Documentation ¶
Overview ¶
Package nkeys is an Ed25519 based public-key signature system that simplifies keys and seeds and performs signing and verification.
Index ¶
- Constants
- Variables
- func CompatibleKeyPair(kp KeyPair, expected ...PrefixByte) error
- func Decode(expectedPrefix PrefixByte, src []byte) ([]byte, error)
- func Encode(prefix PrefixByte, src []byte) ([]byte, error)
- func EncodeSeed(public PrefixByte, src []byte) ([]byte, error)
- func GenerateKey(raw []byte) (PublicKey, PrivateKey, error)
- func IsValidEncoding(src []byte) bool
- func IsValidPublicAccountKey(src string) bool
- func IsValidPublicClusterKey(src string) bool
- func IsValidPublicKey(src string) bool
- func IsValidPublicOperatorKey(src string) bool
- func IsValidPublicServerKey(src string) bool
- func IsValidPublicUserKey(src string) bool
- func ParseDecoratedJWT(contents []byte) (string, error)
- func Sign(priv PrivateKey, input []byte) ([]byte, error)
- func Verify(pub PublicKey, message, sig []byte) bool
- type KeyPair
- func CreateAccount() (KeyPair, error)
- func CreateCluster() (KeyPair, error)
- func CreateOperator() (KeyPair, error)
- func CreatePair(prefix PrefixByte) (KeyPair, error)
- func CreateServer() (KeyPair, error)
- func CreateUser() (KeyPair, error)
- func FromPublicKey(public string) (KeyPair, error)
- func FromRawSeed(prefix PrefixByte, rawSeed []byte) (KeyPair, error)
- func FromSeed(seed []byte) (KeyPair, error)
- func ParseDecoratedNKey(contents []byte) (KeyPair, error)
- func ParseDecoratedUserNKey(contents []byte) (KeyPair, error)
- type PrefixByte
- type PrivateKey
- type PublicKey
Constants ¶
const SignatureSize = crypto.SignatureLength
const Version = "0.3.0"
Version is our current version
Variables ¶
var ( ErrInvalidPrefixByte = errors.New("nkeys: invalid prefix byte") ErrInvalidKey = errors.New("nkeys: invalid key") ErrInvalidPublicKey = errors.New("nkeys: invalid public key") ErrInvalidSeedLen = errors.New("nkeys: invalid seed length") ErrInvalidSeed = errors.New("nkeys: invalid seed") ErrInvalidEncoding = errors.New("nkeys: invalid encoded key") ErrInvalidSignature = errors.New("nkeys: signature verification failed") ErrCannotSign = errors.New("nkeys: can not sign, no private key available") ErrPublicKeyOnly = errors.New("nkeys: no seed or private key available") ErrIncompatibleKey = errors.New("nkeys: incompatible key") )
Errors
var ErrInvalidChecksum = errors.New("nkeys: invalid checksum")
ErrInvalidChecksum indicates a failed verification.
var (
SeedSize = curve.Params().BitSize/8 + 8
)
Functions ¶
func CompatibleKeyPair ¶ added in v0.3.1
func CompatibleKeyPair(kp KeyPair, expected ...PrefixByte) error
CompatibleKeyPair returns an error if the KeyPair doesn't match expected PrefixByte(s)
func Decode ¶
func Decode(expectedPrefix PrefixByte, src []byte) ([]byte, error)
Decode will decode the base32 string and check crc16 and enforce the prefix is what is expected.
func Encode ¶
func Encode(prefix PrefixByte, src []byte) ([]byte, error)
Encode will encode a raw key or seed with the prefix and crc16 and then base32 encoded.
func EncodeSeed ¶
func EncodeSeed(public PrefixByte, src []byte) ([]byte, error)
EncodeSeed will encode a raw key with the prefix and then seed prefix and crc16 and then base32 encoded.
func GenerateKey ¶ added in v0.3.1
func GenerateKey(raw []byte) (PublicKey, PrivateKey, error)
func IsValidEncoding ¶
IsValidEncoding will tell you if the encoding is a valid key.
func IsValidPublicAccountKey ¶
IsValidPublicAccountKey will decode and verify the string is a valid encoded Public Account Key.
func IsValidPublicClusterKey ¶
IsValidPublicClusterKey will decode and verify the string is a valid encoded Public Cluster Key.
func IsValidPublicKey ¶
IsValidPublicKey will decode and verify that the string is a valid encoded public key.
func IsValidPublicOperatorKey ¶
IsValidPublicOperatorKey will decode and verify the string is a valid encoded Public Operator Key.
func IsValidPublicServerKey ¶
IsValidPublicServerKey will decode and verify the string is a valid encoded Public Server Key.
func IsValidPublicUserKey ¶
IsValidPublicUserKey will decode and verify the string is a valid encoded Public User Key.
func ParseDecoratedJWT ¶ added in v0.3.1
ParseDecoratedJWT takes a creds file and returns the JWT portion.
Types ¶
type KeyPair ¶
type KeyPair interface { Seed() ([]byte, error) PublicKey() (string, error) PrivateKey() ([]byte, error) Sign(input []byte) ([]byte, error) Verify(input []byte, sig []byte) error Wipe() }
KeyPair provides the central interface to nkeys.
func CreateAccount ¶
CreateAccount will create an Account typed KeyPair.
func CreateCluster ¶
CreateCluster will create a Cluster typed KeyPair.
func CreateOperator ¶
CreateOperator will create an Operator typed KeyPair.
func CreatePair ¶
func CreatePair(prefix PrefixByte) (KeyPair, error)
CreatePair will create a KeyPair based on the rand entropy and a type/prefix byte. rand can be nil.
func CreateServer ¶
CreateServer will create a Server typed KeyPair.
func FromPublicKey ¶
FromPublicKey will create a KeyPair capable of verifying signatures.
func FromRawSeed ¶
func FromRawSeed(prefix PrefixByte, rawSeed []byte) (KeyPair, error)
FromRawSeed will create a KeyPair from the raw 32 byte seed for a given type.
func ParseDecoratedNKey ¶ added in v0.3.1
ParseDecoratedNKey takes a creds file, finds the NKey portion and creates a key pair from it.
func ParseDecoratedUserNKey ¶ added in v0.3.1
ParseDecoratedUserNKey takes a creds file, finds the NKey portion and creates a key pair from it. Similar to ParseDecoratedNKey but fails for non-user keys.
type PrefixByte ¶
type PrefixByte byte
PrefixByte is a lead byte representing the type.
const ( // PrefixByteSeed is the version byte used for encoded NATS Seeds PrefixByteSeed PrefixByte = 18 << 3 // Base32-encodes to 'S...' // PrefixBytePrivate is the version byte used for encoded NATS Private keys PrefixBytePrivate PrefixByte = 15 << 3 // Base32-encodes to 'P...' // PrefixByteServer is the version byte used for encoded NATS Servers PrefixByteServer PrefixByte = 13 << 3 // Base32-encodes to 'N...' // PrefixByteCluster is the version byte used for encoded NATS Clusters PrefixByteCluster PrefixByte = 2 << 3 // Base32-encodes to 'C...' // PrefixByteOperator is the version byte used for encoded NATS Operators PrefixByteOperator PrefixByte = 14 << 3 // Base32-encodes to 'O...' // PrefixByteAccount is the version byte used for encoded NATS Accounts PrefixByteAccount PrefixByte = 0 // Base32-encodes to 'A...' // PrefixByteUser is the version byte used for encoded NATS Users PrefixByteUser PrefixByte = 20 << 3 // Base32-encodes to 'U...' // PrefixByteUnknown is for unknown prefixes. PrefixByteUnknown PrefixByte = 23 << 3 // Base32-encodes to 'X...' )
func DecodeSeed ¶
func DecodeSeed(src []byte) (PrefixByte, []byte, error)
DecodeSeed will decode the base32 string and check crc16 and enforce the prefix is a seed and the subsequent type is a valid type.
func (PrefixByte) String ¶
func (p PrefixByte) String() string
type PrivateKey ¶ added in v0.3.1
type PrivateKey []byte