Denxi Reference
On this page:
notary
make-notary
lazy-notary
make-fraudulent-notary
notarize
8.12
  top  contents    up  next → 

36 Notaries🔗ℹ

 (require denxi/notary) package: denxi

struct

(struct notary (chf
    public-key-source
    private-key-path
    private-key-password-path))
  chf : symbol?
  public-key-source : (or/c #f source-variant?)
  private-key-path : (or/c #f path-string?)
  private-key-password-path : (or/c #f path-string?)
A notary is an instance of notary. Notaries attach integrity information and a private party’s signature to artifacts.

Unlike many other abstractions in Denxi, notaries depend on secrets to perform complete work. Those secrets must be available on the file system.

procedure

(make-notary 
  [#:chf chf 
  #:public-key-source public-key-source 
  #:private-key-path private-key-path 
  #:private-key-password-path private-key-password-path]) 
  notary?
  chf : symbol? = (get-default-chf)
  public-key-source : (or/c #f path-string?) = #f
  private-key-path : (or/c #f path-string?) = #f
  private-key-password-path : (or/c #f path-string?) = #f
Returns a new notary, with contract enforcement and default values for fields.

value

lazy-notary : notary?

A notary that only creates integrity information using (get-default-chf).

procedure

(make-fraudulent-notary [chf-name])  notary?

  chf-name : symbol? = (get-default-chf)
A notary that creates complete artifacts using the implementation of the named cryptographic hash functions, and the denxi/signature/snake-oil keypair. (notarize (make-fraudulent-notary chf-name) trusted-content) values are implicitly compromised for all values of trusted-content and chf-name.

Use only for prototyping signature verification.

procedure

(notarize the-notary trusted-content)  (subprogram/c artifact?)

  the-notary : notary?
  trusted-content : (or/c artifact? source-variant?)
Returns a subprogram that computes a new artifact in terms of the source accessible through trusted-content.

The output artifact’s data will be in parity with the information available in the-notary: If there is no defined CHF, then the output artifact will lack integrity and signature information. If the notary lacks a complete keypair, then the output artifact will lack signature information. The output artifact only shares the primary content source accessible from trusted-content, and will not validate or use input integrity/signature information.

trusted-content is, as the name implies, assumed to be trusted by the caller. No safety limits will be in place when drawing bytes from its source to compute a digest.

If integrity information I is in the output artifact, then (integrity-chf-symbol I) is eq? to (notary-chf the-notary). (integrity-digest I) is the digest computed using trusted-content.

If signature information S is in the output artifact, then (signature-public-key S) is eq? to (notary-public-key-source the-notary). (signature-body S) is a signature computed using (integrity-digest I).

  top  contents    up  next →