示例#1
0
文件: pm.go 项目: logan/heim
func (pm *PM) transmitToAccount(kms security.KMS, pmKey *security.ManagedKey, receiver Account) (*PM, error) {
	userKey := receiver.SystemKey()
	if err := kms.DecryptKey(&userKey); err != nil {
		return nil, err
	}

	encryptedReceiverKey := pmKey.Clone()
	encryptedReceiverKey.IV = pm.IV
	if err := encryptedReceiverKey.Encrypt(&userKey); err != nil {
		return nil, err
	}

	pm.EncryptedReceiverKey = &encryptedReceiverKey
	return pm, nil
}
示例#2
0
文件: agent.go 项目: logan/heim
func (a *Agent) SetClientKey(accessKey, clientKey *security.ManagedKey) error {
	if accessKey.Encrypted() || clientKey.Encrypted() {
		return security.ErrKeyMustBeDecrypted
	}

	if !a.verify(accessKey) {
		return ErrAccessDenied
	}

	encryptedClientKey := clientKey.Clone()
	encryptedClientKey.IV = a.IV
	if err := encryptedClientKey.Encrypt(accessKey); err != nil {
		return err
	}

	a.EncryptedClientKey = &encryptedClientKey
	return nil
}