Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Solution: client has to unlock the wallet before calling any wallet interface APIs and lock the wallet back when done. Wallet will also auto lock if unused for certain amount of time (token expiry).
This leads to introduction of 2 more APIs given below: 

  • Open wallet: accepts user `secret/token` used to create profile, creates kms instance, keeps it in cache (with expiry) and returns a token which can be used for any subsequent operations.
    This token will be used by VC wallet to fetch kms instance from cache and also will be used to correlate user profile
    • In case of local KMS,
      • Supply passphrase or secret lock service to 'Open wallet API' to unlock master lock and initialize aries local KMS instance.
      • This KMS instance will be kept in cache till the expiry duration provided by client.
      • This token has to be supplied by client while calling each VC wallet APIs. Once token expires cache gets cleared and kms instance will be destroyed, then client has to unlock it again to get new token and initialize kms instance again.
      • Calling unlock on already unlocked wallet will return error "Profile already unlocked", if client loses/compromises token then he/she has to lock the wallet to destroy kms instance and has to open wallet again to get new token.
    • In case of remote KMS,
      • Supply auth token to unlock the wallet which will initialize aries remote KMS instance. Auth token will be part of remotekms instance's header function which will be remembered for all KMS operation till token expires.
      • This KMS instance will be kept in cache till the expiry duration provided by client.
      • This token has to be supplied by client while calling each VC wallet APIs. Once token expires cache gets cleared and kms instance will be destroyed, then client has to unlock it again to get new token and re-initialize kms instance.
      • Calling unlock on already unlocked wallet will return error "Profile already unlocked", if client loses/compromises token then he/she has to lock the wallet to destroy kms instance and has to open wallet again to get new token.
  • Close wallet: Can be called by user to lock the wallet back, recommended during wallet logout. Wallet will be closed by itself when previously issued token expires. Calling close on already closed wallet will not return any error.