Core Crypto Context
The CoreCrypto context used within a transaction
Functions
Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
Commits the local pending proposals.
Returns the current epoch of a conversation
Checks if the Client is member of a given conversation and if the MLS Group is loaded up.
Creates a new conversation with the current client being the sole member. You will want to use addMember afterward to add clients to this conversation.
Decrypts a message for a given conversation
Deletes all key packages whose credential does not match the most recently saved x509 credential and the provided signature scheme.
Derives a new key from the group to use with AVS
Disable history sharing by removing history clients from the conversation.
Indicates when to mark a conversation as not verified i.e. when not all its members have a X509. Credential generated by Wire's end-to-end identity enrollment
Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume it later with e2eiEnrollmentStashPop
Fetches the persisted enrollment and deletes it from the keystore
Returns true when end-to-end-identity is enabled for the given Ciphersuite
Returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)
Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ; that means he cannot initialize with a Basic credential
Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI. Once the enrollment is finished, use the instance in e2eiRotateAll to do the rotation.
Creates an enrollment instance with private key material you can use in order to fetch a new x509 certificate from the acme server.
Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential) having to change/rotate their credential, either because the former one is expired or it has been revoked. It lets you change the DisplayName or the handle if you need to. Once the enrollment is finished, use the instance in e2eiRotateAll to do the rotation.
Registers a Root Trust Anchor CA for the use in E2EI processing.
Registers a CRL for the use in E2EI processing.
Registers an Intermediate CA for the use in E2EI processing.
Replaces your leaf containing basic credentials with a leaf node containing x509 credentials in the conversation.
Enable history sharing by generating a history client and adding it to the conversation.
Encrypts a message for a given conversation.
Generates the requested number of KeyPackages ON TOP of the existing ones e.g. if you already have created 100 KeyPackages (default value), requesting 10 will return the 10 oldest. Otherwise, if you request 200, 100 new will be generated. Unless explicitly deleted, KeyPackages are deleted upon processWelcomeMessage
From a given conversation, get the identity of the members supplied. Identity is only present for members with a Certificate Credential (after turning on end-to-end identity).
Returns the raw public key of the single external sender present in this group. This should be used to initialize a subconversation
Get the client's public signature key. To upload to the DS for further backend side validation
From a given conversation, get the identity of the users (device holders) supplied. Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity). If no member has a x509 certificate, it will return an empty Vec.
"Apply" to join a group through its GroupInfo.
Returns all clients from group's members
This is your entrypoint to initialize CoreCrypto with a Basic Credential
Ingest a TLS-serialized MLS welcome message to join an existing MLS group.
Create a session using a prekey
Import all the data stored by Cryptobox, located at path, into the CoreCrypto keystore
Decrypt an incoming message for an existing session
Deletes a session Note: this also deletes the persisted data within the keystore
Checks if a session exists
Encrypt a message for a given session
Create a session and encrypt a message.
Proteus session local fingerprint
Proteus public key fingerprint It's basically the public key encoded as an hex string
Proteus session remote fingerprint
Initialise CoreCrypto to be used with proteus.
Create a new last resort prekey
Creates a number of prekeys starting from the from
index
Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed to do so, otherwise this operation does nothing.
Saves a new X509 credential. Requires first having enrolled a new X509 certificate with either e2eiNewActivationEnrollment or e2eiNewRotateEnrollment
Creates an update commit which forces every client to update their LeafNode in the conversation.
Number of unexpired KeyPackages currently in store
Wipes and destroys the local storage of a given conversation / MLS group.