selfcert

package
v1.0.45 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2024 License: BSD-3-Clause Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultEncryptionParameters = EncryptionParameters{
	Iterations:  12,
	Memory:      256 * 1024,
	Threads:     1,
	KeyLength:   32,
	CipherSuite: "AES-GCM",
}

DefaultEncryptionParameters provides default settings for Argon2id and encryption.

Functions

func GenerateED25519Key

func GenerateED25519Key(privateKeyPath string, verbose, encrypt bool, name string) (ed25519.PrivateKey, error)

GenerateED25519Key generates an ED25519 key pair and saves the private key to a specified file.

func LoadEncryptedEd25519PrivateKey added in v1.0.37

func LoadEncryptedEd25519PrivateKey(path string) (decryptedPrivateKey []byte, err error)

asks for password

func SavePrivateKeyToPathUnderPassphrase added in v1.0.37

func SavePrivateKeyToPathUnderPassphrase(privateKey []byte, path string) error

func Step1_MakeCertificatAuthority

func Step1_MakeCertificatAuthority(pathCA string, verbose bool, encrypt bool) (ed25519.PrivateKey, error)

pathCA "my-keep-private-dir" is the default. return the un-encrypted key to be used in subsequent signing steps without having to request the passphrase again.

func Step2_MakeEd25519PrivateKey added in v1.0.37

func Step2_MakeEd25519PrivateKey(name string, odirCert string, verbose, encrypt bool) (privKey ed25519.PrivateKey, err error)

name might be "client" or "node"; odirCert default might be "static/certs/client".

func Step3_MakeCertSigningRequest added in v1.0.37

func Step3_MakeCertSigningRequest(privKey ed25519.PrivateKey, name string, email string, odirCert string)

func Step4_MakeCertificate added in v1.0.37

func Step4_MakeCertificate(caPrivKey ed25519.PrivateKey, odirCA string, name string, odirCerts string, verbose bool)

if caPrivKey is provided (to avoid asking for pw), then odirCA/ca.key is assummed to be encrypted and we will use caPrivKey instead.

func Step5_ViewCertificate

func Step5_ViewCertificate(path string) (cert *x509.Certificate, err error, wasPrivKey bool)

optional

func Step6_LoadKeyPair

func Step6_LoadKeyPair(privateKeyPath, certPath string)

optional, for further use of keys.

typcially:

privateKeyPath = "static/certs/server/node.key"
certKeyPath = "static/certs/server/node.crt"

Types

type EncryptionParameters added in v1.0.37

type EncryptionParameters struct {
	Iterations  uint32 // Number of iterations
	Memory      uint32 // Memory usage in KB
	Threads     uint8  // Degree of parallelism
	KeyLength   uint32 // Length of the derived key in bytes
	Salt        []byte // Random salt
	Nonce       []byte // Nonce used in AES-GCM
	CipherSuite string // Cipher suite used (e.g., AES-GCM)
}

EncryptionParameters holds the Argon2id parameters used for key derivation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL