corda / net.corda.core.crypto

Package net.corda.core.crypto

Cryptography data and utility classes used for signing, verifying, key management and data integrity checks.

Types

CompositeKey

class CompositeKey : PublicKey

A tree data structure that enables the representation of composite public keys, which are used to represent the signing requirements for multisignature scenarios such as RAFT notary services. A composite key is a list of leaf keys and their contributing weight, and each leaf can be a conventional single key or a composite key. Keys contribute their weight to the total if they are matched by the signature.

CompositeKeyFactory

class CompositeKeyFactory : KeyFactorySpi

Factory for generating composite keys from ASN.1 format key specifications. This is used by CordaSecurityProvider.

CompositeSignature

class CompositeSignature : Signature

Dedicated class for storing a set of signatures that comprise CompositeKey.

CompositeSignaturesWithKeys

data class CompositeSignaturesWithKeys

Custom class for holding signature data. This exists for later extension work to provide a standardised cross-platform serialization format.

CordaObjectIdentifier

object CordaObjectIdentifier

CordaSecurityProvider

class CordaSecurityProvider : Provider

Crypto

object Crypto

This object controls and provides the available and supported signature schemes for Corda. Any implemented SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:

DigitalSignature

open class DigitalSignature : OpaqueBytes

A wrapper around a digital signature.

MerkleTree

sealed class MerkleTree

Creation and verification of a Merkle tree for a WireTransaction.

NullKeys

object NullKeys

PartialMerkleTree

class PartialMerkleTree

Building and verification of Partial Merkle Tree. Partial Merkle Tree is a minimal tree needed to check that a given set of leaves belongs to a full Merkle Tree.

SecureHash

sealed class SecureHash : OpaqueBytes

Container for a cryptographically secure hash value. Provides utilities for generating a cryptographic hash using different algorithms (currently only SHA-256 supported).

SignableData

data class SignableData

A SignableData object is the packet actually signed. It works as a wrapper over transaction id and signature metadata.

SignatureMetadata

data class SignatureMetadata

SignatureMeta is required to add extra meta-data to a transaction's signature. It currently supports platformVersion only, but it can be extended to support a universal digital signature model enabling partial signatures and attaching extra information, such as a user's timestamp or other application-specific fields.

SignatureScheme

data class SignatureScheme

This class is used to define a digital signature scheme.

SignedData

open class SignedData<T : Any>

A serialized piece of data and its signature. Enforces signature validity in order to deserialize the data contained within.

TransactionSignature

class TransactionSignature : DigitalSignature

A wrapper over the signature output accompanied by signer's public key and signature metadata. This is similar to DigitalSignature.WithKey, but targeted to DLT transaction signatures.

Exceptions

MerkleTreeException

class MerkleTreeException : CordaException

Extensions for External Classes

java.security.KeyPair

java.security.PrivateKey

java.security.PublicKey

kotlin.ByteArray

kotlin.collections.Iterable

Functions

componentHash

fun componentHash(opaqueBytes: OpaqueBytes, privacySalt: PrivacySalt, componentGroupIndex: Int, internalIndex: Int): SecureHash

Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is calculated using the SHA256d algorithm, thus SHA256(SHA256(nonce || serializedComponent)), where nonce is computed from computeNonce.

fun componentHash(nonce: SecureHash, opaqueBytes: OpaqueBytes): SecureHash

Return the SHA256(SHA256(nonce || serializedComponent)).

computeNonce

fun computeNonce(privacySalt: PrivacySalt, groupIndex: Int, internalIndex: Int): SHA256

Method to compute a nonce based on privacySalt, component group index and component internal index. SHA256d (double SHA256) is used to prevent length extension attacks.

entropyToKeyPair

fun entropyToKeyPair(entropy: BigInteger): KeyPair

Returns a key pair derived from the given private key entropy. This is useful for unit tests and other cases where you want hard-coded private keys. This currently works for the default signature scheme EdDSA ed25519 only.

generateKeyPair

fun generateKeyPair(): KeyPair

A simple wrapper that will make it easier to swap out the EC algorithm we use in future.

newSecureRandom

fun newSecureRandom(): SecureRandom

Get an instance of SecureRandom to avoid blocking, due to waiting for additional entropy, when possible. In this version, the NativePRNGNonBlocking is exclusively used on Linux OS to utilize dev/urandom because in high traffic /dev/random may wait for a certain amount of "noise" to be generated on the host machine before returning a result.

random63BitValue

fun random63BitValue(): Long

Returns a random positive non-zero long generated using a secure RNG. This function sacrifies a bit of entropy in order to avoid potential bugs where the value is used in a context where negative numbers or zero are not expected.

secureRandomBytes

fun secureRandomBytes(numOfBytes: Int): ByteArray

Generate a securely random ByteArray of requested number of bytes. Usually used for seeds, nonces and keys.

serializedHash

fun <T : Any> serializedHash(x: T): SecureHash

Serialise the object and return the hash of the serialized bytes.

sha256

fun OpaqueBytes.sha256(): SHA256