Documentation
¶
Index ¶
- type HTTPClient
- type RemoteCrypto
- func (r *RemoteCrypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error)
- func (r *RemoteCrypto) ComputeMAC(data []byte, keyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) Decrypt(cipher, aad, nonce []byte, keyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, ...) ([]byte, error)
- func (r *RemoteCrypto) Encrypt(msg, aad []byte, keyURL interface{}) ([]byte, []byte, error)
- func (r *RemoteCrypto) GetCorrectnessProof(kh interface{}) ([]byte, error)
- func (r *RemoteCrypto) Sign(msg []byte, keyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) SignMulti(messages [][]byte, signerKeyURL interface{}) ([]byte, error)
- func (r *RemoteCrypto) SignWithSecrets(kh interface{}, values map[string]interface{}, secrets []byte, ...) ([]byte, []byte, error)
- func (r *RemoteCrypto) UnwrapKey(recWK *crypto.RecipientWrappedKey, keyURL interface{}, ...) ([]byte, error)
- func (r *RemoteCrypto) Verify(signature, msg []byte, keyURL interface{}) error
- func (r *RemoteCrypto) VerifyMAC(mac, data []byte, keyURL interface{}) error
- func (r *RemoteCrypto) VerifyMulti(messages [][]byte, signature []byte, signerKeyURL interface{}) error
- func (r *RemoteCrypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, signerKeyURL interface{}) error
- func (r *RemoteCrypto) WrapKey(cek, apu, apv []byte, recPubKey *crypto.PublicKey, opts ...crypto.WrapKeyOpts) (*crypto.RecipientWrappedKey, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type HTTPClient ¶
HTTPClient interface for the http client.
type RemoteCrypto ¶
type RemoteCrypto struct {
// contains filtered or unexported fields
}
RemoteCrypto implementation of kms.KeyManager api.
func New ¶
func New(keystoreURL string, client HTTPClient, opts ...webkmsimpl.Opt) *RemoteCrypto
New creates a new remoteCrypto instance using http client connecting to keystoreURL.
func (*RemoteCrypto) Blind ¶
func (r *RemoteCrypto) Blind(kh interface{}, values ...map[string]interface{}) ([][]byte, error)
Blind will blind provided values with MasterSecret provided in a kh returns:
blinded values in []byte error in case of errors
func (*RemoteCrypto) ComputeMAC ¶
func (r *RemoteCrypto) ComputeMAC(data []byte, keyURL interface{}) ([]byte, error)
ComputeMAC remotely computes message authentication code (MAC) for code data with key at keyURL. using a matching MAC primitive in kh key handle.
func (*RemoteCrypto) Decrypt ¶
func (r *RemoteCrypto) Decrypt(cipher, aad, nonce []byte, keyURL interface{}) ([]byte, error)
Decrypt will remotely decrypt cipher with aad and given nonce using a matching AEAD primitive in a remote key handle at keyURL of a private key. returns:
plainText in []byte error in case of errors
func (*RemoteCrypto) DeriveProof ¶
func (r *RemoteCrypto) DeriveProof(messages [][]byte, bbsSignature, nonce []byte, revealedIndexes []int, signerKeyURL interface{}) ([]byte, error)
DeriveProof will create a BBS+ signature proof for a list of revealed messages using BBS signature (can be built using a Signer's SignMulti() call) and the signer's public key handle found at signerKeyURL. returns:
signature proof in []byte error in case of errors
func (*RemoteCrypto) Encrypt ¶
func (r *RemoteCrypto) Encrypt(msg, aad []byte, keyURL interface{}) ([]byte, []byte, error)
Encrypt will remotely encrypt msg and aad using a matching AEAD primitive in a remote key handle at keyURL of a public key. returns:
cipherText in []byte nonce in []byte error in case of errors during encryption
func (*RemoteCrypto) GetCorrectnessProof ¶
func (r *RemoteCrypto) GetCorrectnessProof(kh interface{}) ([]byte, error)
GetCorrectnessProof will return correctness proof for a public key handle returns:
correctness proof in []byte error in case of errors
func (*RemoteCrypto) Sign ¶
func (r *RemoteCrypto) Sign(msg []byte, keyURL interface{}) ([]byte, error)
Sign will remotely sign msg using a matching signature primitive in remote kh key handle at keyURL of a private key. returns:
signature in []byte error in case of errors
func (*RemoteCrypto) SignMulti ¶
func (r *RemoteCrypto) SignMulti(messages [][]byte, signerKeyURL interface{}) ([]byte, error)
SignMulti will create a BBS+ signature of messages using the signer's private key handle found at signerKeyURL. returns:
signature in []byte error in case of errors
func (*RemoteCrypto) SignWithSecrets ¶
func (r *RemoteCrypto) SignWithSecrets(kh interface{}, values map[string]interface{}, secrets []byte, correctnessProof []byte, nonces [][]byte, did string) ([]byte, []byte, error)
SignWithSecrets will generate a signature and related correctness proof for the provided values using secrets and related DID returns:
signature in []byte correctness proof in []byte error in case of errors
func (*RemoteCrypto) UnwrapKey ¶
func (r *RemoteCrypto) UnwrapKey(recWK *crypto.RecipientWrappedKey, keyURL interface{}, opts ...crypto.WrapKeyOpts) ([]byte, error)
UnwrapKey remotely unwraps a key in recWK using recipient private key found at keyURL. 'opts' allows setting the option sender key handle using WithSender() optionwhere the sender key handle consists of a remote key located in the option as a keyURL. This options allows ECDH-1PU key unwrapping (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt). returns:
unwrapped key in raw bytes error in case of errors
func (*RemoteCrypto) Verify ¶
func (r *RemoteCrypto) Verify(signature, msg []byte, keyURL interface{}) error
Verify will remotely verify a signature for the given msg using a matching signature primitive in a remote key handle at keyURL of a public key. returns:
error in case of errors or nil if signature verification was successful
func (*RemoteCrypto) VerifyMAC ¶
func (r *RemoteCrypto) VerifyMAC(mac, data []byte, keyURL interface{}) error
VerifyMAC remotely determines if mac is a correct authentication code (MAC) for data using a key at KeyURL using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
func (*RemoteCrypto) VerifyMulti ¶
func (r *RemoteCrypto) VerifyMulti(messages [][]byte, signature []byte, signerKeyURL interface{}) error
VerifyMulti will BBS+ verify a signature of messages against the signer's public key handle found at signerKeyURL. returns:
error in case of errors or nil if signature verification was successful
func (*RemoteCrypto) VerifyProof ¶
func (r *RemoteCrypto) VerifyProof(revealedMessages [][]byte, proof, nonce []byte, signerKeyURL interface{}) error
VerifyProof will verify a BBS+ signature proof (generated e.g. by Verifier's DeriveProof() call) for revealedMessages with the signer's public key handle found at signerKeyURL. returns:
error in case of errors or nil if signature proof verification was successful
func (*RemoteCrypto) WrapKey ¶
func (r *RemoteCrypto) WrapKey(cek, apu, apv []byte, recPubKey *crypto.PublicKey, opts ...crypto.WrapKeyOpts) (*crypto.RecipientWrappedKey, error)
WrapKey will remotely execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'. 'opts' allows setting the option sender key handle using WithSender() option where the sender key handle consists of a remote key located in the option as a keyURL. This option allows ECDH-1PU key wrapping (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt).
RecipientWrappedKey containing the wrapped cek value error in case of errors
Source Files