bsnutil

func BSNFromTransportToken ¶

func BSNFromTransportToken(token string) (string, error)

BSNFromTransportToken extracts the original BSN from a transport token. This reverses the XOR transformation applied in CreateTransportToken.

Parameters:

• token: The transport token in format "token-{audience}-{transformedBSN}-{nonce}"

Returns the original BSN or an error if the token format is invalid.

func CreateTransportToken ¶

func CreateTransportToken(bsn string, audience string) (string, error)

CreateTransportToken creates a transport token from BSN and audience using simple XOR transformation. Each transport token is unique (includes random nonce) but contains the same encrypted BSN. This ensures transport tokens cannot be tracked while the NVI can always generate the same pseudonym.

Parameters:

• bsn: The social security number or other identifier (as string to preserve format)
• audience: The identifier for the organization/audience receiving the token

Returns a transport token in format: "token-{audience}-{transformedBSN}-{nonce}"

func PseudonymToTransportToken ¶

func PseudonymToTransportToken(pseudonym string, audience string) (string, error)

TODO: Remove this later - this logic will be implemented in a HAPI Interceptor at the NVI - only here to prove the concept PseudonymToTransportToken converts a pseudonym back to transport token format. This reverses the TransportTokenToPseudonym transformation.

func TransportTokenToPseudonym ¶

func TransportTokenToPseudonym(token string) (string, error)

TODO: Remove this later - this logic will be implemented in a HAPI Interceptor at the NVI - only here to prove the concept TransportTokenToPseudonym converts a transport token to a pseudonym format. This extracts the core BSN information and creates a consistent pseudonym (ignoring nonce). NOTE: The pseudonym uses the token's audience because the transformedBSN is encrypted with that audience's key.