package crypto
- Alphabetic
- Public
- Protected
Package Members
Type Members
- final case class AsymmetricEncrypted[+M](ciphertext: ByteString, encryptedFor: Fingerprint) extends NoCopy with Product with Serializable
- class CommunityCryptoFactory extends CryptoFactory
- class Crypto extends NamedLogging with CloseableHealthElement with CompositeHealthElement[String, HealthQuasiComponent] with HealthComponent
Wrapper class to simplify crypto dependency management
- trait CryptoFactory extends AnyRef
- trait CryptoKey extends Product with Serializable
- sealed trait CryptoKeyFormat extends Product with Serializable with PrettyPrinting
- trait CryptoKeyPair[+PK <: PublicKey, +SK <: PrivateKey] extends HasVersionedWrapper[CryptoKeyPair[PublicKey, PrivateKey]]
- trait CryptoKeyPairKey extends CryptoKey
- trait CryptoPrivateApi extends EncryptionPrivateOps with SigningPrivateOps with CloseableHealthComponent
- trait CryptoPrivateStoreApi extends CryptoPrivateApi with EncryptionPrivateStoreOps with SigningPrivateStoreOps
- trait CryptoPureApi extends EncryptionOps with SigningOps with HmacOps with HkdfOps with HashOps with RandomOps
- sealed trait CryptoPureApiError extends Product with Serializable with PrettyPrinting
- sealed trait DecryptionError extends Product with Serializable with PrettyPrinting
- class DomainSnapshotSyncCryptoApi extends SyncCryptoApi with NamedLogging
crypto operations for a (domain,timestamp)
- class DomainSyncCryptoClient extends SyncCryptoClient[DomainSnapshotSyncCryptoApi] with HasFutureSupervision with NamedLogging with FlagCloseable
Crypto operations on a particular domain
- final case class Encrypted[+M] extends NoCopy with Product with Serializable
A tag to denote encrypted data.
- sealed trait EncryptionError extends Product with Serializable with PrettyPrinting
- sealed trait EncryptionKeyCreationError extends Product with Serializable with PrettyPrinting
- sealed trait EncryptionKeyGenerationError extends Product with Serializable with PrettyPrinting
- final case class EncryptionKeyPair(publicKey: EncryptionPublicKey, privateKey: EncryptionPrivateKey) extends CryptoKeyPair[EncryptionPublicKey, EncryptionPrivateKey] with NoCopy with Product with Serializable
- sealed trait EncryptionKeyScheme extends Product with Serializable with PrettyPrinting
Key schemes for asymmetric/hybrid encryption.
- trait EncryptionOps extends AnyRef
Encryption operations that do not require access to a private key store but operates with provided keys.
- final case class EncryptionPrivateKey extends PrivateKey with HasVersionedWrapper[EncryptionPrivateKey] with NoCopy with Product with Serializable
- trait EncryptionPrivateOps extends AnyRef
Encryption operations that require access to stored private keys.
- trait EncryptionPrivateStoreOps extends EncryptionPrivateOps
A default implementation with a private key store
- final case class EncryptionPublicKey extends PublicKey with PrettyPrinting with HasVersionedWrapper[EncryptionPublicKey] with Product with Serializable
- final case class EncryptionPublicKeyWithName(publicKey: EncryptionPublicKey, name: Option[KeyName]) extends PublicKeyWithName with Product with Serializable
- class EnterpriseCryptoFactory extends CryptoFactory
- final case class Fingerprint(str: String68) extends LengthLimitedStringWrapper with PrettyPrinting with Product with Serializable
a human readable fingerprint of a key that serves as a unique identifier
- final case class Hash extends HasCryptographicEvidence with Ordered[Hash] with PrettyPrinting with Product with Serializable
- sealed abstract class HashAlgorithm extends PrettyPrinting
A Multi-hash compatible description of a hash algorithm
- trait HashBuilder extends AnyRef
The methods of HashBuilder change its internal state and return
this
for convenience.The methods of HashBuilder change its internal state and return
this
for convenience.Requirements for all implementations:
For any HashBuilder hb, it is computationally infeasible to find two sequences
as1
andas2
of calls toadd
such that the concatenation ofas1
differs from the concatenationas2
, yet their computed hashes are the same, i.e.,as1.foldLeft(hb)((hb, a) => hb.add(a)).finish
is the same asas2.foldLeft(hb)((hb, a) => hb.add(a)).finish
. - trait HashOps extends AnyRef
Trait only needed if we want to make the default algorithm configurable
- final class HashPurpose extends AnyVal
The purpose of a hash serves to avoid hash collisions due to equal encodings for different objects.
The purpose of a hash serves to avoid hash collisions due to equal encodings for different objects. It is in general not possible to derive the purpose of the hash from the hash alone.
Whenever a hash is computed using HashOps, a HashPurpose must be specified that gets included in the hash. To reliably prevent hash collisions, every HashPurpose object should be used only in a single place.
All HashPurpose objects must be created through the HashPurpose$.apply method, which checks that the id is fresh.
- sealed trait HkdfError extends Product with Serializable with PrettyPrinting
- final class HkdfInfo extends AnyVal
Ensures unique values of "info" HKDF parameter for the different usages of the KDF.
Ensures unique values of "info" HKDF parameter for the different usages of the KDF. E.g., we may have one purpose for deriving the encryption key for a view from a random value, and another one for deriving the random values used for the subviews.
- trait HkdfOps extends AnyRef
The expansion step of the HMAC-based key derivation function (HKDF) as defined in: https://tools.ietf.org/html/rfc5869
- final case class Hmac extends PrettyPrinting with Product with Serializable
- sealed abstract class HmacAlgorithm extends PrettyPrinting
- sealed trait HmacError extends Product with Serializable with PrettyPrinting
- trait HmacOps extends AnyRef
pure HMAC operations that do not require access to external keys.
- final case class HmacSecret extends PrettyPrinting with Product with Serializable
- sealed trait JavaKeyConversionError extends Product with Serializable with PrettyPrinting
- trait JavaKeyConverter extends AnyRef
- final case class KeyName(str: String300) extends LengthLimitedStringWrapper with PrettyPrinting with Product with Serializable
- sealed trait KeyPurpose extends Product with Serializable with PrettyPrinting
- class LtHash16 extends AnyRef
A running digest of a set of bytes, where elements can be added and removed.
A running digest of a set of bytes, where elements can be added and removed.
Note that it's the caller's responsibility to ensure that the collection defined by the sequence of additions/removals is really a set. In particular: 1. the digest accepts a call to remove before the corresponding call to add 2. the digest will change if the same element is added twice. Note, however, that the digest rolls over if you add an element 216 times; i.e., taking a digest d, then adding the same element 216 times results in d again.
- final case class Nonce extends HasCryptographicEvidence with Product with Serializable
- trait PrivateKey extends CryptoKeyPairKey
- trait PublicKey extends CryptoKeyPairKey
- trait PublicKeyWithName extends Product with Serializable with HasVersionedWrapper[PublicKeyWithName]
- trait RandomOps extends AnyRef
- final case class Salt extends PrettyPrinting with Product with Serializable
A (pseudo-)random salt used for hashing to prevent pre-computed hash attacks.
A (pseudo-)random salt used for hashing to prevent pre-computed hash attacks.
The algorithm that was used to generate/derive the salt is kept to support the verification of the salt generation.
- sealed trait SaltAlgorithm extends Product with Serializable with PrettyPrinting
Indicates the algorithm used to generate and derive salts.
- sealed trait SaltError extends Product with Serializable with PrettyPrinting
- sealed abstract case class SaltSeed extends Product with Serializable
A seed to derive further salts from.
A seed to derive further salts from.
Unlike Salt this seed will not be shipped to another participant.
- final case class SecureRandomness extends HasCryptographicEvidence with HasVersionedToByteString with Product with Serializable
The class is a tag that denotes a byte string as a securely generated random value.
The class is a tag that denotes a byte string as a securely generated random value.
Not an AnyVal as we also want it to be a serializable value such that we can encrypt it.
- final case class SessionKeyInfo(sessionKeyRandomness: SecureRandomness, encryptedSessionKeys: Seq[AsymmetricEncrypted[SecureRandomness]]) extends Product with Serializable
Information that is cached for each view and is to be re-used if another view has the same recipients and transparency can be respected.
Information that is cached for each view and is to be re-used if another view has the same recipients and transparency can be respected.
- sessionKeyRandomness
the randomness to create the session key that is then used to encrypt the randomness of the view.
- encryptedSessionKeys
the randomness of the session key encrypted for each recipient.
- final case class Signature extends HasVersionedWrapper[Signature] with PrettyPrinting with NoCopy with Product with Serializable
- sealed trait SignatureCheckError extends Product with Serializable with PrettyPrinting
- sealed trait SignatureFormat extends Product with Serializable
- sealed trait SigningError extends Product with Serializable with PrettyPrinting
- sealed trait SigningKeyGenerationError extends Product with Serializable with PrettyPrinting
- final case class SigningKeyPair(publicKey: SigningPublicKey, privateKey: SigningPrivateKey) extends CryptoKeyPair[SigningPublicKey, SigningPrivateKey] with NoCopy with Product with Serializable
- sealed trait SigningKeyScheme extends Product with Serializable with PrettyPrinting
- trait SigningOps extends AnyRef
Signing operations that do not require access to a private key store but operates with provided keys.
- final case class SigningPrivateKey extends PrivateKey with HasVersionedWrapper[SigningPrivateKey] with NoCopy with Product with Serializable
- trait SigningPrivateOps extends AnyRef
Signing operations that require access to stored private keys.
- trait SigningPrivateStoreOps extends SigningPrivateOps
A default implementation with a private key store
- case class SigningPublicKey extends PublicKey with PrettyPrinting with HasVersionedWrapper[SigningPublicKey] with Product with Serializable
- Annotations
- @SuppressWarnings()
- final case class SigningPublicKeyWithName(publicKey: SigningPublicKey, name: Option[KeyName]) extends PublicKeyWithName with Product with Serializable
- final case class SymmetricKey(format: CryptoKeyFormat, key: ByteString, scheme: SymmetricKeyScheme) extends CryptoKey with HasVersionedWrapper[SymmetricKey] with NoCopy with Product with Serializable
- sealed trait SymmetricKeyScheme extends Product with Serializable with PrettyPrinting
Key schemes for symmetric encryption.
- trait SyncCryptoApi extends AnyRef
impure part of the crypto api with access to private key store and knowledge about the current entity to key assoc
- class SyncCryptoApiProvider extends AnyRef
Crypto API Provider class
Crypto API Provider class
The utility class combines the information provided by the IPSclient, the pure crypto functions and the signing and decryption operations on a private key vault in order to automatically resolve the right keys to use for signing / decryption based on domain and timestamp.
- trait SyncCryptoClient[+T <: SyncCryptoApi] extends TopologyClientApi[T]
- sealed trait SyncCryptoError extends Product with Serializable with PrettyPrinting
- final case class X509CertificateDer extends Product with Serializable
A X509 Certificate serialized in DER format.
- sealed trait X509CertificateEncoder[Encoding] extends AnyRef
- final case class X509CertificatePem extends Product with Serializable
A X509 Certificate serialized in PEM format.
Value Members
- object AsymmetricEncrypted extends Serializable
- object Blake2xb
Derives Blake2xb on top of Blake2b as defined in: https://www.blake2.net/blake2x.pdf In particular, the parameters for Blake2b invocations are as specified in that document
- object CryptoFactory
- object CryptoHandshakeValidator
- object CryptoKeyFormat extends Serializable
- object CryptoKeyPair extends HasVersionedMessageCompanion[CryptoKeyPair[PublicKey, PrivateKey]]
- object CryptoKeyValidation
- object CryptoPureApiError extends Serializable
- object DecryptionError extends Serializable
- object Encrypted extends Serializable
- object EncryptionError extends Serializable
- object EncryptionKeyCreationError extends Serializable
- object EncryptionKeyGenerationError extends Serializable
- object EncryptionKeyPair extends Serializable
- object EncryptionKeyScheme extends Serializable
- object EncryptionPrivateKey extends HasVersionedMessageCompanion[EncryptionPrivateKey] with Serializable
- object EncryptionPublicKey extends HasVersionedMessageCompanion[EncryptionPublicKey] with HasVersionedMessageCompanionDbHelpers[EncryptionPublicKey] with Serializable
- object EncryptionPublicKeyWithName extends Serializable
- object Fingerprint extends Serializable
- object Hash extends Serializable
- object HashAlgorithm
- object HashPurpose
- object HkdfError extends Serializable
- object HkdfInfo
- object Hmac extends Serializable
- object HmacAlgorithm
- object HmacError extends Serializable
- object HmacSecret extends Serializable
- object JavaKeyConversionError extends Serializable
- object JavaKeyConverter
- object JceCrypto
- object KeyName extends LengthLimitedStringWrapperCompanion[String300, KeyName] with Serializable
- object KeyPurpose extends Serializable
- object LtHash16
- object Nonce extends Serializable
- object PrivateKey extends Serializable
- object PseudoRandom
Pseudo randomness, MUST NOT be used for security-relevant operations.
- object PublicKey extends Serializable
- object PublicKeyWithName extends HasVersionedMessageCompanion[PublicKeyWithName] with Serializable
- object Salt extends Serializable
- object SaltAlgorithm extends Serializable
- object SaltError extends Serializable
- object SaltSeed extends Serializable
- object SecureRandomness extends Serializable
Cryptographically-secure randomness
- object Signature extends HasVersionedMessageCompanion[Signature] with HasVersionedMessageCompanionDbHelpers[Signature] with Serializable
- object SignatureCheckError extends Serializable
- object SignatureFormat extends Serializable
- object SigningError extends Serializable
- object SigningKeyGenerationError extends Serializable
- object SigningKeyPair extends Serializable
- object SigningKeyScheme extends Serializable
Schemes for signature keys.
Schemes for signature keys.
Ed25519 is the best performing curve and should be the default. EC-DSA is slower than Ed25519 but has better compatibility with other systems (such as CCF).
- object SigningPrivateKey extends HasVersionedMessageCompanion[SigningPrivateKey] with Serializable
- object SigningPublicKey extends HasVersionedMessageCompanion[SigningPublicKey] with HasVersionedMessageCompanionDbHelpers[SigningPublicKey] with Serializable
- object SigningPublicKeyWithName extends Serializable
- object SymmetricKey extends HasVersionedMessageCompanion[SymmetricKey] with Serializable
- object SymmetricKeyScheme extends Serializable
- object SyncCryptoClient
- object SyncCryptoError extends Serializable
- object TinkCrypto
- object X509CertificateDer extends X509CertificateEncoder[X509CertificateDer] with Serializable
- object X509CertificatePem extends X509CertificateEncoder[X509CertificatePem] with Serializable