Package-level declarations¶
Types¶
| Name | Summary |
|---|---|
| AeadKeyManager | [jvm] @Singleton class AeadKeyManager : MappedKeyManager<Aead> Holds a map of every Aead key name to its primitive listed in the configuration for this app. |
| AwsKmsClientModule | [jvm] class AwsKmsClientModule@JvmOverloadsconstructor(credentialsPath: String? = null) : KAbstractModule AWS specific KMS client module. Currently uses a file path to a JSON credentials file to initialize the client. If no file is provided, tries to initialize the client using the default credentials path as specified in AwsKmsClient.withDefaultCredentials |
| BucketNameSource | [jvm] interface BucketNameSource Bind this to an instance to control how external buckets are referenced. |
| CiphertextFormat | [jvm] class CiphertextFormat Wraps a ciphertext and the encryption context associated with it in a ByteArray. |
| CryptoConfig | [jvm] data class CryptoConfig@JvmOverloadsconstructor(val keys: List<Key>?, val kms_uri: String, val external_data_keys: Map<KeyAlias, KeyType>? = null) : Config Main configuration object representing to be used in the app. |
| CryptoModule | [jvm] class CryptoModule(config: CryptoConfig) : KAbstractModule Configures and registers the keys listed in the configuration file. Each key is read, decrypted, and then bound via Google Guice and added to a MappedKeyManager. |
| DeterministicAeadKeyManager | [jvm] @Singleton class DeterministicAeadKeyManager : MappedKeyManager<DeterministicAead> Holds a map of every DeterministicAead key name to its primitive listed in the configuration for this app. |
| DigitalSignature | [jvm] data class DigitalSignature(val signer: PublicKeySign, val verifier: PublicKeyVerify) |
| DigitalSignatureKeyManager | [jvm] @Singleton class DigitalSignatureKeyManager : MappedKeyManager<DigitalSignature> Holds a map of every key name to its corresponding PublicKeySign and PublicKeyVerify primitives. |
| ExternalDataKeys | [jvm] @Qualifier @Target(allowedTargets = [AnnotationTarget.FIELD, AnnotationTarget.VALUE_PARAMETER]) annotation class ExternalDataKeys This annotation is used to decorate the collection of external data keys used in the service. |
| ExternalKeyManagerException | [jvm] class ExternalKeyManagerException(message: String) : IOException Thrown on creation if external key does not exist. |
| ExternalKeyResolver | [jvm] class ExternalKeyResolver@Injectconstructor(val allKeyAliases: Map<KeyAlias, KeyType>, externalKeySources: Set<ExternalKeySource>) : KeyResolver ExternalKeyResolver implements an KeyResolver that fetches Tink keysets from an external source, such as an S3 bucket. If multiple sources are registered (by binding implementations of KeyResolver), the first one to contain the key (via ExternalKeySource.keyExists) is the key that is used. |
| ExternalKeySource | [jvm] interface ExternalKeySource Implement an ExternalKeySource to provide Tink keysets from an external location, such as an S3 bucket or an NFS share. |
| GcpKmsClientModule | [jvm] class GcpKmsClientModule@JvmOverloadsconstructor(credentialsPath: String? = null) : KAbstractModule GCP specific KMS client module. Uses a file path to a JSON credentials file to initialize the client. |
| HybridDecryptKeyManager | [jvm] @Singleton class HybridDecryptKeyManager : MappedKeyManager<HybridDecrypt> Holds a map of every HybridDecrypt key name to its corresponding primitive listed in the configuration for this app. |
| HybridEncryptKeyManager | [jvm] @Singleton class HybridEncryptKeyManager : MappedKeyManager<HybridEncrypt> Holds a map of every HybridEncrypt key name to its corresponding primitive listed in the configuration for this app. |
| Key | [jvm] data class Key@JvmOverloadsconstructor(val key_name: String, val key_type: KeyType, val encrypted_key: Secret<String>? = null, val kms_uri: String? = null) : Config Describes a specific key |
| KeyAlias | [jvm] typealias KeyAlias = String A KeyAlias is how we refer to a Tink keyset. |
| KeyNotFoundException | [jvm] class KeyNotFoundException@JvmOverloadsconstructor(message: String? = null, cause: Throwable? = null) : GeneralSecurityException |
| KeyReader | [jvm] open class KeyReader |
| KeyResolver | [jvm] interface KeyResolver KeyResolver provides an interface to access keys indexed by aliases. Optionally, callers can register a callback to be invoked when a key is updated. |
| KeyType | [jvm] enum KeyType : Enum<KeyType> Supported key types |
| LocalConfigKeyResolver | [jvm] class LocalConfigKeyResolver(keys: List<Key>, defaultKmsUri: String) : KeyResolver LocalConfigKeyResolver provides keys that are stored locally and protected by a single KMS key. |
| MacKeyManager | [jvm] @Singleton class MacKeyManager : MappedKeyManager<Mac> Holds a map of every Mac key name to its primitive listed in the configuration for this app. |
| MappedKeyManager | [jvm] sealed class MappedKeyManager<KeyT> |
| MiskAWSKMS | [jvm] @Qualifier @Target(allowedTargets = [AnnotationTarget.FIELD, AnnotationTarget.VALUE_PARAMETER]) annotation class MiskAWSKMS This annotation is used to specify which com.amazonaws.services.kms.AWSKMS instance should be used by misk to construct a KmsClient and communicate with the KMS service |
| MiskKmsClient | [jvm] @Qualifier @Target(allowedTargets = [AnnotationTarget.FIELD, AnnotationTarget.VALUE_PARAMETER]) annotation class MiskKmsClient This annotation is used to specify the KmsClient that’s being used by misk to load encryption keys |
| PgpDecrypterManager | [jvm] @Singleton class PgpDecrypterManager@Injectconstructor(injector: Injector) : MappedKeyManager<PgpDecrypter> Holds a map of every PgpDecrypter key name to its primitive listed in the configuration for this app. |
| PgpEncrypterManager | [jvm] @Singleton class PgpEncrypterManager@Injectconstructor(injector: Injector) : MappedKeyManager<PgpEncrypter> Holds a map of every PgpEncrypter key name to its primitive listed in the configuration for this app. |
| S3KeySource | [jvm] class S3KeySource@Injectconstructor(deployment: Deployment, defaultS3: AmazonS3, val allKeyAliases: Map<KeyAlias, KeyType>, bucketNameSource: BucketNameSource = object : BucketNameSource { override fun getBucketName(deployment: Deployment) = deployment.mapToEnvironmentName() }, awsCredentials: AWSCredentialsProvider) : ExternalKeySource S3KeySource implements an ExternalKeySource that fetches Tink keysets from an S3 bucket. Keysets are indexed by an alias and a region, and are encrypted with a key in the KMS using an envelope key encryption scheme. Each Keyset is protected by a KMS key in each service region. |
| ServiceKeys | [jvm] @Qualifier @Target(allowedTargets = [AnnotationTarget.FIELD, AnnotationTarget.VALUE_PARAMETER]) annotation class ServiceKeys This annotation is used to decorate the collection of service keys used in the service. |
| StreamingAeadKeyManager | [jvm] @Singleton class StreamingAeadKeyManager@Injectconstructor(injector: Injector) : MappedKeyManager<StreamingAead> Holds a map of every StreamingAead key name to its primitive listed in the configuration for this app. |
Functions¶
| Name | Summary |
|---|---|
| computeMac | [jvm] fun Mac.computeMac(data: String): String Extension function for conveniently computing an HMAC and encoding it with Base64. |
| verifyMac | [jvm] fun Mac.verifyMac(tag: String, data: String) Extension function for conveniently verifying a message’s authenticity. This function expects the tag string variable to contain a Base64 encoded array of bytes. |