1.2. Keyserver

The keyserver is trusted storage for public cryptography keys.

It provides a hash map interface (i.e. key-value store interface) between string identifiers (arbitrary strings) and public cryptography keys for the purpose of Asymmetric Encryption or for verification of Digital Signatures. Clients can add immutable entries to the keyserver, then later query the keyserver for the public key associated with a particular identifier.

The keyserver performs no access control, and thus any entry in the keyserver is globally readable and accessible to all users.

Since keyserver entries are immutable, other users (or the adversary) cannot overwrite any entry that another user has added to the keyserver.

You are only permitted to use the keyserver to store an \(O(1)\) number of public cryptography keys per user. That is, each user is only allowed to publish a fixed amount of public keys (and so the number of public keys published by a user should not depend on the number of files stored, the length of a file, the number of shared users on a file, etc.).

Tip

Make sure you follow proper key management principles, even with your public keys: one key per purpose.

keyserver.Set(identifier: str, value: AsymmetricEncryptKey | SignatureVerifyKey)

Stores the public cryptographic key value at the given lookup identifier on the keyserver.

Raises an error if identifier already has an associated key on the keyserver.

Parameters:

• identifier (str) – Unique identifier used to index the public key value in the keyserver

• value (Union[AsymmetricEncryptKey, SignatureVerifyKey]) – A public key, used for Asymmetric Encryption or Digital Signatures, to store in the keyserver

Returns:

nothing

Raises:

ValueError – if identifier already has an associated public key in the keyserver, or if value is not a valid public cryptography key

Important

keyserver.Set’s function signature requires that value is a public cryptographic key; specifically, either an instance of a AsymmetricEncryptKey or a SignatureVerifyKey. Thus, the keyserver cannot store any anything that is not a public cryptography key.

Any attempts to bypass the intent of the keyserver to only store public cryptography keys (or, in general, to circumvent the keyserver to store other, non-public-key information) or to store a non-constant number of public keys per user will be flagged by the autograder and your implementation will be given a zero.

keyserver.Get(identifier: str) → AsymmetricEncryptKey | SignatureVerifyKey

Returns the public key stored at the given lookup identifier on the keyserver.

Raises an error if no public key exists at the given lookup identifier on the dataserver.

Parameters:

key (str) – The unique identifier used to lookup a public key in the keyserver

Returns:

The public key associated with identifier

Return type:

Union[AsymmetricEncryptKey, SignatureVerifyKey]

Raises:

ValueError – if identifier does not exist in the keyserver

Note

The Union[AsymmetricEncryptKey, SignatureVerifyKey] type declaration means that the typed value may be either of type AsymmetricEncryptKey or SignatureVerifyKey. See typing.Union for more information.