This repo contains example code for me to better understand the concepts of polymorphic encryption and pseudonymisation (PEP) based on the Paper The polymorphic eID scheme by Eric R. Verheul.
It simulates the interaction between 4 components:
The Key Management Authority is responsible for ditributing the correct keys between the parties. It ensures every party gets the correct keys according to its role. By doing so, it enforces the governance behind the system.
The Activation Service takes a BSN from an authentication service and transforms it to a polymorphic identity (PI).
The Authentication Service authenticates a user, determins its BSN and "activates" it by calling the activation service. This results in a polymorphic identity which it can store for later use. It can than later transform the PI to a form for a specific service provider.
Needs the BSN but cannot authenticate the user itself. It relies on the authentication provider to generate a PI which it can decrypt.
Run the following commands:
$ go run ./cmd/.
- Creating PIs for specific APs
- Transforming PIs to EIs for specific SPs
- Decrypting EIs by specific SP
- Creating PPs
- Transforming PPs to EPs for specific SPs
- Decrypting EPs by specific SP