Documentation ¶
Index ¶
- Constants
- Variables
- func EnsureClosed(obj Openable) error
- func EnsureOpen(obj Openable) error
- func MustClosed(obj Openable)
- func PublicKeyFromPrivate(privKey crypto.PrivateKey) (crypto.PublicKey, error)
- type AsyncKeyPair
- type AsyncKeyStore
- type AsyncProvider
- type Attestation
- type DynamicProvider
- type GenKeyPairOpts
- type KeyAlgorithm
- type KeyPair
- type KeyPairId
- type KeyStore
- type KeyUsage
- type Openable
- type Provider
Constants ¶
View Source
const KeyUsageAgree = "agree"
View Source
const KeyUsageDecrypt = "decrypt"
View Source
const KeyUsageDerive = "derive"
View Source
const KeyUsageSign = "sign"
View Source
const KeyUsageUnwrap = "unwrap"
Variables ¶
View Source
var ( ErrNotImplemented = errors.New("not implemented yet") ErrAlgorithmNotSupportedByKeyStore = errors.New("algorithm not supported by key store") ErrOperationNotSupportedByKeyStore = errors.New("operation not supported by key store") )
View Source
var ( ErrAlreadyOpen = errors.New("already open") ErrAlreadyClosed = errors.New("already closed") )
View Source
var ECCAlgorithmByOid = make(map[string]*KeyAlgorithm)
View Source
var (
ErrOperationNotSupportedByKeyPair = errors.New("operation not supported by key pair")
)
View Source
var (
ErrOperationNotSupportedByProvider = errors.New("operation not supported by keystore provider")
)
View Source
var ErrorHandler func(err error, context ...interface{}) error
View Source
var KeyAlgECP224 = KeyAlgorithm{ Oid: asn1.ObjectIdentifier{1, 3, 132, 0, 33}, ECCCurve: elliptic.P224(), Name: "NIST P-224", }
View Source
var KeyAlgECP256 = KeyAlgorithm{ Oid: asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}, ECCCurve: elliptic.P256(), Name: "NIST P-256", }
View Source
var KeyAlgECP384 = KeyAlgorithm{ Oid: asn1.ObjectIdentifier{1, 3, 132, 0, 34}, ECCCurve: elliptic.P384(), Name: "NIST P-384", }
View Source
var KeyAlgECP521 = KeyAlgorithm{ Oid: asn1.ObjectIdentifier{1, 3, 132, 0, 35}, ECCCurve: elliptic.P521(), Name: "NIST P-521", }
View Source
var KeyAlgEd25519 = KeyAlgorithm{ Oid: asn1.ObjectIdentifier{1, 3, 101, 112}, Name: "Ed25519", }
View Source
var KeyAlgEd448 = KeyAlgorithm{ Oid: asn1.ObjectIdentifier{1, 3, 101, 113}, Name: "Ed448", }
View Source
var KeyAlgRSA1024 = KeyAlgRSA(1024)
View Source
var KeyAlgRSA2048 = KeyAlgRSA(2048)
View Source
var KeyAlgRSA3072 = KeyAlgRSA(3072)
View Source
var KeyAlgRSA4096 = KeyAlgRSA(4096)
Functions ¶
func EnsureClosed ¶
func EnsureOpen ¶
func MustClosed ¶
func MustClosed(obj Openable)
func PublicKeyFromPrivate ¶
func PublicKeyFromPrivate(privKey crypto.PrivateKey) (crypto.PublicKey, error)
Types ¶
type AsyncKeyPair ¶
type AsyncKeyPair interface { Id(ctx context.Context) <-chan KeyPairId Label(ctx context.Context) <-chan string SetLabel(ctx context.Context, label string) (errCh <-chan error) Algorithm(ctx context.Context) <-chan KeyAlgorithm KeyUsage(ctx context.Context) <-chan []KeyUsage KeyStore(ctx context.Context) <-chan AsyncKeyStore Public(ctx context.Context) <-chan crypto.PublicKey Sign(ctx context.Context, rand io.Reader, digest []byte, opts crypto.SignerOpts) (signatureCh <-chan []byte, errCh <-chan error) Decrypt(ctx context.Context, rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintextCh <-chan []byte, errCh <-chan error) ExportPrivate(ctx context.Context) (privKeyCh <-chan crypto.PrivateKey, errCh <-chan error) Destroy(ctx context.Context) <-chan error Verify(ctx context.Context, signature []byte, digest []byte, opts crypto.SignerOpts) <-chan error Attestation(ctx context.Context, nonce []byte) (att <-chan Attestation, errCh <-chan error) }
type AsyncKeyStore ¶
type AsyncKeyStore interface { Id(ctx context.Context) <-chan string Name(ctx context.Context) <-chan string Open(ctx context.Context) <-chan error Close(ctx context.Context) <-chan error IsOpen(ctx context.Context) <-chan bool Reload(ctx context.Context) <-chan error SupportedPrivateKeyAlgorithms(ctx context.Context) <-chan KeyAlgorithm KeyPairs(ctx context.Context) (<-chan AsyncKeyPair, <-chan error) CreateKeyPair(ctx context.Context, opts GenKeyPairOpts) (<-chan AsyncKeyPair, <-chan error) ImportKeyPair(ctx context.Context, der []byte) (<-chan AsyncKeyPair, <-chan error) }
type AsyncProvider ¶
type Attestation ¶
type Attestation []byte
type DynamicProvider ¶
type GenKeyPairOpts ¶
type GenKeyPairOpts struct { Algorithm KeyAlgorithm Label string KeyUsage map[KeyUsage]bool Exportable bool Ephemeral bool }
GenKeyPairOpts controls the key pair generation or import
type KeyAlgorithm ¶
type KeyAlgorithm struct { Oid asn1.ObjectIdentifier RSAKeyLength int ECCCurve elliptic.Curve Name string }
func AlgorithmFromPublicKey ¶
func AlgorithmFromPublicKey(pubKey crypto.PublicKey) (KeyAlgorithm, error)
func KeyAlgRSA ¶
func KeyAlgRSA(keyLength int) KeyAlgorithm
func (KeyAlgorithm) Equal ¶
func (ka KeyAlgorithm) Equal(other KeyAlgorithm) bool
func (KeyAlgorithm) String ¶
func (ka KeyAlgorithm) String() string
type KeyPair ¶
type KeyPair interface { Id() KeyPairId Label() string SetLabel(label string) error Algorithm() KeyAlgorithm KeyUsage() map[KeyUsage]bool KeyStore() KeyStore Public() crypto.PublicKey Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) ExportPrivate() (privKey crypto.PrivateKey, err error) Destroy() error Verify(signature []byte, digest []byte, opts crypto.SignerOpts) (err error) ECDH(remote *ecdsa.PublicKey) ([]byte, error) Attestation(nonce []byte) (att Attestation, err error) }
type KeyStore ¶
type KeyStore interface { // Unique identifier within the provider. The returned Id must be URL safe. Id() string Name() string Open() error Close() error IsOpen() bool Reload() error SupportedPrivateKeyAlgorithms() []KeyAlgorithm KeyPairById(id KeyPairId) KeyPair KeyPairs(reload bool) (map[KeyPairId]KeyPair, error) CreateKeyPair(opts GenKeyPairOpts) (kp KeyPair, err error) ImportKeyPair(privKey crypto.PrivateKey, opts GenKeyPairOpts) (kp KeyPair, err error) }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.