@DoNotImplement interface KeyManagementService
The KMS is responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements.
keys |
Returns a snapshot of the current signing PublicKeys. For each of these keys a PrivateKey is available, that can be used later for signing. abstract val keys: Set<PublicKey> |
filterMyKeys |
Filter some keys down to the set that this node owns (has private keys for). abstract fun filterMyKeys(candidateKeys: Iterable<PublicKey>): Iterable<PublicKey> |
freshKey |
Generates a new random KeyPair and adds it to the internal key storage. Returns the public part of the pair. abstract fun freshKey(): PublicKey
Generates a new random KeyPair and adds it to the internal key storage. Associates the public key to an external ID. Returns the public key part of the pair. abstract fun freshKey(externalId: UUID): PublicKey |
freshKeyAndCert |
Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service. Associates the public key to an external ID. Returns the public part of the pair. abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean): PartyAndCertificate
Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service. abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean, externalId: UUID): PartyAndCertificate |
sign |
Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the data. abstract fun sign(bytes: ByteArray, publicKey: PublicKey): WithKey
Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the SignableData. abstract fun sign(signableData: SignableData, publicKey: PublicKey): TransactionSignature |