cvc

package module

v0.1.30 Latest Latest Go to latest Published: May 6, 2026 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/MyNextID/cvc-go

Links

Open Source Insights

README ¶

CVC-Go

Go SDK for the CVC (Cryptographic Verification Components) library - providing high-performance cryptographic operations for Go applications.

Overview

CVC-Go is a Go wrapper around the CVC C library, offering:

JWT/JOSE Operations: Complete JWT encoding, decoding, and verification
Elliptic Curve Cryptography: Support for Ed25519, NIST P-256, and other curves
Digital Signatures: EdDSA and ECDSA signature operations
Key Management: Key pair generation and validation
Cross-Platform: Pre-compiled static libraries for all major platforms

Built on battle-tested cryptographic foundations:

MIRACL Core for elliptic curve operations
l8w8jwt for JWT/JOSE functionality

Installation

go get github.com/MyNextID/cvc-go

No additional setup required! The SDK includes pre-compiled static libraries for:

macOS: arm64, x86_64
Linux: x86_64, aarch64
Windows: x86_64

Quick Start

package main

import (
    "fmt"
    "github.com/MyNextID/cvc-go"
)

func main() {
    // Test the library integration
    result := cvc.CVCHelloWorld()
    fmt.Printf("CVC Library: %s\n", result)
    
    // Test cryptographic operations
    if cvc.CVCTestMiraclBigAdd() {
        fmt.Println("✅ Cryptographic functions working correctly")
    }
}

Documentation

For detailed information about the underlying cryptographic implementations and algorithms:

CVC C Library: https://github.com/MyNextID/cvc
MIRACL Core: https://github.com/miracl/core
l8w8jwt: https://github.com/GlitchedPolygons/l8w8jwt

Platform Support

Platform	Architecture	Status
macOS	arm64	✅
Linux	x86_64	✅
Linux	aarch64	✅
Windows	x86_64	✅

Requirements

Go: 1.24.2 or later
CGO: Enabled (default)
Platform: One of the supported platforms above

Releasing

Use the provided release script to create new versions:

./release.sh v1.0.0

License

MIT License - see LICENSE file for details.

Documentation ¶

Index ¶

func AddPublicKeys(key1, key2 jwk.Key) (jwk.Key, error)
func AddSecretKeys(key1, key2 jwk.Key) (jwk.Key, error)
func DeriveSecretKey(master jwk.Key, context, dst []byte) (jwk.Key, error)
func GenerateSecretKey() (jwk.Key, error)
func IsKeyValid(key jwk.Key) error
type CnfData
type IssuerConfig
type KeyData
type MasterKeyStore
type MessagePack
type ProviderConfig
type SecretKeyData
type UserData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddPublicKeys ¶

func AddPublicKeys(key1, key2 jwk.Key) (jwk.Key, error)

AddPublicKeys adds two ECDSA public keys using elliptic curve point addition

func AddSecretKeys ¶

func AddSecretKeys(key1, key2 jwk.Key) (jwk.Key, error)

AddSecretKeys adds two ECDSA private keys using scalar addition modulo curve order

func DeriveSecretKey ¶

func DeriveSecretKey(master jwk.Key, context, dst []byte) (jwk.Key, error)

DeriveSecretKey derives a secret key from master key material using hash-to-field

func GenerateSecretKey ¶

func GenerateSecretKey() (jwk.Key, error)

GenerateSecretKey generates a cryptographically secure NIST P-256 private key

func IsKeyValid ¶

func IsKeyValid(key jwk.Key) error

IsKeyValid checks if a JWK represents a valid NIST P-256 key

Types ¶

type CnfData ¶ added in v0.1.15

type CnfData struct {
	KeyId string `json:"key_id"`
	Email string `json:"email"`
}

type IssuerConfig ¶

type IssuerConfig struct {
	ProviderURL string
}

func (*IssuerConfig) AddCnfToPayload ¶

func (c *IssuerConfig) AddCnfToPayload(uuid string, vcPayload map[string]interface{}, userMap map[string]*UserData) (map[string]interface{}, *UserData, error)

AddCnfToPayload (F1) generates VC keys and adds confirmation key to the VC payload

func (*IssuerConfig) GeneratePublicKeys ¶

func (c *IssuerConfig) GeneratePublicKeys(hashBytes []byte) (map[string]KeyData, error)

func (*IssuerConfig) GetPublicKeysFromWalletProvider ¶

func (c *IssuerConfig) GetPublicKeysFromWalletProvider(emailMap map[string]string) (map[string]*UserData, error)

GetPublicKeysFromWalletProvider (F0) generates wallet provider public keys for a map of users

func (*IssuerConfig) GetUserDataMap ¶ added in v0.1.15

func (c *IssuerConfig) GetUserDataMap(userDataBytes []byte) (map[string]*UserData, error)

GetUserDataMap takes raw userDataBytes that are usually stored in the database and converts them to correct format that the rest of IssuerConfig methods use.

func (*IssuerConfig) PrepareMessagePack ¶

func (c *IssuerConfig) PrepareMessagePack(signedCredential []byte, uuid string, userMap map[string]*UserData, displayConf, previewDisplayConf []byte, credentialType string) ([]byte, error)

PrepareMessagePack (F2) encrypts the credential with credential public key and encrypts the credential secret key with wallet provider public key. It returns the message pack to be send to the credential recipient email

func (*IssuerConfig) ValidateConfig ¶

func (c *IssuerConfig) ValidateConfig() error

ValidateConfig validates the configuration before use

type KeyData ¶

type KeyData struct {
	KeyID    string `json:"key_id"`
	WpPubkey []byte `json:"wp_pubkey"`
}

type MasterKeyStore ¶

type MasterKeyStore interface {
	GetMasterKey() (jwk.Key, error)
}

MasterKeyStore interface allows users to implement their own key storage

type MessagePack ¶

type MessagePack struct {
	EncVC             []byte `json:"encrypted_vc" msgpack:"encrypted_vc"`                 // encrypted with VcPubKey
	EncVCSecKey       []byte `json:"encrypted_vc_sec_key" msgpack:"encrypted_vc_sec_key"` // encrypted with WpPubKey
	ProviderURL       string `json:"provider_url" msgpack:"provider_url"`                 // so you know which wp to call
	KeyId             string `json:"key_id" msgpack:"key_id"`                             // needed to generate wp secret key
	Salt              []byte `json:"salt" msgpack:"salt"`                                 // needed to generate wp secret key
	Email             string `json:"email" msgpack:"email"`                               // who gets the VC
	DisplayMap        []byte `json:"display_map" msgpack:"display_map"`                   // how VC looks in wallet
	PreviewDisplayMap []byte `json:"preview_display_map" msgpack:"preview_display_map"`   // preview of VC before he adds it to the wallet
	CredentialType    string `json:"credential_type" msgpack:"credential_type"`           // type of the credential, needed for wallet to know how to display it
}

MessagePack defines values that are stored in the message pack binary format

type ProviderConfig ¶

type ProviderConfig struct {
	MasterSecretKey jwk.Key
	Dst             string
}

func (*ProviderConfig) GeneratePublicKeys ¶

func (c *ProviderConfig) GeneratePublicKeys(requestJson []byte) ([]byte, error)

func (*ProviderConfig) GenerateSecretKey ¶ added in v0.1.5

func (c *ProviderConfig) GenerateSecretKey(requestJson []byte, dst string) ([]byte, error)

func (*ProviderConfig) GenerateSinglePublicKey ¶ added in v0.1.14

func (c *ProviderConfig) GenerateSinglePublicKey(requestJson []byte) ([]byte, error)

func (*ProviderConfig) ValidateConfig ¶

func (c *ProviderConfig) ValidateConfig() error

type SecretKeyData ¶ added in v0.1.5

type SecretKeyData struct {
	CnfCode string `json:"cnf_code"`
	KeyId   string `json:"key_id"`
	Salt    []byte `json:"salt"`
	Email   string `json:"email"`
}

type UserData ¶

type UserData struct {
	Email    string
	KeyID    string
	Salt     []byte
	WpPubKey jwk.Key
	VcSecKey jwk.Key
	VcPubKey jwk.Key
}

UserData holds user-specific cryptographic material

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
builder
internal
pkg

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL