interface KeyManagementServiceThe KMS is responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements.
The current interface is obviously not usable for those use cases: this is just where wed put a real signing interface if/when one is developed.
| keys |
abstract val keys: Map<PublicKey, PrivateKey>Returns a snapshot of the current pubkey->privkey mapping. |
| freshKey |
abstract fun freshKey(): KeyPairGenerates a new random key and adds it to the exposed map. |
| toKeyPair |
open fun toKeyPair(publicKey: PublicKey): KeyPair |
| toPrivate |
open fun toPrivate(publicKey: PublicKey): PrivateKey |
| E2ETestKeyManagementService |
class E2ETestKeyManagementService : SingletonSerializeAsToken, KeyManagementServiceA simple in-memory KMS that doesnt bother saving keys to disk. A real implementation would: |
| PersistentKeyManagementService |
class PersistentKeyManagementService : SingletonSerializeAsToken, KeyManagementServiceA persistent re-implementation of E2ETestKeyManagementService to support node re-start. |