corda / net.corda.core.node.services / KeyManagementService

KeyManagementService

@DoNotImplement interface KeyManagementService

The KMS is responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements.

Properties

keys

abstract val keys: Set<PublicKey>

Returns a snapshot of the current signing PublicKeys. For each of these keys a PrivateKey is available, that can be used later for signing.

Functions

filterMyKeys

abstract fun filterMyKeys(candidateKeys: Iterable<PublicKey>): Iterable<PublicKey>

Filter some keys down to the set that this node owns (has private keys for).

freshKey

abstract fun freshKey(): PublicKey

Generates a new random KeyPair and adds it to the internal key storage. Returns the public part of the pair.

abstract fun freshKey(externalId: UUID): PublicKey

Generates a new random KeyPair and adds it to the internal key storage. Associates the public key to an external ID. Returns the public key part of the pair.

freshKeyAndCert

abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean): PartyAndCertificate

Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service. Associates the public key to an external ID. Returns the public part of the pair.

abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean, externalId: UUID): PartyAndCertificate

Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service.

sign

abstract fun sign(bytes: ByteArray, publicKey: PublicKey): WithKey

Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the data.

abstract fun sign(signableData: SignableData, publicKey: PublicKey): TransactionSignature

Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the SignableData.

Extension Functions

contextLogger

fun Any.contextLogger(): Logger

When called from a companion object, returns the logger for the enclosing class.