awssigner

Documentation

Index

• Variables
• type KMS
  • func NewKMS(client *kms.Client, kmsKeyID string) (*KMS, error)
  • func (sv *KMS) Algorithm() jwa.KeyAlgorithm
  • func (sv *KMS) GetPublicKey() (crypto.PublicKey, error)
  • func (sv *KMS) Public() crypto.PublicKey
  • func (sv *KMS) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Variables

var (
	ErrInvalidKeyAlgorithm = fmt.Errorf("invalid key algorithm")
	ErrInvalidKeyID        = fmt.Errorf("invalid key ID")
)

Types

type KMS

type KMS struct {
	// contains filtered or unexported fields
}

KMS is a crypto.Signer that uses an AWS KMS key for signing.

func NewKMS

func NewKMS(client *kms.Client, kmsKeyID string) (*KMS, error)

The key ID is the unique identifier of the KMS key or key alias.

func (*KMS) Algorithm

func (sv *KMS) Algorithm() jwa.KeyAlgorithm

Algorithm returns the equivalent of the KMS key's signing algorithm as a JWA key algorithm.

func (*KMS) GetPublicKey

func (sv *KMS) GetPublicKey() (crypto.PublicKey, error)

GetPublicKey is an escape hatch for those cases where the user needs to debug what went wrong during the GetPublicKey operation.

func (*KMS) Public

func (sv *KMS) Public() crypto.PublicKey

Public returns the corresponding public key.

NOTE: Because the crypto.Signer API does not allow for an error to be returned, the return value from this function cannot describe what kind of error occurred.

func (*KMS) Sign

func (sv *KMS) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign generates a signature from the given digest.