Documentation ¶
Overview ¶
Package azure implement the interface with microsoft azure kms service
Package azure contains utilities related to Microsoft Azure KMS.
Index ¶
- Constants
- func ValidReference(ref string) error
- type SignerVerifier
- func (a *SignerVerifier) CreateKey(ctx context.Context, algorithm string) (crypto.PublicKey, error)
- func (a *SignerVerifier) CryptoSigner(ctx context.Context, errFunc func(error)) (crypto.Signer, crypto.SignerOpts, error)
- func (*SignerVerifier) DefaultAlgorithm() string
- func (a *SignerVerifier) PublicKey(_ ...signature.PublicKeyOption) (crypto.PublicKey, error)
- func (a *SignerVerifier) SignMessage(message io.Reader, opts ...signature.SignOption) ([]byte, error)
- func (*SignerVerifier) SupportedAlgorithms() []string
- func (a *SignerVerifier) VerifySignature(sig, message io.Reader, opts ...signature.VerifyOption) error
Constants ¶
const (
AlgorithmES256 = "ES256"
)
const (
// ReferenceScheme schemes for various KMS services are copied from https://github.com/google/go-cloud/tree/master/secrets
ReferenceScheme = "azurekms://"
)
Variables ¶
This section is empty.
Functions ¶
func ValidReference ¶
ValidReference returns a non-nil error if the reference string is invalid
Types ¶
type SignerVerifier ¶
type SignerVerifier struct {
// contains filtered or unexported fields
}
SignerVerifier creates and verifies digital signatures over a message using Azure KMS service
func LoadSignerVerifier ¶
func LoadSignerVerifier(defaultCtx context.Context, referenceStr string, hashFunc crypto.Hash) (*SignerVerifier, error)
LoadSignerVerifier generates signatures using the specified key object in GCP KMS and hash algorithm.
It also can verify signatures locally using the public key. hashFunc must not be crypto.Hash(0).
func (*SignerVerifier) CreateKey ¶
CreateKey attempts to create a new key in Vault with the specified algorithm.
func (*SignerVerifier) CryptoSigner ¶
func (a *SignerVerifier) CryptoSigner(ctx context.Context, errFunc func(error)) (crypto.Signer, crypto.SignerOpts, error)
CryptoSigner returns a crypto.Signer object that uses the underlying SignerVerifier, along with a crypto.SignerOpts object that allows the KMS to be used in APIs that only accept the standard golang objects
func (*SignerVerifier) DefaultAlgorithm ¶
func (*SignerVerifier) DefaultAlgorithm() string
DefaultAlgorithm returns the default algorithm for the Azure KMS service
func (*SignerVerifier) PublicKey ¶
func (a *SignerVerifier) PublicKey(_ ...signature.PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. All options provided in arguments to this method are ignored.
func (*SignerVerifier) SignMessage ¶
func (a *SignerVerifier) SignMessage(message io.Reader, opts ...signature.SignOption) ([]byte, error)
SignMessage signs the provided message using GCP KMS. If the message is provided, this method will compute the digest according to the hash function specified when the Signer was created.
SignMessage recognizes the following Options listed in order of preference:
- WithContext()
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.
func (*SignerVerifier) SupportedAlgorithms ¶
func (*SignerVerifier) SupportedAlgorithms() []string
SupportedAlgorithms returns the list of algorithms supported by the Azure KMS service
func (*SignerVerifier) VerifySignature ¶
func (a *SignerVerifier) VerifySignature(sig, message io.Reader, opts ...signature.VerifyOption) error
VerifySignature verifies the signature for the given message. Unless provided in an option, the digest of the message will be computed using the hash function specified when the SignerVerifier was created.
This function returns nil if the verification succeeded, and an error message otherwise.
This function recognizes the following Options listed in order of preference:
- WithDigest()
All other options are ignored if specified.