corda / net.corda.core.node.services / KeyManagementService

KeyManagementService

@DoNotImplement interface KeyManagementService

The KMS is responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements.

Properties

keys

abstract val keys: Set<PublicKey>

Returns a snapshot of the current signing PublicKeys. For each of these keys a PrivateKey is available, that can be used later for signing.

Functions

filterMyKeys

abstract fun filterMyKeys(candidateKeys: Iterable<PublicKey>): Iterable<PublicKey>

Filter some keys down to the set that this node owns (has private keys for).

freshKey

abstract fun freshKey(): PublicKey

Generates a new random KeyPair and adds it to the internal key storage. Returns the public part of the pair.

freshKeyAndCert

abstract fun freshKeyAndCert(identity: PartyAndCertificate, revocationEnabled: Boolean): PartyAndCertificate

Generates a new random KeyPair, adds it to the internal key storage, then generates a corresponding X509Certificate and adds it to the identity service.

sign

abstract fun sign(bytes: ByteArray, publicKey: PublicKey): WithKey

Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the data.

abstract fun sign(signableData: SignableData, publicKey: PublicKey): TransactionSignature

Using the provided signing PublicKey internally looks up the matching PrivateKey and signs the SignableData.

Extension Functions

contextLogger

fun Any.contextLogger(): Logger

When called from a companion object, returns the logger for the enclosing class.