README
¶
Keypair - Go convenience wrapper for a private/public RSA keypair.
A Go convenience wrapper which provides access to a private/public RSA keypair, which is located in either a Google Cloud Platform Storage bucket or local storage.
What?
This provides synchronised access to private and public RSA keys for encrypt/decrypt operations.
Why?
Written to provide convenient encryption/decryption, and synchronised access to both keys so that they can be passed around.
How?
The best place to start is with the tests. If running locally, then ensure that Google Application Credentials have been created. If running from a GCP virtual machine, then ensure that the relevant service account (compute, appengine etc.) has the following IAM scopes: 'Storage Object Viewer' and 'Storage Object Creator', or 'Storage Object Admin'. See [GCP service accounts] for further details.
Examples
See the tests for usage examples.
Dependencies and services
This utilises the following fine pieces of work:
- jwt Go implementation of JSON Web Tokens (JWT)
- GCP's Storage Go client
Installation
Install using go get.
$ go get -u github.com/lidstromberg/keypair
Environment Variables
You will also need to export (linux/macOS) or create (Windows) some environment variables.
################################
# KEYPAIR
################################
export KP_TYPE="bucket"
export KP_GCP_BUCKET="{{BUCKETNAME}}"
export KP_PRIKEY="jwt.key"
export KP_PUBKEY="jwt.key.pub"
################################
# GCP CREDENTIALS
################################
export GOOGLE_APPLICATION_CREDENTIALS="/PATH/TO/GCPCREDENTIALS.JSON"
(See Google Application Credentials)
Private/Public Certs
The following will generate RSA private/public keys (assuming you have openssl installed). Unfortunately the private key should not be password protected at this point (see RFC1423 Issue for details).
$ ssh-keygen -t rsa -b 4096 -m PEM -f jwt.key
$ openssl rsa -in jwt.key -pubout -outform PEM -pubout -out jwt.key.pub
Google Cloud Platform Requirements
If you intend to use GCP datastore as your backend, then you will require:
- A GCP project
- A GCP storage bucket (private) to store the RSA private/public keys (in the root of the bucket)
- Your GOOGLE_APPLICATION_CREDENTIALS json credentials key should be created with the following IAM scopes: 'Storage Object Viewer' and 'Storage Object Creator', or 'Storage Object Admin'.
Main Files
| File | Purpose |
|---|---|
| keypair.go | Logic manager |
| keypair_test.go | Tests |
Ancillary Files
| File | Purpose |
|---|---|
| config.go | Boot package parameters, environment var collection |
| errors.go | Package error definitions |
| env | Package environment variables for local/dev installation |
| gogets | Statements for go-getting required packages |
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( //ErrKeyPairNotExist occurs if the key pair cannot be read ErrKeyPairNotExist = errors.New("Keypair could not be created") )
errors
Functions ¶
This section is empty.
Types ¶
type KeyPair ¶
type KeyPair struct {
// contains filtered or unexported fields
}
KeyPair holds jwt encryption/decryption keys
func NewKeyPair ¶
NewKeyPair creates a new signing keypair from private/public keys based on config settings
func (*KeyPair) DecryptString ¶
DecryptString uses the keypair to decrypt a base64 encrypted string
func (*KeyPair) EncryptBytes ¶
EncryptBytes uses the keypair to encrypt a byte array
func (*KeyPair) GetPriKey ¶
func (kp *KeyPair) GetPriKey() *rsa.PrivateKey
GetPriKey returns the private key
Source Files