This repository has been archived by the owner on Mar 27, 2024. It is now read-only.
Create RemoteKMS/RemoteCrypto implementations #2307
Comments
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 17, 2020
This change introduced a new optional function passed to remotekms.New() This new option allows calling a function to potentially call an authorization server and auth info as http headers This change also moved 'secret' from the http request body and into the headers and added 'invoker' header It also includes some minor refactoring like placing CreateKeystore() above New() as a keystore is required before creating a new remoteKMS instance. part of hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 17, 2020
This change introduced a new optional function passed to remotekms.New() This new option allows calling a function to potentially call an authorization server and auth info as http headers This change also moved 'secret' from the http request body and into the headers and added 'invoker' header It also includes some minor refactoring like placing CreateKeystore() above New() as a keystore is required before creating a new remoteKMS instance. part of hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 17, 2020
This change introduced a new optional function passed to remotekms.New() This new option allows calling a function to potentially call an authorization server and auth info as http headers This change also moved 'secret' from the http request body and into the headers and added 'invoker' header It also includes some minor refactoring like placing CreateKeystore() above New() as a keystore is required before creating a new remoteKMS instance. part of hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 17, 2020
This change introduced a new optional function passed to remotekms.New() This new option allows calling a function to potentially call an authorization server and auth info as http headers This change also moved 'secret' from the http request body and into the headers and added 'invoker' header It also includes some minor refactoring like placing CreateKeystore() above New() as a keystore is required before creating a new remoteKMS instance. part of hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 17, 2020
This change introduced a new optional function passed to remotekms.New() This new option allows calling a function to potentially call an authorization server and setup auth info as http headers. This function should be created by the user of the framework. The absence of this option means the remoteKMS is not setting any authorization info in the headers. This change also removed 'secret' and 'controller' http headers as these should not be dictated by the framework. It also includes some minor refactoring like placing CreateKeystore() above New() as a keystore is required before creating a new remoteKMS instance. part of hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 17, 2020
This change introduced a new optional function passed to remotekms.New() This new option allows calling a function to potentially call an authorization server and setup auth info as http headers. This function should be created by the user of the framework. The absence of this option means the remoteKMS is not setting any authorization info in the headers. This change also removed 'secret' and 'controller' http headers as these should not be dictated by the framework. It also includes some minor refactoring like placing CreateKeystore() above New() as a keystore is required before creating a new remoteKMS instance. part of hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 20, 2020
This change introduces remoteCrypto implementation of crypot.Crypto It also updates key wrapping optional function WithKH() to support adding a sending key as *crypto.PublicKey on top of the already supported *keyset.Handle and ecdsa.PublicKey This change completes the implementaiton of WebKMS. Closes hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 20, 2020
This change introduces remoteCrypto implementation of crypot.Crypto It includes utility functions to transform key wrapping structs in to serializable (marshalable) instances ready to be consumed by the key server. It also updates key wrapping optional function WithKH() to support adding a sending key as *crypto.PublicKey on top of the already supported *keyset.Handle and ecdsa.PublicKey This change completes the implementaiton of WebKMS. Closes hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 20, 2020
This change introduces remoteCrypto implementation of crypot.Crypto It includes utility functions to transform key wrapping structs in to serializable (marshalable) instances ready to be consumed by the key server. It also updates key wrapping optional function WithKH() to support adding a sending key as *crypto.PublicKey on top of the already supported *keyset.Handle and ecdsa.PublicKey This change completes the implementaiton of WebKMS. Closes hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 20, 2020
This change introduces remoteCrypto implementation of crypot.Crypto It includes utility functions to transform key wrapping structs in to serializable (marshalable) instances ready to be consumed by the key server. It also updates key wrapping optional function WithKH() to support adding a sending key as *crypto.PublicKey on top of the already supported *keyset.Handle and ecdsa.PublicKey This change completes the implementaiton of WebKMS. Closes hyperledger-archives#2307 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
to support a remote key server managing keys and executing crypto primitives for an agent with limited crypto capabilities, we need to create remote implementations of the kms.Keymanager and crypto.Crypto interfaces.
These remote implementations will include an http client that can do REST calls to a remote key server (following WebKMS spec)
The text was updated successfully, but these errors were encountered: