Persona Functions

#include <keychain/keychain_headers.h>

Overview

Persona functions provide direct manipulation of persona objects, which represent locally created and maintained cryptographic identities. These functions allow you to work with persona objects independently of the gateway.

Object Lifecycle Functions

kc_persona_destruct()

int kc_persona_destruct(kc_persona_t** persona_ptr)

Destructs a persona object and frees its resources.

Parameters:

  • persona_ptr - Pointer to persona pointer (set to NULL on success)

Returns: Error code (0 = success)

Example:

kc_persona_t* persona = NULL;
// ... get persona from somewhere ...
int result = kc_persona_destruct(&persona);
if (result == 0) {
    // persona is now NULL
    printf("Persona destructed successfully\n");
}

kc_persona_equals()

int kc_persona_equals(
    const kc_persona_t* lhs_ptr,
    bool* out_is_equal,
    const kc_persona_t* rhs_ptr
)

Tests equality of two personas.

Parameters:

  • lhs_ptr - First persona to compare

  • out_is_equal - Pointer to equality result (output)

  • rhs_ptr - Second persona to compare

Returns: Error code (0 = success)

Example:

bool are_equal = false;
int result = kc_persona_equals(persona1, &are_equal, persona2);
if (result == 0) {
    printf("Personas are %s\n", are_equal ? "equal" : "different");
}

Status Query Functions

kc_persona_is_null()

int kc_persona_is_null(
    const kc_persona_t* persona_ptr,
    bool* out_is_null
)

Checks whether the persona is null.

Parameters:

  • persona_ptr - Persona to check

  • out_is_null - Pointer to null status (output)

Returns: Error code (0 = success)

kc_persona_is_mature()

int kc_persona_is_mature(
    const kc_persona_t* persona_ptr,
    bool* out_is_mature
)

Checks whether the persona is mature (ready for cryptographic operations).

Parameters:

  • persona_ptr - Persona to check

  • out_is_mature - Pointer to maturity status (output)

Returns: Error code (0 = success)

kc_persona_is_auto_renewing()

int kc_persona_is_auto_renewing(
    const kc_persona_t* persona_ptr,
    bool* out_is_auto_renewing
)

Checks whether the persona is configured to renew key certificates automatically.

Parameters:

  • persona_ptr - Persona to check

  • out_is_auto_renewing - Pointer to auto-renewal status (output)

Returns: Error code (0 = success)

Property Access Functions

kc_persona_encryption_algorithm()

int kc_persona_encryption_algorithm(
    const kc_persona_t* persona_ptr,
    tkc_encryption_scheme* out_value
)

Gets the encryption algorithm used by this persona.

Parameters:

  • persona_ptr - Persona to query

  • out_value - Pointer to encryption scheme (output)

Returns: Error code (0 = success)

kc_persona_name()

int kc_persona_name(
    const kc_persona_t* persona_ptr,
    char** out_name,
    unsigned int* out_size
)

Gets the persona name.

Parameters:

  • persona_ptr - Persona to query

  • out_name - Pointer to name string pointer (output, caller must free)

  • out_size - Pointer to name string size (output)

Returns: Error code (0 = success)

Example:

char* name = NULL;
unsigned int name_size = 0;
int result = kc_persona_name(persona, &name, &name_size);
if (result == 0) {
    printf("Persona name: %.*s\n", name_size, name);
    kc_common_delete_buffer(&name);
}

kc_persona_subname()

int kc_persona_subname(
    const kc_persona_t* persona_ptr,
    char** out_subname,
    unsigned int* out_size
)

Gets the persona subname.

Parameters:

  • persona_ptr - Persona to query

  • out_subname - Pointer to subname string pointer (output, caller must free)

  • out_size - Pointer to subname string size (output)

Returns: Error code (0 = success)

kc_persona_did()

int kc_persona_did(
    const kc_persona_t* persona_ptr,
    kc_persona_did_t** out_did_ptr
)

Gets the persona’s DID (Decentralized Identifier).

Parameters:

  • persona_ptr - Persona to query

  • out_did_ptr - Pointer to DID pointer (output, caller must free)

Returns: Error code (0 = success)

Example:

kc_persona_did_t* persona_did = NULL;
int result = kc_persona_did(persona, &persona_did);
if (result == 0) {
    // Use the persona DID...
    kc_persona_did_destruct(&persona_did);
}

kc_persona_keychain()

int kc_persona_keychain(
    const kc_persona_t* persona_ptr,
    kc_keychain_element_t*** out_keychain_link_array,
    unsigned int* out_array_size,
    const unsigned int keychain_type
)

Gets the keychain for the specified keychain type.

Parameters:

  • persona_ptr - Persona to query

  • out_keychain_link_array - Pointer to keychain element array (output, caller must free)

  • out_array_size - Pointer to array size (output)

  • keychain_type - Type of keychain (KC_KEYCHAIN_TYPE_ENCRYPT or KC_KEYCHAIN_TYPE_SIGN)

Returns: Error code (0 = success)

Cryptographic Operations

kc_persona_encrypt()

int kc_persona_encrypt(
    kc_persona_t* persona,
    kc_encrypted_data_t** out_encrypted_data,
    const kc_serialized_data_t* cleartext,
    const kc_contact_t** contact_array,
    const unsigned int contact_array_size
)

Encrypts serialized data with the persona’s current public key and the recipients' current public keys.

Parameters:

  • persona - Encrypting persona

  • out_encrypted_data - Pointer to encrypted data pointer (output, caller must free)

  • cleartext - Serialized data to encrypt

  • contact_array - Array of recipient contacts

  • contact_array_size - Number of recipients

Returns: Error code (0 = success)

Example:

kc_serialized_data_t* plaintext = NULL;
kc_encrypted_data_t* encrypted = NULL;
kc_contact_t* recipient = NULL;

// Create serialized data and get recipient contact...

const kc_contact_t* recipients[] = {recipient};
int result = kc_persona_encrypt(persona, &encrypted, plaintext,
                               recipients, 1);
if (result == 0) {
    printf("Data encrypted successfully\n");
    kc_encrypted_data_destruct(&encrypted);
}

kc_persona_decrypt()

int kc_persona_decrypt(
    kc_persona_t* persona,
    kc_serialized_data_t** out_cleartext,
    const kc_encrypted_data_t* ciphertext
)

Decrypts encrypted data with the persona’s private key that matches a public key in the access list of the ciphertext.

Parameters:

  • persona - Decrypting persona

  • out_cleartext - Pointer to decrypted data pointer (output, caller must free)

  • ciphertext - Encrypted data to decrypt

Returns: Error code (0 = success)

kc_persona_sign()

int kc_persona_sign(
    kc_persona_t* persona,
    kc_verifiable_data_t** out_signed_data,
    const kc_serialized_data_t* cleartext,
    const bool is_approval,
    const kc_tag_set_t* tags,
    const kc_tag_set_t* vars
)

Signs (creates verifiable data from) serialized data using the persona’s current private key.

Parameters:

  • persona - Signing persona

  • out_signed_data - Pointer to signed data pointer (output, caller must free)

  • cleartext - Serialized data to sign

  • is_approval - Whether this is an approval signature

  • tags - Metadata tags (can be NULL)

  • vars - Variable metadata (can be NULL)

Returns: Error code (0 = success)

Example:

kc_verifiable_data_t* signed_data = NULL;
kc_serialized_data_t* document = NULL;

// Create document...

int result = kc_persona_sign(persona, &signed_data, document,
                            false, NULL, NULL);
if (result == 0) {
    printf("Document signed successfully\n");
    kc_verifiable_data_destruct(&signed_data);
}

Credential Operations

kc_persona_create_credential()

int kc_persona_create_credential(
    kc_persona_t* persona,
    kc_credential_t** out_signed_credential,
    const char* id,
    const unsigned int id_size,
    const char* cred_type,
    const unsigned int cred_type_size,
    const char* subject_id,
    const unsigned int subject_id_size,
    const uint64_t start_timestamp,
    const uint64_t end_timestamp,
    const kc_tag_set_t* claims,
    const kc_tag_set_t* tags,
    const kc_tag_set_t* vars
)

Creates and signs a credential using the persona’s current private key.

Parameters:

  • persona - Issuing persona

  • out_signed_credential - Pointer to credential pointer (output, caller must free)

  • id - Credential ID

  • id_size - Length of credential ID

  • cred_type - Credential type

  • cred_type_size - Length of credential type

  • subject_id - Subject identifier

  • subject_id_size - Length of subject ID

  • start_timestamp - Validity start time (milliseconds since epoch)

  • end_timestamp - Validity end time (milliseconds since epoch)

  • claims - Credential claims (can be NULL)

  • tags - Metadata tags (can be NULL)

  • vars - Variable metadata (can be NULL)

Returns: Error code (0 = success)

Example:

kc_credential_t* credential = NULL;
const char* cred_id = "credential-12345";
const char* cred_type = "IdentityCredential";
const char* subject = "did:example:alice";

// Create credential valid for 1 year
uint64_t now = time(NULL) * 1000; // Convert to milliseconds
uint64_t one_year = now + (365 * 24 * 60 * 60 * 1000ULL);

int result = kc_persona_create_credential(persona, &credential,
    cred_id, strlen(cred_id),
    cred_type, strlen(cred_type),
    subject, strlen(subject),
    now, one_year,
    NULL, NULL, NULL);

if (result == 0) {
    printf("Credential created successfully\n");
    kc_credential_destruct(&credential);
}

Example: Complete Persona Usage

void demonstrate_persona_operations(kc_persona_t* persona) {
    // Check persona status
    bool is_mature = false;
    bool is_auto_renewing = false;

    int result = kc_persona_is_mature(persona, &is_mature);
    if (result == 0 && is_mature) {
        printf("Persona is mature and ready for operations\n");

        kc_persona_is_auto_renewing(persona, &is_auto_renewing);
        printf("Auto-renewal: %s\n", is_auto_renewing ? "enabled" : "disabled");

        // Get persona information
        char* name = NULL;
        char* subname = NULL;
        unsigned int name_size, subname_size;

        result = kc_persona_name(persona, &name, &name_size);
        if (result == 0) {
            kc_persona_subname(persona, &subname, &subname_size);
            printf("Persona: %.*s.%.*s\n", name_size, name, subname_size, subname);

            kc_common_delete_buffer(&name);
            kc_common_delete_buffer(&subname);
        }

        // Get encryption algorithm
        tkc_encryption_scheme encryption_alg;
        result = kc_persona_encryption_algorithm(persona, &encryption_alg);
        if (result == 0) {
            printf("Encryption algorithm: %d\n", encryption_alg);
        }

        // Create a simple signed document
        kc_serialized_data_t* document = NULL;
        result = kc_serialized_data_construct_from_string(&document,
            "Sample document", 15, TKC_DATA_TYPE_UTF8_STRING);

        if (result == 0) {
            kc_verifiable_data_t* signed_doc = NULL;
            result = kc_persona_sign(persona, &signed_doc, document,
                                    false, NULL, NULL);
            if (result == 0) {
                printf("Document signed successfully\n");
                kc_verifiable_data_destruct(&signed_doc);
            }
            kc_serialized_data_destruct(&document);
        }
    } else {
        printf("Persona is not ready for operations\n");
    }
}

Memory Management

  • Use kc_persona_destruct() to free persona objects

  • Use kc_common_delete_buffer() for string outputs from name/subname functions

  • Use appropriate destruct functions for other returned objects (DIDs, keychains, etc.)

  • Always check return codes before using output parameters

Security Considerations

  • Only perform cryptographic operations with mature personas

  • Verify persona identity before trusting operations

  • Use appropriate contacts for encryption access control

  • Monitor auto-renewal status for production personas

See Also

  • C++ Persona Class - Object-oriented interface Note: Additional persona guides are being developed.