CompositeKey |
A tree data structure that enables the representation of composite public keys, which are used to represent the signing requirements for multi-signature scenarios such as RAFT notary services. A composite key is a list of leaf keys and their contributing weight, and each leaf can be a conventional single key or a composite key. Keys contribute their weight to the total if they are matched by the signature. class CompositeKey : PublicKey |
CompositeKeyFactory |
Factory for generating composite keys from ASN.1 format key specifications. This is used by CordaSecurityProvider. class CompositeKeyFactory : KeyFactorySpi |
CompositeSignature |
Dedicated class for storing a set of signatures that comprise CompositeKey. class CompositeSignature : Signature |
CompositeSignaturesWithKeys |
Custom class for holding signature data. This exists for later extension work to provide a standardised cross-platform serialization format. data class CompositeSignaturesWithKeys |
CordaObjectIdentifier |
object CordaObjectIdentifier |
CordaSecurityProvider |
class CordaSecurityProvider : Provider |
Crypto |
This object controls and provides the available and supported signature schemes for Corda. Any implemented SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names: object Crypto |
DigestAlgorithm |
Interface for injecting custom digest implementation bypassing JCA. interface DigestAlgorithm |
DigestService |
The DigestService class is a service that offers the main crypto methods for calculating transaction hashes and building Merkle trees. The default instance is passed by default to instances of classes like TransactionBuilder and as a parameter to MerkleTree.getMerkleTree(...) method. In future the default instance can be parametrized to initialize with the network default hash algorithm or just a more secure algorithm (e.g. SHA3_256). While the SHA2_256 is vulnerable to pre-image attacks, the computeNonce and componentHash methods behaviour is defined by the hashTwiceNonce and hashTwiceComponent; with SHA2_256 they both must be set to true to ensure pre-image attack won't work (and for backward compatibility), but for other algorithms like SHA3_256 that are not affected, they can and should be set to false as hashing twice would not improve security but affect performance. data class DigestService |
DigitalSignature |
A wrapper around a digital signature. open class DigitalSignature : OpaqueBytes |
DummySecureRandom |
object DummySecureRandom : SecureRandom |
MerkleTree |
Creation and verification of a Merkle tree for a WireTransaction. sealed class MerkleTree |
NullKeys |
object NullKeys |
PartialMerkleTree |
Building and verification of Partial Merkle Tree. Partial Merkle Tree is a minimal tree needed to check that a given set of leaves belongs to a full Merkle Tree. class PartialMerkleTree |
SecureHash |
Container for a cryptographically secure hash value. Provides utilities for generating a cryptographic hash using different algorithms (currently only SHA-256 supported). sealed class SecureHash : OpaqueBytes |
SignableData |
A SignableData object is the packet actually signed. It works as a wrapper over transaction id and signature metadata. Note that when multi-transaction signing (signing a block of transactions) is used, the root of the Merkle tree (having transaction IDs as leaves) is actually signed and thus txId refers to this root and not a specific transaction. data class SignableData |
SignatureMetadata |
SignatureMeta is required to add extra meta-data to a transaction's signature. It currently supports platformVersion only, but it can be extended to support a universal digital signature model enabling partial signatures and attaching extra information, such as a user's timestamp or other application-specific fields. data class SignatureMetadata |
SignatureScheme |
This class is used to define a digital signature scheme. data class SignatureScheme |
SignedData |
A serialized piece of data and its signature. Enforces signature validity in order to deserialize the data contained within. open class SignedData<T : Any> |
TransactionSignature |
A wrapper over the signature output accompanied by signer's public key and signature metadata. This is similar to DigitalSignature.WithKey, but targeted to DLT transaction (or block of transactions) signatures. class TransactionSignature : DigitalSignature |
MerkleTreeException |
class MerkleTreeException : CordaException |
java.security.KeyPair |
|
java.security.PrivateKey |
|
java.security.PublicKey |
|
kotlin.ByteArray |
|
kotlin.collections.Iterable |
algorithm |
Hash algorithm. val SecureHash.algorithm: String |
isZero |
val OpaqueBytes.isZero: Boolean |
componentHash |
Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is calculated using the SHA256d algorithm, thus SHA256(SHA256(nonce || serializedComponent)), where nonce is computed from computeNonce. fun
Return the SHA256(SHA256(nonce || serializedComponent)). fun |
computeNonce |
Method to compute a nonce based on privacySalt, component group index and component internal index. SHA256d (double SHA256) is used to prevent length extension attacks. fun |
entropyToKeyPair |
Returns a key pair derived from the given private key entropy. This is useful for unit tests and other cases where you want hard-coded private keys. fun entropyToKeyPair(entropy: BigInteger): KeyPair |
generateKeyPair |
A simple wrapper that will make it easier to swap out the signature algorithm we use in future. fun generateKeyPair(): KeyPair |
hashAs |
Compute the algorithm hash for the contents of the OpaqueBytes. fun OpaqueBytes.hashAs(algorithm: String): SecureHash |
newSecureRandom |
Get an instance of SecureRandom to avoid blocking, due to waiting for additional entropy, when possible. In this version, the NativePRNGNonBlocking is exclusively used on Linux OS to utilize dev/urandom because in high traffic /dev/random may wait for a certain amount of "noise" to be generated on the host machine before returning a result. fun newSecureRandom(): SecureRandom |
random63BitValue |
Returns a random positive non-zero long generated using a secure RNG. This function sacrifies a bit of entropy in order to avoid potential bugs where the value is used in a context where negative numbers or zero are not expected. fun random63BitValue(): Long |
randomHash |
fun DigestService.randomHash(): SecureHash |
secureRandomBytes |
Generate a securely random ByteArray of requested number of bytes. Usually used for seeds, nonces and keys. fun secureRandomBytes(numOfBytes: Int): ByteArray |
serializedHash |
Serialise the object and return the hash of the serialized bytes. Note that the resulting hash may not be deterministic across platform versions: serialization can produce different values if any of the types being serialized have changed, or if the version of serialization specified by the context changes. fun <T : Any> |
sha256 |
Compute the SHA-256 hash for the contents of the OpaqueBytes. fun OpaqueBytes.sha256(): SHA256 |