localkms

Documentation

Index

• Constants
• type CryptoBox
  • func NewCryptoBox(w kms.KeyManager) (*CryptoBox, error)
• type LocalKMS
  • func New(primaryKeyURI string, p kms.Provider) (*LocalKMS, error)

Constants

const (
	// Namespace is the store name used when creating a KMS store using kms.NewAriesProviderWrapper.
	// The reason this is here in addition to kms.AriesWrapperStoreName is because
	// the IndexedDB implementation refers to this. FOr the WASM unit tests, the aries-framework-go module import gets
	// replaced with the local version and so in order for both to work correctly, for now we have the constant defined
	// in both places.
	Namespace = localkms.Namespace
)

Types

type CryptoBox

type CryptoBox = localkms.CryptoBox

CryptoBox provides an elliptic-curve-based authenticated encryption scheme

Payloads are encrypted using symmetric encryption (XChacha20Poly1305) using a shared key derived from a shared secret created by

Curve25519 Elliptic Curve Diffie-Hellman key exchange.

CryptoBox is created by a KMS, and reads secret keys from the KMS

for encryption/decryption, so clients do not need to see
the secrets themselves.

func NewCryptoBox

func NewCryptoBox(w kms.KeyManager) (*CryptoBox, error)

NewCryptoBox creates a CryptoBox which provides crypto box encryption using the given KMS's key.

type LocalKMS

type LocalKMS = localkms.LocalKMS

LocalKMS implements kms.KeyManager to provide key management capabilities using a local db. It uses an underlying secret lock service (default local secretLock) to wrap (encrypt) keys prior to storing them.

func New

func New(primaryKeyURI string, p kms.Provider) (*LocalKMS, error)

New will create a new (local) KMS service.