36 Notaries
(require denxi/notary) | package: denxi |
struct
(struct notary ( chf public-key-source private-key-path private-key-password-path)) chf : symbol? public-key-source : (or/c #f source-variant?) private-key-path : (or/c #f path-string?) private-key-password-path : (or/c #f path-string?)
Unlike many other abstractions in Denxi, notaries depend on secrets to perform complete work. Those secrets must be available on the file system.
procedure
(make-notary [ #:chf chf #:public-key-source public-key-source #:private-key-path private-key-path #:private-key-password-path private-key-password-path]) → notary? chf : symbol? = (get-default-chf) public-key-source : (or/c #f path-string?) = #f private-key-path : (or/c #f path-string?) = #f private-key-password-path : (or/c #f path-string?) = #f
value
procedure
(make-fraudulent-notary [chf-name]) → notary?
chf-name : symbol? = (get-default-chf)
Use only for prototyping signature verification.
procedure
(notarize the-notary trusted-content) → (subprogram/c artifact?)
the-notary : notary? trusted-content : (or/c artifact? source-variant?)
The output artifact’s data will be in parity with the information available in the-notary: If there is no defined CHF, then the output artifact will lack integrity and signature information. If the notary lacks a complete keypair, then the output artifact will lack signature information. The output artifact only shares the primary content source accessible from trusted-content, and will not validate or use input integrity/signature information.
trusted-content is, as the name implies, assumed to be trusted by the caller. No safety limits will be in place when drawing bytes from its source to compute a digest.
If integrity information I is in the output artifact, then (integrity-chf-symbol I) is eq? to (notary-chf the-notary). (integrity-digest I) is the digest computed using trusted-content.
If signature information S is in the output artifact, then (signature-public-key S) is eq? to (notary-public-key-source the-notary). (signature-body S) is a signature computed using (integrity-digest I).