Documentation ¶
Index ¶
- Constants
- func Delete(cfg Configurable, keyName string) error
- func DeleteWithDefaults(cfg Configurable) error
- func FetchRaw(secretsClient *secretsapi.Client, cfg authentication.Configurable, ...) (*secretModels.Keypair, error)
- func LocalKeyFilename(configPath, keyName string) string
- func Save(cfg Configurable, kp Keypair, keyName string) error
- func SaveEncodedKeypair(cfg Configurable, secretsClient *secretsapi.Client, encKeypair *EncodedKeypair, ...) error
- func SaveWithDefaults(cfg Configurable, kp Keypair) error
- type Configurable
- type Decrypter
- type EncodedKeypair
- type Encrypter
- type ErrKeypairNotFound
- type ErrKeypairPassphrase
- type Keypair
- type RSAKeypair
- func (keypair *RSAKeypair) DecodeAndDecrypt(msg string) ([]byte, error)
- func (keypair *RSAKeypair) Decrypt(ciphertext []byte) ([]byte, error)
- func (keypair *RSAKeypair) EncodePrivateKey() string
- func (keypair *RSAKeypair) EncodePublicKey() (string, error)
- func (keypair *RSAKeypair) Encrypt(msg []byte) ([]byte, error)
- func (keypair *RSAKeypair) EncryptAndEncode(msg []byte) (string, error)
- func (keypair *RSAKeypair) EncryptAndEncodePrivateKey(passphrase string) (string, error)
- func (keypair *RSAKeypair) MatchPublicKey(publicKeyPEM string) bool
- type RSAPublicKey
Constants ¶
const MinimumRSABitLength int = 12
MinimumRSABitLength is the minimum allowed bit-length when generating RSA keys.
Variables ¶
This section is empty.
Functions ¶
func Delete ¶
func Delete(cfg Configurable, keyName string) error
Delete will delete an unencrypted and encoded private key from the local config directory. The base filename (sans suffix) must be provided.
func DeleteWithDefaults ¶
func DeleteWithDefaults(cfg Configurable) error
DeleteWithDefaults will call Delete with the default key name (i.e. constants.KeypairLocalFileName). The operation will fail when the key override is set (constants.PrivateKeyEnvVarName).
func FetchRaw ¶
func FetchRaw(secretsClient *secretsapi.Client, cfg authentication.Configurable, auth *authentication.Auth) (*secretModels.Keypair, error)
FetchRaw fetchs the current user keypair or returns a failure.
func LocalKeyFilename ¶
LocalKeyFilename returns the full filepath for the given key name
func Save ¶
func Save(cfg Configurable, kp Keypair, keyName string) error
Save will save the unencrypted and encoded private key to a local config file. The filename will be the value of `keyName` and suffixed with `.key`.
func SaveEncodedKeypair ¶
func SaveEncodedKeypair(cfg Configurable, secretsClient *secretsapi.Client, encKeypair *EncodedKeypair, auth *authentication.Auth) error
SaveEncodedKeypair stores an encoded Keypair back to the Secrets Service.
func SaveWithDefaults ¶
func SaveWithDefaults(cfg Configurable, kp Keypair) error
SaveWithDefaults will call Save with the provided keypair and the default key name (i.e. constants.KeypairLocalFileName). The operation will fail when the key override is set (constants.PrivateKeyEnvVarName).
Types ¶
type Configurable ¶
type Decrypter ¶
type Decrypter interface { // Decrypt will decrypt the provided ciphertext using the Keypair's private-key. Decrypt(ciphertext []byte) ([]byte, error) // DecodeAndDecrypt will first base64 decode the provided msg then it will decrypt the resulting ciphertext. DecodeAndDecrypt(value string) ([]byte, error) }
Decrypter expects to Decrypt some ciphertext.
type EncodedKeypair ¶
EncodedKeypair encapulates a Keypair instance and the base-64 encodings on the public and private key components of that Keypair. This is especially useful in the event the private-key has been encrypted with a passphrase.
func EncodeKeypair ¶
func EncodeKeypair(keypair Keypair, passphrase string) (*EncodedKeypair, error)
EncodeKeypair returns an EncodedKeypair using the provided Keypair and secures the private-key with a passphrase.
func GenerateAndSaveEncodedKeypair ¶
func GenerateAndSaveEncodedKeypair(cfg Configurable, secretsClient *secretsapi.Client, passphrase string, bits int, auth *authentication.Auth) (*EncodedKeypair, error)
GenerateAndSaveEncodedKeypair first Generates and then tries to Save an EncodedKeypair. This is equivalent to calling GenerateEncodedKeypair and then SaveEncodedKeypair. Upon success of both actions, the EncodedKeypair will be returned, otherwise a Failure is returned.
func GenerateEncodedKeypair ¶
func GenerateEncodedKeypair(passphrase string, bits int) (*EncodedKeypair, error)
GenerateEncodedKeypair generates a new RSAKeypair, encrypts the private-key if a passphrase is provided, encodes the private and public keys, and returns they Keypair and encoded keys as an EncodedKeypair.
type Encrypter ¶
type Encrypter interface { // Encrypt will encrypt the provided message using the Keypair's public-key. Encrypt(msg []byte) ([]byte, error) // EncryptAndEncode will encrypt the provided message then it will base64 encode that ciphertext. EncryptAndEncode(msg []byte) (string, error) }
Encrypter expects to encrypt a message.
func FetchPublicKey ¶
func FetchPublicKey(secretsClient *secretsapi.Client, user *mono_models.User, auth *authentication.Auth) (Encrypter, error)
FetchPublicKey fetchs the PublicKey for a sepcific user.
type ErrKeypairNotFound ¶
type ErrKeypairNotFound struct{ *locale.LocalizedError }
type ErrKeypairPassphrase ¶
type ErrKeypairPassphrase struct{ *locale.LocalizedError }
type Keypair ¶
type Keypair interface { Encrypter Decrypter // EncodePrivateKey encodes the private-key for this key-pair to a human readable string. // Generally this will be encoded in some PEM format. EncodePrivateKey() string // EncryptAndEncodePrivateKey encodes the private-key for this key-pair to a human readable string. // Generally this will be encoded in some PEM format. First though, the private-key will be // encrypted using the provided passphrase. EncryptAndEncodePrivateKey(passphrase string) (string, error) // EncodePublicKey encodes the public-key for this keypair to a human readable string. // Generally this will be encoded in some PEM format. EncodePublicKey() (string, error) // MatchPublicKey determines if a provided public-key in PEM encoded format matches this Keypair's // public-key. MatchPublicKey(publicKeyPEM string) bool }
Keypair provides behavior for working with public crypto key-pairs.
func Load ¶
func Load(cfg Configurable, keyName string) (Keypair, error)
Load will attempt to load a Keypair using private and public-key files from the user's file system; specifically from the config dir. It is assumed that this keypair file has no passphrase, even if it is encrypted.
func LoadWithDefaults ¶
func LoadWithDefaults(cfg Configurable) (Keypair, error)
LoadWithDefaults will call Load with the default key name (i.e. constants.KeypairLocalFileName). If the key override is set (constants.PrivateKeyEnvVarName), that value will be parsed directly.
type RSAKeypair ¶
type RSAKeypair struct {
*rsa.PrivateKey
}
RSAKeypair implements a Keypair around an RSA private-key.
func GenerateRSA ¶
func GenerateRSA(bits int) (*RSAKeypair, error)
GenerateRSA will generate an RSAKeypair instance given a bit-length. The value for bits can be anything `>= MinimumRSABitLength`.
func ParseEncryptedRSA ¶
func ParseEncryptedRSA(privateKeyPEM, passphrase string) (*RSAKeypair, error)
ParseEncryptedRSA will parse a PEM encoded RSAKeypair that is possibly encrypted with a passphrase. If the keypair is not encrypted, the parsing will proceed uninterrupted.
func ParseRSA ¶
func ParseRSA(privateKeyPEM string) (*RSAKeypair, error)
ParseRSA will parse a PEM encoded RSAKeypair. If the keypair is encrypted, it is expected that the passphrase is empty.
func (*RSAKeypair) DecodeAndDecrypt ¶
func (keypair *RSAKeypair) DecodeAndDecrypt(msg string) ([]byte, error)
DecodeAndDecrypt will base-64 decode the provided msg then decrypt the resulting ciphertext using the Keypair's private-key.
func (*RSAKeypair) Decrypt ¶
func (keypair *RSAKeypair) Decrypt(ciphertext []byte) ([]byte, error)
Decrypt will decrypt the provided ciphertext using the Keypair's private-key. This particular function will use SHA256 for the random oracle.
func (*RSAKeypair) EncodePrivateKey ¶
func (keypair *RSAKeypair) EncodePrivateKey() string
EncodePrivateKey will encode this RSA private-key to a PEM string.
func (*RSAKeypair) EncodePublicKey ¶
func (keypair *RSAKeypair) EncodePublicKey() (string, error)
EncodePublicKey will encode this RSA public-key to a PEM string.
func (*RSAKeypair) Encrypt ¶
func (keypair *RSAKeypair) Encrypt(msg []byte) ([]byte, error)
Encrypt will encrypt the provided message using the Keypair's public-key. This particular function will use SHA256 for the random oracle.
func (*RSAKeypair) EncryptAndEncode ¶
func (keypair *RSAKeypair) EncryptAndEncode(msg []byte) (string, error)
EncryptAndEncode will encrypt the provided message using the Keypair's public-key and then base-64 encode it.
func (*RSAKeypair) EncryptAndEncodePrivateKey ¶
func (keypair *RSAKeypair) EncryptAndEncodePrivateKey(passphrase string) (string, error)
EncryptAndEncodePrivateKey will encrypt RSA private-key using the provided passphrase and then encode it to a PEM string.
func (*RSAKeypair) MatchPublicKey ¶
func (keypair *RSAKeypair) MatchPublicKey(publicKeyPEM string) bool
MatchPublicKey determines if a provided public-key in PEM encoded format matches this Keypair's public-key.
type RSAPublicKey ¶
RSAPublicKey implements an Encrypter around an RSA public-key.
func ParseRSAPublicKey ¶
func ParseRSAPublicKey(publicKeyPEM string) (*RSAPublicKey, error)
ParseRSAPublicKey will parse a PEM encoded RSAPublicKey
func (*RSAPublicKey) Encrypt ¶
func (key *RSAPublicKey) Encrypt(msg []byte) ([]byte, error)
Encrypt will encrypt the provided message using this PublicKey. This particular function will use SHA256 for the random oracle.
func (*RSAPublicKey) EncryptAndEncode ¶
func (key *RSAPublicKey) EncryptAndEncode(msg []byte) (string, error)
EncryptAndEncode will encrypt the provided message using this PublicKey and then base-64 encode it.