cloudkms

package module

v0.1.2 Latest Latest Go to latest Published: Apr 12, 2019 License: MIT Imports: 9 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/atotto/cloudkms

Links

Open Source Insights

README ¶

cloudkms

cloud kms signer

example:

	ctx := context.Background()

	client, err := kms.NewKeyManagementClient(ctx)
	if err != nil {
		log.Fatal(err)
	}

	signer, err := cloudkms.NewSigner(client, "projects/<project>/locations/<location>/keyRings/<keyRing>/cryptoKeys/<key>/cryptoKeyVersions/<version>")
	if err != nil {
		log.Fatal(err)
	}

	rootCa := &x509.Certificate{
		SerialNumber: big.NewInt(1),
		// TODO: fill
	}

	data, _ := x509.CreateCertificate(rand.Reader, rootCa, rootCa, signer.Public(), signer)
	cert, _ := x509.ParseCertificate(data)

	// Sign
	msg := "hello, world"
	h := signer.HashFunc().New()
	h.Write([]byte(msg))
	digest := h.Sum(nil)
	signature, err := signer.Sign(rand.Reader, digest, crypto.SHA256)
	if err != nil {
		log.Fatal(err)
	}

	// Verify Signature
	if err := cert.CheckSignature(cert.SignatureAlgorithm, []byte(msg), signature); err != nil {
		log.Fatal(err)
	}

Documentation ¶

Overview ¶

Example ¶

package main

import (
	"context"
	"crypto/rand"
	"crypto/x509"
	"fmt"
	"log"
	"math/big"

	kms "cloud.google.com/go/kms/apiv1"
	"github.com/atotto/cloudkms"
)

func main() {
	ctx := context.Background()

	client, err := kms.NewKeyManagementClient(ctx)
	if err != nil {
		log.Fatal(err)
	}

	signer, err := cloudkms.NewSigner(client, "projects/<project>/locations/<location>/keyRings/<keyRing>/cryptoKeys/<key>/cryptoKeyVersions/<version>")
	if err != nil {
		log.Fatal(err)
	}

	rootCa := &x509.Certificate{
		SerialNumber: big.NewInt(1),
		// TODO: fill
	}

	data, _ := x509.CreateCertificate(rand.Reader, rootCa, rootCa, signer.Public(), signer)
	cert, _ := x509.ParseCertificate(data)

	// Sign
	msg := "hello, world"
	h := signer.HashFunc().New()
	h.Write([]byte(msg))
	digest := h.Sum(nil)
	signature, err := signer.Sign(rand.Reader, digest, nil)
	if err != nil {
		log.Fatal(err)
	}

	// Verify Signature
	if err := cert.CheckSignature(cert.SignatureAlgorithm, []byte(msg), signature); err != nil {
		log.Fatal(err)
	}

	fmt.Println("OK")
}

Output:

Index ¶

type Signer
- func NewSigner(client *kms.KeyManagementClient, keyPath string) (*Signer, error)

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer interface.

func NewSigner ¶

func NewSigner(client *kms.KeyManagementClient, keyPath string) (*Signer, error)

func (*Signer) HashFunc ¶ added in v0.1.1

func (s *Signer) HashFunc() crypto.Hash

func (*Signer) Public ¶

func (s *Signer) Public() crypto.PublicKey

func (*Signer) Sign ¶

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Source Files ¶

View all Source files

signer.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL