func (pm *PM) transmitToAccount(kms security.KMS, pmKey *security.ManagedKey, receiver Account) (*PM, error) {
userKey := receiver.SystemKey()
if err := kms.DecryptKey(&userKey); err != nil {
return nil, err
}
encryptedReceiverKey := pmKey.Clone()
encryptedReceiverKey.IV = pm.IV
if err := encryptedReceiverKey.Encrypt(&userKey); err != nil {
return nil, err
}
pm.EncryptedReceiverKey = &encryptedReceiverKey
return pm, nil
}
func (a *Agent) SetClientKey(accessKey, clientKey *security.ManagedKey) error {
if accessKey.Encrypted() || clientKey.Encrypted() {
return security.ErrKeyMustBeDecrypted
}
if !a.verify(accessKey) {
return ErrAccessDenied
}
encryptedClientKey := clientKey.Clone()
encryptedClientKey.IV = a.IV
if err := encryptedClientKey.Encrypt(accessKey); err != nil {
return err
}
a.EncryptedClientKey = &encryptedClientKey
return nil
}