Documentation ¶
Index ¶
- Constants
- Variables
- func KmsLoader(tc cryptoprov.TokenConfig) (cryptoprov.Provider, error)
- func NewSigner(keyID string, label string, signingAlgorithms []string, ...) crypto.Signer
- type KmsClient
- type Provider
- func (p *Provider) Close() error
- func (p *Provider) CurrentSlotID() uint
- func (p *Provider) DestroyKeyPairOnSlot(slotID uint, keyID string) error
- func (p *Provider) EnumKeys(slotID uint, prefix string, ...) error
- func (p *Provider) EnumTokens(currentSlotOnly bool, ...) error
- func (p *Provider) ExportKey(keyID string) (string, []byte, error)
- func (p *Provider) FindKeyPairOnSlot(slotID uint, keyID, label string) (crypto.PrivateKey, error)
- func (p *Provider) GenerateECDSAKey(label string, curve elliptic.Curve) (crypto.PrivateKey, error)
- func (p *Provider) GenerateRSAKey(label string, bits int, purpose int) (crypto.PrivateKey, error)
- func (p *Provider) GetKey(keyID string) (crypto.PrivateKey, error)
- func (p *Provider) IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)
- func (p *Provider) KeyInfo(slotID uint, keyID string, includePublic bool, ...) error
- func (p *Provider) Manufacturer() string
- func (p *Provider) Model() string
- type Signer
Constants ¶
const ( SignRsaPssSha256 = "RSASSA_PSS_SHA_256" SignRsaPssSha384 = "RSASSA_PSS_SHA_384" SignRsaPssSha512 = "RSASSA_PSS_SHA_512" SignRsaPkcs1Sha256 = "RSASSA_PKCS1_V1_5_SHA_256" SignRsaPkcs1Sha384 = "RSASSA_PKCS1_V1_5_SHA_384" SignRsaPkcs1Sha512 = "RSASSA_PKCS1_V1_5_SHA_512" )
Supported signature types by AWS KMS
const ProviderName = "AWSKMS"
ProviderName specifies a provider name
Variables ¶
var KmsClientFactory = func(p client.ConfigProvider, cfgs ...*aws.Config) (KmsClient, error) { return kms.New(p, cfgs...), nil }
KmsClientFactory override for unittest
Functions ¶
func KmsLoader ¶
func KmsLoader(tc cryptoprov.TokenConfig) (cryptoprov.Provider, error)
KmsLoader provides loader for KMS provider
Types ¶
type KmsClient ¶
type KmsClient interface { CreateKey(input *kms.CreateKeyInput) (*kms.CreateKeyOutput, error) //IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error) ListKeys(options *kms.ListKeysInput) (*kms.ListKeysOutput, error) ScheduleKeyDeletion(input *kms.ScheduleKeyDeletionInput) (*kms.ScheduleKeyDeletionOutput, error) DescribeKey(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) GetPublicKey(input *kms.GetPublicKeyInput) (*kms.GetPublicKeyOutput, error) Sign(input *kms.SignInput) (*kms.SignOutput, error) }
KmsClient interface
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider implements Provider interface for KMS
func Init ¶
func Init(tc cryptoprov.TokenConfig) (*Provider, error)
Init configures Kms based hsm impl
func (*Provider) CurrentSlotID ¶
CurrentSlotID returns current slot id. For KMS only one slot is assumed to be available.
func (*Provider) DestroyKeyPairOnSlot ¶
DestroyKeyPairOnSlot destroys key pair on slot. For KMS slotID is ignored and KMS retire API is used to destroy the key.
func (*Provider) EnumKeys ¶
func (p *Provider) EnumKeys(slotID uint, prefix string, keyInfoFunc func(id, label, typ, class, currentVersionID string, creationTime *time.Time) error) error
EnumKeys returns list of keys on the slot. For KMS slotID is ignored.
func (*Provider) EnumTokens ¶
func (p *Provider) EnumTokens(currentSlotOnly bool, slotInfoFunc func(slotID uint, description, label, manufacturer, model, serial string) error) error
EnumTokens lists tokens. For KMS currentSlotOnly is ignored and only one slot is assumed to be available.
func (*Provider) ExportKey ¶
ExportKey returns PKCS#11 URI for specified key ID. It does not return key bytes
func (*Provider) FindKeyPairOnSlot ¶
FindKeyPairOnSlot retrieves a previously created asymmetric key, using a specified slot.
func (*Provider) GenerateECDSAKey ¶
GenerateECDSAKey creates signer using randomly generated ECDSA key
func (*Provider) GenerateRSAKey ¶
GenerateRSAKey creates signer using randomly generated RSA key
func (*Provider) GetKey ¶
func (p *Provider) GetKey(keyID string) (crypto.PrivateKey, error)
GetKey returns pkcs11 uri for the given key id
func (*Provider) IdentifyKey ¶
func (p *Provider) IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)
IdentifyKey returns key id and label for the given private key
func (*Provider) KeyInfo ¶
func (p *Provider) KeyInfo(slotID uint, keyID string, includePublic bool, keyInfoFunc func(id, label, typ, class, currentVersionID, pubKey string, creationTime *time.Time) error) error
KeyInfo retrieves info about key with the specified id
func (*Provider) Manufacturer ¶
Manufacturer returns manufacturer for the provider
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer implements crypto.Signer interface