Documentation ¶
Index ¶
- Variables
- func GeneratePrivateKeyAndCert(keySize int, validFor time.Duration, cn string) (*rsa.PrivateKey, *x509.Certificate, error)
- func HybridDecrypt(rnd io.Reader, privKeys map[string]*rsa.PrivateKey, ciphertext, label []byte) ([]byte, error)
- func HybridEncrypt(rnd io.Reader, pubKey *rsa.PublicKey, plaintext, label []byte) ([]byte, error)
- func PublicKeyFingerprint(rp *rsa.PublicKey) (string, error)
- func SignKey(r io.Reader, key *rsa.PrivateKey, validFor time.Duration, cn string) (*x509.Certificate, error)
- func SignKeyWithNotBefore(r io.Reader, key *rsa.PrivateKey, notBefore time.Time, validFor time.Duration, ...) (*x509.Certificate, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrTooShort = errors.New("SealedSecret data is too short")
ErrTooShort indicates the provided data is too short to be valid.
Functions ¶
func GeneratePrivateKeyAndCert ¶ added in v0.9.2
func GeneratePrivateKeyAndCert(keySize int, validFor time.Duration, cn string) (*rsa.PrivateKey, *x509.Certificate, error)
GeneratePrivateKeyAndCert generates a keypair and signed certificate.
func HybridDecrypt ¶
func HybridDecrypt(rnd io.Reader, privKeys map[string]*rsa.PrivateKey, ciphertext, label []byte) ([]byte, error)
HybridDecrypt performs a regular AES-GCM + RSA-OAEP decryption. The private keys map has a fingerprint of each public key as the map key.
func HybridEncrypt ¶
HybridEncrypt performs a regular AES-GCM + RSA-OAEP encryption. The output byte string is:
RSA ciphertext length || RSA ciphertext || AES ciphertext
func PublicKeyFingerprint ¶ added in v0.8.2
PublicKeyFingerprint returns a fingerprint for a public key.
func SignKey ¶ added in v0.9.2
func SignKey(r io.Reader, key *rsa.PrivateKey, validFor time.Duration, cn string) (*x509.Certificate, error)
SignKey returns a signed certificate.
func SignKeyWithNotBefore ¶ added in v0.20.3
func SignKeyWithNotBefore(r io.Reader, key *rsa.PrivateKey, notBefore time.Time, validFor time.Duration, cn string) (*x509.Certificate, error)
SignKeyWithNotBefore returns a signed certificate with custom notBefore.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.