httpsignatures

package module
v0.0.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 20, 2020 License: MIT Imports: 28 Imported by: 0

README

Httpsignatures.go

Codecov Go Report Card Quality Gate Status

This module is created to provide a simple solution to sign HTTP messages according to the document:

https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-00

Versions compatibility

Since the current standard is still in draft mode and will have a few iterations (versions) before becoming stable, the project is going to maintain current and future versions.

To be compatible with ietf.org versioning the project will change only MINOR & PATCH versions, until document final release. A MINOR version will be equal to the draft version. A PATCH version will be used for bug fixes & improvements and will not break backward compatibility with IETF version.

For example:

The Document version Httpsignatures.go
draft-ietf-httpbis-message-signatures-00 v0.0.1
draft-ietf-httpbis-message-signatures-{MINOR} v0.{MINOR}.0
Final release v1.0.0

Installation

To install the module:

go get github.com/igor-pavlenko/httpsignatures.go

To install a specific version, use:

go get github.com/igor-pavlenko/httpsignatures.go@v0.0.3

Don't forget: export GO111MODULE=on

Sign

package main

import (
	"fmt"
	"github.com/igor-pavlenko/httpsignatures.go"
	"net/http"
	"strings"
)

func main() {
	const sKey = "key1"
	// Don't put keys into code, neither push it in to git repo (this is just for example)
	secrets := map[string]httpsignatures.Secret{
		sKey: {
			KeyID: sKey,
			PublicKey: `-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----`,
			PrivateKey: `-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----`,
			Algorithm: "RSA-SHA256",
		},
	}
	ss := httpsignatures.NewSimpleSecretsStorage(secrets)
	hs := httpsignatures.NewHTTPSignatures(ss)
	hs.SetDefaultSignatureHeaders([]string{"(created)", "digest", "(expires)", "(request-target)"})

	r, _ := http.NewRequest(
		"POST",
		"https://example.com/foo?param=value&pet=dog",
		strings.NewReader(`{"hello": "world"}`),
	)
	err := hs.Sign(sKey, r)
	if err != nil {
		panic(err)
	}

	fmt.Println(r.Header.Get("Digest"))
	fmt.Println(r.Header.Get("Signature"))
}

Verify

package main

import (
	"fmt"
	"github.com/igor-pavlenko/httpsignatures.go"
	"net/http"
	"strings"
)

func main() {
	const sKey = "key1"
	// Don't put keys into code, neither push it in to git repo (this is just for example)
	secrets := map[string]httpsignatures.Secret{
		sKey: {
			KeyID: sKey,
			PublicKey: `-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----`,
			PrivateKey: `-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----`,
			Algorithm: "RSA-SHA256",
		},
	}
	ss := httpsignatures.NewSimpleSecretsStorage(secrets)
	hs := httpsignatures.NewHTTPSignatures(ss)

	r, _ := http.NewRequest(
		"POST",
		"https://example.com/foo?param=value&pet=dog",
		strings.NewReader(`{"hello": "world"}`),
	)
	r.Header.Set("Digest", "SHA-512=WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==")
	r.Header.Set("Signature", `keyId="key1",algorithm="RSA-SHA256",created=1594222776,headers="(created) digest (request-target)",signature="HobdANH0pDuVm9ag0Zdy06+1wgPttgSqJIiBI0wmgILrJ3IlZ26KuHPGNTZs2N55SFHCpE1gLnmyKJwLF46hmgdElB7zFreYAGmNhukguoIiQ8slZnOjs2GtZ40kHa+7kO5mqT+i5GaRKwBtRiiFe3nEPxEmrugXEwj5j6DEvl8="`)

	err := hs.Verify(r)
	if err != nil {
		panic(err)
	}
	fmt.Println("Signature verified")
}

Settings

Custom Secrets Storage

If you have a lot of keys, you can get them from any external storage, for example: DB, Files, Vaults etc. Just implement Secrets interface and inject it into httpsignatures.NewHTTPSignatures().

package main

import (
	"fmt"
	"github.com/igor-pavlenko/httpsignatures.go"
	"io/ioutil"
	"os"
	"regexp"
)

// To create your own secrets storage implement the httpsignatures.Secrets interface
// type Secrets interface {
//	   Get(keyID string) (Secret, error)
// }

const alg = "RSA-SHA512"

// SimpleSecretsStorage local static secrets storage
type FileSecretsStorage struct {
	dir     string
	storage map[string]httpsignatures.Secret
}

// Get get secret from local files by KeyID
func (s FileSecretsStorage) Get(keyID string) (httpsignatures.Secret, error) {
	if secret, ok := s.storage[keyID]; ok {
		return secret, nil
	}

	validKeyID, err := regexp.Match(`[a-zA-Z0-9]+`, []byte(keyID))
	if !validKeyID {
		return httpsignatures.Secret{}, &httpsignatures.SecretError{Message: "wrong keyID format allowed: [a-zA-Z0-9]+"}
	}

	publicKeyFile := fmt.Sprintf("%s/%s.pub", s.dir, keyID)
	publicKey, err := s.readFile(publicKeyFile)
	if err != nil {
		return httpsignatures.Secret{}, &httpsignatures.SecretError{Message: "public key file not found", Err: err}
	}

	privateKeyFile := fmt.Sprintf("%s/%s.key", s.dir, keyID)
	privateKey, err := s.readFile(privateKeyFile)
	if err != nil {
		return httpsignatures.Secret{}, &httpsignatures.SecretError{Message: "private key file not found", Err: err}
	}

	fmt.Println(privateKey, publicKey)
	s.storage[keyID] = httpsignatures.Secret{
		KeyID:      keyID,
		PublicKey:  publicKey,
		PrivateKey: privateKey,
		Algorithm:  alg,
	}
	return s.storage[keyID], nil
}

// Get key from file
func (s FileSecretsStorage) readFile(f string) (string, error) {
	if !s.fileExists(f) {
		return "", &httpsignatures.SecretError{Message: fmt.Sprintf("file '%s' not found", f)}
	}
	key, err := ioutil.ReadFile(f)
	if err != nil {
		return "", &httpsignatures.SecretError{Message: fmt.Sprintf("read file error: '%s'", f), Err: err}
	}

	return string(key), nil
}

// Check if file exists
func (s FileSecretsStorage) fileExists(f string) bool {
	i, err := os.Stat(f)
	if os.IsNotExist(err) {
		return false
	}
	return !i.IsDir()
}

// NewSimpleSecretsStorage create new digest
func NewFileSecretsStorage(dir string) httpsignatures.Secrets {
    if len(dir) == 0 {
		return nil
	}
	s := new(FileSecretsStorage)
	s.dir = dir
	s.storage = make(map[string]httpsignatures.Secret)
	return s
}

func main() {
	hs := httpsignatures.NewHTTPSignatures(NewFileSecretsStorage("/tmp"))
	hs.SetDefaultExpiresSeconds(10)
}
Custom Digest hash algorithm

You can set your custom signature hash algorithm by implementing the DigestHashAlgorithm interface.

package main

import (
	"crypto/sha1"
	"crypto/subtle"
	"fmt"
	"github.com/igor-pavlenko/httpsignatures.go"
)

// To create new digest algorithm, implement httpsignatures.DigestHashAlgorithm interface
// type DigestHashAlgorithm interface {
//	 Algorithm() string
//	 Create(data []byte) ([]byte, error)
// 	 Verify(data []byte, digest []byte) error
// }

// Digest algorithm name
const algSha1Name = "sha1"

// algSha1 sha1 Algorithm
type algSha1 struct{}

// Return algorithm name
func (a algSha1) Algorithm() string {
	return algSha1Name
}

// Create hash
func (a algSha1) Create(data []byte) ([]byte, error) {
	h := sha1.New()
	_, err := h.Write(data)
	if err != nil {
		return nil, &httpsignatures.CryptoError{Message: "error creating hash", Err: err}
	}
	return h.Sum(nil), nil
}

// Verify hash
func (a algSha1) Verify(data []byte, digest []byte) error {
	expected, err := a.Create(data)
	if err != nil {
		return err
	}
	if subtle.ConstantTimeCompare(digest, expected) != 1 {
		return &httpsignatures.CryptoError{Message: "wrong hash"}
	}
	return nil
}

func main() {
	hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
	// Add algorithm implementation
	hs.SetDigestAlgorithm(algSha1{})
	// Set `algSha1Name` as default algorithm for digest
	err := hs.SetDefaultDigestAlgorithm(algSha1Name)
	if err != nil {
		fmt.Println(err)
	}
}
Default Digest algorithm

Choose one of supported digest hash algorithms with method SetDefaultDigestAlgorithm.

hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
hs.SetDefaultDigestAlgorithm("MD5")
Disable/Enable verify Digest function

If digest header set in signature headers — module will verify it. To disable verification use SetDefaultVerifyDigest method.

hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
hs.SetDefaultVerifyDigest(false)
Custom Signature hash algorithm

You can set your own custom signature hash algorithm by implementing the SignatureHashAlgorithm interface.

package main

import (
	"crypto/hmac"
	"crypto/sha1"
	"github.com/igor-pavlenko/httpsignatures.go"
)

// To create your own signature hash algorithm, implement httpsignatures.SignatureHashAlgorithm interface
// type SignatureHashAlgorithm interface {
// 	   Algorithm() string
// 	   Create(secret Secret, data []byte) ([]byte, error)
// 	   Verify(secret Secret, data []byte, signature []byte) error
// }

// Digest algorithm name
const algHmacSha1Name = "HMAC-SHA1"

// algHmacSha1 HMAC-SHA1 Algorithm
type algHmacSha1 struct{}

// Return algorithm name
func (a algHmacSha1) Algorithm() string {
	return algHmacSha1Name
}

// Create hash
func (a algHmacSha1) Create(secret httpsignatures.Secret, data []byte) ([]byte, error) {
	if len(secret.PrivateKey) == 0 {
		return nil, &httpsignatures.CryptoError{Message: "no private key found"}
	}
	mac := hmac.New(sha1.New, []byte(secret.PrivateKey))
	_, err := mac.Write(data)
	if err != nil {
		return nil, &httpsignatures.CryptoError{Message: "error creating signature", Err: err}
	}
	return mac.Sum(nil), nil
}

// Verify hash
func (a algHmacSha1) Verify(secret httpsignatures.Secret, data []byte, signature []byte) error {
	expected, err := a.Create(secret, data)
	if err != nil {
		return err
	}
	if !hmac.Equal(signature, expected) {
		return &httpsignatures.CryptoError{Message: "wrong signature"}
	}
	return nil
}

func main() {
	hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
	hs.SetSignatureHashAlgorithm(algHmacSha1{})
}
Default expires seconds

By default, signature will expire in 30 seconds. You can set custom value for expiration using SetDefaultExpiresSeconds method.

hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
hs.SetDefaultExpiresSeconds(60)
Default time gap for expires/created time verification

Default time gap is 10 seconds. To set custom time gap use SetDefaultTimeGap method.

hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
hs.SetDefaultTimeGap(100)
Default signature headers

By default, headers used in signature: ["(created)"]. Use SetDefaultSignatureHeaders method to set custom headers list.

hs := httpsignatures.NewHTTPSignatures(httpsignatures.NewSimpleSecretsStorage(map[string]httpsignatures.Secret{}))
hs.SetDefaultSignatureHeaders([]string{"(request-target)", "(created)", "(expires)", "date", "host", "digest"})

Supported Signature hash algorithms

  • RSASSA-PSS with SHA256
  • RSASSA-PSS with SHA512
  • ECDSA with SHA256
  • ECDSA with SHA512
  • RSA-SHA256
  • RSA-SHA512
  • HMAC-SHA256
  • HMAC-SHA512
  • ED25519

Supported Digest hash algorithms

  • MD5
  • SHA256
  • SHA512

Examples

Look at examples & tests to find out how to work with lib.

Todo

  • Gin plugin
  • AwsSecretsManagerStorage

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AwsSecretsManagerStorage added in v0.0.13 

type AwsSecretsManagerStorage struct {
	// contains filtered or unexported fields
}

AwsSecretsManagerStorage AWS Secrets Manager storage

func NewAwsSecretsManagerStorage added in v0.0.13 

func NewAwsSecretsManagerStorage(env string, sm secretsmanageriface.SecretsManagerAPI) *AwsSecretsManagerStorage

NewAwsSecretsManagerStorage create storage

func (AwsSecretsManagerStorage) Get added in v0.0.13 

func (s AwsSecretsManagerStorage) Get(keyID string) (Secret, error)

Get get secret from cache by KeyID or from AWS Secrets Manager for first time

func (*AwsSecretsManagerStorage) SetCacheExpiresSeconds added in v0.0.13 

func (s *AwsSecretsManagerStorage) SetCacheExpiresSeconds(e uint32)

SetCacheExpiresSeconds set default cache expires seconds.

func (*AwsSecretsManagerStorage) SetGetSecretID added in v0.0.13 

func (s *AwsSecretsManagerStorage) SetGetSecretID(f GetSecretID)

SetGetSecretID set custom function to build secret ID in AWS SecretsManager.

func (*AwsSecretsManagerStorage) SetGetSecretValue added in v0.0.13 

func (s *AwsSecretsManagerStorage) SetGetSecretValue(f GetSecretValue)

SetGetSecretValue set custom function to extract value from secret.

func (*AwsSecretsManagerStorage) SetRequiredPrivateKeys added in v0.0.13 

func (s *AwsSecretsManagerStorage) SetRequiredPrivateKeys(l map[string]bool)

SetRequiredPrivateKeys set keys with required PrivateKey secrets.

type Digest 

type Digest struct {
	// contains filtered or unexported fields
}

Digest digest internal struct

func NewDigest 

func NewDigest() *Digest

NewDigest create new digest

func (*Digest) Create 

func (d *Digest) Create(alg string, r *http.Request) (string, error)

Create create digest hash

func (*Digest) SetDefaultDigestHashAlgorithm 

func (d *Digest) SetDefaultDigestHashAlgorithm(a string) error

SetDefaultDigestHashAlgorithm set digest default algorithm options (default from available)

func (*Digest) SetDigestHashAlgorithm 

func (d *Digest) SetDigestHashAlgorithm(a DigestHashAlgorithm)

SetDigestHashAlgorithm set digest options (add new digest hash algorithm)

func (*Digest) Verify 

func (d *Digest) Verify(r *http.Request) error

Verify verify digest header (compare with real request body hash)

type DigestHashAlgorithm 

type DigestHashAlgorithm interface {
	Algorithm() string
	Create(data []byte) ([]byte, error)
	Verify(data []byte, digest []byte) error
}

DigestHashAlgorithm interface to create/verify digest HMAC hash

type DigestHeader 

type DigestHeader struct {
	// contains filtered or unexported fields
}

DigestHeader Digest header parsed into params (alg & digest)

type ECDSASignature 

type ECDSASignature struct {
	R, S *big.Int
}

ECDSASignature ECDSA signature

type ED25519 added in v0.0.11 

type ED25519 struct{}

ED25519 ED25519 Algorithm

func (ED25519) Algorithm added in v0.0.11 

func (a ED25519) Algorithm() string

Algorithm Return algorithm name

func (ED25519) Create added in v0.0.11 

func (a ED25519) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (ED25519) Verify added in v0.0.11 

func (a ED25519) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type ED25519PrivateKey added in v0.0.11 

type ED25519PrivateKey struct {
	Version          int
	ObjectIdentifier struct {
		ObjectIdentifier asn1.ObjectIdentifier
	}
	PrivateKey []byte
}

ED25519PrivateKey ED25519 PrivateKey

type ED25519PublicKey added in v0.0.11 

type ED25519PublicKey struct {
	ObjectIdentifier struct {
		ObjectIdentifier asn1.ObjectIdentifier
	}
	PublicKey asn1.BitString
}

ED25519PublicKey ED25519 PublicKey

type EcdsaSha256 

type EcdsaSha256 struct{}

EcdsaSha256 ECDSA with SHA256 Algorithm

func (EcdsaSha256) Algorithm 

func (a EcdsaSha256) Algorithm() string

Algorithm Return algorithm name

func (EcdsaSha256) Create 

func (a EcdsaSha256) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (EcdsaSha256) Verify 

func (a EcdsaSha256) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type EcdsaSha512 added in v0.0.9 

type EcdsaSha512 struct{}

EcdsaSha512 ECDSA with SHA512 Algorithm

func (EcdsaSha512) Algorithm added in v0.0.9 

func (a EcdsaSha512) Algorithm() string

Algorithm Return algorithm name

func (EcdsaSha512) Create added in v0.0.9 

func (a EcdsaSha512) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (EcdsaSha512) Verify added in v0.0.9 

func (a EcdsaSha512) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type ErrCrypto added in v0.0.12 

type ErrCrypto struct {
	Message string
	Err     error
}

ErrCrypto errors during Create/Verify signature functions

func (*ErrCrypto) Error added in v0.0.12 

func (e *ErrCrypto) Error() string

ErrHS error message

type ErrDigest added in v0.0.12 

type ErrDigest struct {
	Message string
	Err     error
}

ErrDigest errors during digest verification

func (*ErrDigest) Error added in v0.0.12 

func (e *ErrDigest) Error() string

ErrHS error message

type ErrHS added in v0.0.12 

type ErrHS struct {
	Message string
	Err     error
}

ErrHS errors during validating or creating Signature|Authorization

func (*ErrHS) Error added in v0.0.12 

func (e *ErrHS) Error() string

ErrHS error message

type ErrParser added in v0.0.12 

type ErrParser struct {
	Message string
	Err     error
}

ErrParser errors during parsing

func (*ErrParser) Error added in v0.0.12 

func (e *ErrParser) Error() string

ErrHS error message

type ErrSecret added in v0.0.12 

type ErrSecret struct {
	Message string
	Err     error
}

ErrSecret errors during retrieving secret

func (*ErrSecret) Error added in v0.0.12 

func (e *ErrSecret) Error() string

ErrHS error message

type GetSecretID added in v0.0.13 

type GetSecretID = func(env string, keyType string, keyID string, requiredPrivateKeys map[string]bool) (string, error)

GetSecretValue function construct SecretId in aws secrets manager based on keyType (PrivateKey/PublicKey) & keyID

type GetSecretValue added in v0.0.13 

type GetSecretValue = func(keyType string, value []byte, secret *Secret) error

GetSecretValue function convert value from secrets manager to Secret

type HTTPSignatures 

type HTTPSignatures struct {
	// contains filtered or unexported fields
}

HTTPSignatures struct

func NewHTTPSignatures 

func NewHTTPSignatures(ss Secrets) *HTTPSignatures

NewHTTPSignatures Constructor

func (*HTTPSignatures) SetDefaultDigestAlgorithm 

func (hs *HTTPSignatures) SetDefaultDigestAlgorithm(a string) error

SetDefaultDigestAlgorithm set custom digest hash algorithm

func (*HTTPSignatures) SetDefaultExpiresSeconds 

func (hs *HTTPSignatures) SetDefaultExpiresSeconds(e uint32)

SetDefaultExpiresSeconds set default expires seconds (while creating signature). If signature never expires just exclude "expires" param from the headers list

func (*HTTPSignatures) SetDefaultSignatureHeaders 

func (hs *HTTPSignatures) SetDefaultSignatureHeaders(h []string)

SetDefaultSignatureHeaders set default list of headers to create signature (Sign method)

func (*HTTPSignatures) SetDefaultTimeGap 

func (hs *HTTPSignatures) SetDefaultTimeGap(t int64)

SetDefaultTimeGap set default time gap for (created)/(expires) validation

func (*HTTPSignatures) SetDefaultVerifyDigest 

func (hs *HTTPSignatures) SetDefaultVerifyDigest(v bool)

SetDefaultVerifyDigest set default verify digest or skip verification

func (*HTTPSignatures) SetDigestAlgorithm 

func (hs *HTTPSignatures) SetDigestAlgorithm(a DigestHashAlgorithm)

SetDigestAlgorithm set custom digest hash algorithm

func (*HTTPSignatures) SetSignatureHashAlgorithm added in v0.0.3 

func (hs *HTTPSignatures) SetSignatureHashAlgorithm(a SignatureHashAlgorithm)

SetSignatureHashAlgorithm set custom signature hash algorithm

func (*HTTPSignatures) Sign 

func (hs *HTTPSignatures) Sign(secretKeyID string, r *http.Request) error

Sign add signature header

func (*HTTPSignatures) Verify 

func (hs *HTTPSignatures) Verify(r *http.Request) error

Verify Verify signature

type Headers 

type Headers struct {
	// contains filtered or unexported fields
}

Headers Signature headers & params

type HmacSha256 

type HmacSha256 struct{}

HmacSha256 HMAC-SHA256 Algorithm

func (HmacSha256) Algorithm 

func (a HmacSha256) Algorithm() string

Algorithm Return algorithm name

func (HmacSha256) Create 

func (a HmacSha256) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (HmacSha256) Verify 

func (a HmacSha256) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed privateKey from secret

type HmacSha512 

type HmacSha512 struct{}

HmacSha512 HMAC-SHA512 Algorithm

func (HmacSha512) Algorithm 

func (a HmacSha512) Algorithm() string

Algorithm Return algorithm name

func (HmacSha512) Create 

func (a HmacSha512) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (HmacSha512) Verify 

func (a HmacSha512) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed privateKey from secret

type Md5 

type Md5 struct{}

Md5 MD5 Algorithm

func (Md5) Algorithm 

func (a Md5) Algorithm() string

Algorithm Return algorithm name

func (Md5) Create 

func (a Md5) Create(data []byte) ([]byte, error)

Create Create hash

func (Md5) Verify 

func (a Md5) Verify(data []byte, digest []byte) error

Verify Verify hash

type Parser 

type Parser struct {
	// contains filtered or unexported fields
}

Parser parser internal struct

func NewParser 

func NewParser() *Parser

NewParser create new parser

func (*Parser) ParseDigestHeader 

func (p *Parser) ParseDigestHeader(header string) (DigestHeader, *ErrParser)

ParseDigestHeader parse Digest header

func (*Parser) ParseSignatureHeader 

func (p *Parser) ParseSignatureHeader(header string) (Headers, *ErrParser)

ParseSignatureHeader parse Signature header

func (*Parser) VerifySignatureFields 

func (p *Parser) VerifySignatureFields() *ErrParser

VerifySignatureFields verify required fields

type RsaSha256 

type RsaSha256 struct{}

RsaSha256 RSA-SHA265 Algorithm

func (RsaSha256) Algorithm 

func (a RsaSha256) Algorithm() string

Algorithm Return algorithm name

func (RsaSha256) Create 

func (a RsaSha256) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (RsaSha256) Verify 

func (a RsaSha256) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type RsaSha512 

type RsaSha512 struct{}

RsaSha512 RSA-SHA512 Algorithm

func (RsaSha512) Algorithm 

func (a RsaSha512) Algorithm() string

Algorithm Return algorithm name

func (RsaSha512) Create 

func (a RsaSha512) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (RsaSha512) Verify 

func (a RsaSha512) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type RsaSsaPssSha256 

type RsaSsaPssSha256 struct{}

RsaSsaPssSha256 RSA-PSS-SHA256 Algorithm

func (RsaSsaPssSha256) Algorithm 

func (a RsaSsaPssSha256) Algorithm() string

Algorithm Return algorithm name

func (RsaSsaPssSha256) Create 

func (a RsaSsaPssSha256) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (RsaSsaPssSha256) Verify 

func (a RsaSsaPssSha256) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type RsaSsaPssSha512 

type RsaSsaPssSha512 struct{}

RsaSsaPssSha512 RSA-PSS-SHA512 Algorithm

func (RsaSsaPssSha512) Algorithm 

func (a RsaSsaPssSha512) Algorithm() string

Algorithm Return algorithm name

func (RsaSsaPssSha512) Create 

func (a RsaSsaPssSha512) Create(secret Secret, data []byte) ([]byte, error)

Create Create signature using passed privateKey from secret

func (RsaSsaPssSha512) Verify 

func (a RsaSsaPssSha512) Verify(secret Secret, data []byte, signature []byte) error

Verify Verify signature using passed publicKey from secret

type Secret 

type Secret struct {
	KeyID      string
	PublicKey  string
	PrivateKey string
	Algorithm  string
}

Secret struct to return/store secret

type Secrets 

type Secrets interface {
	Get(keyID string) (Secret, error)
}

Secrets interface to retrieve secrets from storage (local, DB, file etc)

func NewSimpleSecretsStorage added in v0.0.3 

func NewSimpleSecretsStorage(storage map[string]Secret) Secrets

NewSimpleSecretsStorage create new storage

type Sha256 

type Sha256 struct{}

Sha256 Sha256 Algorithm

func (Sha256) Algorithm 

func (a Sha256) Algorithm() string

Algorithm Return algorithm name

func (Sha256) Create 

func (a Sha256) Create(data []byte) ([]byte, error)

Create Create hash

func (Sha256) Verify 

func (a Sha256) Verify(data []byte, digest []byte) error

Verify Verify hash

type Sha512 

type Sha512 struct{}

Sha512 Sha512 Algorithm

func (Sha512) Algorithm 

func (a Sha512) Algorithm() string

Algorithm Return algorithm name

func (Sha512) Create 

func (a Sha512) Create(data []byte) ([]byte, error)

Create Create hash

func (Sha512) Verify 

func (a Sha512) Verify(data []byte, digest []byte) error

Verify Verify hash

type SignatureHashAlgorithm 

type SignatureHashAlgorithm interface {
	Algorithm() string
	Create(secret Secret, data []byte) ([]byte, error)
	Verify(secret Secret, data []byte, signature []byte) error
}

SignatureHashAlgorithm interface to create/verify Signature using secret keys Algorithm return algorithm name Create create new signature Verify verify passed signature

type SimpleSecretsStorage added in v0.0.3 

type SimpleSecretsStorage struct {
	// contains filtered or unexported fields
}

SimpleSecretsStorage local static secrets storage

func (SimpleSecretsStorage) Get added in v0.0.3 

func (s SimpleSecretsStorage) Get(keyID string) (Secret, error)

Get get secret from local storage by KeyID

Source Files

View all Source files

Directories

Path Synopsis
examples
digestHashAlgorithm command
fileSecretsStorage command
sign command
signatureHashAlgorith command
verify command
plugins
aws

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.