awskmscrypto

package

v0.22.184 Latest Latest Go to latest Published: Oct 24, 2024 License: Apache-2.0 Imports: 23 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/effective-security/xpki

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func KmsLoader(tc cryptoprov.TokenConfig) (cryptoprov.Provider, error)
func NewSigner(keyID string, label string, signingAlgorithms []types.SigningAlgorithmSpec, ...) crypto.Signer
type KmsClient
type Provider
- func Init(tc cryptoprov.TokenConfig) (*Provider, error)
type Signer

Constants ¶

View Source

const ProviderName = "AWSKMS"

ProviderName specifies a provider name

Variables ¶

View Source

var KmsClientFactory = func(cfg aws.Config, optFns ...func(*kms.Options)) KmsClient {
	return kms.NewFromConfig(cfg, optFns...)
}

KmsClientFactory override for unittest

Functions ¶

func KmsLoader ¶

func KmsLoader(tc cryptoprov.TokenConfig) (cryptoprov.Provider, error)

KmsLoader provides loader for KMS provider

func NewSigner ¶

func NewSigner(keyID string, label string, signingAlgorithms []types.SigningAlgorithmSpec, publicKey crypto.PublicKey, kmsClient KmsClient) crypto.Signer

NewSigner creates new signer

Types ¶

type KmsClient ¶

type KmsClient interface {
	CreateKey(context.Context, *kms.CreateKeyInput, ...func(*kms.Options)) (*kms.CreateKeyOutput, error)
	//IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)
	ListKeys(context.Context, *kms.ListKeysInput, ...func(*kms.Options)) (*kms.ListKeysOutput, error)
	ScheduleKeyDeletion(context.Context, *kms.ScheduleKeyDeletionInput, ...func(*kms.Options)) (*kms.ScheduleKeyDeletionOutput, error)
	DescribeKey(context.Context, *kms.DescribeKeyInput, ...func(*kms.Options)) (*kms.DescribeKeyOutput, error)
	GetPublicKey(context.Context, *kms.GetPublicKeyInput, ...func(*kms.Options)) (*kms.GetPublicKeyOutput, error)
	Sign(context.Context, *kms.SignInput, ...func(*kms.Options)) (*kms.SignOutput, error)
}

KmsClient interface

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements Provider interface for KMS

func Init ¶

func Init(tc cryptoprov.TokenConfig) (*Provider, error)

Init configures Kms based hsm impl

func (*Provider) Close ¶

func (p *Provider) Close() error

Close allocated resources and file reloader

func (*Provider) CurrentSlotID ¶

func (p *Provider) CurrentSlotID() uint

CurrentSlotID returns current slot id. For KMS only one slot is assumed to be available.

func (*Provider) DestroyKeyPairOnSlot ¶

func (p *Provider) DestroyKeyPairOnSlot(slotID uint, keyID string) error

DestroyKeyPairOnSlot destroys key pair on slot. For KMS slotID is ignored and KMS retire API is used to destroy the key.

func (*Provider) EnumKeys ¶

func (p *Provider) EnumKeys(slotID uint, prefix string) ([]cryptoprov.KeyInfo, error)

EnumKeys returns list of keys on the slot. For KMS slotID is ignored.

func (*Provider) EnumTokens ¶

func (p *Provider) EnumTokens(currentSlotOnly bool) ([]cryptoprov.TokenInfo, error)

EnumTokens lists tokens. For KMS currentSlotOnly is ignored and only one slot is assumed to be available.

func (*Provider) ExportKey ¶

func (p *Provider) ExportKey(keyID string) (string, []byte, error)

ExportKey returns PKCS#11 URI for specified key ID. It does not return key bytes

func (*Provider) FindKeyPairOnSlot ¶

func (p *Provider) FindKeyPairOnSlot(slotID uint, keyID, label string) (crypto.PrivateKey, error)

FindKeyPairOnSlot retrieves a previously created asymmetric key, using a specified slot.

func (*Provider) GenerateECDSAKey ¶

func (p *Provider) GenerateECDSAKey(label string, curve elliptic.Curve) (crypto.PrivateKey, error)

GenerateECDSAKey creates signer using randomly generated ECDSA key

func (*Provider) GenerateRSAKey ¶

func (p *Provider) GenerateRSAKey(label string, bits int, purpose int) (crypto.PrivateKey, error)

GenerateRSAKey creates signer using randomly generated RSA key

func (*Provider) GetKey ¶

func (p *Provider) GetKey(keyID string) (crypto.PrivateKey, error)

GetKey returns pkcs11 uri for the given key id

func (*Provider) IdentifyKey ¶

func (p *Provider) IdentifyKey(priv crypto.PrivateKey) (keyID, label string, err error)

IdentifyKey returns key id and label for the given private key

func (*Provider) KeyInfo ¶

func (p *Provider) KeyInfo(slotID uint, keyID string, includePublic bool) (*cryptoprov.KeyInfo, error)

KeyInfo retrieves info about key with the specified id

func (*Provider) Manufacturer ¶

func (p *Provider) Manufacturer() string

Manufacturer returns manufacturer for the provider

func (*Provider) Model ¶

func (p *Provider) Model() string

Model returns model for the provider

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements crypto.Signer interface

func (*Signer) KeyID ¶

func (s *Signer) KeyID() string

KeyID returns key id of the signer

func (*Signer) Label ¶

func (s *Signer) Label() string

Label returns key label of the signer

func (*Signer) Public ¶

func (s *Signer) Public() crypto.PublicKey

Public returns public key for the signer

func (*Signer) Sign ¶

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign implements signing operation

func (*Signer) String ¶

func (s *Signer) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL