secretblob.SecretBlobExt.kt Maven / Gradle / Ivy
package se.wollan.crypto.secretblob
import se.wollan.crypto.Pincode
import se.wollan.crypto.SecretKey
import se.wollan.crypto.keyvault.KeyVault
import se.wollan.crypto.toStringUTF8
import se.wollan.crypto.unpad
/**
* Intended for backend services using blob storage as a key vault instead of stored encrypted key with pincode.
* The resulting key vault is always unlocked, and all operations related to pincode such as lock/unlock will throw
* NotImplementedError.
*/
fun SecretBlob.asKeyVault(key: SecretBlobKey): KeyVault {
return object : KeyVault {
override suspend fun isUnlocked(): Boolean = true
override suspend fun hasSecretKeyInVault(): Boolean = true
override suspend fun replaceSecretKey(secretKey: SecretKey, pincode: Pincode) =
throw NotImplementedError("Replacing secret key now allowed with secret blob as backing storage.")
override suspend fun unlock(pincode: Pincode) =
throw NotImplementedError("Unlocking not allowed with secret blob as backing storage.")
override fun lock() =
throw NotImplementedError("Locking not allowed with secret blob as backing storage.")
override suspend fun getSecretKey(): SecretKey = SecretKey([email protected](key))
}
}
/**
* Get text secret encoded using [generateMaskToEncodeTextSecret].
*/
fun SecretBlob.getTextSecretForKey(key: SecretBlobKey): String {
val data = getSecretDataForKey(key)
val textBytes = data.unpad(TEXT_SECRET_PADDING_BYTE)
return textBytes.toStringUTF8()
}