Documentation ¶
Index ¶
- Variables
- func KeyCanPerformAlgorithm(key jwk.Key, alg string) bool
- func KeyCanPerformOperation(key jwk.Key, op jwk.KeyOperation) bool
- type Feature
- type GetKeyFn
- type Key
- type LocalCryptoBaseComponent
- func (k LocalCryptoBaseComponent) Decrypt(parentCtx context.Context, ciphertext []byte, algorithm string, keyName string, ...) (plaintext []byte, err error)
- func (k LocalCryptoBaseComponent) Encrypt(parentCtx context.Context, plaintext []byte, algorithm string, keyName string, ...) (ciphertext []byte, tag []byte, err error)
- func (k LocalCryptoBaseComponent) GetKey(parentCtx context.Context, key string) (pubKey jwk.Key, err error)
- func (k LocalCryptoBaseComponent) Sign(parentCtx context.Context, digest []byte, algorithm string, keyName string) (signature []byte, err error)
- func (k LocalCryptoBaseComponent) SupportedEncryptionAlgorithms() []string
- func (k LocalCryptoBaseComponent) SupportedSignatureAlgorithms() []string
- func (k LocalCryptoBaseComponent) UnwrapKey(parentCtx context.Context, wrappedKey []byte, algorithm string, keyName string, ...) (plaintextKey jwk.Key, err error)
- func (k LocalCryptoBaseComponent) Verify(parentCtx context.Context, digest []byte, signature []byte, algorithm string, ...) (valid bool, err error)
- func (k LocalCryptoBaseComponent) WrapKey(parentCtx context.Context, plaintextKey jwk.Key, algorithm string, ...) (wrappedKey []byte, tag []byte, err error)
- type Metadata
- type PubKeyCache
- type SubtleCrypto
- type SubtleCryptoAlgorithms
Constants ¶
This section is empty.
Variables ¶
var ErrKeyNotFound = errors.New("key not found")
ErrKeyNotFound is returned when the key could not be found.
Functions ¶
func KeyCanPerformAlgorithm ¶
KeyCanPerformAlgorithm returns true if the key can be used with a specific algorithm.
func KeyCanPerformOperation ¶
func KeyCanPerformOperation(key jwk.Key, op jwk.KeyOperation) bool
KeyCanPerformOperation returns true if the key can be used to perform a specific operation.
Types ¶
type Feature ¶
type Feature = features.Feature[SubtleCrypto]
Feature names a feature that can be implemented by the crypto provider components.
type GetKeyFn ¶
type GetKeyFn = func(ctx context.Context, key string) func(resolve func(jwk.Key), reject func(error))
GetKeyFn is the type of the getKeyFn function used by the PubKeyCache.
type Key ¶
Key extends jwk.Key adding optional properties for determining if the key is valid (time bounds) or can be used for certain purposes.
func (Key) CanPerformOperation ¶
func (k Key) CanPerformOperation(op jwk.KeyOperation) bool
CanPerformOperation returns true if the key can be used to perform a specific operation.
func (Key) MarshalJSON ¶ added in v1.12.0
MarshalJSON implements the json.Marshaler interface
type LocalCryptoBaseComponent ¶
type LocalCryptoBaseComponent struct { // RetrieveKeyFn is the function used to retrieve a key, and must be passed by concrete implementations RetrieveKeyFn func(parentCtx context.Context, key string) (jwk.Key, error) }
LocalCryptoBaseComponent is an "abstract" component that performs cryptographic operations locally in the Dapr runtime. Concrete implementations build on top of this component and just need to provide retrieveKeyFromSecret. Examples of components that build on top of this: crypto.kubernetes.secrets, crypto.jwks
func (LocalCryptoBaseComponent) SupportedEncryptionAlgorithms ¶
func (k LocalCryptoBaseComponent) SupportedEncryptionAlgorithms() []string
func (LocalCryptoBaseComponent) SupportedSignatureAlgorithms ¶
func (k LocalCryptoBaseComponent) SupportedSignatureAlgorithms() []string
type PubKeyCache ¶
type PubKeyCache struct {
// contains filtered or unexported fields
}
PubKeyCache implements GetKey with a local cache. We use promises for cache entries so that multiple callers getting the same key at the same time (where the key is not in the cache yet), will result in only a single key fetch. Each cache item uses a context pool so that a key fetch call will only be cancelled once all callers have cancelled their context.
func NewPubKeyCache ¶
func NewPubKeyCache(getKeyFn GetKeyFn) *PubKeyCache
NewPubKeyCache returns a new PubKeyCache object
type SubtleCrypto ¶
type SubtleCrypto interface { metadata.ComponentWithMetadata SubtleCryptoAlgorithms // Init the component. Init(ctx context.Context, metadata Metadata) error // GetKey returns the public part of a key stored in the vault. // This method returns an error if the key is symmetric. GetKey(ctx context.Context, keyName string, ) ( pubKey jwk.Key, err error, ) // Encrypt a small message and returns the ciphertext. Encrypt(ctx context.Context, plaintext []byte, algorithm string, keyName string, nonce []byte, associatedData []byte, ) ( ciphertext []byte, tag []byte, err error, ) // Decrypt a small message and returns the plaintext. Decrypt(ctx context.Context, ciphertext []byte, algorithm string, keyName string, nonce []byte, tag []byte, associatedData []byte, ) ( plaintext []byte, err error, ) // WrapKey wraps a key. WrapKey(ctx context.Context, plaintextKey jwk.Key, algorithm string, keyName string, nonce []byte, associatedData []byte, ) ( wrappedKey []byte, tag []byte, err error, ) // UnwrapKey unwraps a key. // The consumer needs to unserialize the key in the correct format. UnwrapKey(ctx context.Context, wrappedKey []byte, algorithm string, keyName string, nonce []byte, tag []byte, associatedData []byte, ) ( plaintextKey jwk.Key, err error, ) // Sign a digest. Sign(ctx context.Context, digest []byte, algorithm string, keyName string, ) ( signature []byte, err error, ) // Verify a signature. Verify(ctx context.Context, digest []byte, signature []byte, algorithm string, keyName string, ) ( valid bool, err error, ) }
SubtleCrypto offers an interface to perform low-level ("subtle") cryptographic operations with keys stored in a vault.
type SubtleCryptoAlgorithms ¶
type SubtleCryptoAlgorithms interface { SupportedEncryptionAlgorithms() []string SupportedSignatureAlgorithms() []string }
SubtleCryptoAlgorithms is an extension to SubtleCrypto that includes methods to return information on the supported algorithms.