tpmkeys

package module

v1.0.0 Latest Latest Go to latest Published: Mar 21, 2020 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

tpmkeys

Package tpmkeys provides an implementation of crypto.Signer and crypto.Decrypter for private keys resident on a TPM 2.0 (Trusted Platform Module) device.

It is designed for use with the google/go-tpm/tpm2 package and enables TPM-resident keys to be used transparently with Go standard library packages such as crypto and tls.

Install

go get -u github.com/paulgriffiths/tpmkeys

License

Licensed under MIT License

Documentation ¶

Overview ¶

Package tpmkeys provides an implementation of crypto.Signer and crypto.Decryper for a private key resident on a TPM 2.0 (Trusted Platform Module) device.

It is designed for use with the google/go-tpm/tpm2 package and enables TPM-resident keys to be used transparently with Go standard library packages such as crypto and tls.

Index ¶

type PrivateKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PrivateKey ¶

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey represents a private key resident on a TPM 2.0 device. RSA and ECC private keys are supported for signing, and only RSA keys are supported for encryption.

func NewFromActiveHandle ¶

func NewFromActiveHandle(rw io.ReadWriter, handle uint32, password string) (*PrivateKey, error)

NewFromActiveHandle returns a private key object representing the key referred to by the specified active handle. The caller is responsible for ensuring that the handle for the key is not changed, and the io.ReadWriter is not closed, until the returned key will no longer be used. Since this function accepts an io.ReadWriter, is it also suitable for connecting to a TPM simulator.

func NewFromBlobs ¶

func NewFromBlobs(
	path string,
	parent uint32,
	parentPassword string,
	pubBlob, privBlob []byte,
	password string,
) (*PrivateKey, error)

NewFromBlobs returns a private key object representing the key referred to by the provided public and private area blobs. A connection to the TPM is opened and closed, and the key loaded and flushed, with each use of the key, so the returned key is usable for as long as the parent key remains at the specified persistent handle.

func NewFromPersistentHandle ¶

func NewFromPersistentHandle(path string, handle uint32, password string) (*PrivateKey, error)

NewFromPersistentHandle returns a private key object representing the key referred to by the specified persistent handle, using the TPM at the specified path. A connection to the TPM is opened and closed with each use of the key, so the returned key is usable for as long as the key remains at that persistent handle.

func (*PrivateKey) Decrypt ¶

func (k *PrivateKey) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) ([]byte, error)

Decrypt decrypts msg with the private key.

func (*PrivateKey) Public ¶

func (k *PrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to the opaque private key.

func (*PrivateKey) Sign ¶

func (k *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL