encryption

package
v1.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2022 License: Apache-2.0 Imports: 25 Imported by: 22

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckAuthorization

func CheckAuthorization(ctx context.Context, cs content.Store, desc ocispec.Descriptor, dc *encconfig.DecryptConfig) error

CheckAuthorization checks whether a user has the right keys to be allowed to access an image (every layer) It takes decrypting of the layers only as far as decrypting the asymmetrically encrypted data The decryption is only done for the current platform

func DecryptImage

DecryptImage decrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest

func DecryptLayer

func DecryptLayer(dc *encconfig.DecryptConfig, dataReader io.Reader, desc ocispec.Descriptor, unwrapOnly bool) (ocispec.Descriptor, io.Reader, digest.Digest, error)

DecryptLayer decrypts the layer using the DecryptConfig and creates a new OCI Descriptor. The caller is expected to store the returned plain data and OCI Descriptor

func EncryptImage

EncryptImage encrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest

func GetImageDecryptConverter added in v1.1.2

func GetImageDecryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc

GetImageDecryptConverter returns a converter function for image decryption

func GetImageEncryptConverter added in v1.1.2

func GetImageEncryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc

GetImageEncryptConverter returns a converter function for image encryption

func HasEncryptedLayer

func HasEncryptedLayer(ctx context.Context, layerInfos []ocispec.Descriptor) bool

HasEncryptedLayer returns true if any LayerInfo indicates that the layer is encrypted

func IsEncryptedDiff

func IsEncryptedDiff(ctx context.Context, mediaType string) bool

IsEncryptedDiff returns true if mediaType is a known encrypted media type.

func WithAuthorizationCheck

func WithAuthorizationCheck(dc *encconfig.DecryptConfig) containerd.NewContainerOpts

WithAuthorizationCheck checks the authorization of keys used for encrypted containers be checked upon creation of a container

func WithDecryptedUnpack

func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt

WithDecryptedUnpack allows to pass parameters the 'layertool' needs to the applier

func WithUnpackConfigApplyOpts

func WithUnpackConfigApplyOpts(opt diff.ApplyOpt) containerd.UnpackOpt

WithUnpackConfigApplyOpts allows to pass an ApplyOpt

func WithUnpackOpts

func WithUnpackOpts(opts []containerd.UnpackOpt) containerd.RemoteOpt

WithUnpackOpts is used to add unpack options to the unpacker.

Types

type LayerFilter

type LayerFilter func(desc ocispec.Descriptor) bool

LayerFilter allows to select Layers by certain criteria

Directories

Path Synopsis
Package parsehelpers provides parse helpers for CLI applications.
Package parsehelpers provides parse helpers for CLI applications.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL