keys

package
v0.0.0-...-f1c747c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2017 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package keys provides access to public and private keys for signing and verification of signatures.

Index

Constants

View Source 
const MinRsaKeySizeInBits = 2048

MinRsaKeySizeInBits is the smallest RSA key that this package will generate.

Variables

This section is empty.

Functions

func NewFromPrivateDER 

func NewFromPrivateDER(der []byte) (crypto.Signer, error)

NewFromPrivateDER reads a DER-encoded private key.

func NewFromPrivatePEM 

func NewFromPrivatePEM(pemEncodedKey, password string) (crypto.Signer, error)

NewFromPrivatePEM reads a PEM-encoded private key from a string. The key may be protected by a password.

func NewFromPrivatePEMFile 

func NewFromPrivatePEMFile(keyFile, keyPassword string) (crypto.Signer, error)

NewFromPrivatePEMFile reads a PEM-encoded private key from a file. The key must be protected by a password.

func NewFromPublicDER 

func NewFromPublicDER(der []byte) (crypto.PublicKey, error)

NewFromPublicDER reads a DER-encoded public key.

func NewFromPublicPEM 

func NewFromPublicPEM(pemEncodedKey string) (crypto.PublicKey, error)

NewFromPublicPEM reads a PEM-encoded public key from a string.

func NewFromPublicPEMFile 

func NewFromPublicPEMFile(keyFile string) (crypto.PublicKey, error)

NewFromPublicPEMFile reads a PEM-encoded public key from a file.

func NewFromSpec 

func NewFromSpec(spec *keyspb.Specification) (crypto.Signer, error)

NewFromSpec generates a new private key based on a key specification. If an RSA key is specified, the key size must be at least MinRsaKeySizeInBits.

func SignatureAlgorithm 

func SignatureAlgorithm(k crypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm

SignatureAlgorithm returns the algorithm used for this public key. Only ECDSA and RSA keys are supported. Other key types will return sigpb.DigitallySigned_UNKNOWN.

Types

type MockSignerFactory 

type MockSignerFactory struct {
	// contains filtered or unexported fields
}

Mock of SignerFactory interface

func NewMockSignerFactory 

func NewMockSignerFactory(ctrl *gomock.Controller) *MockSignerFactory

func (*MockSignerFactory) EXPECT 

func (_m *MockSignerFactory) EXPECT() *_MockSignerFactoryRecorder

func (*MockSignerFactory) Generate 

func (_m *MockSignerFactory) Generate(_param0 context.Context, _param1 *trillian.Tree, _param2 *keyspb.Specification) (*any.Any, error)

func (*MockSignerFactory) NewSigner 

func (_m *MockSignerFactory) NewSigner(_param0 context.Context, _param1 *trillian.Tree) (crypto.Signer, error)

type NewSignerTest 

type NewSignerTest struct {
	// Name describes the test.
	Name string
	// Tree is passed to SignerFactory.NewSigner().
	Tree *trillian.Tree
	// WantErr should be true if SignerFactory.NewSigner() is expected to return an error.
	WantErr bool
}

NewSignerTest is a test case to be run by TestNewSigner().

type PEMSignerFactory 

type PEMSignerFactory struct{}

PEMSignerFactory handles PEM-encoded private keys. It supports trees whose PrivateKey field is a: - keyspb.PEMKeyFile - keyspb.PrivateKey It implements keys.SignerFactory.

func (PEMSignerFactory) Generate 

func (f PEMSignerFactory) Generate(ctx context.Context, tree *trillian.Tree, spec *keyspb.Specification) (*any.Any, error)

Generate creates a new private key for a tree based on a key specification. It returns a proto that can be used as the value of tree.PrivateKey.

func (PEMSignerFactory) NewSigner 

func (f PEMSignerFactory) NewSigner(ctx context.Context, tree *trillian.Tree) (crypto.Signer, error)

NewSigner returns a crypto.Signer for the given tree.

type SignerFactory 

type SignerFactory interface {
	// NewSigner returns a signer for the given tree.
	// It consults Tree.PrivateKey to determine how to retrieve the key.
	NewSigner(context.Context, *trillian.Tree) (crypto.Signer, error)

	// Generate creates a new private key for a tree based on a key specification.
	// It returns a proto that can be used as the value of tree.PrivateKey.
	// If tree.PrivateKey or tree.PublicKey is already set, it returns an error.
	Generate(context.Context, *trillian.Tree, *keyspb.Specification) (*any.Any, error)
}

SignerFactory creates signers for Trillian trees. A signers may be created by loading a private key, interfacing with a HSM, or sending network requests to a remote key management service, to give a few examples.

type SignerFactoryTester 

type SignerFactoryTester struct {
	// NewSignerFactory returns an SignerFactory instance setup for testing.
	NewSignerFactory func() SignerFactory
	// NewSignerTests are additional test cases to exercise the specific
	// PrivateKey protos that this SignerFactory implementation supports.
	NewSignerTests []NewSignerTest
}

SignerFactoryTester runs a suite of tests against a SignerFactory implementation.

func (*SignerFactoryTester) RunAllTests 

func (tester *SignerFactoryTester) RunAllTests(t *testing.T)

RunAllTests runs all SignerFactory tests.

func (*SignerFactoryTester) TestGenerate 

func (tester *SignerFactoryTester) TestGenerate(t *testing.T)

TestGenerate runs test on the SignerFactory's Generate() method.

func (*SignerFactoryTester) TestNewSigner 

func (tester *SignerFactoryTester) TestNewSigner(t *testing.T)

TestNewSigner runs test on the SignerFactory's NewSigner() method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.