Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Identity ¶
type Identity struct {
// contains filtered or unexported fields
}
Identity represents a SSH public key fingerprint. The zero value of Identity is a valid, empty identity.
func CertificateIdentity ¶
func CertificateIdentity(cert *x509.Certificate) (Identity, error)
CertificateIdentity returns the identity of the certificate's public key.
func ParseIdentity ¶
ParseIdentity parses s and returns it as Identity. It supports SSH fingerprint format: SHA256:base64.
If s is the empty string, it returns the Identity zero value - for which IsZero returns true - and no error.
func PeerIdentity ¶
func PeerIdentity(state *tls.ConnectionState) (Identity, error)
PeerIdentity extracts and returns the Identity of the peer's public key from a TLS connection state. It returns an error if the peer did not provide a certificate during the TLS handshake.
A TLS client should always receive a certificate containing the server's public key. A TLS server has to request a certificate, and the client might not have one or may choose not to send it.
func PublicKeyIdentity ¶
PublicKeyIdentity computes and returns the Identity of the given public key. It supports Ed25519, ECDSA (P256, P384, P521), and RSA keys. It returns an error for unsupported key types.
func (Identity) MarshalText ¶
MarshalText returns a textual representation of the identity in OpenSSH format.
func (Identity) String ¶
String returns the OpenSSH format string representation of the identity. Returns an empty string for the zero value.
func (*Identity) UnmarshalText ¶
UnmarshalText parses the textual representation of an identity in OpenSSH format.
type IdentityError ¶
type IdentityError struct {
PeerIdentity Identity // Identity received from the connection peer
Identity Identity // Expected peer identity
}
IdentityError is returned when a peer's identity does not match the expected identity.
func (IdentityError) Error ¶
func (e IdentityError) Error() string
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is a Signer with a directly accessible private key.
func GenerateKey ¶
func GenerateKey() (*PrivateKey, error)
GenerateKey generates a new PrivateKey.
Currently, it returns an Ed25519 private key. However, this might change and callers must not rely on the concrete key type.
func NewPrivateKey ¶
func NewPrivateKey(priv crypto.PrivateKey) (*PrivateKey, error)
NewPrivateKey returns a new PrivateKey wrapping the given private key.
Currently supported types are ed25519.PrivateKey, *ecdsa.PrivateKey and *rsa.PrivateKey.
func (*PrivateKey) Identity ¶
func (pk *PrivateKey) Identity() Identity
Identity returns the identity of the private key's public key.
func (*PrivateKey) Private ¶
func (pk *PrivateKey) Private() crypto.PrivateKey
Private returns the underlying private key. Either a ed25519.PrivateKey, *ecdsa.PrivateKey or *rsa.PrivateKey.
func (*PrivateKey) Public ¶
func (pk *PrivateKey) Public() crypto.PublicKey
Public returns the public key corresponding to the private key.
func (*PrivateKey) Sign ¶
func (pk *PrivateKey) Sign(random io.Reader, message []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs message with the private key. See crypto.Signer for algorithm-specific requirements on message and opts.
type Signer ¶
type Signer interface {
crypto.Signer
// Identity returns a stable identifier for the Signer's public key.
Identity() Identity
}
Signer extends crypto.Signer with an Identity method to identify the signing key.
Signer is useful for private keys that are not directly accessible. For example, keys in hardware modules.
Source Files