supreme/at.asitplus.signum.supreme.sign/Signer

Signer

interface Signer(source)

Shared interface of all objects that can sign data. Signatures are created using the signatureAlgorithm, and can be verified using publicKey, potentially with a verifierFor this object.

Signers for your platform can be accessed using your platform's SigningProvider.

Ephemeral signers can be obtained using

Signer.Ephemeral {
  /* optional key configuration */
}
Content copied to clipboard

This will generate a throwaway EphemeralKey and return a Signer for it.

Any actual instantiation will have an AlgTrait, which will be either ECDSA or RSA. Instantiations may also be WithAlias, usually because they come from a SigningProvider. They may also be Attestable.

Some signers mayRequireUserUnlock. If needed, they will ask for user interaction when you try to sign data. You can try to authenticate a signer ahead of time using trySetupUninterruptedSigning; but it might do nothing for some Signers. There is never a guarantee that signing is uninterrupted if mayRequireUserUnlock is true.

Inheritors

Types

Link copied to clipboard
sealed interface AlgTrait : Signer

Any Signer instantiation must be ECDSA or RSA

Link copied to clipboard
interface Attestable<AttestationT : Attestation> : Signer

Some Signers might have an attestation of some sort

Link copied to clipboard
object Companion
Link copied to clipboard
interface ECDSA : Signer.AlgTrait

A Signer that signs using ECDSA.

Link copied to clipboard
interface RSA : Signer.AlgTrait

A Signer that signs using RSA.

Link copied to clipboard
interface WithAlias : Signer

Some Signers are retrieved from a signing provider, such as a key store, and have a string alias.

Properties

Link copied to clipboard
val Signer.jcaPrivateKey: PrivateKey?

The underlying JCA PrivateKey object.

val Signer.jcaPrivateKey: PrivateKey?

The underlying JCA PrivateKey object.

Link copied to clipboard
open val mayRequireUserUnlock: Boolean

Whether the signer may ask for user interaction when sign is called

Link copied to clipboard
abstract val publicKey: CryptoPublicKey
Link copied to clipboard
val Signer.secKeyRef: AutofreeVariable<SecKeyRef>?

The underlying SecKeyRef referencing the signer's private key. ⚠️ If returned from a keychain signer, must be used immediately. Do not store long term. ⚠️

Link copied to clipboard

Functions

Link copied to clipboard
fun Signer.makePlatformVerifier(configure: ConfigurePlatformVerifier = null): KmmResult<Verifier>

Gets a platform verifier for signatures generated by this Signer.

Link copied to clipboard
fun Signer.makeVerifier(configure: ConfigurePlatformVerifier = null): KmmResult<Verifier>

Get a verifier for signatures generated by this Signer.

Link copied to clipboard
abstract suspend fun sign(data: SignatureInput): SignatureResult<*>

Signs data. Might ask for user confirmation first if this Signer.

open suspend fun sign(data: ByteArray): SignatureResult<*>
open suspend fun sign(data: Sequence<ByteArray>): SignatureResult<*>
Link copied to clipboard
suspend fun Signer.sign(tbsCertificate: TbsCertificate): KmmResult<X509Certificate>

Shorthand helper to create an X509Certificate by signing tbsCertificate

suspend fun Signer.sign(tbsCsr: TbsCertificationRequest): KmmResult<Pkcs10CertificationRequest>

Shorthand helper to create a Pkcs10CertificationRequest by signing tbsCsr

Link copied to clipboard
open suspend fun trySetupUninterruptedSigning(): KmmResult<Unit>

Try to ensure that the Signer is ready to immediately sign data, on a best-effort basis. For example, if user authorization allows signing for a given timeframe, this will prompts for authorization now.