Documentation ¶
Overview ¶
Package keys provides access to public and private keys for signing and verification of signatures.
Index ¶
- Constants
- func NewFromPrivateDER(der []byte) (crypto.Signer, error)
- func NewFromPrivatePEM(pemEncodedKey, password string) (crypto.Signer, error)
- func NewFromPrivatePEMFile(keyFile, keyPassword string) (crypto.Signer, error)
- func NewFromPublicDER(der []byte) (crypto.PublicKey, error)
- func NewFromPublicPEM(pemEncodedKey string) (crypto.PublicKey, error)
- func NewFromPublicPEMFile(keyFile string) (crypto.PublicKey, error)
- func NewFromSpec(spec *keyspb.Specification) (crypto.Signer, error)
- func SignatureAlgorithm(k crypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm
- type MockSignerFactory
- func (_m *MockSignerFactory) EXPECT() *_MockSignerFactoryRecorder
- func (_m *MockSignerFactory) Generate(_param0 context.Context, _param1 *trillian.Tree, _param2 *keyspb.Specification) (*any.Any, error)
- func (_m *MockSignerFactory) NewSigner(_param0 context.Context, _param1 *trillian.Tree) (crypto.Signer, error)
- type NewSignerTest
- type PEMSignerFactory
- type SignerFactory
- type SignerFactoryTester
Constants ¶
const MinRsaKeySizeInBits = 2048
MinRsaKeySizeInBits is the smallest RSA key that this package will generate.
Variables ¶
This section is empty.
Functions ¶
func NewFromPrivateDER ¶
NewFromPrivateDER reads a DER-encoded private key.
func NewFromPrivatePEM ¶
NewFromPrivatePEM reads a PEM-encoded private key from a string. The key may be protected by a password.
func NewFromPrivatePEMFile ¶
NewFromPrivatePEMFile reads a PEM-encoded private key from a file. The key must be protected by a password.
func NewFromPublicDER ¶
NewFromPublicDER reads a DER-encoded public key.
func NewFromPublicPEM ¶
NewFromPublicPEM reads a PEM-encoded public key from a string.
func NewFromPublicPEMFile ¶
NewFromPublicPEMFile reads a PEM-encoded public key from a file.
func NewFromSpec ¶
func NewFromSpec(spec *keyspb.Specification) (crypto.Signer, error)
NewFromSpec generates a new private key based on a key specification. If an RSA key is specified, the key size must be at least MinRsaKeySizeInBits.
func SignatureAlgorithm ¶
func SignatureAlgorithm(k crypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm
SignatureAlgorithm returns the algorithm used for this public key. Only ECDSA and RSA keys are supported. Other key types will return sigpb.DigitallySigned_UNKNOWN.
Types ¶
type MockSignerFactory ¶
type MockSignerFactory struct {
// contains filtered or unexported fields
}
Mock of SignerFactory interface
func NewMockSignerFactory ¶
func NewMockSignerFactory(ctrl *gomock.Controller) *MockSignerFactory
func (*MockSignerFactory) EXPECT ¶
func (_m *MockSignerFactory) EXPECT() *_MockSignerFactoryRecorder
type NewSignerTest ¶
type NewSignerTest struct { // Name describes the test. Name string // Tree is passed to SignerFactory.NewSigner(). Tree *trillian.Tree // WantErr should be true if SignerFactory.NewSigner() is expected to return an error. WantErr bool }
NewSignerTest is a test case to be run by TestNewSigner().
type PEMSignerFactory ¶
type PEMSignerFactory struct{}
PEMSignerFactory handles PEM-encoded private keys. It supports trees whose PrivateKey field is a: - keyspb.PEMKeyFile - keyspb.PrivateKey It implements keys.SignerFactory.
func (PEMSignerFactory) Generate ¶
func (f PEMSignerFactory) Generate(ctx context.Context, tree *trillian.Tree, spec *keyspb.Specification) (*any.Any, error)
Generate creates a new private key for a tree based on a key specification. It returns a proto that can be used as the value of tree.PrivateKey.
type SignerFactory ¶
type SignerFactory interface { // NewSigner returns a signer for the given tree. // It consults Tree.PrivateKey to determine how to retrieve the key. NewSigner(context.Context, *trillian.Tree) (crypto.Signer, error) // Generate creates a new private key for a tree based on a key specification. // It returns a proto that can be used as the value of tree.PrivateKey. // If tree.PrivateKey or tree.PublicKey is already set, it returns an error. Generate(context.Context, *trillian.Tree, *keyspb.Specification) (*any.Any, error) }
SignerFactory creates signers for Trillian trees. A signers may be created by loading a private key, interfacing with a HSM, or sending network requests to a remote key management service, to give a few examples.
type SignerFactoryTester ¶
type SignerFactoryTester struct { // NewSignerFactory returns an SignerFactory instance setup for testing. NewSignerFactory func() SignerFactory // NewSignerTests are additional test cases to exercise the specific // PrivateKey protos that this SignerFactory implementation supports. NewSignerTests []NewSignerTest }
SignerFactoryTester runs a suite of tests against a SignerFactory implementation.
func (*SignerFactoryTester) RunAllTests ¶
func (tester *SignerFactoryTester) RunAllTests(t *testing.T)
RunAllTests runs all SignerFactory tests.
func (*SignerFactoryTester) TestGenerate ¶
func (tester *SignerFactoryTester) TestGenerate(t *testing.T)
TestGenerate runs test on the SignerFactory's Generate() method.
func (*SignerFactoryTester) TestNewSigner ¶
func (tester *SignerFactoryTester) TestNewSigner(t *testing.T)
TestNewSigner runs test on the SignerFactory's NewSigner() method.