Documentation ¶
Overview ¶
Package cert implements supports for basket "certificates" used to verify endpoint identity during the cryptographic handshake. Despite the naming "certs" are merely a common serialization format for keys belonging to a given signature algorithm (Think SSH host keys/SSH user ID keys).
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNoPrivateKey = errors.New("cert: no private key")
ErrNoPrivateKey is the error returned when a operation that requires a private key is attempted using a cert that only contains a public key.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate interface { // Algorithm returns the algorithm supported by this certificate. Algorithm() CertificateAlgorithm // SignatureSize returns the size of signatures produced by the given // algorithm in bytes. SignatureSize() int // PublicKey returns the binary representation of the public key. PublicKey() []byte // HasPrivateKey returns if a private key is present. HasPrivateKey() bool // PrivateKey returns the binary representation of the private key. PrivateKey() ([]byte, error) // Sign signs a given message with the private key and returns the // signature. Sign(message []byte) ([]byte, error) // Verify validates a given message + signature combination against the // public key. Verify(message []byte, signature []byte) bool // Serialize returns a binary representation of the certificate suitable // for network transmission or loading. Serialize(includePrivate bool) ([]byte, error) // String returns a string representation of the certificate's public // information. String() string }
Certificate is the common interface supported by all certificate types.
func Load ¶
func Load(blob []byte) (Certificate, error)
Load decodes a binary representation of a certificate produced by Serialize.
func New ¶
func New(algorithm CertificateAlgorithm) (Certificate, error)
New generates a new Certificate with a fresh keypair.
type CertificateAlgorithm ¶
type CertificateAlgorithm byte
CertificateAlgorithm specifies the signature algorithm used by the certificate.
const ( // AlgEd25519 is Ed25519/SHA-512. AlgEd25519 CertificateAlgorithm = iota // AlgSphincs256 is SPHINCS256/BLAKE-512. AlgSphincs256 )
func CertificateAlgorithmFromString ¶
func CertificateAlgorithmFromString(algStr string) (CertificateAlgorithm, error)
CertificateAlgorithmFromString returns a CertificateAlgorithm given a string representation of the byte value of the algorithm.
type UnsupportedAlgorithmError ¶
type UnsupportedAlgorithmError CertificateAlgorithm
UnsupportedAlgorithmError is the error returned when an invalid algorithm is specified.
func (UnsupportedAlgorithmError) Error ¶
func (a UnsupportedAlgorithmError) Error() string