Packages

trait KmsDriver extends api.KmsDriver with AutoCloseable

The interface for a pluggable KMS implementation, that is, a KMS Driver.

Cryptographic operations are async, i.e., they return a Future. In case of failures, the future must be failed with a KmsDriverException.

Each KMS operation takes an OpenTelemetry io.opentelemetry.context.Context as a trace context that can optionally be propagated to the external KMS.

Linear Supertypes
AutoCloseable, api.KmsDriver, AnyRef, Any
Known Subclasses
AwsKmsDriver
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. KmsDriver
  2. AutoCloseable
  3. KmsDriver
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Abstract Value Members

  1. abstract def close(): Unit
    Definition Classes
    AutoCloseable
    Annotations
    @throws(classOf[java.lang.Exception])
  2. abstract def decryptAsymmetric(ciphertext: Array[Byte], keyId: String, algoSpec: EncryptionAlgoSpec)(traceContext: Context): Future[Array[Byte]]

    Asymmetrically decrypt the given ciphertext using the private key identified by the keyId with the given asymmetric encryption algorithm specification.

    Asymmetrically decrypt the given ciphertext using the private key identified by the keyId with the given asymmetric encryption algorithm specification. If the algoSpec is not compatible with the key spec of keyId then this method must fail with a non-retryable exception.

    ciphertext

    The asymmetrically encrypted ciphertext that needs to be decrypted. The length of the ciphertext depends on the parameters of the asymmetric encryption algorithm. Implementations may assume that the length of the ciphertext is at most 6144 bytes in any case.

    keyId

    The identifier of the private encryption key to perform the asymmetric decryption with.

    algoSpec

    The asymmetric encryption algorithm specification. The caller ensures it is a supportedEncryptionAlgoSpecs.

    returns

    A future that completes with the plaintext.

  3. abstract def decryptSymmetric(ciphertext: Array[Byte], keyId: String)(traceContext: Context): Future[Array[Byte]]

    Symmetrically decrypt the given ciphertext using the symmetric encryption key identified by the keyId.

    Symmetrically decrypt the given ciphertext using the symmetric encryption key identified by the keyId. The same/default symmetric encryption algorithm of the KMS must be used for both symmetric encryption and decryption.

    ciphertext

    The ciphertext to symmetrically decrypt. The upper bound of the ciphertext size is 6144 bytes.

    keyId

    The identifier of the symmetric encryption key.

    returns

    A future that completes with the plaintext.

  4. abstract def deleteKey(keyId: String)(traceContext: Context): Future[Unit]

    Deletes a key given by its identifier from the KMS.

    Deletes a key given by its identifier from the KMS.

    keyId

    The identifier of the key to be deleted.

    returns

    A future that completes when the key has been deleted or the deletion of the key has been scheduled.

  5. abstract def encryptSymmetric(data: Array[Byte], keyId: String)(traceContext: Context): Future[Array[Byte]]

    Symmetrically encrypt the given plaintext using the symmetric encryption key identified by the keyId.

    Symmetrically encrypt the given plaintext using the symmetric encryption key identified by the keyId. The same/default symmetric encryption algorithm of the KMS must be used for both symmetric encryption and decryption.

    data

    The plaintext to symmetrically encrypt. The upper bound of the data size is 4kb.

    keyId

    The identifier of the symmetric encryption key.

    returns

    A future that completes with the ciphertext.

  6. abstract def generateEncryptionKeyPair(encryptionKeySpec: EncryptionKeySpec, keyName: Option[String])(traceContext: Context): Future[String]

    Generate a new asymmetric encryption key pair.

    Generate a new asymmetric encryption key pair.

    encryptionKeySpec

    The key specification of the new encryption key pair. The caller ensures it is a supportedEncryptionKeySpecs.

    keyName

    An optional descriptive name for the key pair, max 300 characters long.

    returns

    A future that completes with the unique KMS key identifier, max 300 characters long.

  7. abstract def generateSigningKeyPair(signingKeySpec: SigningKeySpec, keyName: Option[String])(traceContext: Context): Future[String]

    Generate a new signing key pair.

    Generate a new signing key pair.

    signingKeySpec

    The key specification for the new signing key pair. The caller ensures it is a supportedSigningKeySpecs.

    keyName

    An optional descriptive name for the key pair, max 300 characters long.

    returns

    A future that completes with the unique KMS key identifier, max 300 characters long.

  8. abstract def generateSymmetricKey(keyName: Option[String])(traceContext: Context): Future[String]

    Generate a new symmetric encryption key.

    Generate a new symmetric encryption key. The default symmetric key specification of the KMS is used.

    keyName

    An optional descriptive name for the symmetric key, max 300 characters long.

    returns

    A future that completes with the unique KMS key identifier, max 300 characters long.

  9. abstract def getPublicKey(keyId: String)(traceContext: Context): Future[PublicKey]

    Exports a public key from the KMS for the given key pair identified by keyId.

    Exports a public key from the KMS for the given key pair identified by keyId.

    keyId

    The identifier of the key pair.

    returns

    A future that completes with the exported PublicKey

  10. abstract def health: Future[KmsDriverHealth]

    Returns the current health of the driver.

    Returns the current health of the driver.

    If the driver reports itself as unhealthy, Canton will close the current driver instance and create a new one to recover from the unhealthy state. Transient failures should be reported by throwing an com.digitalasset.canton.crypto.kms.driver.api.v1.KmsDriverException with retryable true on driver operations.

    returns

    A future that completes with the driver's health.

  11. abstract def keyExistsAndIsActive(keyId: String)(traceContext: Context): Future[Unit]

    Asserts that the key given by its identifier exists and is active.

    Asserts that the key given by its identifier exists and is active.

    keyId

    The identifier of the key to be checked.

    returns

    A future that completes successfully if the key exists and is active. Otherwise the future must have been failed.

  12. abstract def sign(data: Array[Byte], keyId: String, algoSpec: SigningAlgoSpec)(traceContext: Context): Future[Array[Byte]]

    Sign the given data using the private key identified by the keyId with the given signing algorithm specification.

    Sign the given data using the private key identified by the keyId with the given signing algorithm specification. If the algoSpec is not compatible with the key spec of keyId then this method must fail with a non-retryable exception.

    data

    The data to be signed with the specified signature algorithm. The upper bound of the data size is 4kb.

    keyId

    The identifier of the private signing key.

    algoSpec

    The signature algorithm specification. The caller ensures it is a supportedSigningAlgoSpecs.

    returns

    A future that completes with the signature.

  13. abstract def supportedEncryptionAlgoSpecs: Set[EncryptionAlgoSpec]

    The supported encryption algorithm specifications by the driver

  14. abstract def supportedEncryptionKeySpecs: Set[EncryptionKeySpec]

    The supported encryption key specifications by the driver

  15. abstract def supportedSigningAlgoSpecs: Set[SigningAlgoSpec]

    The supported signing algorithm specifications by the driver

  16. abstract def supportedSigningKeySpecs: Set[SigningKeySpec]

    The supported signing key specifications by the driver

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
  6. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  7. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  8. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  9. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  10. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  11. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  13. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  14. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  15. def toString(): String
    Definition Classes
    AnyRef → Any
  16. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  17. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  18. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from AutoCloseable

Inherited from api.KmsDriver

Inherited from AnyRef

Inherited from Any

Ungrouped