "verificationMethod" in later drafts of the Verifiable Credentials specification.
func (*Proof) ModelVersion ¶
func (p *Proof) ModelVersion() ModelVersion
type ProofFactory ¶
type ProofFactory interface {
Create(signer Signer, signatureType SignatureType, opts *ProofOptions) *Proof
}
ProofFactory creates proofs given a signer and signature type
type ProofOptions ¶
type ProofOptions struct { ProofPurpose ProofPurpose Domain string Challenge string }
type ProofPurpose ¶
type ProofPurpose string
type Provable ¶
Provable is an interface that allows in-place retrieval and modification of proof objects.
type RDFCanonicalizer ¶
type RDFCanonicalizer struct{}
func (*RDFCanonicalizer) Canonicalize ¶
func (c *RDFCanonicalizer) Canonicalize(jsonBytes []byte) ([]byte, error)
type SHA256Encoder ¶
type SHA256Encoder struct{}
SHA256Encoder creates a SHA-256 hash of the payload.
type SecP256K1KMSSigner ¶
func (SecP256K1KMSSigner) ID ¶
func (s SecP256K1KMSSigner) ID() string
func (SecP256K1KMSSigner) Type ¶
func (s SecP256K1KMSSigner) Type() KeyType
type Secp256K1Verifier ¶
type Secp256K1Verifier struct {
PublicKey []byte
}
func (*Secp256K1Verifier) Type ¶
func (v *Secp256K1Verifier) Type() KeyType
type SignatureSuite ¶
type SignatureSuite interface { Type() SignatureType Sign(provable Provable, signer Signer, opts *ProofOptions) error Verify(provable Provable, verifier Verifier) error }
SignatureSuite is a set of algorithms that specify how to sign and verify provable objects. This model is based on the W3C Linked-Data Proofs, see https://w3c-ccg.github.io/ld-proofs.
type SignatureSuiteFactory ¶
type SignatureSuiteFactory interface { // GetSuiteForProof returns the corresponding signature suite the proof was created using GetSuiteForProof(proof *Proof) (SignatureSuite, error) // GetSuiteForCredentialsProof returns the corresponding signature suite the credential proof was created using GetSuiteForCredentialsProof(proof *Proof) (SignatureSuite, error) // GetSuite returns the signature suite corresponding to the provided type and version of the suite GetSuite(signatureType SignatureType, version ModelVersion) (SignatureSuite, error) // GetSuiteForCredentials returns the signature suite corresponding to the provided // type and version of the suite for credential signing GetSuiteForCredentials(signatureType SignatureType, version ModelVersion) (SignatureSuite, error) }
func SignatureSuites ¶
func SignatureSuites() SignatureSuiteFactory
type SignatureType ¶
type SignatureType string
SignatureType is the signature suite that was used to generate a digital signature, and therefore the algorithm that must be used to verify a signature.
func (SignatureType) UsesNonce ¶
func (s SignatureType) UsesNonce() bool
Provides which signature types use a nonce in their proofs
type Signer ¶
Signer can generate digital signatures using a particular signing algorithm. This is basically a wrapper around a private key.
Note: some signature suites require more sophisticated introspection (into json/structs), which can be used in conjunction with what this interface provides.
func NewEd25519Signer ¶
func NewEd25519Signer(key ed25519.PrivateKey, keyID string) (Signer, error)
NewEd25519Signer is used to build a signer with validations
type Verifier ¶
Verifier can verify a digital signature of a particular signing algorithm. This is basically a wrapper around a public key.
type WithoutProofMarshaler ¶
type WithoutProofMarshaler struct{}
WithoutProofMarshaler transforms the Provable into JSON, and strips the proof.