Merge pull request #2 from bloock/feature/EIT-3582

Author: edutomesco

docs/guides/products/key/concepts/access-control.mdx

@@ -0,0 +1,30 @@
+---
+title: 'Access Control'
+sidebar_position: 5
+---
+
+# Access Control {#access-control}
+
+Access control roles applied to cryptographic keys and certificates encompass the systematic management of permissions and privileges assigned to individuals or entities interacting with these critical cryptographic assets. In essence, access control roles serve as a complementary layer of security, dictating who can access, modify, or utilize cryptographic keys and certificates within an organization's infrastructure.
+
+Right now we offer two types of access control:
+
+### Time-Based One-Time Password (TOTP)
+
+Time-Based One-Time Password (TOTP) is a cryptographic protocol used for multi-factor authentication. It generates a unique one-time password (OTP) based on a shared secret key and the current time.
+
+Benefits:
+
+- Enhanced Security: TOTP provides an additional layer of security beyond traditional password-based authentication by requiring the possession of a physical device (e.g., smartphone) and a time-sensitive OTP.
+- Ease of Use: TOTP is user-friendly and widely supported by authentication apps and devices, making it convenient for users to enable multi-factor authentication.
+
+Example of compatible software applications are: [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&pli=1) or [Microsoft Authenticator](https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_US)
+
+### Secret-Based Authentication
+
+Secret-based authentication, also known as shared secret authentication, is a form of access control that relies on the possession and verification of a shared secret, such as a password or passphrase. In this method, the user presents the secret to authenticate themselves and gain access to a system or resource.
+
+Benefits:
+
+- Simplicity: Secret-based authentication is straightforward to implement and understand, requiring only the input and verification of a shared secret.
+- Familiarity: Password-based authentication, a common form of secret-based authentication, is familiar to most users and widely used across various systems and platforms.

docs/guides/products/key/concepts/management-mode.mdx

@@ -7,13 +7,15 @@ sidebar_position: 2
 
 In BLOOCK you can create any object using different management modes:
 
-- **Local mode**: The local mode consists of creating an [object](./objects.mdx#object-types) where the user stores his private information. For example, in the case of the keys object, the user keeps the private key and in no case will connect to BLOOCK services.
-- **Management mode**: The local mode consists of creating an [object](./objects.mdx#object-types) guarded by the BLOOCK service, a FIPS 140-2 Level 1 certified software-protected vault. For example, in the case of a key object, the user does not have to worry about the private key.
+- **Local mode**: The local mode consists of creating an [object](./objects.mdx#object-types) where the user stores his private information. For example, in the case of the [keys object](./../overview.mdx#what-cryptographic-key), the user keeps the private key and in no case will connect to BLOOCK services.
+- **Management mode**: The managed mode consists of creating an [object](./objects.mdx#object-types) guarded by the BLOOCK service, a FIPS 140-2 Level 1 certified software-protected vault. For example, in the case of a [key object](./../overview.mdx#what-certificate), the user does not have to worry about the private key.
 
 |                | Local Mode                               | Managed Mode                                             |
 | -------------- | ---------------------------------------- | -------------------------------------------------------- |
-| Key Generation | Users generate and store their own keys  | Keys are generated and managed by BLOOCK                 |
+| Key Generation | Users generate and store their own keys  | Keys are generated and managed by BLOOCK\*               |
 | Storage        | Keys stored locally on the device        | Keys stored centrally by BLOOCK                          |
 | Scalability    | Limited scalability due to local storage | Greater scalability due to centralized storage by BLOOCK |
 | Security       | Depends on user's security practices     | Enhanced security as managed by BLOOCK                   |
 | Management     | Users are responsible for key management | BLOOCK handles key management                            |
+
+\* In any case we do not have the private key, your key will be stored in a software-protected service that complies with the security level of FIPS 140-2 Level 1 certified.

docs/guides/products/key/concepts/objects.mdx

@@ -3,9 +3,9 @@ title: 'Objects'
 sidebar_position: 1
 ---
 
-# Object types {#object-types}
+# Objects {#objects}
 
 In BLOOCK you have two type of objects:
 
-- **Cryptographic keys**: software-protected keys that supp orts multiple types and algorithms.
-- **Certificates**: which are built on top of keys. It contains the key and identifiable extra information. when a certificate is created, an addressable key is also created.
+- **[Cryptographic keys](./../overview.mdx#what-cryptographic-key)**: software-protected keys that supports multiple types and algorithms.
+- **[Certificates](./../overview.mdx#what-certificate)**: which are built on top of keys. It contains the key and identifiable extra information. when a certificate is created, an addressable key is also created.

docs/guides/products/key/concepts/operations.mdx

@@ -3,42 +3,42 @@ title: 'Operations'
 sidebar_position: 3
 ---
 
-# Object operations {#object-operations}
+# Operations {#operations}
 
 These are the operations you can do with any BLOOCK object:
 
 - **Sing**: consists on singning and verifying.
 - **Encrypt**: consists on encrypting and descrypting. (depending of the object used, would operate a symmetric or asymmetric encryption)
 
-## Operation Sign and Verify
+### Operation Sign and Verify
 
-### Signing
+#### Signing
 
 - **Hashing**: The data to be signed is first hashed using a cryptographic hash function, such as SHA-256. This produces a fixed-length hash value unique to the input data.
 - **Signing**: The hash value is then encrypted using the private key of the signer. This process creates a digital signature that binds the hash value to the signer's identity.
 
-### Verifying
+#### Verifying
 
 - **Hashing**: The data to be signed is first hashed using a cryptographic hash function, such as SHA-256. This produces a fixed-length hash value unique to the input data.
 - **Decryption**: The digital signature is decrypted using the public key of the signer, resulting in the recovered hash value.
 - **Comparison**: The recovered hash value is compared with the hash value computed from the received data. If they match, it confirms the integrity of the data and the authenticity of the signer.
 
-## Operation Asymmetric Encryption and Decryption
+### Operation Asymmetric Encryption and Decryption
 
-### Encrypting
+#### Encrypting
 
 - **Encryption**: The data to be transmitted is encrypted using the recipient's public key. Asymmetric encryption algorithms, such as RSA (Rivest-Shamir-Adleman), are commonly used for this purpose.
 
-### Decrypting
+#### Decrypting
 
 - **Decryption**: The encrypted data is decrypted using the recipient's private key, revealing the original plaintext. Only the recipient, possessing the corresponding private key, can decrypt the data.
 
-## Operation Symmetric Encryption and Decryption
+### Operation Symmetric Encryption and Decryption
 
-### Encrypting
+#### Encrypting
 
 - **Encryption**:The data to be transmitted is encrypted using the shared secret key. Symmetric encryption algorithms, such as AES (Advanced Encryption Standard), are commonly used for this purpose.
 
-### Decrypting
+#### Decrypting
 
 - **Decryption**: The encrypted data is decrypted using the shared secret key. The recipient applies the same symmetric encryption algorithm and the shared key to recover the original plaintext.

docs/guides/products/key/concepts/supported-algorithms.mdx

@@ -1,26 +1,24 @@
 ---
 title: 'Supported Algorithms'
-sidebar_position: 2
+sidebar_position: 4
 ---
 
-# Supported Algorithms
+# Supported Algorithms {#supported-algorithms}
 
-|               | Local Mode                        |                                 | Managed Mode                      |
+|               | **Local Mode**                    |                                 | **Managed Mode**                  |
 | ------------- | --------------------------------- | ------------------------------- | --------------------------------- | ------------------------------- |
 |               | **Key**                           | **Certificate**                 | **Key**                           | **Certificate**                 |
 | ------------- | --------------------------------- | ------------------------------- | --------------------------------- | ------------------------------- |
-| P-256K        | ✓ (Sign)                          | ✓ (Sign)                        | ✓ (Sign)                          | ✓ (Sign)                        |
+| **P-256K**    | ✓ (Sign)                          | ✓ (Sign)                        | ✓ (Sign)                          | ✓ (Sign)                        |
 |               |                                   |                                 |                                   |                                 |
-| RSA-2048      | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               |
+| **RSA-2048**  | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               |
 |               |                                   |                                 |                                   |                                 |
-| RSA-3072      | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               |
+| **RSA-3072**  | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               |
 |               |                                   |                                 |                                   |                                 |
-| RSA-4096      | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               |
+| **RSA-4096**  | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               | ✓ (Sign, Encrypt)                 | ✓ (Sign, Encrypt)               |
 |               |                                   |                                 |                                   |                                 |
-| AES128        | ✓ (Encrypt)                       | x                               | ✓ (Encrypt)                       | x                               |
+| **AES128**    | ✓ (Encrypt)                       | x                               | x                                 | x                               |
 |               |                                   |                                 |                                   |                                 |
-| AES256        | ✓ (Encrypt)                       | x                               | -                                 | -                               |
-|               |                                   | x                               | ✓ (Encrypt)                       | x                               |
+| **AES256**    | ✓ (Encrypt)                       | x                               | ✓ (Encrypt)                       | x                               |
 |               |                                   |                                 |                                   |                                 |
-| BJJ           | -                                 | -                               | -                                 | -                               |
-|               | ✓ (Encrypt)                       | ✓ (Encrypt)                     | ✓ (Encrypt)                       | ✓ (Encrypt)                     |
+| **BJJ**       | ✓ (Sign)                          | x                               | ✓ (Sign)                          | x                               |

docs/guides/products/key/features/access_control/_category_.json

@@ -0,0 +1,5 @@
+{
+  "position": 4,
+  "label": "Access Control",
+  "collapsible": true
+}

docs/guides/products/key/features/access_control/example-secret-based.mdx

@@ -0,0 +1,23 @@
+---
+sidebar_position: 2
+---
+
+# Using a key with Secret-Based
+
+This code documentation outlines the process of creating a cryptographic key and associating a Secret-Based access control mechanism. Additionally, it demonstrates how to utilize the Secret-Based access control for signing a payload securely.
+
+import SdkCodeBlock from '/docs/partials/_sdk-code-block.mdx';
+
+import NewManagedKeySecretBasedJs from '!!raw-loader!@site/examples/key/new_managed_key_secret_based/new_managed_key_secret_based.ts';
+import NewManagedKeySecretBasedPy from '!!raw-loader!@site/examples/key/new_managed_key_secret_based/new_managed_key_secret_based.py';
+import NewManagedKeySecretBasedJava from '!!raw-loader!@site/examples/key/new_managed_key_secret_based/NewManagedKeySecretBased.java';
+import NewManagedKeySecretBasedPhp from '!!raw-loader!@site/examples/key/new_managed_key_secret_based/new_managed_key_secret_based.php';
+import NewManagedKeySecretBasedGo from '!!raw-loader!@site/examples/key/new_managed_key_secret_based/new_managed_key_secret_based.go';
+
+<SdkCodeBlock
+  ts={NewManagedKeySecretBasedJs}
+  py={NewManagedKeySecretBasedPy}
+  java={NewManagedKeySecretBasedJava}
+  php={NewManagedKeySecretBasedPhp}
+  go={NewManagedKeySecretBasedGo}
+/>

docs/guides/products/key/features/access_control/example-totp.mdx

@@ -0,0 +1,23 @@
+---
+sidebar_position: 1
+---
+
+# Using a key with TOTP
+
+This code documentation outlines the process of creating a cryptographic key and associating a Time-Based One-Time Password (TOTP) access control mechanism. Additionally, it demonstrates how to utilize the TOTP access control for signing a payload securely.
+
+import SdkCodeBlock from '/docs/partials/_sdk-code-block.mdx';
+
+import NewManagedKeyTotpJs from '!!raw-loader!@site/examples/key/new_managed_key_totp/new_managed_key_totp.ts';
+import NewManagedKeyTotpPy from '!!raw-loader!@site/examples/key/new_managed_key_totp/new_managed_key_totp.py';
+import NewManagedKeyTotpJava from '!!raw-loader!@site/examples/key/new_managed_key_totp/NewManagedKeyTotp.java';
+import NewManagedKeyTotpPhp from '!!raw-loader!@site/examples/key/new_managed_key_totp/new_managed_key_totp.php';
+import NewManagedKeyTotpGo from '!!raw-loader!@site/examples/key/new_managed_key_totp/new_managed_key_totp.go';
+
+<SdkCodeBlock
+  ts={NewManagedKeyTotpJs}
+  py={NewManagedKeyTotpPy}
+  java={NewManagedKeyTotpJava}
+  php={NewManagedKeyTotpPhp}
+  go={NewManagedKeyTotpGo}
+/>

docs/guides/products/key/features/key-operations/encryption/_category_.json renamed to docs/guides/products/key/features/certificate/_category_.json

@@ -1,5 +1,5 @@
 {
   "position": 2,
-  "label": "Encryption",
+  "label": "Certificates",
   "collapsible": true
 }

docs/guides/products/key/features/certificate/set-up-local.mdx

@@ -0,0 +1,40 @@
+---
+title: 'Set-up local'
+sidebar_position: 1
+---
+
+import SdkCodeBlock from '/docs/partials/_sdk-code-block.mdx';
+
+# Local certificate
+
+## Generating a local certifiate
+
+import NewLocalCertificateJs from '!!raw-loader!@site/examples/key/new_local_certificate/new_local_certificate.ts';
+import NewLocalCertificatePy from '!!raw-loader!@site/examples/key/new_local_certificate/new_local_certificate.py';
+import NewLocalCertificateJava from '!!raw-loader!@site/examples/key/new_local_certificate/NewLocalCertificate.java';
+import NewLocalCertificatePhp from '!!raw-loader!@site/examples/key/new_local_certificate/new_local_certificate.php';
+import NewLocalCertificateGo from '!!raw-loader!@site/examples/key/new_local_certificate/new_local_certificate.go';
+
+<SdkCodeBlock
+  ts={NewLocalCertificateJs}
+  py={NewLocalCertificatePy}
+  java={NewLocalCertificateJava}
+  php={NewLocalCertificatePhp}
+  go={NewLocalCertificateGo}
+/>
+
+## Loading an existing local certificate
+
+import LoadLocalCertificateJs from '!!raw-loader!@site/examples/key/load_local_certificate/load_local_certificate.ts';
+import LoadLocalCertificatePy from '!!raw-loader!@site/examples/key/load_local_certificate/load_local_certificate.py';
+import LoadLocalCertificateJava from '!!raw-loader!@site/examples/key/load_local_certificate/LoadLocalCertificate.java';
+import LoadLocalCertificatePhp from '!!raw-loader!@site/examples/key/load_local_certificate/load_local_certificate.php';
+import LoadLocalCertificateGo from '!!raw-loader!@site/examples/key/load_local_certificate/load_local_certificate.go';
+
+<SdkCodeBlock
+  ts={LoadLocalCertificateJs}
+  py={LoadLocalCertificatePy}
+  java={LoadLocalCertificateJava}
+  php={LoadLocalCertificatePhp}
+  go={LoadLocalCertificateGo}
+/>