The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- Variables
- func DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)
- func EncryptPEMBlock(rand io.Reader, data, password []byte) (block *pem.Block, err error)
- func LoadSigningKeys(path string, password string, saveOnCreate bool) map[int]*ecdsa.PrivateKey
- func MarshalECPrivateKeyWithPassword(key *ecdsa.PrivateKey, password []byte) (data []byte, err error)
- func ParseECPrivateKeyFromPEMWithPassword(data []byte, password []byte) (key *ecdsa.PrivateKey, err error)
- type EncryptedPrivateKeyInfo
- type EncryptionAlgorithmIdentifier
- type EncryptionScheme
- type KeyDerivationFunc
- type PBES2Params
- type PBKDF2Params
- type UserClaims
Constants ¶
const ( // DefaultApiKeySaveOnCreate specifies whether a created API key will be saved. This is useful to turn of in unit tests, where // we only want a temporary key. DefaultApiKeySaveOnCreate = true // DefaultApiKeyPassword is the default password to protect the API key DefaultApiKeyPassword = "changeme" // DefaultApiKeyPath is the default path for the API private key DefaultApiKeyPath = DefaultConfigDirectory + "/api.key" // DefaultConfigDirectory is the default path for the clouditor configuration, such as keys DefaultConfigDirectory = "~/.clouditor" )
Variables ¶
var ErrNotECPrivateKey = errors.New("key is not a valid EC private key")
Functions ¶
func DecryptPEMBlock ¶
DecryptPEMBlock is a drop-in replacement for x509.DecryptPEMBlock which only supports state-of-the art algorithms such as PBES2.
func EncryptPEMBlock ¶
EncryptPEMBlock encrypts a private key contain in data into a PEM block according to PKCS#8.
func LoadSigningKeys ¶
LoadSigningKeys implements a singing keys func for our internal authorization server
func MarshalECPrivateKeyWithPassword ¶
func MarshalECPrivateKeyWithPassword(key *ecdsa.PrivateKey, password []byte) (data []byte, err error)
MarshalECPrivateKeyWithPassword marshals an ECDSA private key protected with a password according to PKCS#8 into a byte array
func ParseECPrivateKeyFromPEMWithPassword ¶
func ParseECPrivateKeyFromPEMWithPassword(data []byte, password []byte) (key *ecdsa.PrivateKey, err error)
ParseECPrivateKeyFromPEMWithPassword ready an ECDSA private key protected with a password according to PKCS#8 from a byte array.
Types ¶
type EncryptedPrivateKeyInfo ¶
type EncryptedPrivateKeyInfo struct {
EncryptionAlgorithm EncryptionAlgorithmIdentifier
EncryptedData []byte
}
EncryptedPrivateKeyInfo contains meta-info about the encrypted private key. See https://datatracker.ietf.org/doc/html/rfc5958#section-3.
type EncryptionAlgorithmIdentifier ¶
type EncryptionAlgorithmIdentifier struct {
Algorithm asn1.ObjectIdentifier
Params PBES2Params
}
EncryptionAlgorithmIdentifier is the identifier for the encryption algorithm. See https://datatracker.ietf.org/doc/html/rfc5958#section-3.
type EncryptionScheme ¶
type EncryptionScheme struct {
EncryptionAlgorithm asn1.ObjectIdentifier
IV []byte
}
EncryptionScheme is part of PBES2 and specifies the encryption algorithm. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.
type KeyDerivationFunc ¶
type KeyDerivationFunc struct {
Algorithm asn1.ObjectIdentifier
PBKDF2Params PBKDF2Params
}
KeyDerivationFunc is part of PBES2 and specify the key derivation function. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.
type PBES2Params ¶
type PBES2Params struct {
KeyDerivationFunc KeyDerivationFunc
EncryptionScheme EncryptionScheme
}
PBES2Params are parameters for PBES2. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.
type PBKDF2Params ¶
type PBKDF2Params struct {
Salt []byte
IterationCount int
PRF asn1.ObjectIdentifier `asn1:"optional"`
}
PBKDF2Params are parameters for PBKDF2. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.2.
type UserClaims ¶
type UserClaims struct {
jwt.RegisteredClaims
FullName string `json:"full_name"`
EMail string `json:"email"`
}
UserClaims extend jwt.StandardClaims with more detailed claims about a user
Source Files