Documentation
¶
Index ¶
- Constants
- func RegisterKeyManagerCreator(encryptorID string, keyMangerCreateFunc KeyManagerCreateFunc)
- type CreateKeyMetadata
- type Encryptor
- type KeyEncryptor
- type KeyMaking
- type KeyMakingWrapper
- func (k KeyMakingWrapper) GenerateClientIDSymmetricKey(id []byte) error
- func (k KeyMakingWrapper) GenerateDataEncryptionKeys(clientID []byte) error
- func (k KeyMakingWrapper) GenerateHmacKey(clientID []byte) error
- func (k KeyMakingWrapper) GenerateLogKey() error
- func (k KeyMakingWrapper) GeneratePoisonKeyPair() error
- func (k KeyMakingWrapper) GeneratePoisonSymmetricKey() error
- type KeyManager
- type KeyManagerCreateFunc
- type KeyMapper
- type KeyMetadata
Constants ¶
const ( AcraClientKeyDescription = "" /* 133-byte string literal not displayed */ AcraPoisonKeyDescription = "Acra common key encryption key, used for encryption/decryption poison symmetric/private keys" AcraAuditLogKeyDescription = "Acra common key encryption key, used for encryption/decryption audit log key" )
KMS kek descriptions
Variables ¶
This section is empty.
Functions ¶
func RegisterKeyManagerCreator ¶
func RegisterKeyManagerCreator(encryptorID string, keyMangerCreateFunc KeyManagerCreateFunc)
RegisterKeyManagerCreator add new kms KeyManager to registry
Types ¶
type CreateKeyMetadata ¶
CreateKeyMetadata represent common structure for creating KMS key
type Encryptor ¶
type Encryptor interface {
Encrypt(ctx context.Context, keyID []byte, data []byte, context []byte) ([]byte, error)
Decrypt(ctx context.Context, keyID []byte, data []byte, context []byte) ([]byte, error)
}
Encryptor is main kms encryptor interface
type KeyEncryptor ¶
type KeyEncryptor struct {
// contains filtered or unexported fields
}
KeyEncryptor implementation of KMS keystore.KeyEncryptor
func NewKeyEncryptor ¶
func NewKeyEncryptor(kmsEncryptor Encryptor, keyMapper KeyMapper) *KeyEncryptor
NewKeyEncryptor create new KeyEncryptor
func (*KeyEncryptor) Decrypt ¶
func (encryptor *KeyEncryptor) Decrypt(ctx context.Context, key []byte, keyContext keystore.KeyContext) ([]byte, error)
Decrypt return decrypted key using KMS encryptor and context.
func (*KeyEncryptor) Encrypt ¶
func (encryptor *KeyEncryptor) Encrypt(ctx context.Context, key []byte, keyContext keystore.KeyContext) ([]byte, error)
Encrypt return encrypted key using KMS encryptor and context.
type KeyMaking ¶
type KeyMaking interface {
keystore.KeyMaking
keystore.PoisonKeyStorageAndGenerator
}
KeyMaking interface used by KMS wrapper for generating keys
type KeyMakingWrapper ¶
type KeyMakingWrapper struct {
KeyMaking
// contains filtered or unexported fields
}
KeyMakingWrapper wrap keystore.KeyMaking implementation with KMS key creation at start
func NewKeyMakingWrapper ¶
func NewKeyMakingWrapper(keyMaking KeyMaking, manager KeyManager, keyMapper KeyMapper) KeyMakingWrapper
NewKeyMakingWrapper create new KeyMakingWrapper
func (KeyMakingWrapper) GenerateClientIDSymmetricKey ¶
func (k KeyMakingWrapper) GenerateClientIDSymmetricKey(id []byte) error
GenerateClientIDSymmetricKey wrap GenerateClientIDSymmetricKey with KMS key creation at start
func (KeyMakingWrapper) GenerateDataEncryptionKeys ¶
func (k KeyMakingWrapper) GenerateDataEncryptionKeys(clientID []byte) error
GenerateDataEncryptionKeys wrap GenerateDataEncryptionKeys with KMS key creation at start
func (KeyMakingWrapper) GenerateHmacKey ¶
func (k KeyMakingWrapper) GenerateHmacKey(clientID []byte) error
GenerateHmacKey wrap GenerateHmacKey with KMS key creation at start
func (KeyMakingWrapper) GenerateLogKey ¶
func (k KeyMakingWrapper) GenerateLogKey() error
GenerateLogKey wrap GenerateLogKey with KMS key creation at start
func (KeyMakingWrapper) GeneratePoisonKeyPair ¶
func (k KeyMakingWrapper) GeneratePoisonKeyPair() error
GeneratePoisonKeyPair wrap GeneratePoisonKeyPair with KMS key creation at start
func (KeyMakingWrapper) GeneratePoisonSymmetricKey ¶
func (k KeyMakingWrapper) GeneratePoisonSymmetricKey() error
GeneratePoisonSymmetricKey wrap GeneratePoisonSymmetricKey with KMS key creation at start
type KeyManager ¶
type KeyManager interface {
Encryptor
ID() string
CreateKey(ctx context.Context, metaData CreateKeyMetadata) (*KeyMetadata, error)
IsKeyExist(ctx context.Context, keyID string) (bool, error)
}
KeyManager is main kms interface
type KeyManagerCreateFunc ¶
type KeyManagerCreateFunc func(credentialPath string) (KeyManager, error)
KeyManagerCreateFunc generic function for creating KeyManager
func GetKeyManagerCreator ¶
func GetKeyManagerCreator(encryptorID string) (KeyManagerCreateFunc, bool)
GetKeyManagerCreator return KeyManagerCreateFunc by its ID from registry
type KeyMapper ¶
type KeyMapper interface {
GetKeyID(ctx keystore.KeyContext) ([]byte, error)
}
KeyMapper represent interface for converting keystore.KeyContext to keyID
type KeyMetadata ¶
type KeyMetadata struct {
KeyID string
}
KeyMetadata represent structure that store key creation result
Source Files