Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

purekit

package module

Go to main page

Versions in this module

v3

v3.0.1

Apr 1, 2020

v3.0.0

Mar 26, 2020

Changes in this version

+ const BuppkPrefix

+ const DefaultGrantTTL

+ const DerivedSecretLength

+ const NmsPrefix

+ const NonrotatableMasterSecretLength

+ const PublicKeyPrefix

+ const RecoverPwdAlias

+ const SecretKeyPrefix

+ var ErrGrantKeyExpired = errors.New("grant key expired")

+ var ErrInvalidPassword = errors.New("invalid password")

+ var ErrNoAccess = errors.New("no access")

+ type AuthResult struct

+ EncryptedGrant string

+ Grant *models.PureGrant

+ type Context struct

+ AppToken string

+ Buppk crypto.PublicKey

+ Crypto *crypto.Crypto

+ ExternalPublicKeys map[string][]crypto.PublicKey

+ KmsClient *clients.KmsClient

+ NonRotatableSecrets *NonRotatableSecrets

+ PheClient *clients.PheClient

+ PublicKey *Credentials

+ SecretKey *Credentials

+ Storage storage.PureStorage

+ UpdateToken *Credentials

+ Version uint32

+ func CreateCloudContext(at, nm, bu, sk, pk string, externalPublicKeys map[string][]string, ...) (*Context, error)

+ func CreateContext(c *crypto.Crypto, at, nm, bu, sk, pk string, pureStorage storage.PureStorage, ...) (*Context, error)

+ func CreateDefaultCloudContext(at, nm, bu, sk, pk string, externalPublicKeys map[string][]string) (*Context, error)

+ func (c *Context) SetUpdateToken(updateToken string) error

+ type Credentials struct

+ Payload1 []byte

+ Payload2 []byte

+ Payload3 []byte

+ Version uint32

+ func ParseCredentials(prefix, creds string, versioned bool, numPayloads int) (*Credentials, error)

+ type DeserializedEncryptedGrant struct

+ EncryptedGrant *protos.EncryptedGrant

+ EncryptedGrantHeader *protos.EncryptedGrantHeader

+ type KmsEncryptedData struct

+ Blob []byte

+ Wrap []byte

+ type KmsManager struct

+ CurrentVersion uint32

+ GrantCurrentClient *phe.UokmsClient

+ GrantKmsRotation *phe.UokmsWrapRotation

+ HTTPKmsClient *clients.KmsClient

+ PureCrypto *PureCrypto

+ PwdCurrentClient *phe.UokmsClient

+ PwdKmsRotation *phe.UokmsWrapRotation

+ PwdPreviousClient *phe.UokmsClient

+ func NewKmsManager(context *Context) (*KmsManager, error)

+ func (k *KmsManager) GenerateGrantKeyEncryptionData(grantKey, header []byte) (*KmsEncryptedData, error)

+ func (k *KmsManager) GeneratePwdRecoveryData(passwordHash []byte) (*KmsEncryptedData, error)

+ func (k *KmsManager) GetGrantClient(kmsVersion uint32) (*phe.UokmsClient, error)

+ func (k *KmsManager) GetPwdClient(kmsVersion uint32) (*phe.UokmsClient, error)

+ func (k *KmsManager) PerformGrantRotation(wrap []byte) ([]byte, error)

+ func (k *KmsManager) PerformPwdRotation(wrap []byte) ([]byte, error)

+ func (k *KmsManager) RecoverGrant(grant *models.GrantKey, header []byte) ([]byte, error)

+ func (k *KmsManager) RecoverGrantKey(grantKey *models.GrantKey, header []byte) ([]byte, error)

+ func (k *KmsManager) RecoverGrantKeySecret(grantKey *models.GrantKey) ([]byte, error)

+ func (k *KmsManager) RecoverPwd(record *models.UserRecord) ([]byte, error)

+ func (k *KmsManager) RecoverPwdSecret(record *models.UserRecord) ([]byte, error)

+ type NonRotatableSecrets struct

+ Oksp crypto.PrivateKey

+ Vksp crypto.PrivateKey

+ func GenerateNonRotatableSecrets(c *crypto.Crypto, masterSecret []byte) (*NonRotatableSecrets, error)

+ type PheManager struct

+ Crypto *crypto.Crypto

+ CurrentClient *phe.PheClient

+ CurrentVersion uint32

+ HttpClient *clients.PheClient

+ PreviousClient *phe.PheClient

+ UpdateToken []byte

+ func NewPheManager(context *Context) (*PheManager, error)

+ func (p *PheManager) ComputePheKey(record *models.UserRecord, passwordHash []byte) (key []byte, err error)

+ func (p *PheManager) GetEnrollment(passwordHash []byte) (record, key []byte, err error)

+ func (p *PheManager) GetPheClient(pheVersion uint32) (*phe.PheClient, error)

+ func (p *PheManager) PerformRotation(record []byte) ([]byte, error)

+ type Pure struct

+ Buppk crypto.PublicKey

+ CurrentVersion uint32

+ ExternalPublicKeys map[string][]crypto.PublicKey

+ KmsManager *KmsManager

+ Oskp crypto.PrivateKey

+ PheManager *PheManager

+ PureCrypto *PureCrypto

+ Storage storage.PureStorage

+ func NewPure(context *Context) (*Pure, error)

+ func (p *Pure) AssignRole(roleName string, publicKeyID []byte, rskData []byte, userIds ...string) error

+ func (p *Pure) AssignRoleWithGrant(roleName string, grant *models.PureGrant, userIds ...string) error

+ func (p *Pure) AuthenticateUser(userID, password string, sessionParams *SessionParameters) (*AuthResult, error)

+ func (p *Pure) ChangeUserPassword(userID, oldPassword, newPassword string) error

+ func (p *Pure) ChangeUserPasswordWithGrant(grant *models.PureGrant, newPassword string) error

+ func (p *Pure) CreateRole(roleName string, userIds ...string) error

+ func (p *Pure) CreateUserGrantAsAdmin(userID string, bupsk crypto.PrivateKey, ttl time.Duration) (*models.PureGrant, error)

+ func (p *Pure) Decrypt(grant *models.PureGrant, ownerUserID, dataID string, ciphertext []byte) ([]byte, error)

+ func (p *Pure) DecryptGrantFromUser(encryptedGrant string) (*models.PureGrant, error)

+ func (p *Pure) DecryptWithKey(privateKey crypto.PrivateKey, ownerUserID, dataID string, ciphertext []byte) ([]byte, error)

+ func (p *Pure) DeleteKey(userID, dataID string) error

+ func (p *Pure) DeleteUser(userID string, cascade bool) error

+ func (p *Pure) Encrypt(userID, dataID string, plaintext []byte) ([]byte, error)

+ func (p *Pure) EncryptGeneral(userID, dataID string, otherUserIDs []string, roleNames []string, ...) ([]byte, error)

+ func (p *Pure) InvalidateEncryptedUserGrant(encryptedGrant string) error

+ func (p *Pure) PerformRotation() (*RotationResults, error)

+ func (p *Pure) RecoverUser(userID, newPassword string) error

+ func (p *Pure) RegisterUser(userID, password string) error

+ func (p *Pure) ResetUser(userID, newPassword string, cascade bool) error

+ func (p *Pure) Share(grant *models.PureGrant, dataID string, otherUserIds []string, ...) error

+ func (p *Pure) ShareToRole(grant *models.PureGrant, dataID string, roleName string) error

+ func (p *Pure) ShareToRoles(grant *models.PureGrant, dataID string, roleNames []string) error

+ func (p *Pure) UnassignRole(roleName string, userIds ...string) error

+ func (p *Pure) Unshare(ownerUserID, dataID string, otherUserIDs []string, ...) error

+ type PureCrypto struct

+ Crypto *crypto.Crypto

+ func NewPureCrypto(crypto *crypto.Crypto) *PureCrypto

+ func (p *PureCrypto) AddRecipientsToCellKey(cms []byte, privateKey crypto.PrivateKey, publicKeys []crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) ComputePasswordHash(password string) ([]byte, error)

+ func (p *PureCrypto) ComputeSymmetricKeyId(key []byte) ([]byte, error)

+ func (p *PureCrypto) DecryptBackup(data []byte, decryptKey crypto.PrivateKey, verifyKey crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) DecryptCellKey(data *PureCryptoData, privateKey crypto.PrivateKey, ...) ([]byte, error)

+ func (p *PureCrypto) DecryptData(data []byte, decryptionKey crypto.PrivateKey, verificationKey crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) DecryptRolePrivateKey(data []byte, decryptKey crypto.PrivateKey, verifyKey crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) DecryptSymmetricWithNewNonce(ciphertext, ad, key []byte) ([]byte, error)

+ func (p *PureCrypto) DecryptSymmetricWithOneTimeKey(ciphertext, ad, key []byte) ([]byte, error)

+ func (p *PureCrypto) DeleteRecipientsFromCellKey(cms []byte, publicKeys []crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) EncryptCellKey(plaintext []byte, recipients []crypto.PublicKey, signingKey crypto.PrivateKey) (*PureCryptoData, error)

+ func (p *PureCrypto) EncryptData(data []byte, signingKey crypto.PrivateKey, recipients ...crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) EncryptForBackup(data []byte, encryptKey crypto.PublicKey, signingKey crypto.PrivateKey) ([]byte, error)

+ func (p *PureCrypto) EncryptRolePrivateKey(data []byte, encryptKey crypto.PublicKey, signingKey crypto.PrivateKey) ([]byte, error)

+ func (p *PureCrypto) EncryptSymmetricWithNewNonce(plaintext, ad, key []byte) ([]byte, error)

+ func (p *PureCrypto) EncryptSymmetricWithOneTimeKey(plaintext, ad, key []byte) ([]byte, error)

+ func (p *PureCrypto) ExportPrivateKey(key crypto.PrivateKey) ([]byte, error)

+ func (p *PureCrypto) ExportPublicKey(key crypto.PublicKey) ([]byte, error)

+ func (p *PureCrypto) ExtractPublicKeysIdsFromCellKey(cms []byte) ([][]byte, error)

+ func (p *PureCrypto) GenerateCellKey() (crypto.PrivateKey, error)

+ func (p *PureCrypto) GenerateRoleKey() (crypto.PrivateKey, error)

+ func (p *PureCrypto) GenerateSymmetricOneTimeKey() ([]byte, error)

+ func (p *PureCrypto) GenerateUserKey() (crypto.PrivateKey, error)

+ func (p *PureCrypto) ImportPrivateKey(data []byte) (crypto.PrivateKey, error)

+ func (p *PureCrypto) ImportPublicKey(data []byte) (crypto.PublicKey, error)

+ type PureCryptoData struct

+ Body []byte

+ Cms []byte

+ type RotationResults struct

+ GrantsRotated uint64

+ UsersRotated uint64

+ type SessionParameters struct

+ SessionID string

+ TTL time.Duration

Other modules containing this package

github.com/VirgilSecurity/virgil-purekit-go