key

package

v0.0.0-...-02d3d6b Latest Latest Go to latest Published: May 10, 2019 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/belljustin/hancock

Links

Open Source Insights

Documentation ¶

Overview ¶

Package key is an interface for opaque cryptographic signing keys

Index ¶

Constants
Variables
func Register(name string, driver Storage)
type AesCodec
- func NewAesCodec(clearTextMultiCodec MultiCodec, key string) *AesCodec
- func (c *AesCodec) Decode(data []byte, alg string) (crypto.Signer, error)
- func (c *AesCodec) Encode(s crypto.Signer, alg string) ([]byte, error)
type Codec
type Config
- func (c *Config) GetCodec() MultiCodec
- func (c *Config) LoadEnv()
type GenerateSignerFunc
type Key
type MultiCodec
type Opts
type RsaGobCodec
- func (c *RsaGobCodec) Decode(priv []byte) (crypto.Signer, error)
- func (c RsaGobCodec) Encode(s crypto.Signer) ([]byte, error)
type SignerGenerator
- func (f *SignerGenerator) New(alg string, o Opts) (crypto.Signer, error)
type Storage
- func Open(driverName string, config []byte) (Storage, error)

Constants ¶

View Source

const (
	// EnvKey is the environment variable specifying secret encryption key.
	EnvKey = "HANCOCK_KEY"

	// RSA the signing algorithm
	RSA = "rsa"

	// AES the encryption algorithm
	AES = "aes"
)

Variables ¶

View Source

var DefaultSignerGenerator = SignerGenerator{
	Generators: map[string]GenerateSignerFunc{
		RSA: rsaGenerateSigner,
	},
}

DefaultSignerGenerator is a sensible default generator that supports RSA.

Functions ¶

func Register ¶

func Register(name string, driver Storage)

Register makes a key `Storage` available by the provided name. If Register is called twice with the same name or if driver is nil, it panics.

Types ¶

type AesCodec ¶

type AesCodec struct {
	// contains filtered or unexported fields
}

AesCodec implements the `MultiCodec` interface and can be added to any clear text `MultiCodec` to provide AES encryption.

func NewAesCodec ¶

func NewAesCodec(clearTextMultiCodec MultiCodec, key string) *AesCodec

NewAesCodec returns a new `MultiCodec` that wraps clearTextMultiCodec with encryption. The provided key is used as the secret in all future encryptions.

func (*AesCodec) Decode ¶

func (c *AesCodec) Decode(data []byte, alg string) (crypto.Signer, error)

Decode decrypts and deserializes the private key contained in data.

func (*AesCodec) Encode ¶

func (c *AesCodec) Encode(s crypto.Signer, alg string) ([]byte, error)

Encode serializes and encrypts s.

type Codec ¶

type Codec interface {
	// Encode serializes a Signer.
	Encode(k crypto.Signer) (priv []byte, err error)
	// Decode deserializes a Signer.
	Decode(priv []byte) (s crypto.Signer, err error)
}

Codec is an interface for (de)serializing an algorithm's Signer. This is convenient for storage of the Signer. To support multiple algorithms see `MultiCodec`.

type Config ¶

type Config struct {
	Encryption string `json:"encryption"`
	Key        string `json:"key"`
}

Config provides configuration for KeyStorage.

func (*Config) GetCodec ¶

func (c *Config) GetCodec() MultiCodec

GetCodec returns builtin `MultiCodec`s according to the config's Encryption.

func (*Config) LoadEnv ¶

func (c *Config) LoadEnv()

LoadEnv replaces empty fields with matching environment variables. See this file's constants for a list of available options.

type GenerateSignerFunc ¶

type GenerateSignerFunc func(o Opts) (crypto.Signer, error)

GenerateSignerFunc is a type of function that produces a Signer given some `Opts`.

type Key ¶

type Key struct {
	// ID is a unique identifier for the key.
	ID string `json:"id" sql:"id"`
	// Algorithm specifies the cryptographic signing algorithm underlying this key.
	Algorithm string `json:"alg" sql:"alg"`
	// Signer implements the crypto.Signer interface which can be used for signing and inspecting
	// the public key.
	Signer crypto.Signer
}

Key is an interface for opaque cryptographic signing keys.

type MultiCodec ¶

type MultiCodec interface {
	// Encode serializes the Signer according to the signing algorithm.
	Encode(s crypto.Signer, alg string) (priv []byte, err error)
	// Decode deserializes the private key according to the signing algorithm.
	Decode(priv []byte, alg string) (s crypto.Signer, err error)
}

MultiCodec is an interface for (de)serializing an Signers for multiple algorithms.

var (
	// DefaultCodec is a sensible default that supports rsa.
	DefaultCodec MultiCodec
)

type Opts ¶

type Opts map[string]interface{}

Opts specify additional options used in `Key` generation.

type RsaGobCodec ¶

type RsaGobCodec struct {
	// contains filtered or unexported fields
}

RsaGobCodec implements the Codec interface for RSA Signers. It uses the gob encoding.

func (*RsaGobCodec) Decode ¶

func (c *RsaGobCodec) Decode(priv []byte) (crypto.Signer, error)

Decode deserializes a gob encoded RSA private key to a Signer.

func (RsaGobCodec) Encode ¶

func (c RsaGobCodec) Encode(s crypto.Signer) ([]byte, error)

Encode serializes a Signer to a gob encoding.

type SignerGenerator ¶

type SignerGenerator struct {
	Generators map[string]GenerateSignerFunc
}

SignerGenerator collects `GenerateSignerFunc`s by the cryptographic signing algorithms on which they rely.

func (*SignerGenerator) New ¶

func (f *SignerGenerator) New(alg string, o Opts) (crypto.Signer, error)

New generates a new Signer using the cryptographic signing algorithm specified by alg using the provided `Opts`.

type Storage ¶

type Storage interface {
	// Get retrieves a `*Key` using the unique identifier id. If no key with that id is found, both
	// return values are null.
	Get(id string) (*Key, error)
	// Create inserts a new `Key` generated using the algorithm specified by alg and the provided
	// `Opts`. The resulting `Key` is returned.
	Create(alg string, o Opts) (*Key, error)
	// Open opens a key storage. This must be called before calling other methods on `Storage`.
	// Most users will Open a key `Storage` using the a driverName as in `Open`.
	Open(config []byte) error
}

Storage is an interface for a storage backend of `Key`s. Some implementations of Storage can be found as subpackages of key.

func Open ¶

func Open(driverName string, config []byte) (Storage, error)

Open opens a key `Storage` specified by its storage name and configuration. The configuration is usually a []byte representation of a json config.

Most users will open storage via a driver-specific connetion helper function that returns a Storage. Hancock includes a few drivers which are subpackages of key.

Open may just validate its arguments without creating a connection to the Storage.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mem Package mem is an in-memory implementation of the `key.Storage` interface	Package mem is an in-memory implementation of the `key.Storage` interface
postgres Package postgres is postgres database implementation of the `key.Storage` interface	Package postgres is postgres database implementation of the `key.Storage` interface

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL