Client

public final class Client

Main E3db class to handle data operations.

  • Generate encrypted access key for offline encryption operations. EAKInfo objects are safe to store in insecure storage as they are encrypted with the current client’s private key. This method will store the key with E3db for later access.

    See also

    getReaderKey(writerId:userId:type:completion:) for geting keys from E3db.

    Declaration

    Swift

    public func createWriterKey(type: String, completion: @escaping E3dbCompletion<EAKInfo>)

    Parameters

    type

    The kind of data that will be encrypted with this key
    completion

    A handler to call when this operation completes to provide the EAKInfo result

  • Get the encrypted access key for offline encryption operations. The EAKInfo object must have been created beforehand, and shared with this client.

    See also

    createWriterKey(type:completion:) for sending keys to E3db.

    Declaration

    Swift

    public func getReaderKey(writerId: UUID, userId: UUID, type: String, completion: @escaping E3dbCompletion<EAKInfo>)

    Parameters

    writerId

    The client ID of the writer of an encrypted document.
    userId

    The client ID of the user for which an encrypted document was created.
    type

    The kind of data that will be encrypted with this key
    completion

    A handler to call when this operation completes to provide the EAKInfo result, or error if not found.

  • Use the client’s private signing key to create a cryptographic signature over the serialized representation of the given document.

    Note

    this does not change the document at all (e.g. the values are not encrypted).

    Throws

    E3dbError.cryptoError if the operation failed

    Declaration

    Swift

    public func sign<T: Signable>(document: T) throws -> SignedDocument<T>

    Parameters

    document

    A data type that conforms to the Signable protocol

    Return Value

    A wrapper object around a given data type and its cryptographic signature

  • Verify message authenticity. Confirm that the signature for the SignedDocument was created by the client identified by the given public key, for the document provided.

    Throws

    E3dbError.cryptoError if the operation failed

    Declaration

    Swift

    public func verify<T>(signed: SignedDocument<T>, pubSigKey: String) throws -> Bool

    Parameters

    signed

    A wrapper object around a given data type and its cryptographic signature
    pubSigKey

    The public portion of the key used to create the signature in the signed document

    Return Value

    Whether the document was signed by the creator of the given public key

  • Create a document to hold data signed for authenticicy and encrypted for confidentiality. The resulting document also holds info related to the author, type of data, and any additional metadata kept in cleartext.

    Throws

    E3dbError.cryptoError if the operation failed

    Declaration

    Swift

    public func encrypt(type: String, data: RecordData, eakInfo: EAKInfo, plain: PlainMeta? = nil) throws -> EncryptedDocument

    Parameters

    type

    The kind of data this document represents
    data

    The cleartext data to be encrypted
    eakInfo

    The encrypted access key information used for the encryption operation
    plain

    Additional metadata to be included – remains unencrypted.

    Return Value

    Data type to hold encrypted data and related info

  • Create a document to hold the original plaintext data from the given encrypted format. The resulting document also holds info related to the author, type of data, and any additional metadata kept in cleartext. The input document is also verified for authenticiy with the given public signing key, and throws an error if verification fails.

    Throws

    E3dbError.cryptoError if the decrypt operation fails, or if the document fails verification

    Declaration

    Swift

    public func decrypt(encryptedDoc: EncryptedDocument, eakInfo: EAKInfo) throws -> DecryptedDocument

    Parameters

    encryptedDoc

    Data type to hold encrypted data and related info
    eakInfo

    The encrypted access key information used for the decryption operation

    Return Value

    Data type to hold the unencrypted data and related info

  • Search for records that match a given set of filters.

    Note

    If the include_data flag is not set in the given QueryParams, the record results will contain empty RecordData values.

    Declaration

    Swift

    public func query(params: QueryParams, completion: @escaping E3dbCompletion<QueryResponse>)

    Parameters

    params

    A structure to specify a set of filters for matching records
    completion

    A handler to call when this operation completes to provide the results of the query

  • Write a record to the E3db service. This will encrypt the RecordData fields (leaving the keys as plaintext) then send to E3db for storage. The Record in the response will contain the unencrypted values and additional metadata associated with the record.

    Declaration

    Swift

    public func write(type: String, data: RecordData, plain: PlainMeta? = nil, completion: @escaping E3dbCompletion<Record>)

    Parameters

    type

    The kind of data this record represents
    data

    The unencrypted values for the record
    plain

    A user-defined, key-value store associated with the record that remains as plaintext
    completion

    A handler to call when this operation completes to provide the record result

  • Request and decrypt a record from the E3db service.

    Declaration

    Swift

    public func read(recordId: UUID, fields: [String]? = nil, completion: @escaping E3dbCompletion<Record>)

    Parameters

    recordId

    The identifier for the Record to read
    fields

    A list of fields to select from the data, instead of the full record data
    completion

    A handler to call when the operation completes to provide the decrypted record

  • Replace the data and plain metadata for a record identified by its Meta. This will overwrite the existing data and metadata values.

    Declaration

    Swift

    public func update(meta: Meta, newData: RecordData, plain: PlainMeta?, completion: @escaping E3dbCompletion<Record>)

    Parameters

    meta

    The Meta information for the record to update
    newData

    The unencrypted values to encrypt and replace for the record
    plain

    The plaintext key-value store to replace for the record, pass in the existing plain for no changes
    completion

    A handler to call when the operation completes to provide the updated record

  • Remove the record from the E3db service.

    Declaration

    Swift

    public func delete(recordId: UUID, version: String, completion: @escaping E3dbCompletion<Void>)

    Parameters

    recordId

    The identifier for the Record to remove
    version

    The version of the Record to delete
    completion

    A handler to call when the operation completes

  • Provide registration information to the E3db service to create a new client associated with a particular account. The token provided must be generated from Tozny’s Tozny dashboard to register successfully.

    Note

    This registration variant generates the keypair for the client.

    See also

    The register(token:clientName:publicKey:signingKey:urlSession:apiUrl:completion:) variant of this method allows the caller to provide their own public key.

    Declaration

    Swift

    public static func register(token: String, clientName: String, urlSession: URLSession = .shared, apiUrl: String? = nil, completion: @escaping E3dbCompletion<Config>)

    Parameters

    token

    An opaque value associated with an account and generated by the Tozny dashboard
    clientName

    A name to give this client for registration
    urlSession

    The URLSession to use for the client. Defaults to URLSession.shared
    apiUrl

    The base URL for the E3DB service, uses production API URL if none provided here
    completion

    A handler to call when this operation completes to provide a complete Config

  • Provide registration information to the E3db service to create a new client associated with a particular account. The token provided must be generated from Tozny’s Tozny dashboard to register successfully.

    Note

    This registration variant does not generate the keypair for the client.

    See also

    The register(token:clientName:urlSession:apiUrl:completion:) variant of this method generates the keypair for the caller.

    Declaration

    Swift

    public static func register(token: String, clientName: String, publicKey: String, signingKey: String, urlSession: URLSession = .shared, apiUrl: String? = nil, completion: @escaping E3dbCompletion<ClientCredentials>)

    Parameters

    token

    An opaque value associated with an account and generated in the Tozny dashboard
    clientName

    A name to give this client for registration
    publicKey

    The public key to register with the E3db service and use for encryption operations
    signingKey

    The public key to register with the E3db service and use for signing operations
    urlSession

    The URLSession to use for the client. Defaults to URLSession.shared
    apiUrl

    The base URL for the E3DB service, uses production API URL if none provided here
    completion

    A handler to call when this operation completes to provide ClientCredentials used to build a Config object for initializing an E3db Client

  • Write the given file to E3DB. Intended for data from 1MB up to 5GB in size. The contents of the file are encrypted before being uploaded.

    Declaration

    Swift

    public func writeFile(type: String, fileUrl: URL, plain: PlainMeta? = nil, completion: @escaping E3dbCompletion<Meta>)

    Parameters

    type

    The kind of data this record represents
    fileUrl

    The local URL for the file to upload
    plain

    A user-defined, key-value store associated with the record that remains as plaintext
    completion

    A handler to call when this operation completes to provide the file info result

  • Read the file associated with the given record from the server.

    Declaration

    Swift

    public func readFile(recordId: UUID, destination: URL, completion: @escaping E3dbCompletion<Meta>)

    Parameters

    recordId

    The identifier for the Record to read. Record must reference a previously uploaded file.
    destination

    Local location to write the decrypted contents of the referenced file.
    completion

    A handler to call when the operation completes to provide the decrypted record Meta

  • Allow another user to view and decrypt records of a given type.

    Declaration

    Swift

    public func share(type: String, readerId: UUID, completion: @escaping E3dbCompletion<Void>)

    Parameters

    type

    The kind of records to allow a user to view and decrypt
    readerId

    The identifier of the user to allow access
    completion

    A handler to call when this operation completes

  • Share records written by the given writer with the given reader

    Declaration

    Swift

    public func share(onBehalfOf writerId: UUID, type: String, readerId: UUID, completion: @escaping E3dbCompletion<Void>)

    Parameters

    writerId

    The identifier of the client that produced the records
    type

    The kind of records to allow a user to view and decrypt
    readerId

    The identifier of the user to allow access
    completion

    A handler to call when this operation completes

  • Remove a user’s access to view and decrypt records of a given type.

    Declaration

    Swift

    public func revoke(type: String, readerId: UUID, completion: @escaping E3dbCompletion<Void>)

    Parameters

    type

    The kind of records to remove access
    readerId

    The identifier of the user to remove access
    completion

    A handler to call when this operation completes

  • Remove permission for the given reader to read records produced by the given writer

    Declaration

    Swift

    public func revoke(onBehalfOf writerId: UUID, type: String, readerId: UUID, completion: @escaping E3dbCompletion<Void>)

    Parameters

    writerId

    The identifier of the client that produced the records
    type

    The kind of records to remove access
    readerId

    The identifier of the user to remove access
    completion

    A handler to call when this operation completes

  • Add an authorizer for records written by this client

    Calling this method will grant permission for the authorizer client to allow other clients to read records of the given type, written by this client.

    Declaration

    Swift

    public func add(authorizerId: UUID, type: String, completion: @escaping E3dbCompletion<Void>)

    Parameters

    authorizerId

    The identifier of the client that can share on the writer’s behalf
    type

    The kind of records being shared
    completion

    A handler to call when this operation completes

  • Remove an authorizer for records of a given type written by this client

    This method removes the permission granted by add(authorizerId:type:completion:) for the provided record type.

    Declaration

    Swift

    public func remove(authorizerId: UUID, type: String, completion: @escaping E3dbCompletion<Void>)

    Parameters

    authorizerId

    The identifier of the client that can share on the writer’s behalf
    type

    The kind of records being shared
    completion

    A handler to call when this operation completes

  • Remove an authorizer for all records written by this client

    This method removes the permission granted by add(authorizerId:type:completion:) for all record types.

    Declaration

    Swift

    public func remove(authorizerId: UUID, completion: @escaping E3dbCompletion<Void>)

    Parameters

    authorizerId

    The identifier of the client that can share on the writer’s behalf
    completion

    A handler to call when this operation completes