Traits & External Types

OpenMLS defines a number of traits that have to be implemented in order to use OpenMLS. The main goal is to allow OpenMLS to use different implementations for its cryptographic primitives, persistence and random number generation. This should make it possible to plug in anything from WebCrypto to secure enclaves.

Using the key store

The key store is probably one of the most interesting traits because applications that use OpenMLS will interact with it. See the OpenMlsKeyStore trait description for details but note that the key used to store, read, and delete values in the key store has to be provided as a byte slice.

In the following examples we have a ciphersuite and a backend (OpenMlsCryptoProvider).

    // First we generate a credential and key package for our user.
    let credential_bundle = CredentialBundle::new(
        b"User ID".to_vec(),
        CredentialType::Basic,
        SignatureScheme::from(ciphersuite),
        backend,
    )
    .unwrap();
    let key_package_bundle =
        KeyPackageBundle::new(&[ciphersuite], &credential_bundle, backend, vec![])
            .expect("Error generating new key package bundle.");

    // In order to store something in the key store we need to define an ID.
    // Here we simply take the key package reference.
    let id = key_package_bundle
        .key_package()
        .hash_ref(backend.crypto())
        .expect("Failed to hash KeyPackage.");

    // Now we can store the key_package_bundle.
    backend
        .key_store()
        .store(id.as_slice(), &key_package_bundle)
        .expect("Failed to store key package bundle in keystore.");

In order to delete a value the delete is called with the identifier.

    // Delete the key package bundle.
    backend
        .key_store()
        .delete(id.as_slice())
        .expect("Error deleting key package bundle");

Retrieving a value from the key store is as simple as calling read. In this example we assume that we got a credential where we want to retrieve the credential bundle for, i.e. the private key material.

    // In order to read something from the key store we need to define an ID.
    // Here we simply take the serialized public key of the credential.
    let id = credential
        .signature_key()
        .tls_serialize_detached()
        .expect("Error serializing the credential's public key.");

    let credential_bundle: CredentialBundle = backend
        .key_store()
        .read(&id)
        .expect("Error retrieving the credential bundle");