Using a key with Secret-based

This code documentation outlines the process of creating a cryptographic key and associating a Secret-based access control mechanism. Additionally, it demonstrates how to utilize the Secret-based access control for signing a payload securely.

Typescript
Python
Java
PHP
Golang

import {
  AccessControl,
  AccessControlSecret,
  AuthenticityClient,
  KeyClient,
  KeyProtectionLevel,
  KeyType,
  Managed,
  ManagedKeyParams,
  RecordClient,
  Signer,
} from '@bloock/sdk';

// initialize the Key Client
const keyClient = new KeyClient();
// initialize the Authenticity Client
const authenticityClient = new AuthenticityClient();
// initialize the Record Client
const recordClient = new RecordClient();
// initialize the protection key level
const keyProtection = KeyProtectionLevel.SOFTWARE;

// Generate a Rsa2048 key
const keyType = KeyType.Rsa2048;
const _key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

const secret = 'your secret';
const email = 'recovery@bloock.com'; // your email to recover your access control

// Create a Secret-Based access control for the created key
await keyClient.setupSecretAccessControl(new Managed(_key), secret, email);

const record = await recordClient.fromString('Hello world').build();

// How to sign using the Secret-Based access control
const accessCode = new AccessControlSecret(secret);
await authenticityClient.sign(
  record,
  new Signer(_key, undefined, new AccessControl(accessCode))
);

from bloock.client.record import RecordClient
from bloock.client.key import KeyClient
from bloock.client.authenticity import AuthenticityClient
from bloock.entity.key.key_protection_level import KeyProtectionLevel
from bloock.entity.key.managed_key_params import ManagedKeyParams
from bloock.entity.key.key_type import KeyType
from bloock.entity.key.managed import Managed
from bloock.entity.key.access_control_secret import AccessControlSecret
from bloock.entity.authenticity.signer import Signer

# initialize the Key Client
key_client = KeyClient()
# initialize the Authenticity Client
authenticity_client = AuthenticityClient()
# initialize the Record Client
record_client = RecordClient()
# initialize the protection key level
protection = KeyProtectionLevel.SOFTWARE

# Generate a Rsa2048 key
key_type = KeyType.Rsa2048
key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

secret = "your secret"
email = "recovery@bloock.com"

# Create a Secret-Based access control for the created key
totp = key_client.setup_secret_access_control(Managed(key), secret, email)

record = record_client.from_string("Hello world").build()

# How to sign using the Secret-Based access control
access_control = AccessControlSecret(secret)
authenticity_client.sign(record, Signer(key, None, access_control))

import com.bloock.sdk.client.AuthenticityClient;
import com.bloock.sdk.client.KeyClient;
import com.bloock.sdk.client.RecordClient;
import com.bloock.sdk.entity.authenticity.Signer;
import com.bloock.sdk.entity.key.AccessControl;
import com.bloock.sdk.entity.key.AccessControlSecret;
import com.bloock.sdk.entity.key.KeyProtectionLevel;
import com.bloock.sdk.entity.key.KeyType;
import com.bloock.sdk.entity.key.Managed;
import com.bloock.sdk.entity.key.ManagedKey;
import com.bloock.sdk.entity.key.ManagedKeyParams;
import com.bloock.sdk.entity.record.Record;

public class NewManagedKeySecretBased {
  public static void main(String[] args) throws Exception {
      // initialize the Key Client
      KeyClient keyClient = new KeyClient();
      // initialize the Authenticity Client
      AuthenticityClient authenticityClient = new AuthenticityClient();
      // initialize the Record Client
      RecordClient recordClient = new RecordClient();
      // initialize the protection key level
      KeyProtectionLevel keyProtectionLevel = KeyProtectionLevel.SOFTWARE;

      // Generate a Rsa2048 key
      KeyType keyType = KeyType.Rsa2048;
      ManagedKey key = keyClient.newManagedKey(new ManagedKeyParams(keyProtectionLevel, keyType));

      String secret = "your secret";
      String email = "recovery@bloock.com";

      // Create a Secret-Based access control for the created key
      keyClient.setupSecretAccessControl(new Managed(key), secret, email);

      Record record = recordClient.fromString("Hello world").build();

      // How to sign using the Secret-Based access control
      AccessControlSecret accessControl = new AccessControlSecret(secret);
      authenticityClient.sign(record, new Signer(key, null, new AccessControl(accessControl)));
  }
}

<?php

use Bloock\Client\AuthenticityClient;
use Bloock\Client\KeyClient;
use Bloock\Client\RecordClient;
use Bloock\Entity\Authenticity\Signer;
use Bloock\Entity\Key\AccessControl;
use Bloock\Entity\Key\AccessControlSecret;
use Bloock\Entity\Key\KeyProtectionLevel;
use Bloock\Entity\Key\KeyType;
use Bloock\Entity\Key\Managed;
use Bloock\Entity\Key\ManagedKeyParams;

require 'vendor/autoload.php';

// initialize the Key Client
$keyClient = new KeyClient();
// initialize the Authenticity Client
$authenticityClient = new AuthenticityClient();
// initialize the Record Client
$recordClient = new RecordClient();
// initialize the protection key level
$keyProtection = KeyProtectionLevel::SOFTWARE;

// Generate a Rsa2048 key
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, KeyType::Rsa2048));

$secret = "yout secret";
$email = "recovery@bloock.com";

// Create a Secret-Based access control for the created key
$keyClient->setupSecretAccessControl(new Managed($key), $secret, $email);

$record = $recordClient->fromString("Hello world")->build();

// How to sign using the Secret-Based access control
$accessControl = new AccessControlSecret($secret);
$authenticityClient->sign($record, new Signer($key, null, new AccessControl($accessControl)));

package main

import (
	"log"

	"github.com/bloock/bloock-sdk-go/v2/client"
	"github.com/bloock/bloock-sdk-go/v2/entity/authenticity"
	"github.com/bloock/bloock-sdk-go/v2/entity/key"
)

func main() {
	// initialize the Key Client
	keyClient := client.NewKeyClient()
	// initialize the Authenticity Client
	authenticityClient := client.NewAuthenticityClient()
	// initialize the Record Client
	recordClient := client.NewRecordClient()
	// initialize the protection key level
	keyProtection := key.KEY_PROTECTION_SOFTWARE

	// Generate a Rsa2048 key
	keyType := key.Rsa2048
	_key, err := keyClient.NewManagedKey(key.ManagedKeyParams{
		KeyType:    keyType,
		Protection: keyProtection,
	})
	if err != nil {
		log.Fatalln(err)
	}

	secret := "your secret"
	email := "recovery@bloock.com"

	// Create a Secret-Based access control for the created key
	err = keyClient.SetupSecretAccessControl(key.Managed{ManagedKey: &_key}, secret, email)
	if err != nil {
		log.Fatalln(err)
	}

	record, err := recordClient.FromString("Hello world").Build()
	if err != nil {
		log.Fatalln(err)
	}

	// How to sign using the Secret-Based access control
	accessControl := key.NewAccessControlSecret(secret)
	_, err = authenticityClient.Sign(record, authenticity.NewSignerWithManagedKey(_key, nil, &key.AccessControl{AccessControlSecret: accessControl}))
	if err != nil {
		log.Fatalln(err)
	}
}

Core SDK

Tools

Using a key with Secret-based