crypto

package
v0.27.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2024 License: Apache-2.0 Imports: 14 Imported by: 9

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrTooShort = errors.New("SealedSecret data is too short")

ErrTooShort indicates the provided data is too short to be valid.

Functions

func GeneratePrivateKeyAndCert added in v0.9.2

func GeneratePrivateKeyAndCert(keySize int, validFor time.Duration, cn string) (*rsa.PrivateKey, *x509.Certificate, error)

GeneratePrivateKeyAndCert generates a keypair and signed certificate.

func HybridDecrypt

func HybridDecrypt(rnd io.Reader, privKeys map[string]*rsa.PrivateKey, ciphertext, label []byte) ([]byte, error)

HybridDecrypt performs a regular AES-GCM + RSA-OAEP decryption. The private keys map has a fingerprint of each public key as the map key.

func HybridEncrypt

func HybridEncrypt(rnd io.Reader, pubKey *rsa.PublicKey, plaintext, label []byte) ([]byte, error)

HybridEncrypt performs a regular AES-GCM + RSA-OAEP encryption. The output byte string is:

RSA ciphertext length || RSA ciphertext || AES ciphertext

func PublicKeyFingerprint added in v0.8.2

func PublicKeyFingerprint(rp *rsa.PublicKey) (string, error)

PublicKeyFingerprint returns a fingerprint for a public key.

func SignKey added in v0.9.2

func SignKey(r io.Reader, key *rsa.PrivateKey, validFor time.Duration, cn string) (*x509.Certificate, error)

SignKey returns a signed certificate.

func SignKeyWithNotBefore added in v0.20.3

func SignKeyWithNotBefore(r io.Reader, key *rsa.PrivateKey, notBefore time.Time, validFor time.Duration, cn string) (*x509.Certificate, error)

SignKeyWithNotBefore returns a signed certificate with custom notBefore.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL