Packages

package crypto

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. Protected

Package Members

  1. package admin
  2. package deterministic
  3. package kms
  4. package provider
  5. package signer
  6. package store
  7. package v30
  8. package verifier

Type Members

  1. final case class AsymmetricEncrypted[+M](ciphertext: ByteString, encryptionAlgorithmSpec: EncryptionAlgorithmSpec, encryptedFor: Fingerprint) extends NoCopy with HasVersionedWrapper[AsymmetricEncrypted[_]] with Product with Serializable

    Represents an asymmetric encrypted message.

    Represents an asymmetric encrypted message.

    ciphertext

    the encrypted message

    encryptionAlgorithmSpec

    the encryption algorithm specification (e.g. RSA OAEP)

    encryptedFor

    the public key of the recipient

  2. sealed trait BaseCrypto extends NamedLogging

    A base trait that provides all the essential cryptographic components, offering a unified interface for cryptographic operations and key management.

    A base trait that provides all the essential cryptographic components, offering a unified interface for cryptographic operations and key management.

    This includes:

    • Public and private crypto APIs, providing functionality for encryption, decryption, signing, and verification.
    • Public and private key store APIs, responsible for managing the persistence and retrieval of cryptographic keys.
  3. class Crypto extends BaseCrypto with CloseableHealthElement with CompositeHealthElement[String, HealthQuasiComponent] with HealthComponent

    Wrapper class to simplify crypto dependency management.

    Wrapper class to simplify crypto dependency management. It does not validate crypto schemes against the static synchronizer parameters.

  4. trait CryptoKey extends Product with Serializable
  5. sealed trait CryptoKeyFormat extends Product with Serializable with PrettyPrinting
  6. trait CryptoKeyPair[+PK <: PublicKey, +SK <: PrivateKey] extends HasVersionedWrapper[CryptoKeyPair[PublicKey, PrivateKey]] with Product with Serializable
  7. trait CryptoKeyPairKey extends CryptoKey
  8. trait CryptoPrivateApi extends EncryptionPrivateOps with SigningPrivateOps with CloseableHealthComponent
  9. trait CryptoPrivateStoreApi extends CryptoPrivateApi with EncryptionPrivateStoreOps with SigningPrivateStoreOps
  10. trait CryptoPureApi extends EncryptionOps with SigningOps with HmacOps with HashOps with RandomOps with PasswordBasedEncryptionOps
  11. sealed trait CryptoPureApiError extends Product with Serializable with PrettyPrinting
  12. final case class CryptoScheme[S](default: S, allowed: NonEmpty[Set[S]]) extends Product with Serializable
  13. final case class CryptoSchemes extends Product with Serializable
  14. sealed trait DecryptionError extends Product with Serializable with PrettyPrinting
  15. trait EcKeySpec extends AnyRef

    Indicates that the key is based on elliptic curve cryptography.

  16. final case class Encrypted[+M] extends Product with Serializable

    A tag to denote encrypted data.

  17. sealed trait EncryptionAlgorithmSpec extends Product with Serializable with PrettyPrinting with UniformCantonConfigValidation

    Algorithm schemes for asymmetric/hybrid encryption.

  18. sealed trait EncryptionError extends Product with Serializable with PrettyPrinting
  19. sealed trait EncryptionKeyCreationError extends Product with Serializable with PrettyPrinting

    Errors that happen when creating encryption keys from existing key material.

    Errors that happen when creating encryption keys from existing key material.

    This includes parsing, validating, or checking the key data. Different from errors that happen during key generation (creating new key material).

  20. sealed trait EncryptionKeyGenerationError extends Product with Serializable with PrettyPrinting

    Errors that happen when generating new encryption keys.

    Errors that happen when generating new encryption keys.

    This means creating key material from scratch. Different from errors that happen when creating keys from existing key material.

  21. final case class EncryptionKeyPair extends CryptoKeyPair[EncryptionPublicKey, EncryptionPrivateKey] with Product with Serializable
  22. sealed trait EncryptionKeySpec extends Product with Serializable with PrettyPrinting with UniformCantonConfigValidation

    An encryption key specification.

  23. trait EncryptionOps extends AnyRef

    Encryption operations that do not require access to a private key store but operates with provided keys.

  24. final case class EncryptionPrivateKey extends PrivateKey with HasVersionedWrapper[EncryptionPrivateKey] with Product with Serializable
  25. trait EncryptionPrivateOps extends AnyRef

    Encryption operations that require access to stored private keys.

  26. trait EncryptionPrivateStoreOps extends EncryptionPrivateOps

    A default implementation with a private key store

  27. final case class EncryptionPublicKey extends PublicKey with PrettyPrinting with HasVersionedWrapper[EncryptionPublicKey] with Product with Serializable
  28. final case class EncryptionPublicKeyWithName(publicKey: EncryptionPublicKey, name: Option[KeyName]) extends PublicKeyWithName with PrettyPrinting with Product with Serializable
  29. final case class Fingerprint extends LengthLimitedStringWrapper with PrettyPrinting with Product with Serializable

    a human readable fingerprint of a key that serves as a unique identifier

  30. trait HasFingerprint extends AnyRef
  31. final case class Hash extends HasCryptographicEvidence with Ordered[Hash] with PrettyPrinting with Product with Serializable
  32. sealed abstract class HashAlgorithm extends PrettyPrinting with UniformCantonConfigValidation

    A Multi-hash compatible description of a hash algorithm

  33. trait HashBuilder extends AnyRef

    The methods of HashBuilder change its internal state and return this for convenience.

    The methods of HashBuilder change its internal state and return this for convenience.

    Requirements for all implementations:

    For any HashBuilder hb, it is computationally infeasible to find two sequences as1 and as2 of calls to add such that the concatenation of as1 differs from the concatenation as2, yet their computed hashes are the same, i.e., as1.foldLeft(hb)((hb, a) => hb.add(a)).finish is the same as as2.foldLeft(hb)((hb, a) => hb.add(a)).finish.

  34. class HashBuilderFromMessageDigest extends HashBuilder

    Constructs a HashBuilder from the specified java.security.MessageDigest ALWAYS use the apply method unless you know what you're doing.

  35. trait HashOps extends AnyRef

    Trait only needed if we want to make the default algorithm configurable

  36. final class HashPurpose extends AnyVal

    The purpose of a hash serves to avoid hash collisions due to equal encodings for different objects.

    The purpose of a hash serves to avoid hash collisions due to equal encodings for different objects. It is in general not possible to derive the purpose of the hash from the hash alone.

    Whenever a hash is computed using HashOps, a HashPurpose must be specified that gets included in the hash. To reliably prevent hash collisions, every HashPurpose object should be used only in a single place.

    All HashPurpose objects must be created through the HashPurpose$.apply method, which checks that the id is fresh.

  37. final case class Hmac extends PrettyPrinting with Product with Serializable
  38. sealed abstract class HmacAlgorithm extends PrettyPrinting
  39. sealed trait HmacError extends Product with Serializable with PrettyPrinting
  40. trait HmacOps extends AnyRef

    pure HMAC operations that do not require access to external keys.

  41. final case class KeyName(str: String300) extends LengthLimitedStringWrapper with PrettyPrinting with Product with Serializable
  42. sealed trait KeyPurpose extends Product with Serializable with PrettyPrinting
  43. class LtHash16 extends AnyRef

    A running digest of a set of bytes, where elements can be added and removed.

    A running digest of a set of bytes, where elements can be added and removed.

    Note that it's the caller's responsibility to ensure that the collection defined by the sequence of additions/removals is really a set. In particular:

    1. the digest accepts a call to remove before the corresponding call to add
    2. the digest will change if the same element is added twice. Note, however, that the digest rolls over if you add an element 216 times; i.e., taking a digest d, then adding the same element 216 times results in d again.
  44. final case class Nonce extends HasCryptographicEvidence with Product with Serializable
  45. final case class PasswordBasedEncrypted(ciphertext: ByteString, symmetricKeyScheme: SymmetricKeyScheme, pbkdfScheme: PbkdfScheme, salt: SecureRandomness) extends HasVersionedWrapper[PasswordBasedEncrypted] with Product with Serializable

    A password-based encrypted message

  46. sealed trait PasswordBasedEncryptionError extends Product with Serializable with PrettyPrinting
  47. final case class PasswordBasedEncryptionKey(key: SymmetricKey, salt: SecureRandomness) extends Product with Serializable

    A symmetric key derived from a password

  48. trait PasswordBasedEncryptionOps extends AnyRef

    Password-Based Encryption (PBE)

  49. sealed trait PbkdfScheme extends Product with Serializable with UniformCantonConfigValidation

    Schemes for Password-Based Key Derivation Functions

  50. trait PrivateKey extends CryptoKeyPairKey
  51. trait PublicKey extends CryptoKeyPairKey
  52. trait PublicKeyWithName extends Product with Serializable with HasVersionedWrapper[PublicKeyWithName]
  53. trait RandomOps extends AnyRef
  54. final case class RequiredEncryptionSpecs(algorithms: NonEmpty[Set[EncryptionAlgorithmSpec]], keys: NonEmpty[Set[EncryptionKeySpec]]) extends Product with Serializable with PrettyPrinting

    Required encryption algorithms and keys for asymmetric/hybrid encryption to be listed in the synchronizer.

    Required encryption algorithms and keys for asymmetric/hybrid encryption to be listed in the synchronizer.

    algorithms

    list of required encryption algorithm specifications

    keys

    list of required encryption key specifications

  55. final case class RequiredSigningSpecs(algorithms: NonEmpty[Set[SigningAlgorithmSpec]], keys: NonEmpty[Set[SigningKeySpec]]) extends Product with Serializable with PrettyPrinting

    Required signing algorithms and keys specifications to be supported by all synchronizer members.

    Required signing algorithms and keys specifications to be supported by all synchronizer members.

    algorithms

    list of required signing algorithm specifications

    keys

    list of required signing key specifications

  56. final case class Salt extends PrettyPrinting with Product with Serializable

    A (pseudo-)random salt used for hashing to prevent pre-computed hash attacks.

    A (pseudo-)random salt used for hashing to prevent pre-computed hash attacks.

    The algorithm that was used to generate/derive the salt is kept to support the verification of the salt generation.

  57. sealed trait SaltAlgorithm extends Product with Serializable with PrettyPrinting

    Indicates the algorithm used to generate and derive salts.

  58. sealed trait SaltError extends Product with Serializable with PrettyPrinting
  59. final case class SaltSeed extends Product with Serializable

    A seed to derive further salts from.

    A seed to derive further salts from.

    Unlike Salt this seed will not be shipped to another participant.

  60. final case class SecureRandomness extends HasCryptographicEvidence with HasToByteString with Product with Serializable

    The class is a tag that denotes a byte string as a securely generated random value.

    The class is a tag that denotes a byte string as a securely generated random value.

    Not an AnyVal as we also want it to be a serializable value such that we can encrypt it.

  61. final case class SessionKeyAndReference(randomness: SecureRandomness, key: SymmetricKey, reference: AnyRef) extends Product with Serializable

    The randomness and corresponding session key, as well as a temporary reference to it that lives as long as the cache lives.

  62. final case class SessionKeyInfo(sessionKeyAndReference: SessionKeyAndReference, encryptedBy: Option[AnyRef], encryptedSessionKeys: Seq[AsymmetricEncrypted[SecureRandomness]]) extends Product with Serializable

    Information that is cached for each view and is to be re-used if another view has the same recipients and transparency can be respected.

    Information that is cached for each view and is to be re-used if another view has the same recipients and transparency can be respected.

    sessionKeyAndReference

    the randomness, the corresponding symmetric key used to encrypt the view, and a symbolic reference to use in the 'encryptedBy' field.

    encryptedBy

    an optional symbolic reference for the parent session key (if it exists) that encrypts a view containing this session key’s randomness. This cache entry must be revoked if the reference no longer matches.

    encryptedSessionKeys

    the randomness of the session key encrypted for each recipient.

  63. final case class Signature extends HasVersionedWrapper[Signature] with PrettyPrinting with Product with Serializable

  64. sealed trait SignatureCheckError extends Product with Serializable with PrettyPrinting
  65. final case class SignatureDelegation extends Product with Serializable with PrettyPrinting

    An extension to the signature to accommodate the necessary information to be able to use session signing keys for protocol messages.

  66. final case class SignatureDelegationValidityPeriod(fromInclusive: CantonTimestamp, periodLength: PositiveFiniteDuration) extends PrettyPrinting with HasCryptographicEvidence with Product with Serializable

    Defines the validity period of a session signing key delegation within a specific synchronizer timeframe.

    Defines the validity period of a session signing key delegation within a specific synchronizer timeframe. This period starts at a creation 'from' timestamp and extends for a specified duration.

    fromInclusive

    the inclusive timestamp, indicating when a delegation to the session key was created

    periodLength

    the validity duration of the session key delegation

  67. sealed trait SignatureFormat extends Product with Serializable with PrettyPrinting
  68. sealed trait SigningAlgorithmSpec extends Product with Serializable with PrettyPrinting with UniformCantonConfigValidation

    Algorithm schemes for signing.

  69. sealed trait SigningError extends Product with Serializable with PrettyPrinting
  70. sealed trait SigningKeyCreationError extends Product with Serializable with PrettyPrinting

    Errors that happen when creating signing keys from existing key material.

    Errors that happen when creating signing keys from existing key material.

    This includes parsing, validating, or checking the key data. Different from errors that happen during key generation (creating new key material).

  71. sealed trait SigningKeyGenerationError extends Product with Serializable with PrettyPrinting

    Errors that happen when generating new signing keys.

    Errors that happen when generating new signing keys.

    This means creating key material from scratch. Different from errors that happen when creating keys from existing key material.

  72. final case class SigningKeyPair extends CryptoKeyPair[SigningPublicKey, SigningPrivateKey] with Product with Serializable
  73. sealed trait SigningKeySpec extends Product with Serializable with PrettyPrinting with UniformCantonConfigValidation

    A signing key specification.

  74. sealed trait SigningKeyUsage extends Product with Serializable with PrettyPrinting

    Only intended to be used for signing keys to distinguish keys used for generating the namespace, for identity delegations, authenticate members to a sequencer and signing protocol messages.

  75. trait SigningOps extends AnyRef

    Signing operations that do not require access to a private key store but operates with provided keys.

  76. final case class SigningPrivateKey extends PrivateKey with HasVersionedWrapper[SigningPrivateKey] with Product with Serializable
  77. trait SigningPrivateOps extends AnyRef

    Signing operations that require access to stored private keys.

  78. trait SigningPrivateStoreOps extends SigningPrivateOps

    A default implementation with a private key store

  79. final case class SigningPublicKey extends PublicKey with PrettyPrinting with HasVersionedWrapper[SigningPublicKey] with Product with Serializable
  80. final case class SigningPublicKeyWithName(publicKey: SigningPublicKey, name: Option[KeyName]) extends PublicKeyWithName with PrettyPrinting with Product with Serializable
  81. final case class SymmetricKey extends CryptoKey with HasVersionedWrapper[SymmetricKey] with Product with Serializable
  82. sealed trait SymmetricKeyScheme extends Product with Serializable with PrettyPrinting with UniformCantonConfigValidation

    Key schemes for symmetric encryption.

  83. trait SyncCryptoApi extends AnyRef

    impure part of the crypto api with access to private key store and knowledge about the current entity to key assoc

  84. class SyncCryptoApiParticipantProvider extends AutoCloseable with NamedLogging

    Crypto API Provider class

    Crypto API Provider class

    The utility class combines the information provided by the IPSclient, the pure crypto functions and the signing and decryption operations on a private key vault in order to automatically resolve the right keys to use for signing / decryption based on synchronizer and timestamp. This API is intended only for participants and covers all usages of protocol signing keys, thus, session keys will be used if they are enabled.

  85. trait SyncCryptoClient[+T <: SyncCryptoApi] extends TopologyClientApi[T]
  86. sealed trait SyncCryptoError extends Product with Serializable with PrettyPrinting
  87. final case class SynchronizerCrypto(crypto: Crypto, staticSynchronizerParameters: StaticSynchronizerParameters)(implicit ec: ExecutionContext) extends BaseCrypto with Product with Serializable

    Similar to Crypto, but includes wrappers for CryptoPureApi and CryptoPrivateApi that add crypto scheme validation checks against the static synchronizer parameters.

  88. class SynchronizerCryptoClient extends SyncCryptoClient[SynchronizerSnapshotSyncCryptoApi] with HasFutureSupervision with NamedLogging with FlagCloseable

    Crypto operations on a particular synchronizer

  89. final class SynchronizerCryptoPrivateApi extends CryptoPrivateApi with SynchronizerCryptoValidation with NamedLogging

    Wraps the CryptoPrivateApi to include static synchronizer parameters, ensuring that during asymmetric decryption, the static synchronizer parameters are explicitly checked.

    Wraps the CryptoPrivateApi to include static synchronizer parameters, ensuring that during asymmetric decryption, the static synchronizer parameters are explicitly checked. This is crucial because a malicious counter participant could potentially use a downgraded scheme. For other methods, such as key generation, or signing by this (honest) participant, we rely on the synchronizer handshake to ensure that only supported schemes within the synchronizer are used.

  90. final class SynchronizerCryptoPureApi extends CryptoPureApi with SynchronizerCryptoValidation

    Wraps the CryptoPureApi to include static synchronizer parameters, ensuring that during signature verification and decryption (both asymmetric and symmetric), the static synchronizer parameters are explicitly checked.

    Wraps the CryptoPureApi to include static synchronizer parameters, ensuring that during signature verification and decryption (both asymmetric and symmetric), the static synchronizer parameters are explicitly checked. This is crucial because a malicious counter participant could potentially use a downgraded scheme. For other methods, such as key generation, signing, or encryption by this (honest) participant, we rely on the synchronizer handshake to ensure that only supported schemes within the synchronizer are used.

  91. trait SynchronizerCryptoValidation extends AnyRef

    Validates that the crypto schemes and data match the static synchronizer parameters.

  92. class SynchronizerSnapshotSyncCryptoApi extends SyncCryptoApi with NamedLogging

    crypto operations for a (synchronizer,timestamp)

  93. final case class X509CertificateDer extends Product with Serializable

    A X509 Certificate serialized in DER format.

  94. sealed trait X509CertificateEncoder[Encoding] extends AnyRef
  95. final case class X509CertificatePem extends Product with Serializable

    A X509 Certificate serialized in PEM format.

Value Members

  1. object AsymmetricEncrypted extends HasVersionedMessageCompanion[AsymmetricEncrypted[_]] with Serializable
  2. object Blake2xb

    Derives Blake2xb on top of Blake2b as defined in: https://www.blake2.net/blake2x.pdf In particular, the parameters for Blake2b invocations are as specified in that document

  3. object Crypto
  4. object CryptoHandshakeValidator
  5. object CryptoKeyFormat extends Serializable
  6. object CryptoKeyPair extends HasVersionedMessageCompanion[CryptoKeyPair[PublicKey, PrivateKey]] with Serializable
  7. object CryptoKeyValidation
  8. object CryptoPureApiError extends Serializable
  9. object CryptoScheme extends Serializable
  10. object CryptoSchemes extends Serializable
  11. object DecryptionError extends Serializable
  12. object Encrypted extends Serializable
  13. object EncryptionAlgorithmSpec extends Serializable
  14. object EncryptionError extends Serializable
  15. object EncryptionKeyCreationError extends CommandErrorGroup with Serializable
  16. object EncryptionKeyGenerationError extends CommandErrorGroup with Serializable
  17. object EncryptionKeyPair extends Serializable
  18. object EncryptionKeySpec extends Serializable
  19. object EncryptionPrivateKey extends HasVersionedMessageCompanion[EncryptionPrivateKey] with Serializable
  20. object EncryptionPublicKey extends HasVersionedMessageCompanion[EncryptionPublicKey] with HasVersionedMessageCompanionDbHelpers[EncryptionPublicKey] with Serializable
  21. object EncryptionPublicKeyWithName extends Serializable
  22. object Fingerprint extends Serializable
  23. object Hash extends Serializable
  24. object HashAlgorithm
  25. object HashBuilderFromMessageDigest
  26. object HashPurpose
  27. object Hmac extends Serializable
  28. object HmacAlgorithm
  29. object HmacError extends Serializable
  30. object InteractiveSubmission
  31. object KeyName extends LengthLimitedStringWrapperCompanion[String300, KeyName] with Serializable
  32. object KeyPurpose extends Serializable
  33. object LedgerApiCryptoConversions

    Utility methods to convert between Canton crypto classes and their equivalent on the ledger API.

  34. object LtHash16
  35. object Nonce extends Serializable
  36. object PasswordBasedEncrypted extends HasVersionedMessageCompanion[PasswordBasedEncrypted] with Serializable
  37. object PasswordBasedEncryptionError extends Serializable
  38. object PbkdfScheme extends Serializable
  39. object PrivateKey extends Serializable
  40. object PseudoRandom

    Pseudo randomness, MUST NOT be used for security-relevant operations.

  41. object PublicKey extends Serializable
  42. object PublicKeyWithName extends HasVersionedMessageCompanion[PublicKeyWithName] with Serializable
  43. object RequiredEncryptionSpecs extends Serializable
  44. object RequiredSigningSpecs extends Serializable
  45. object Salt extends Serializable
  46. object SaltAlgorithm extends Serializable
  47. object SaltError extends Serializable
  48. object SaltSeed extends Serializable
  49. object SecureRandomness extends Serializable

    Cryptographically-secure randomness

  50. object Signature extends HasVersionedMessageCompanion[Signature] with HasVersionedMessageCompanionDbHelpers[Signature] with Serializable
  51. object SignatureCheckError extends AuthorizationChecksErrorGroup with Serializable
  52. object SignatureDelegation extends Serializable
  53. object SignatureFormat extends Serializable
  54. object SigningAlgorithmSpec extends Serializable
  55. object SigningError extends Serializable
  56. object SigningKeyCreationError extends CommandErrorGroup with Serializable
  57. object SigningKeyGenerationError extends CommandErrorGroup with Serializable
  58. object SigningKeyPair extends Serializable
  59. object SigningKeySpec extends Serializable
  60. object SigningKeyUsage extends Serializable
  61. object SigningPrivateKey extends HasVersionedMessageCompanion[SigningPrivateKey] with Serializable
  62. object SigningPublicKey extends HasVersionedMessageCompanion[SigningPublicKey] with HasVersionedMessageCompanionDbHelpers[SigningPublicKey] with Serializable
  63. object SigningPublicKeyWithName extends Serializable
  64. object SymmetricKey extends HasVersionedMessageCompanion[SymmetricKey] with Serializable
  65. object SymmetricKeyScheme extends Serializable
  66. object SyncCryptoClient
  67. object SyncCryptoError extends Serializable
  68. object SynchronizerCryptoClient
  69. object X509CertificateDer extends X509CertificateEncoder[X509CertificateDer] with Serializable
  70. object X509CertificatePem extends X509CertificateEncoder[X509CertificatePem] with Serializable

Ungrouped