CoreCryptoContext

Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.

Commits the local pending proposals.

Returns the current epoch of a conversation

Checks if the Client is member of a given conversation and if the MLS Group is loaded up.

Creates a new conversation with the current client being the sole member. You will want to use addMember afterward to add clients to this conversation.

Decrypts a message for a given conversation

Deletes all key packages whose credential does not match the most recently saved x509 credential and the provided signature scheme.

Derives a new key from the group to use with AVS

Disable history sharing by removing history clients from the conversation.

Indicates when to mark a conversation as not verified i.e. when not all its members have a X509. Credential generated by Wire's end-to-end identity enrollment

Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume it later with e2eiEnrollmentStashPop

Fetches the persisted enrollment and deletes it from the keystore

Returns true when end-to-end-identity is enabled for the given Ciphersuite

Returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)

Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ; that means he cannot initialize with a Basic credential

Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI. Once the enrollment is finished, use the instance in e2eiRotateAll to do the rotation.

Creates an enrollment instance with private key material you can use in order to fetch a new x509 certificate from the acme server.

Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential) having to change/rotate their credential, either because the former one is expired or it has been revoked. It lets you change the DisplayName or the handle if you need to. Once the enrollment is finished, use the instance in e2eiRotateAll to do the rotation.

Registers a Root Trust Anchor CA for the use in E2EI processing.

Registers a CRL for the use in E2EI processing.

Registers an Intermediate CA for the use in E2EI processing.

Replaces your leaf containing basic credentials with a leaf node containing x509 credentials in the conversation.

Enable history sharing by generating a history client and adding it to the conversation.

Encrypts a message for a given conversation.

Generates the requested number of KeyPackages ON TOP of the existing ones e.g. if you already have created 100 KeyPackages (default value), requesting 10 will return the 10 oldest. Otherwise, if you request 200, 100 new will be generated. Unless explicitly deleted, KeyPackages are deleted upon processWelcomeMessage

Get the data that has previously been set by setData, or null if no data has been set. This is meant to be used as a check point at the end of a transaction.

From a given conversation, get the identity of the members supplied. Identity is only present for members with a Certificate Credential (after turning on end-to-end identity).

Returns the raw public key of the single external sender present in this group. This should be used to initialize a subconversation

Get the client's public signature key. To upload to the DS for further backend side validation

From a given conversation, get the identity of the users (device holders) supplied. Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity). If no member has a x509 certificate, it will return an empty Vec.

"Apply" to join a group through its GroupInfo.

Returns all clients from group's members

This is your entrypoint to initialize CoreCrypto with a Basic Credential

Ingest a TLS-serialized MLS welcome message to join an existing MLS group.

Create a session using a prekey

Import all the data stored by Cryptobox, located at path, into the CoreCrypto keystore

Decrypt an incoming message for an existing session

Deletes a session Note: this also deletes the persisted data within the keystore

Checks if a session exists

Encrypt a message for a given session

Batch encryption for proteus messages This is used to minimize FFI roundtrips when used in the context of a multi-client session (i.e. conversation)

Create a session and encrypt a message.

Proteus session local fingerprint

Proteus public key fingerprint It's basically the public key encoded as an hex string

Proteus session remote fingerprint

Initialise CoreCrypto to be used with proteus.

Create a new last resort prekey

Creates a number of prekeys starting from the from index

Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed to do so, otherwise this operation does nothing.

Saves a new X509 credential. Requires first having enrolled a new X509 certificate with either e2eiNewActivationEnrollment or e2eiNewRotateEnrollment

Set arbitrary data to be retrieved by getData. This is meant to be used as a check point at the end of a transaction. The data should be limited to a reasonable size.

Creates an update commit which forces every client to update their LeafNode in the conversation.

Number of unexpired KeyPackages currently in store

Wipes and destroys the local storage of a given conversation / MLS group.