The highest tagged major version is v2.

encryption

package

v1.1.11 Latest Latest Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 25 Imported by: 22

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containerd/imgcrypt

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckAuthorization(ctx context.Context, cs content.Store, desc ocispec.Descriptor, ...) error
func DecryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, ...) (ocispec.Descriptor, bool, error)
func DecryptLayer(dc *encconfig.DecryptConfig, dataReader io.Reader, desc ocispec.Descriptor, ...) (ocispec.Descriptor, io.Reader, digest.Digest, error)
func EncryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, ...) (ocispec.Descriptor, bool, error)
func GetImageDecryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc
func GetImageEncryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc
func HasEncryptedLayer(ctx context.Context, layerInfos []ocispec.Descriptor) bool
func IsEncryptedDiff(_ context.Context, mediaType string) bool
func WithAuthorizationCheck(dc *encconfig.DecryptConfig) containerd.NewContainerOpts
func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt
func WithUnpackConfigApplyOpts(opt diff.ApplyOpt) containerd.UnpackOpt
func WithUnpackOpts(opts []containerd.UnpackOpt) containerd.RemoteOpt
type LayerFilter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckAuthorization ¶

func CheckAuthorization(ctx context.Context, cs content.Store, desc ocispec.Descriptor, dc *encconfig.DecryptConfig) error

CheckAuthorization checks whether a user has the right keys to be allowed to access an image (every layer) It takes decrypting of the layers only as far as decrypting the asymmetrically encrypted data The decryption is only done for the current platform

func DecryptImage ¶

func DecryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, cc *encconfig.CryptoConfig, lf LayerFilter) (ocispec.Descriptor, bool, error)

DecryptImage decrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest

func DecryptLayer ¶

func DecryptLayer(dc *encconfig.DecryptConfig, dataReader io.Reader, desc ocispec.Descriptor, unwrapOnly bool) (ocispec.Descriptor, io.Reader, digest.Digest, error)

DecryptLayer decrypts the layer using the DecryptConfig and creates a new OCI Descriptor. The caller is expected to store the returned plain data and OCI Descriptor

func EncryptImage ¶

func EncryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, cc *encconfig.CryptoConfig, lf LayerFilter) (ocispec.Descriptor, bool, error)

EncryptImage encrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest

func GetImageDecryptConverter ¶ added in v1.1.2

func GetImageDecryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc

GetImageDecryptConverter returns a converter function for image decryption

func GetImageEncryptConverter ¶ added in v1.1.2

func GetImageEncryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc

GetImageEncryptConverter returns a converter function for image encryption

func HasEncryptedLayer ¶

func HasEncryptedLayer(ctx context.Context, layerInfos []ocispec.Descriptor) bool

HasEncryptedLayer returns true if any LayerInfo indicates that the layer is encrypted

func IsEncryptedDiff ¶

func IsEncryptedDiff(_ context.Context, mediaType string) bool

IsEncryptedDiff returns true if mediaType is a known encrypted media type.

func WithAuthorizationCheck ¶

func WithAuthorizationCheck(dc *encconfig.DecryptConfig) containerd.NewContainerOpts

WithAuthorizationCheck checks the authorization of keys used for encrypted containers be checked upon creation of a container

func WithDecryptedUnpack ¶

func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt

WithDecryptedUnpack allows to pass parameters the 'layertool' needs to the applier

func WithUnpackConfigApplyOpts ¶

func WithUnpackConfigApplyOpts(opt diff.ApplyOpt) containerd.UnpackOpt

WithUnpackConfigApplyOpts allows to pass an ApplyOpt

func WithUnpackOpts ¶

func WithUnpackOpts(opts []containerd.UnpackOpt) containerd.RemoteOpt

WithUnpackOpts is used to add unpack options to the unpacker.

Types ¶

type LayerFilter func(desc ocispec.Descriptor) bool

LayerFilter allows to select Layers by certain criteria

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
parsehelpers Package parsehelpers provides parse helpers for CLI applications.	Package parsehelpers provides parse helpers for CLI applications.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL