Documentation
¶
Index ¶
- Variables
- func CheckRootKeyIsEncrypted(pemBytes []byte) error
- func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)
- type CryptoService
- func (cs *CryptoService) AddKey(role, gun string, key data.PrivateKey) (err error)
- func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, error)
- func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) ExportKey(dest io.Writer, keyID, role string) error
- func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error
- func (cs *CryptoService) GetKey(keyID string) data.PublicKey
- func (cs *CryptoService) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error)
- func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)
- func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader, retriever passphrase.Retriever) error
- func (cs *CryptoService) ListAllKeys() map[string]string
- func (cs *CryptoService) ListKeys(role string) []string
- func (cs *CryptoService) RemoveKey(keyID string) (err error)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoValidPrivateKey is returned if a key being imported doesn't // look like a private key ErrNoValidPrivateKey = errors.New("no valid private key found") // ErrRootKeyNotEncrypted is returned if a root key being imported is // unencrypted ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported") // ErrNoKeysFoundForGUN is returned if no keys are found for the // specified GUN during export ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN") )
Functions ¶
func CheckRootKeyIsEncrypted ¶ added in v0.3.0
CheckRootKeyIsEncrypted makes sure the root key is encrypted. We have internal assumptions that depend on this.
func GenerateCertificate ¶
func GenerateCertificate(rootKey data.PrivateKey, gun string, startTime, endTime time.Time) (*x509.Certificate, error)
GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval
Types ¶
type CryptoService ¶
type CryptoService struct {
// contains filtered or unexported fields
}
CryptoService implements Sign and Create, holding a specific GUN and keystore to operate on
func NewCryptoService ¶
func NewCryptoService(keyStores ...trustmanager.KeyStore) *CryptoService
NewCryptoService returns an instance of CryptoService
func (*CryptoService) AddKey ¶ added in v0.3.0
func (cs *CryptoService) AddKey(role, gun string, key data.PrivateKey) (err error)
AddKey adds a private key to a specified role. The GUN is inferred from the cryptoservice itself for non-root roles
func (*CryptoService) Create ¶
func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, error)
Create is used to generate keys for targets, snapshots and timestamps
func (*CryptoService) ExportAllKeys ¶
func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error
ExportAllKeys exports all keys to an io.Writer in zip format. newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.
func (*CryptoService) ExportKey ¶
func (cs *CryptoService) ExportKey(dest io.Writer, keyID, role string) error
ExportKey exports the specified private key to an io.Writer in PEM format. The key's existing encryption is preserved.
func (*CryptoService) ExportKeyReencrypt ¶
func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error
ExportKeyReencrypt exports the specified private key to an io.Writer in PEM format. The key is reencrypted with a new passphrase.
func (*CryptoService) ExportKeysByGUN ¶
func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error
ExportKeysByGUN exports all keys associated with a specified GUN to an io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to encrypt the keys.
func (*CryptoService) GetKey ¶
func (cs *CryptoService) GetKey(keyID string) data.PublicKey
GetKey returns a key by ID
func (*CryptoService) GetKeyInfo ¶ added in v0.3.0
func (cs *CryptoService) GetKeyInfo(keyID string) (trustmanager.KeyInfo, error)
GetKeyInfo returns role and GUN info of a key by ID
func (*CryptoService) GetPrivateKey ¶
func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error)
GetPrivateKey returns a private key and role if present by ID.
func (*CryptoService) ImportKeysZip ¶
func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader, retriever passphrase.Retriever) error
ImportKeysZip imports keys from a zip file provided as an zip.Reader. The keys in the root_keys directory are left encrypted, but the other keys are decrypted with the specified passphrase.
func (*CryptoService) ListAllKeys ¶
func (cs *CryptoService) ListAllKeys() map[string]string
ListAllKeys returns a map of key IDs to role
func (*CryptoService) ListKeys ¶
func (cs *CryptoService) ListKeys(role string) []string
ListKeys returns a list of key IDs valid for the given role
func (*CryptoService) RemoveKey ¶
func (cs *CryptoService) RemoveKey(keyID string) (err error)
RemoveKey deletes a key by ID
Source Files