Versions in this module Expand all Collapse all v3 v3.0.1 Apr 1, 2020 v3.0.0 Mar 26, 2020 Changes in this version + const BuppkPrefix + const DefaultGrantTTL + const DerivedSecretLength + const NmsPrefix + const NonrotatableMasterSecretLength + const PublicKeyPrefix + const RecoverPwdAlias + const SecretKeyPrefix + var ErrGrantKeyExpired = errors.New("grant key expired") + var ErrInvalidPassword = errors.New("invalid password") + var ErrNoAccess = errors.New("no access") + type AuthResult struct + EncryptedGrant string + Grant *models.PureGrant + type Context struct + AppToken string + Buppk crypto.PublicKey + Crypto *crypto.Crypto + ExternalPublicKeys map[string][]crypto.PublicKey + KmsClient *clients.KmsClient + NonRotatableSecrets *NonRotatableSecrets + PheClient *clients.PheClient + PublicKey *Credentials + SecretKey *Credentials + Storage storage.PureStorage + UpdateToken *Credentials + Version uint32 + func CreateCloudContext(at, nm, bu, sk, pk string, externalPublicKeys map[string][]string, ...) (*Context, error) + func CreateContext(c *crypto.Crypto, at, nm, bu, sk, pk string, pureStorage storage.PureStorage, ...) (*Context, error) + func CreateDefaultCloudContext(at, nm, bu, sk, pk string, externalPublicKeys map[string][]string) (*Context, error) + func (c *Context) SetUpdateToken(updateToken string) error + type Credentials struct + Payload1 []byte + Payload2 []byte + Payload3 []byte + Version uint32 + func ParseCredentials(prefix, creds string, versioned bool, numPayloads int) (*Credentials, error) + type DeserializedEncryptedGrant struct + EncryptedGrant *protos.EncryptedGrant + EncryptedGrantHeader *protos.EncryptedGrantHeader + type KmsEncryptedData struct + Blob []byte + Wrap []byte + type KmsManager struct + CurrentVersion uint32 + GrantCurrentClient *phe.UokmsClient + GrantKmsRotation *phe.UokmsWrapRotation + HTTPKmsClient *clients.KmsClient + PureCrypto *PureCrypto + PwdCurrentClient *phe.UokmsClient + PwdKmsRotation *phe.UokmsWrapRotation + PwdPreviousClient *phe.UokmsClient + func NewKmsManager(context *Context) (*KmsManager, error) + func (k *KmsManager) GenerateGrantKeyEncryptionData(grantKey, header []byte) (*KmsEncryptedData, error) + func (k *KmsManager) GeneratePwdRecoveryData(passwordHash []byte) (*KmsEncryptedData, error) + func (k *KmsManager) GetGrantClient(kmsVersion uint32) (*phe.UokmsClient, error) + func (k *KmsManager) GetPwdClient(kmsVersion uint32) (*phe.UokmsClient, error) + func (k *KmsManager) PerformGrantRotation(wrap []byte) ([]byte, error) + func (k *KmsManager) PerformPwdRotation(wrap []byte) ([]byte, error) + func (k *KmsManager) RecoverGrant(grant *models.GrantKey, header []byte) ([]byte, error) + func (k *KmsManager) RecoverGrantKey(grantKey *models.GrantKey, header []byte) ([]byte, error) + func (k *KmsManager) RecoverGrantKeySecret(grantKey *models.GrantKey) ([]byte, error) + func (k *KmsManager) RecoverPwd(record *models.UserRecord) ([]byte, error) + func (k *KmsManager) RecoverPwdSecret(record *models.UserRecord) ([]byte, error) + type NonRotatableSecrets struct + Oksp crypto.PrivateKey + Vksp crypto.PrivateKey + func GenerateNonRotatableSecrets(c *crypto.Crypto, masterSecret []byte) (*NonRotatableSecrets, error) + type PheManager struct + Crypto *crypto.Crypto + CurrentClient *phe.PheClient + CurrentVersion uint32 + HttpClient *clients.PheClient + PreviousClient *phe.PheClient + UpdateToken []byte + func NewPheManager(context *Context) (*PheManager, error) + func (p *PheManager) ComputePheKey(record *models.UserRecord, passwordHash []byte) (key []byte, err error) + func (p *PheManager) GetEnrollment(passwordHash []byte) (record, key []byte, err error) + func (p *PheManager) GetPheClient(pheVersion uint32) (*phe.PheClient, error) + func (p *PheManager) PerformRotation(record []byte) ([]byte, error) + type Pure struct + Buppk crypto.PublicKey + CurrentVersion uint32 + ExternalPublicKeys map[string][]crypto.PublicKey + KmsManager *KmsManager + Oskp crypto.PrivateKey + PheManager *PheManager + PureCrypto *PureCrypto + Storage storage.PureStorage + func NewPure(context *Context) (*Pure, error) + func (p *Pure) AssignRole(roleName string, publicKeyID []byte, rskData []byte, userIds ...string) error + func (p *Pure) AssignRoleWithGrant(roleName string, grant *models.PureGrant, userIds ...string) error + func (p *Pure) AuthenticateUser(userID, password string, sessionParams *SessionParameters) (*AuthResult, error) + func (p *Pure) ChangeUserPassword(userID, oldPassword, newPassword string) error + func (p *Pure) ChangeUserPasswordWithGrant(grant *models.PureGrant, newPassword string) error + func (p *Pure) CreateRole(roleName string, userIds ...string) error + func (p *Pure) CreateUserGrantAsAdmin(userID string, bupsk crypto.PrivateKey, ttl time.Duration) (*models.PureGrant, error) + func (p *Pure) Decrypt(grant *models.PureGrant, ownerUserID, dataID string, ciphertext []byte) ([]byte, error) + func (p *Pure) DecryptGrantFromUser(encryptedGrant string) (*models.PureGrant, error) + func (p *Pure) DecryptWithKey(privateKey crypto.PrivateKey, ownerUserID, dataID string, ciphertext []byte) ([]byte, error) + func (p *Pure) DeleteKey(userID, dataID string) error + func (p *Pure) DeleteUser(userID string, cascade bool) error + func (p *Pure) Encrypt(userID, dataID string, plaintext []byte) ([]byte, error) + func (p *Pure) EncryptGeneral(userID, dataID string, otherUserIDs []string, roleNames []string, ...) ([]byte, error) + func (p *Pure) InvalidateEncryptedUserGrant(encryptedGrant string) error + func (p *Pure) PerformRotation() (*RotationResults, error) + func (p *Pure) RecoverUser(userID, newPassword string) error + func (p *Pure) RegisterUser(userID, password string) error + func (p *Pure) ResetUser(userID, newPassword string, cascade bool) error + func (p *Pure) Share(grant *models.PureGrant, dataID string, otherUserIds []string, ...) error + func (p *Pure) ShareToRole(grant *models.PureGrant, dataID string, roleName string) error + func (p *Pure) ShareToRoles(grant *models.PureGrant, dataID string, roleNames []string) error + func (p *Pure) UnassignRole(roleName string, userIds ...string) error + func (p *Pure) Unshare(ownerUserID, dataID string, otherUserIDs []string, ...) error + type PureCrypto struct + Crypto *crypto.Crypto + func NewPureCrypto(crypto *crypto.Crypto) *PureCrypto + func (p *PureCrypto) AddRecipientsToCellKey(cms []byte, privateKey crypto.PrivateKey, publicKeys []crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) ComputePasswordHash(password string) ([]byte, error) + func (p *PureCrypto) ComputeSymmetricKeyId(key []byte) ([]byte, error) + func (p *PureCrypto) DecryptBackup(data []byte, decryptKey crypto.PrivateKey, verifyKey crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) DecryptCellKey(data *PureCryptoData, privateKey crypto.PrivateKey, ...) ([]byte, error) + func (p *PureCrypto) DecryptData(data []byte, decryptionKey crypto.PrivateKey, verificationKey crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) DecryptRolePrivateKey(data []byte, decryptKey crypto.PrivateKey, verifyKey crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) DecryptSymmetricWithNewNonce(ciphertext, ad, key []byte) ([]byte, error) + func (p *PureCrypto) DecryptSymmetricWithOneTimeKey(ciphertext, ad, key []byte) ([]byte, error) + func (p *PureCrypto) DeleteRecipientsFromCellKey(cms []byte, publicKeys []crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) EncryptCellKey(plaintext []byte, recipients []crypto.PublicKey, signingKey crypto.PrivateKey) (*PureCryptoData, error) + func (p *PureCrypto) EncryptData(data []byte, signingKey crypto.PrivateKey, recipients ...crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) EncryptForBackup(data []byte, encryptKey crypto.PublicKey, signingKey crypto.PrivateKey) ([]byte, error) + func (p *PureCrypto) EncryptRolePrivateKey(data []byte, encryptKey crypto.PublicKey, signingKey crypto.PrivateKey) ([]byte, error) + func (p *PureCrypto) EncryptSymmetricWithNewNonce(plaintext, ad, key []byte) ([]byte, error) + func (p *PureCrypto) EncryptSymmetricWithOneTimeKey(plaintext, ad, key []byte) ([]byte, error) + func (p *PureCrypto) ExportPrivateKey(key crypto.PrivateKey) ([]byte, error) + func (p *PureCrypto) ExportPublicKey(key crypto.PublicKey) ([]byte, error) + func (p *PureCrypto) ExtractPublicKeysIdsFromCellKey(cms []byte) ([][]byte, error) + func (p *PureCrypto) GenerateCellKey() (crypto.PrivateKey, error) + func (p *PureCrypto) GenerateRoleKey() (crypto.PrivateKey, error) + func (p *PureCrypto) GenerateSymmetricOneTimeKey() ([]byte, error) + func (p *PureCrypto) GenerateUserKey() (crypto.PrivateKey, error) + func (p *PureCrypto) ImportPrivateKey(data []byte) (crypto.PrivateKey, error) + func (p *PureCrypto) ImportPublicKey(data []byte) (crypto.PublicKey, error) + type PureCryptoData struct + Body []byte + Cms []byte + type RotationResults struct + GrantsRotated uint64 + UsersRotated uint64 + type SessionParameters struct + SessionID string + TTL time.Duration Other modules containing this package github.com/VirgilSecurity/virgil-purekit-go