Interface SigningService
-
- All Implemented Interfaces:
@DoNotImplement() public interface SigningService
Responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements.
Corda provides an instance of DigitalSignatureVerificationService to flows via property injection.
-
-
Method Summary
Modifier and Type Method Description abstract DigitalSignature.WithKeyId
sign(@NotNull() Array<byte> bytes, @NotNull() PublicKey publicKey, @NotNull() SignatureSpec signatureSpec)
Using the provided signing PublicKey, internally looks up the matching PrivateKey and signs the data. abstract Map<PublicKey, PublicKey>
findMySigningKeys(@NotNull() Set<PublicKey> keys)
Looks into a set of signing keys to find keys owned by the caller. -
-
Method Detail
-
sign
@Suspendable()@NotNull() abstract DigitalSignature.WithKeyId sign(@NotNull() Array<byte> bytes, @NotNull() PublicKey publicKey, @NotNull() SignatureSpec signatureSpec)
Using the provided signing PublicKey, internally looks up the matching PrivateKey and signs the data.
- Parameters:
bytes
- The data to sign over using the chosen key.publicKey
- The PublicKey partner to an internally held PrivateKey, either derived from the node's primary identity, or previously generated via the freshKey method.signatureSpec
- The SignatureSpec to use when producing this signature.- Returns:
A DigitalSignature.WithKeyId representing the signed data and the PublicKey that belongs to the same KeyPair as the PrivateKey that signed the data.
-
findMySigningKeys
@Suspendable()@NotNull() abstract Map<PublicKey, PublicKey> findMySigningKeys(@NotNull() Set<PublicKey> keys)
Looks into a set of signing keys to find keys owned by the caller. In case of CompositeKey it looks into the composite key leaves and returns the firstly found owned composite key leaf.
- Parameters:
keys
- The signing keys to look into.- Returns:
A mapping that maps the requested signing key:
- to the same key if it is owned by the caller in case the requested signing key is a plain key
- to the firstly found composite key leaf to be owned by the caller, of the composite key's leaves (children) in case the requested signing key is a composite key
- to
null
if the requested key is not owned by the caller
-
-
-
-