revocation

package

v0.0.0-...-55a0270 Latest Latest Go to latest Published: Dec 15, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/workdaycredentials/ledger-common

Links

Open Source Insights

Documentation ¶

Index ¶

func Blind(password string, payload []byte) ([]byte, error)
func BlindRevocation(credentialID string, r *ledger.Revocation) ([]byte, error)
func Unblind(bits []byte, password string) (opened []byte, err error)
func UnblindRevocation(bits []byte, credentialID string, r *ledger.Revocation) (err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Blind(password string, payload []byte) ([]byte, error)

Blind password-encrypts the supplied byte array. The password and a random 8-byte salt are used as inputs to the PBKDF2 key generation algorithm, and the resulting key plus a random 12-byte nonce are used to encrypt the payload using Galois Counter Mode (GCM) block encryption. The salt and nonce are prepended to the encrypted output, i.e. output = salt + nonce + ciphertext.

func BlindRevocation ¶

func BlindRevocation(credentialID string, r *ledger.Revocation) ([]byte, error)

BlindRevocation password-encrypts the revocation using the credential ID. Why encrypt revocations? If revocations are stored on a public ledger, then it is possible to correlate behaviors of credential issuers by data mining the revocation transactions. The purpose of storing the revocation on the ledger is to provide a strong trust anchor for monitoring the validity of a credential. This is useful in the context of credentials that have been shared by the holder with a set of verifiers. In other words, this information is useful for anybody that has seen the credential--presumably with the permission of the holder. Therefore, we have chosen to use the credential ID as the password, since it is a readily available, unique piece of information.

See Blind for details on the encryption scheme.

func Unblind ¶

func Unblind(bits []byte, password string) (opened []byte, err error)

Unblind decrypts a password-encrypted object using the supplied password.

See Blind for details on the encryption scheme.

func UnblindRevocation ¶

func UnblindRevocation(bits []byte, credentialID string, r *ledger.Revocation) (err error)

UnblindRevocation decrypts a password-encrypted revocation using the credential ID.

See Blind for details on the encryption scheme.

Types ¶

This section is empty.

Source Files ¶

View all Source files

crypto.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

func Blind ¶

func BlindRevocation ¶

func Unblind ¶

func UnblindRevocation ¶

Types ¶

Source Files ¶