cloudkms

package
v0.26.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2022 License: Apache-2.0 Imports: 11 Imported by: 8

Documentation

Overview

Package cloudkms provides a Google Cloud Key Management Service (KMS) implementation of the crypto.Signer interface.

The documentation for Google Cloud KMS can be found here: https://cloud.google.com/kms/docs

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseHashAlgorithm added in v0.25.0 

func ParseHashAlgorithm(algo kmspb.CryptoKeyVersion_CryptoKeyVersionAlgorithm) crypto.HashAlgorithm

ParseHashAlgorithm returns the `HashAlgorithm` corresponding to the input KMS key type.

func ParseSignatureAlgorithm added in v0.25.0 

func ParseSignatureAlgorithm(algo kmspb.CryptoKeyVersion_CryptoKeyVersionAlgorithm) crypto.SignatureAlgorithm

ParseSignatureAlgorithm returns the `SignatureAlgorithm` corresponding to the input KMS key type.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for interacting with the Google Cloud KMS API using types native to the Flow Go SDK.

func NewClient 

func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)

NewClient creates a new KMS client.

func (*Client) GetPublicKey 

func (c *Client) GetPublicKey(ctx context.Context, key Key) (crypto.PublicKey, crypto.HashAlgorithm, error)

GetPublicKey fetches the public key portion of a KMS asymmetric signing key version.

KMS keys of the type `CryptoKeyVersion_EC_SIGN_P256_SHA256` and `CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256` are the only keys supported by the SDK.

Ref: https://cloud.google.com/kms/docs/retrieve-public-key

func (*Client) KMSClient added in v0.25.0 

func (c *Client) KMSClient() *kms.KeyManagementClient

KMSClient gives access to the KeyManagementClient, e.g. for closing the connection to the Google KMS API

func (*Client) SignerForKey 

func (c *Client) SignerForKey(
	ctx context.Context,
	key Key,
) (*Signer, error)

SignerForKey returns a new Google Cloud KMS signer for an asymmetric signing key version.

Only ECDSA keys on P-256 and secp256k1 curves and SHA2-256 are supported.

type Key 

type Key struct {
	ProjectID  string `json:"projectId"`
	LocationID string `json:"locationId"`
	KeyRingID  string `json:"keyRingId"`
	KeyID      string `json:"keyId"`
	KeyVersion string `json:"keyVersion"`
}

Key is a reference to a Google Cloud KMS asymmetric signing key version.

Ref: https://cloud.google.com/kms/docs/creating-asymmetric-keys#create_an_asymmetric_signing_key

func KeyFromResourceID 

func KeyFromResourceID(resourceID string) (Key, error)

KeyFromResourceID returns a `Key` from a resource ID.

func (Key) ResourceID 

func (k Key) ResourceID() string

ResourceID returns the resource ID for this KMS key version.

Ref: https://cloud.google.com/kms/docs/getting-resource-ids

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a Google Cloud KMS implementation of crypto.Signer.

func (*Signer) PublicKey added in v0.25.0 

func (s *Signer) PublicKey() crypto.PublicKey

func (*Signer) Sign 

func (s *Signer) Sign(message []byte) ([]byte, error)

Sign signs the given message using the KMS signing key for this signer.

Reference: https://cloud.google.com/kms/docs/create-validate-signatures

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.