Documentation ¶
Index ¶
- Constants
- Variables
- func DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)
- func EncryptPEMBlock(rand io.Reader, data, password []byte) (block *pem.Block, err error)
- func LoadSigningKeys(path string, password string, saveOnCreate bool) map[int]*ecdsa.PrivateKey
- func MarshalECPrivateKeyWithPassword(key *ecdsa.PrivateKey, password []byte) (data []byte, err error)
- func ParseECPrivateKeyFromPEMWithPassword(data []byte, password []byte) (key *ecdsa.PrivateKey, err error)
- type EncryptedPrivateKeyInfo
- type EncryptionAlgorithmIdentifier
- type EncryptionScheme
- type KeyDerivationFunc
- type PBES2Params
- type PBKDF2Params
- type UserClaims
Constants ¶
const ( // DefaultApiKeySaveOnCreate specifies whether a created API key will be saved. This is useful to turn of in unit tests, where // we only want a temporary key. DefaultApiKeySaveOnCreate = true // DefaultApiKeyPassword is the default password to protect the API key DefaultApiKeyPassword = "changeme" // DefaultApiKeyPath is the default path for the API private key DefaultApiKeyPath = DefaultConfigDirectory + "/api.key" // DefaultConfigDirectory is the default path for the clouditor configuration, such as keys DefaultConfigDirectory = "~/.clouditor" )
Variables ¶
var ErrNotECPrivateKey = errors.New("key is not a valid EC private key")
Functions ¶
func DecryptPEMBlock ¶
DecryptPEMBlock is a drop-in replacement for x509.DecryptPEMBlock which only supports state-of-the art algorithms such as PBES2.
func EncryptPEMBlock ¶
EncryptPEMBlock encrypts a private key contain in data into a PEM block according to PKCS#8.
func LoadSigningKeys ¶
LoadSigningKeys implements a singing keys func for our internal authorization server
func MarshalECPrivateKeyWithPassword ¶
func MarshalECPrivateKeyWithPassword(key *ecdsa.PrivateKey, password []byte) (data []byte, err error)
MarshalECPrivateKeyWithPassword marshals an ECDSA private key protected with a password according to PKCS#8 into a byte array
func ParseECPrivateKeyFromPEMWithPassword ¶
func ParseECPrivateKeyFromPEMWithPassword(data []byte, password []byte) (key *ecdsa.PrivateKey, err error)
ParseECPrivateKeyFromPEMWithPassword ready an ECDSA private key protected with a password according to PKCS#8 from a byte array.
Types ¶
type EncryptedPrivateKeyInfo ¶
type EncryptedPrivateKeyInfo struct { EncryptionAlgorithm EncryptionAlgorithmIdentifier EncryptedData []byte }
EncryptedPrivateKeyInfo contains meta-info about the encrypted private key. See https://datatracker.ietf.org/doc/html/rfc5958#section-3.
type EncryptionAlgorithmIdentifier ¶
type EncryptionAlgorithmIdentifier struct { Algorithm asn1.ObjectIdentifier Params PBES2Params }
EncryptionAlgorithmIdentifier is the identifier for the encryption algorithm. See https://datatracker.ietf.org/doc/html/rfc5958#section-3.
type EncryptionScheme ¶
type EncryptionScheme struct { EncryptionAlgorithm asn1.ObjectIdentifier IV []byte }
EncryptionScheme is part of PBES2 and specifies the encryption algorithm. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.
type KeyDerivationFunc ¶
type KeyDerivationFunc struct { Algorithm asn1.ObjectIdentifier PBKDF2Params PBKDF2Params }
KeyDerivationFunc is part of PBES2 and specify the key derivation function. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.
type PBES2Params ¶
type PBES2Params struct { KeyDerivationFunc KeyDerivationFunc EncryptionScheme EncryptionScheme }
PBES2Params are parameters for PBES2. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4.
type PBKDF2Params ¶
type PBKDF2Params struct { Salt []byte IterationCount int PRF asn1.ObjectIdentifier `asn1:"optional"` }
PBKDF2Params are parameters for PBKDF2. See https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.2.
type UserClaims ¶
type UserClaims struct { jwt.RegisteredClaims FullName string `json:"full_name"` EMail string `json:"email"` }
UserClaims extend jwt.StandardClaims with more detailed claims about a user