Struct cryptoballot::Authenticator

pub struct Authenticator {
    pub id: Uuid,
    pub public_keys: BTreeMap<Uuid, AuthPublicKey>,
}

An Authenticator is responsible for authenticating a voter as allowed to vote a specific ballot in an election.

An authenticator receives the following from a voter:

1. Voter's bonefides (government-id, security-code, password etc).
2. Election ID and Ballot ID
3. blinded auth-package triplet of (election-id, ballot-id, voter-public-key)

The authenticator first checks the election-id and ballot-id against the voter's bonefides (this is implementation specific and out of scope of CryptoBallot). After satisfied that the voter is allowed to vote this election and ballot, the authenticator blind-signs the blinded triplet and returns the signature to the voter who will unblind it.

Before the election, the authenticator will generate a signing keypair for each ballot-id. Having on key per ballot ensures that the blinded triplet matches the correct election and ballot.

WARNING: The secret keys used to sign blinded triplets must NOT be used for any other purpose. Doing so can result in secret key disclosure.

Fields

id: Uuid

public_keys: BTreeMap<Uuid, AuthPublicKey>

Methods

impl Authenticator

pub fn new(
    keysize: usize,
    ballot_ids: &[Uuid]
) -> Result<(Self, HashMap<Uuid, RSAPrivateKey>), Error>

Create a new Authenticator, generating keys for provided ballot-ids.

For good security, keysize should be at least 2048 bits, and ideally 4096 bits.

WARNING: The secret keys generated here must NOT be used for any other purpose. Doing so can result in secret key disclosure.

pub fn authenticate(
    &self,
    secret: &RSAPrivateKey,
    blinded_auth_package: &[u8]
) -> Authentication

Sign the blinded (election-id, ballot-id, voter-public-key) auth-package triplet.

This should only be called after verifying the voter's bonefides (eg government-id, security-code, password etc) and that they are authorized to vote the requested election and ballot.

pub fn verify(
    &self,
    election_id: Identifier,
    ballot_id: Uuid,
    anonymous_key: &PublicKey,
    signature: &[u8]
) -> Result<(), ValidationError>

Verify the authenticator signature

Trait Implementations

impl Clone for Authenticator

fn clone(&self) -> Authenticator

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Authenticator

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Authenticator

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Serialize for Authenticator

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.