keypairs

package
v0.0.0-...-41e44c1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 23, 2024 License: BSD-3-Clause Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const MinimumRSABitLength int = 12

MinimumRSABitLength is the minimum allowed bit-length when generating RSA keys.

Variables

This section is empty.

Functions

func Delete

func Delete(cfg Configurable, keyName string) error

Delete will delete an unencrypted and encoded private key from the local config directory. The base filename (sans suffix) must be provided.

func DeleteWithDefaults

func DeleteWithDefaults(cfg Configurable) error

DeleteWithDefaults will call Delete with the default key name (i.e. constants.KeypairLocalFileName). The operation will fail when the key override is set (constants.PrivateKeyEnvVarName).

func FetchRaw

func FetchRaw(secretsClient *secretsapi.Client, cfg authentication.Configurable, auth *authentication.Auth) (*secretModels.Keypair, error)

FetchRaw fetchs the current user keypair or returns a failure.

func LocalKeyFilename

func LocalKeyFilename(configPath, keyName string) string

LocalKeyFilename returns the full filepath for the given key name

func Save

func Save(cfg Configurable, kp Keypair, keyName string) error

Save will save the unencrypted and encoded private key to a local config file. The filename will be the value of `keyName` and suffixed with `.key`.

func SaveEncodedKeypair

func SaveEncodedKeypair(cfg Configurable, secretsClient *secretsapi.Client, encKeypair *EncodedKeypair, auth *authentication.Auth) error

SaveEncodedKeypair stores an encoded Keypair back to the Secrets Service.

func SaveWithDefaults

func SaveWithDefaults(cfg Configurable, kp Keypair) error

SaveWithDefaults will call Save with the provided keypair and the default key name (i.e. constants.KeypairLocalFileName). The operation will fail when the key override is set (constants.PrivateKeyEnvVarName).

Types

type Configurable

type Configurable interface {
	ConfigPath() string
	Close() error
	Set(s string, i interface{}) error
	GetString(s string) string
	GetBool(s string) bool
}

type Decrypter

type Decrypter interface {
	// Decrypt will decrypt the provided ciphertext using the Keypair's private-key.
	Decrypt(ciphertext []byte) ([]byte, error)

	// DecodeAndDecrypt will first base64 decode the provided msg then it will decrypt the resulting ciphertext.
	DecodeAndDecrypt(value string) ([]byte, error)
}

Decrypter expects to Decrypt some ciphertext.

type EncodedKeypair

type EncodedKeypair struct {
	Keypair           Keypair
	EncodedPrivateKey string
	EncodedPublicKey  string
}

EncodedKeypair encapulates a Keypair instance and the base-64 encodings on the public and private key components of that Keypair. This is especially useful in the event the private-key has been encrypted with a passphrase.

func EncodeKeypair

func EncodeKeypair(keypair Keypair, passphrase string) (*EncodedKeypair, error)

EncodeKeypair returns an EncodedKeypair using the provided Keypair and secures the private-key with a passphrase.

func GenerateAndSaveEncodedKeypair

func GenerateAndSaveEncodedKeypair(cfg Configurable, secretsClient *secretsapi.Client, passphrase string, bits int, auth *authentication.Auth) (*EncodedKeypair, error)

GenerateAndSaveEncodedKeypair first Generates and then tries to Save an EncodedKeypair. This is equivalent to calling GenerateEncodedKeypair and then SaveEncodedKeypair. Upon success of both actions, the EncodedKeypair will be returned, otherwise a Failure is returned.

func GenerateEncodedKeypair

func GenerateEncodedKeypair(passphrase string, bits int) (*EncodedKeypair, error)

GenerateEncodedKeypair generates a new RSAKeypair, encrypts the private-key if a passphrase is provided, encodes the private and public keys, and returns they Keypair and encoded keys as an EncodedKeypair.

type Encrypter

type Encrypter interface {
	// Encrypt will encrypt the provided message using the Keypair's public-key.
	Encrypt(msg []byte) ([]byte, error)

	// EncryptAndEncode will encrypt the provided message then it will base64 encode that ciphertext.
	EncryptAndEncode(msg []byte) (string, error)
}

Encrypter expects to encrypt a message.

func FetchPublicKey

func FetchPublicKey(secretsClient *secretsapi.Client, user *mono_models.User, auth *authentication.Auth) (Encrypter, error)

FetchPublicKey fetchs the PublicKey for a sepcific user.

type ErrKeypairNotFound

type ErrKeypairNotFound struct{ *locale.LocalizedError }

type ErrKeypairPassphrase

type ErrKeypairPassphrase struct{ *locale.LocalizedError }

type Keypair

type Keypair interface {
	Encrypter
	Decrypter

	// EncodePrivateKey encodes the private-key for this key-pair to a human readable string.
	// Generally this will be encoded in some PEM format.
	EncodePrivateKey() string

	// EncryptAndEncodePrivateKey encodes the private-key for this key-pair to a human readable string.
	// Generally this will be encoded in some PEM format. First though, the private-key will be
	// encrypted using the provided passphrase.
	EncryptAndEncodePrivateKey(passphrase string) (string, error)

	// EncodePublicKey encodes the public-key for this keypair to a human readable string.
	// Generally this will be encoded in some PEM format.
	EncodePublicKey() (string, error)

	// MatchPublicKey determines if a provided public-key in PEM encoded format matches this Keypair's
	// public-key.
	MatchPublicKey(publicKeyPEM string) bool
}

Keypair provides behavior for working with public crypto key-pairs.

func Load

func Load(cfg Configurable, keyName string) (Keypair, error)

Load will attempt to load a Keypair using private and public-key files from the user's file system; specifically from the config dir. It is assumed that this keypair file has no passphrase, even if it is encrypted.

func LoadWithDefaults

func LoadWithDefaults(cfg Configurable) (Keypair, error)

LoadWithDefaults will call Load with the default key name (i.e. constants.KeypairLocalFileName). If the key override is set (constants.PrivateKeyEnvVarName), that value will be parsed directly.

type RSAKeypair

type RSAKeypair struct {
	*rsa.PrivateKey
}

RSAKeypair implements a Keypair around an RSA private-key.

func GenerateRSA

func GenerateRSA(bits int) (*RSAKeypair, error)

GenerateRSA will generate an RSAKeypair instance given a bit-length. The value for bits can be anything `>= MinimumRSABitLength`.

func ParseEncryptedRSA

func ParseEncryptedRSA(privateKeyPEM, passphrase string) (*RSAKeypair, error)

ParseEncryptedRSA will parse a PEM encoded RSAKeypair that is possibly encrypted with a passphrase. If the keypair is not encrypted, the parsing will proceed uninterrupted.

func ParseRSA

func ParseRSA(privateKeyPEM string) (*RSAKeypair, error)

ParseRSA will parse a PEM encoded RSAKeypair. If the keypair is encrypted, it is expected that the passphrase is empty.

func (*RSAKeypair) DecodeAndDecrypt

func (keypair *RSAKeypair) DecodeAndDecrypt(msg string) ([]byte, error)

DecodeAndDecrypt will base-64 decode the provided msg then decrypt the resulting ciphertext using the Keypair's private-key.

func (*RSAKeypair) Decrypt

func (keypair *RSAKeypair) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt will decrypt the provided ciphertext using the Keypair's private-key. This particular function will use SHA256 for the random oracle.

func (*RSAKeypair) EncodePrivateKey

func (keypair *RSAKeypair) EncodePrivateKey() string

EncodePrivateKey will encode this RSA private-key to a PEM string.

func (*RSAKeypair) EncodePublicKey

func (keypair *RSAKeypair) EncodePublicKey() (string, error)

EncodePublicKey will encode this RSA public-key to a PEM string.

func (*RSAKeypair) Encrypt

func (keypair *RSAKeypair) Encrypt(msg []byte) ([]byte, error)

Encrypt will encrypt the provided message using the Keypair's public-key. This particular function will use SHA256 for the random oracle.

func (*RSAKeypair) EncryptAndEncode

func (keypair *RSAKeypair) EncryptAndEncode(msg []byte) (string, error)

EncryptAndEncode will encrypt the provided message using the Keypair's public-key and then base-64 encode it.

func (*RSAKeypair) EncryptAndEncodePrivateKey

func (keypair *RSAKeypair) EncryptAndEncodePrivateKey(passphrase string) (string, error)

EncryptAndEncodePrivateKey will encrypt RSA private-key using the provided passphrase and then encode it to a PEM string.

func (*RSAKeypair) MatchPublicKey

func (keypair *RSAKeypair) MatchPublicKey(publicKeyPEM string) bool

MatchPublicKey determines if a provided public-key in PEM encoded format matches this Keypair's public-key.

type RSAPublicKey

type RSAPublicKey struct {
	*rsa.PublicKey
}

RSAPublicKey implements an Encrypter around an RSA public-key.

func ParseRSAPublicKey

func ParseRSAPublicKey(publicKeyPEM string) (*RSAPublicKey, error)

ParseRSAPublicKey will parse a PEM encoded RSAPublicKey

func (*RSAPublicKey) Encrypt

func (key *RSAPublicKey) Encrypt(msg []byte) ([]byte, error)

Encrypt will encrypt the provided message using this PublicKey. This particular function will use SHA256 for the random oracle.

func (*RSAPublicKey) EncryptAndEncode

func (key *RSAPublicKey) EncryptAndEncode(msg []byte) (string, error)

EncryptAndEncode will encrypt the provided message using this PublicKey and then base-64 encode it.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL