bailey.keys.server

Liking cljdoc? Tell your friends :D

Clojure only.

decrypt
decrypt-backup
encrypt
init!
load-backup-public-key
load-keychain!!
recover-keychain-file
rotate-server-keys!

decrypt^clj

(decrypt encrypted-bytes)

decypt ciphertext made using encrypt-sym

decypt ciphertext made using `encrypt-sym`

source raw docstring

decrypt-backup^clj

(decrypt-backup {:keys [encrypted-bytes backup-full-keychain]})

Decodes an encrypted ciphertext using the OFFLINE full backup key.

Decodes an encrypted ciphertext using the OFFLINE full backup key.

source raw docstring

encrypt^clj

(encrypt secret-data & {:keys [include-backup?]})

Encrypt data using the loaded server keychain.

Note: This data is implicitly recoverable via the backup key because the keychain itself is recoverable.

If include-backup? is truthy, also perform asymmetric encryption using the backup key. This adds overhead, but guarantees the data can be decrypted even if BOTH the password AND the server keychain are lost.

Encrypt data using the loaded server keychain.

Note: This data is implicitly recoverable via the backup key
because the keychain itself is recoverable.

If `include-backup?` is truthy, also perform asymmetric encryption
using the backup key.  This adds overhead, but guarantees the data
can be decrypted even if BOTH the password AND the server keychain
are lost.

source raw docstring

init!^clj

(init! {:keys [secrets-dir read-server-password!!]})

Initialize server encryption keys. Should be called on server startup

Initialize server encryption keys.  Should be called on server startup

source raw docstring

load-backup-public-key^clj

(load-backup-public-key)

Loads the baked-in public key from the Uberjar classpath.

Loads the baked-in public key from the Uberjar classpath.

source raw docstring

load-keychain!!^clj

(load-keychain!! read-server-password!!)

source

recover-keychain-file^clj

(recover-keychain-file path-to-encrypted-keychain
                       path-to-offline-backup-keychain
                       backup-password)

Decodes an encrypted keychain file using the OFFLINE full backup key. Returns the usable server keychain.

Decodes an encrypted keychain file using the OFFLINE full backup key.
Returns the usable server keychain.

source raw docstring

rotate-server-keys!^clj

(rotate-server-keys! read-server-password!!)

Generates a fresh symmetric key, promotes it to primary, and demotes existing keys. Updates the encrypted file on disk and the running in-memory atom.

Requires the TPM password to re-encrypt the updated keychain file.

Generates a fresh symmetric key, promotes it to primary, and demotes existing keys.
Updates the encrypted file on disk and the running in-memory atom.

Requires the TPM password to re-encrypt the updated keychain file.

source raw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close