Administrators and Key Users
Administrator
An Admin User can be used to make changes to the system (see below), but is not allowed to create or use keys.
adminClient, err := tsm.NewPasswordClientFromCredentials(adminCreds)
if err != nil {
panic(err)
}
For the examples below, the adminClient refers to the code above.
usersClient = tsm.NewUsersClient(adminClient)
userCreds, err := usersClient.CreatePasswordUser("user", "")
err := adminClient.AuthenticatedPing(0) // node index as parameter, only nodes controlled by this SDK
err = adminClient.Pause()
// Now key generation and reshare is not allowed
// but these are operations are backup safe and can be performed (using ECDSA as example)
// ecdsaClient.PublicKey(keyID, nil)
// ecdsaClient.Sign(keyID, nil, messageHash[:])
// ecdsaClient.PresigGen(keyID, 10)
// ecdsaClient.PartialSignWithPresig(keyID, "", nil, messageHash[:])
err = admClient.Resume()
// Key generation and reshare allowed
usersClient := tsm.NewUsersClient(adminClient)
newCredentials, err := usersClient.ResetPassword(credentials.UserID)
usersClient := tsm.NewUsersClient(adminClient)
err := usersClient.Disable(credentials.UserID)
// User is not allowed to perform operations, but is not deleted
err = usersClient.Enable(credentials.UserID)
// User can perform operations
Key User
A Key User (or Password User) is used to create keys, and to use these keys for signing. Keys are locked to the Key User who created the key.
client, err := tsm.NewPasswordClientFromCredentials(userCreds)
if err != nil {
panic(err)
}
For the examples below, the client refers to the code above.
ecdsaClient := tsm.NewECDSAClient(client)
curveName := "secp256k1"
keyID, err := ecdsaClient.Keygen(curveName)
Updated about 1 year ago