Documentation ¶
Overview ¶
Package key is an interface for opaque cryptographic signing keys
Index ¶
Constants ¶
const ( // EnvKey is the environment variable specifying secret encryption key. EnvKey = "HANCOCK_KEY" // RSA the signing algorithm RSA = "rsa" // AES the encryption algorithm AES = "aes" )
Variables ¶
var DefaultSignerGenerator = SignerGenerator{ Generators: map[string]GenerateSignerFunc{ RSA: rsaGenerateSigner, }, }
DefaultSignerGenerator is a sensible default generator that supports RSA.
Functions ¶
Types ¶
type AesCodec ¶
type AesCodec struct {
// contains filtered or unexported fields
}
AesCodec implements the `MultiCodec` interface and can be added to any clear text `MultiCodec` to provide AES encryption.
func NewAesCodec ¶
func NewAesCodec(clearTextMultiCodec MultiCodec, key string) *AesCodec
NewAesCodec returns a new `MultiCodec` that wraps clearTextMultiCodec with encryption. The provided key is used as the secret in all future encryptions.
type Codec ¶
type Codec interface { // Encode serializes a Signer. Encode(k crypto.Signer) (priv []byte, err error) // Decode deserializes a Signer. Decode(priv []byte) (s crypto.Signer, err error) }
Codec is an interface for (de)serializing an algorithm's Signer. This is convenient for storage of the Signer. To support multiple algorithms see `MultiCodec`.
type Config ¶
Config provides configuration for KeyStorage.
func (*Config) GetCodec ¶
func (c *Config) GetCodec() MultiCodec
GetCodec returns builtin `MultiCodec`s according to the config's Encryption.
type GenerateSignerFunc ¶
GenerateSignerFunc is a type of function that produces a Signer given some `Opts`.
type Key ¶
type Key struct { // ID is a unique identifier for the key. ID string `json:"id" sql:"id"` // Algorithm specifies the cryptographic signing algorithm underlying this key. Algorithm string `json:"alg" sql:"alg"` // Signer implements the crypto.Signer interface which can be used for signing and inspecting // the public key. Signer crypto.Signer }
Key is an interface for opaque cryptographic signing keys.
type MultiCodec ¶
type MultiCodec interface { // Encode serializes the Signer according to the signing algorithm. Encode(s crypto.Signer, alg string) (priv []byte, err error) // Decode deserializes the private key according to the signing algorithm. Decode(priv []byte, alg string) (s crypto.Signer, err error) }
MultiCodec is an interface for (de)serializing an Signers for multiple algorithms.
var ( // DefaultCodec is a sensible default that supports rsa. DefaultCodec MultiCodec )
type Opts ¶
type Opts map[string]interface{}
Opts specify additional options used in `Key` generation.
type RsaGobCodec ¶
type RsaGobCodec struct {
// contains filtered or unexported fields
}
RsaGobCodec implements the Codec interface for RSA Signers. It uses the gob encoding.
type SignerGenerator ¶
type SignerGenerator struct {
Generators map[string]GenerateSignerFunc
}
SignerGenerator collects `GenerateSignerFunc`s by the cryptographic signing algorithms on which they rely.
type Storage ¶
type Storage interface { // Get retrieves a `*Key` using the unique identifier id. If no key with that id is found, both // return values are null. Get(id string) (*Key, error) // Create inserts a new `Key` generated using the algorithm specified by alg and the provided // `Opts`. The resulting `Key` is returned. Create(alg string, o Opts) (*Key, error) // Open opens a key storage. This must be called before calling other methods on `Storage`. // Most users will Open a key `Storage` using the a driverName as in `Open`. Open(config []byte) error }
Storage is an interface for a storage backend of `Key`s. Some implementations of Storage can be found as subpackages of key.
func Open ¶
Open opens a key `Storage` specified by its storage name and configuration. The configuration is usually a []byte representation of a json config.
Most users will open storage via a driver-specific connetion helper function that returns a Storage. Hancock includes a few drivers which are subpackages of key.
Open may just validate its arguments without creating a connection to the Storage.
Directories ¶
Path | Synopsis |
---|---|
Package mem is an in-memory implementation of the `key.Storage` interface
|
Package mem is an in-memory implementation of the `key.Storage` interface |
Package postgres is postgres database implementation of the `key.Storage` interface
|
Package postgres is postgres database implementation of the `key.Storage` interface |