v1.2.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 14, 2024 License: Apache-2.0 Imports: 41 Imported by: 1




View Source
const FileScheme = "file"
View Source
const KMSScheme = "kms"
View Source
const MemoryScheme = "memory"
View Source
const TinkScheme = "tink"


This section is empty.


func GetPrimaryKey

func GetPrimaryKey(ctx context.Context, kmsKey, hcVaultToken string) (tink.AEAD, error)

GetPrimaryKey returns a Tink AEAD encryption key from KMS Supports GCP, AWS, and Vault

func HashToAlg added in v1.2.0

func HashToAlg(signerHashAlg string) (crypto.Hash, error)

func KeyHandleToSigner

func KeyHandleToSigner(kh *keyset.Handle) (crypto.Signer, error)

KeyHandleToSigner converts a key handle to the crypto.Signer interface. Heavily pulls from Tink's signature and subtle packages.

func NewCryptoSigner

func NewCryptoSigner(ctx context.Context, hash crypto.Hash, signer, kmsKey, tinkKmsKey, tinkKeysetPath, hcVaultToken, fileSignerPath, fileSignerPasswd string) (crypto.Signer, error)

func NewTimestampingCertWithChain

func NewTimestampingCertWithChain(signer crypto.Signer) ([]*x509.Certificate, error)

NewTimestampingCertWithChain generates an in-memory certificate chain.

func NewTinkSigner

func NewTinkSigner(_ context.Context, tinkKeysetPath string, primaryKey tink.AEAD) (crypto.Signer, error)

NewTinkSigner creates a signer by decrypting a local Tink keyset with a remote KMS encryption key


type File

type File struct {

File returns a file-based signer and verifier, used for local testing

func NewFileSigner

func NewFileSigner(keyPath, keyPass string, hash crypto.Hash) (*File, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL