Documentation ¶
Index ¶
- Constants
- type Config
- type CryptoProvider
- type ECKeyPair
- type Error
- type HSMConfig
- type HSMSession
- func (h *HSMSession) Close()
- func (h *HSMSession) ECPublicKey(string) (string, error)
- func (h *HSMSession) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)
- func (h *HSMSession) GenerateNanoTDFSessionKey(privateKeyHandle PrivateKeyEC, ephemeralPublicKey []byte) ([]byte, error)
- func (h *HSMSession) GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte) ([]byte, error)
- func (h *HSMSession) LoadECKey(info KeyInfo) (*ECKeyPair, error)
- func (h *HSMSession) LoadRSAKey(info KeyInfo) (*RSAKeyPair, error)
- func (h *HSMSession) RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error)
- func (h *HSMSession) RSAPublicKey(keyID string) (string, error)
- func (h *HSMSession) RSAPublicKeyAsJSON(keyID string) (string, error)
- type KeyInfo
- type PrivateKeyEC
- type PrivateKeyRSA
- type RSAKeyPair
- type StandardConfig
- type StandardCrypto
- func (s StandardCrypto) Close()
- func (s StandardCrypto) ECPublicKey(string) (string, error)
- func (s StandardCrypto) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)
- func (s StandardCrypto) GenerateNanoTDFSessionKey(PrivateKeyEC, []byte) ([]byte, error)
- func (s StandardCrypto) GenerateNanoTDFSymmetricKey([]byte) ([]byte, error)
- func (s StandardCrypto) RSADecrypt(_ crypto.Hash, keyID string, _ string, ciphertext []byte) ([]byte, error)
- func (s StandardCrypto) RSAPublicKey(keyID string) (string, error)
- func (s StandardCrypto) RSAPublicKeyAsJSON(keyID string) (string, error)
- type StandardECCrypto
- type StandardKeyInfo
- type StandardRSACrypto
Constants ¶
View Source
const ( ErrCertNotFound = Error("not found") ErrCertificateEncode = Error("certificate encode error") ErrPublicKeyMarshal = Error("public key marshal error") ErrHSMUnexpected = Error("hsm unexpected") ErrHSMDecrypt = Error("hsm decrypt error") ErrHSMNotFound = Error("hsm unavailable") ErrKeyConfig = Error("key configuration error") ErrUnknownHashFunction = Error("unknown hash function") )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Type string `yaml:"type" default:"standard"` // HSMConfig is the configuration for the HSM HSMConfig HSMConfig `yaml:"hsm,omitempty" mapstructure:"hsm"` // StandardConfig is the configuration for the standard key provider StandardConfig StandardConfig `yaml:"standard,omitempty" mapstructure:"standard"` }
type CryptoProvider ¶
type CryptoProvider interface { RSAPublicKey(keyID string) (string, error) RSAPublicKeyAsJSON(keyID string) (string, error) RSADecrypt(hash crypto.Hash, keyID string, keyLabel string, ciphertext []byte) ([]byte, error) ECPublicKey(keyID string) (string, error) GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte) ([]byte, error) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error) GenerateNanoTDFSessionKey(privateKeyHandle PrivateKeyEC, ephemeralPublicKey []byte) ([]byte, error) Close() }
func NewCryptoProvider ¶
func NewCryptoProvider(cfg Config) (CryptoProvider, error)
type ECKeyPair ¶
type ECKeyPair struct { PrivateKey PrivateKeyEC *ecdsa.PublicKey *x509.Certificate }
type HSMConfig ¶
type HSMSession ¶
type HSMSession struct { RSA *RSAKeyPair EC *ECKeyPair // contains filtered or unexported fields }
A session with a security module; useful for abstracting basic cryptographic operations.
HSM Session HAS-A PKCS11 Context HSM Session HAS-A login for a given USER TYPE to a single SLOT When you start this application, you assign a slot and user to the associated security module.
func New ¶
func New(c *HSMConfig) (*HSMSession, error)
func (*HSMSession) Close ¶
func (h *HSMSession) Close()
func (*HSMSession) ECPublicKey ¶
func (h *HSMSession) ECPublicKey(string) (string, error)
func (*HSMSession) GenerateEphemeralKasKeys ¶
func (h *HSMSession) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)
func (*HSMSession) GenerateNanoTDFSessionKey ¶
func (h *HSMSession) GenerateNanoTDFSessionKey( privateKeyHandle PrivateKeyEC, ephemeralPublicKey []byte, ) ([]byte, error)
func (*HSMSession) GenerateNanoTDFSymmetricKey ¶
func (h *HSMSession) GenerateNanoTDFSymmetricKey(ephemeralPublicKeyBytes []byte) ([]byte, error)
func (*HSMSession) LoadRSAKey ¶
func (h *HSMSession) LoadRSAKey(info KeyInfo) (*RSAKeyPair, error)
func (*HSMSession) RSADecrypt ¶
func (*HSMSession) RSAPublicKey ¶
func (h *HSMSession) RSAPublicKey(keyID string) (string, error)
func (*HSMSession) RSAPublicKeyAsJSON ¶
func (h *HSMSession) RSAPublicKeyAsJSON(keyID string) (string, error)
type PrivateKeyEC ¶
type PrivateKeyEC pkcs11.ObjectHandle
type PrivateKeyRSA ¶
type PrivateKeyRSA pkcs11.ObjectHandle
type RSAKeyPair ¶
type RSAKeyPair struct { PrivateKey PrivateKeyRSA *rsa.PublicKey *x509.Certificate }
type StandardConfig ¶
type StandardConfig struct { RSAKeys map[string]StandardKeyInfo `yaml:"rsa,omitempty" mapstructure:"rsa"` ECKeys map[string]StandardKeyInfo `yaml:"ec,omitempty" mapstructure:"ec"` }
type StandardCrypto ¶
type StandardCrypto struct {
// contains filtered or unexported fields
}
func NewStandardCrypto ¶
func NewStandardCrypto(cfg StandardConfig) (*StandardCrypto, error)
NewStandardCrypto Create a new instance of standard crypto
func (StandardCrypto) Close ¶
func (s StandardCrypto) Close()
func (StandardCrypto) ECPublicKey ¶
func (s StandardCrypto) ECPublicKey(string) (string, error)
func (StandardCrypto) GenerateEphemeralKasKeys ¶
func (s StandardCrypto) GenerateEphemeralKasKeys() (PrivateKeyEC, []byte, error)
func (StandardCrypto) GenerateNanoTDFSessionKey ¶
func (s StandardCrypto) GenerateNanoTDFSessionKey(PrivateKeyEC, []byte) ([]byte, error)
func (StandardCrypto) GenerateNanoTDFSymmetricKey ¶
func (s StandardCrypto) GenerateNanoTDFSymmetricKey([]byte) ([]byte, error)
func (StandardCrypto) RSADecrypt ¶
func (StandardCrypto) RSAPublicKey ¶
func (s StandardCrypto) RSAPublicKey(keyID string) (string, error)
func (StandardCrypto) RSAPublicKeyAsJSON ¶
func (s StandardCrypto) RSAPublicKeyAsJSON(keyID string) (string, error)
type StandardECCrypto ¶
type StandardECCrypto struct {
Identifier string
}
type StandardKeyInfo ¶
type StandardRSACrypto ¶
type StandardRSACrypto struct { Identifier string // contains filtered or unexported fields }
Click to show internal directories.
Click to hide internal directories.