Documentation
¶
Index ¶
- Variables
- func GenerateED25519Key(privateKeyPath string, verbose, encrypt bool, name string) (ed25519.PrivateKey, error)
- func LoadEncryptedEd25519PrivateKey(path string) (decryptedPrivateKey []byte, err error)
- func SavePrivateKeyToPathUnderPassphrase(privateKey []byte, path string) error
- func Step1_MakeCertificatAuthority(pathCA string, verbose bool, encrypt bool) (ed25519.PrivateKey, error)
- func Step2_MakeEd25519PrivateKey(name string, odirCert string, verbose, encrypt bool) (privKey ed25519.PrivateKey, err error)
- func Step3_MakeCertSigningRequest(privKey ed25519.PrivateKey, name string, email string, odirCert string)
- func Step4_MakeCertificate(caPrivKey ed25519.PrivateKey, odirCA string, name string, odirCerts string, ...)
- func Step5_ViewCertificate(path string) (cert *x509.Certificate, err error, wasPrivKey bool)
- func Step6_LoadKeyPair(privateKeyPath, certPath string)
- type EncryptionParameters
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultEncryptionParameters = EncryptionParameters{
Iterations: 12,
Memory: 256 * 1024,
Threads: 1,
KeyLength: 32,
CipherSuite: "AES-GCM",
}
DefaultEncryptionParameters provides default settings for Argon2id and encryption.
Functions ¶
func GenerateED25519Key ¶
func GenerateED25519Key(privateKeyPath string, verbose, encrypt bool, name string) (ed25519.PrivateKey, error)
GenerateED25519Key generates an ED25519 key pair and saves the private key to a specified file.
func LoadEncryptedEd25519PrivateKey ¶ added in v1.0.37
asks for password
func SavePrivateKeyToPathUnderPassphrase ¶ added in v1.0.37
func Step1_MakeCertificatAuthority ¶
func Step1_MakeCertificatAuthority(pathCA string, verbose bool, encrypt bool) (ed25519.PrivateKey, error)
pathCA "my-keep-private-dir" is the default. return the un-encrypted key to be used in subsequent signing steps without having to request the passphrase again.
func Step2_MakeEd25519PrivateKey ¶ added in v1.0.37
func Step2_MakeEd25519PrivateKey(name string, odirCert string, verbose, encrypt bool) (privKey ed25519.PrivateKey, err error)
name might be "client" or "node"; odirCert default might be "static/certs/client".
func Step3_MakeCertSigningRequest ¶ added in v1.0.37
func Step3_MakeCertSigningRequest(privKey ed25519.PrivateKey, name string, email string, odirCert string)
func Step4_MakeCertificate ¶ added in v1.0.37
func Step4_MakeCertificate(caPrivKey ed25519.PrivateKey, odirCA string, name string, odirCerts string, verbose bool)
if caPrivKey is provided (to avoid asking for pw), then odirCA/ca.key is assummed to be encrypted and we will use caPrivKey instead.
func Step5_ViewCertificate ¶
func Step5_ViewCertificate(path string) (cert *x509.Certificate, err error, wasPrivKey bool)
optional
func Step6_LoadKeyPair ¶
func Step6_LoadKeyPair(privateKeyPath, certPath string)
optional, for further use of keys.
typcially:
privateKeyPath = "static/certs/server/node.key" certKeyPath = "static/certs/server/node.crt"
Types ¶
type EncryptionParameters ¶ added in v1.0.37
type EncryptionParameters struct {
Iterations uint32 // Number of iterations
Memory uint32 // Memory usage in KB
Threads uint8 // Degree of parallelism
KeyLength uint32 // Length of the derived key in bytes
Salt []byte // Random salt
Nonce []byte // Nonce used in AES-GCM
CipherSuite string // Cipher suite used (e.g., AES-GCM)
}
EncryptionParameters holds the Argon2id parameters used for key derivation.
Source Files
Click to show internal directories.
Click to hide internal directories.