kms

package
v0.0.0-...-e863c70 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2019 License: GPL-3.0 Imports: 27 Imported by: 0

Documentation

Overview

Package kms is a Key Management Service written in go

Current version: experimental

Index

Constants

This section is empty.

Variables

View Source 
var Config = map[string]string{
	"GOKMS_AUTH_KEY":        "../files/auth.key",
	"GOKMS_CRYPTO_PROVIDER": "goksm",
	"GOKMS_HOST":            "localhost",
	"GOKMS_PORT":            "8011",
	"GOKMS_SSL_CERT":        "../files/auth.key",
	"GOKMS_SSL_KEY":         "../files/auth.key",
}
View Source 
var (
	// This key is used for authentication with the server
	SharedKey = ""
)

Functions

func AesGCMDecrypt 

func AesGCMDecrypt(ciphertext []byte, key []byte) ([]byte, error)

AesGCMDecrypt Decrypt data using AES with the GCM cipher mode (Gives Confidentiality and Authenticity)

func AesGCMEncrypt 

func AesGCMEncrypt(plaintext []byte, key []byte) ([]byte, error)

AesGCMEncrypt Encrypt data using AES with the GCM cipher mode (Gives Confidentiality and Authenticity)

func AuthorizeRequest 

func AuthorizeRequest(method string, u *url.URL, h http.Header) bool

AuthorizeRequest - Will check the request authorization

func DeriveAESKey 

func DeriveAESKey(passphrase string, salt []byte) []byte

DeriveKey will generate a AES key from a passphrase

func Exit 

func Exit(messages string, errorCode int)

exit will return an error code and the reason to the os

func GetHmac256 

func GetHmac256(message string, secret string) string

GetHmac256 will generate a HMAC hash encoded to base64

func GetRandomInt 

func GetRandomInt(min, max int) int

Get a random number

func InitConfig 

func InitConfig()

InitConfig read several Environment variables and based on them initialise the configuration

func RandomSecret 

func RandomSecret(length int) string

Generate a Random secret encoded as a b32 string If the length is <= 0, a default length of 10 bytes will be used, which will generate a secret of length 16.

func RequestAddr 

func RequestAddr(r *http.Request) string

Get the request address

func SetGOKSMMasterKeyProviderConfig 

func SetGOKSMMasterKeyProviderConfig()

SetConfig will check any required settings for this crypto-provider

func SetHSMMasterKeyProviderConfig 

func SetHSMMasterKeyProviderConfig()

SetConfig will check any required settings for this crypto-provider

func SetKMSCryptoConfig 

func SetKMSCryptoConfig()

SetKMSCryptoConfig will check any required settings for this crypto-provider

func SetupAuthenticationKey 

func SetupAuthenticationKey()

SetupAuthenticationKey - This deals with setting an auth key for the service

func Start 

func Start()

Start - Will set up and start the server

func StartListener 

func StartListener()

StartListener start a HTTP listener

Types

type Context 

type Context struct {
	UserAgent  string
	RemoteAddr string
}

Context information for Marshaled calls

type CreateKeyRequest 

type CreateKeyRequest struct {
	Description string `json:"Description,omitempty"`
}

CreateKeyRequest

type CreateKeyResponse 

type CreateKeyResponse struct {
	KeyMetadata KeyMetadata `json:"KeyMetadata"`
}

CreateKeyResponse

type CryptoProvider 

type CryptoProvider interface {
	CreateKey(description string) (KeyMetadata, error)
	ListKeys() ([]KeyMetadata, error)
	GetKey(KeyID string) (Key, error)
	EnableKey(KeyID string) (KeyMetadata, error)
	DisableKey(KeyID string) (KeyMetadata, error)
	Encrypt(data []byte, KeyID string) ([]byte, error)
	Decrypt(data []byte) ([]byte, string, error)
	ReEncrypt(data []byte, KeyID string) ([]byte, string, error)
	GenerateAesKey() []byte
}

CryptoProvider provides an interface for crypto provider solutions 

var KmsCrypto CryptoProvider

type DecryptRequest 

type DecryptRequest struct {
	CiphertextBlob []byte `json:"CiphertextBlob"`
}

DecryptRequest

type DecryptResponse 

type DecryptResponse struct {
	Plaintext []byte `json:"Plaintext"`
}

DecryptResponse

type DisableKeyRequest 

type DisableKeyRequest struct {
	KeyID string `json:"KeyID"`
}

DisableKeyRequest

type DisableKeyResponse 

type DisableKeyResponse struct {
	KeyMetadata KeyMetadata `json:"KeyMetadata"`
}

DisableKeyResponse

type EnableKeyRequest 

type EnableKeyRequest struct {
	KeyID string `json:"KeyID"`
}

EnableKeyRequest

type EnableKeyResponse 

type EnableKeyResponse struct {
	KeyMetadata KeyMetadata `json:"KeyMetadata"`
}

EnableKeyResponse

type EncryptRequest 

type EncryptRequest struct {
	KeyID     string `json:"KeyID"`
	Plaintext []byte `json:"Plaintext"`
}

EncryptRequest

type EncryptResponse 

type EncryptResponse struct {
	CiphertextBlob []byte `json:"CiphertextBlob"`
}

EncryptResponse

type GenerateDataKeyRequest 

type GenerateDataKeyRequest struct {
	KeyID string `json:"KeyID"`
}

GenerateDataKeyRequest

type GenerateDataKeyResponse 

type GenerateDataKeyResponse struct {
	Plaintext      []byte `json:"Plaintext"`
	CiphertextBlob []byte `json:"CiphertextBlob"`
}

GenerateDataKeyResponse

type GoKMSMasterKeyProvider 

type GoKMSMasterKeyProvider struct {
}

GoKMSMasterKeyProvider is an implementation of aquiring a MASTER key using a derived key

func NewGoKMSMasterKeyProvider 

func NewGoKMSMasterKeyProvider() (GoKMSMasterKeyProvider, error)

NewHSMMasterKeyProvider

func (GoKMSMasterKeyProvider) GetKey 

func (mkp GoKMSMasterKeyProvider) GetKey() ([]byte, error)

GetKey will return the master key

type HSMMasterKeyProvider 

type HSMMasterKeyProvider struct {
}

HSMMasterKeyProvider is an implementation of aquiring a MASTER key using a connection to a Hardware Security Module

func NewHSMMasterKeyProvider 

func NewHSMMasterKeyProvider() (HSMMasterKeyProvider, error)

NewHSMMasterKeyProvider

func (HSMMasterKeyProvider) GetKey 

func (mkp HSMMasterKeyProvider) GetKey() ([]byte, error)

GetKey will return the decrypted master key

type KMSCryptoProvider 

type KMSCryptoProvider struct {
	MasterKey []byte
}

KMSCryptoProvider is an implementation of encryption using a local storage

func NewKMSCryptoProvider 

func NewKMSCryptoProvider() (KMSCryptoProvider, error)

NewKMSCryptoProvider

func (KMSCryptoProvider) CreateKey 

func (cp KMSCryptoProvider) CreateKey(description string) (KeyMetadata, error)

CreateKey will create a new key

func (KMSCryptoProvider) Decrypt 

func (cp KMSCryptoProvider) Decrypt(data []byte) ([]byte, string, error)

Decrypt will decrypt the data using the HSM

func (KMSCryptoProvider) DisableKey 

func (cp KMSCryptoProvider) DisableKey(KeyID string) (KeyMetadata, error)

DisableKey - will mark a key as disabled

func (KMSCryptoProvider) EnableKey 

func (cp KMSCryptoProvider) EnableKey(KeyID string) (KeyMetadata, error)

EnableKey - will mark a key as enabled

func (KMSCryptoProvider) Encrypt 

func (cp KMSCryptoProvider) Encrypt(data []byte, KeyID string) ([]byte, error)

Encrypt will encrypt the data using the HSM

func (KMSCryptoProvider) GenerateAesKey 

func (cp KMSCryptoProvider) GenerateAesKey() []byte

Create a new Aes Secret

func (KMSCryptoProvider) GetKey 

func (cp KMSCryptoProvider) GetKey(KeyID string) (Key, error)

GetKey from the the store

func (KMSCryptoProvider) ListKeys 

func (cp KMSCryptoProvider) ListKeys() ([]KeyMetadata, error)

ListKeys will list the available keys

func (KMSCryptoProvider) ReEncrypt 

func (cp KMSCryptoProvider) ReEncrypt(data []byte, KeyID string) ([]byte, string, error)

ReEncrypt will decrypt with the current key, and rencrypt with the new key id

func (KMSCryptoProvider) SaveKey 

func (cp KMSCryptoProvider) SaveKey(key Key) error

SaveKey will persist a key to disk

type Key 

type Key struct {
	KeyMetadata KeyMetadata `json:"KeyMetadata"`
	AESKey      []byte      `json:"AESKey"`
}

Key is a represention of a key

type KeyMetadata 

type KeyMetadata struct {
	KeyID        string    `json:"KeyId"`
	CreationDate time.Time `json:"CreationDate"`
	Description  string    `json:"Description"`
	Enabled      bool      `json:"Enabled"`
}

KeyMetadata is the associated meta data of any key

type ListKeysRequest 

type ListKeysRequest struct {
}

listKeysHandler

type ListKeysResponse 

type ListKeysResponse struct {
	KeyMetadata []KeyMetadata `json:"KeyMetadata"`
}

ListKeysResponse

type MasterKeyProvider 

type MasterKeyProvider interface {
	GetKey() ([]byte, error)
}

MasterKeyProvider provides a mechanism to load a master key

type ReEncryptRequest 

type ReEncryptRequest struct {
	CiphertextBlob   []byte `json:"CiphertextBlob"`
	DestinationKeyID string `json:"DestinationKeyId"`
}

ReEncryptRequest

type ReEncryptResponse 

type ReEncryptResponse struct {
	CiphertextBlob []byte `json:"CiphertextBlob"`
	KeyID          string `json:"KeyID"`
	SourceKeyID    string `json:"SourceKeyID"`
}

ReEncryptResponse

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.