docs/net.corda.core.node.services/KeyManagementService

KeyManagementService

@DoNotImplement
interface KeyManagementService

The KMS is responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements.

Properties

Link copied to clipboard
abstract val keys: Set<PublicKey>

Returns a snapshot of the current signing PublicKeys. For each of these keys a PrivateKey is available, that can be used later for signing.

Functions

Link copied to clipboard
abstract fun filterMyKeys(candidateKeys: Iterable<PublicKey>): Iterable<PublicKey>

Filter some keys down to the set that this node owns (has private keys for).

Link copied to clipboard
abstract fun freshKey(): PublicKey

Generates a new random KeyPair and adds it to the internal key storage. Returns the public part of the pair.

abstract fun freshKey(externalId: UUID): PublicKey

Generates a new random KeyPair and adds it to the internal key storage. Associates the public key to an external ID. Returns the public key part of the pair.

Link copied to clipboard
abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean): PartyAndCertificate

Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service. Associates the public key to an external ID. Returns the public part of the pair.

abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean, externalId: UUID): PartyAndCertificate

Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service.

Link copied to clipboard
abstract fun sign(bytes: ByteArray, publicKey: PublicKey): DigitalSignature.WithKey

Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the data.

abstract fun sign(signableData: SignableData, publicKey: PublicKey): TransactionSignature

Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the SignableData.